Disclosure LibraryPractitioner guidance for every reporting disclosure
Home Disclosure Library GRI GRI 205 GRI 205-3
GRI 205: Anti-corruption · 2016
Disclosure GRI 205-3

Confirmed incidents of corruption and actions taken

Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.

Dr Ross Kurinko, GRI Certified Trainer
Reviewed by Dr Ross Kurinko · GRI Certified Trainer LRA educational guidance · Not issued or endorsed by GRI
To prepare this disclosure
Disclosure focus

This disclosure asks an organisation to report the corruption incidents it has confirmed during the reporting period, and what it did in response. The emphasis is on actual, verified cases rather than allegations or untested concerns, so the report should distinguish confirmed incidents from broader ethics or whistleblowing activity.

In practice, the focus is on giving a clear picture of where confirmed incidents occurred across the organisation and what follow-up action was taken. That means looking beyond flagship sites or headquarters and considering the full scope of operations, so readers can see whether incidents were isolated or part of a wider pattern, and whether the response was disciplinary, remedial, preventive, or a combination of these.

This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.

Before you start

A quick mental checklist before you prepare this disclosure — tick each as you settle it.

Preparation

Key datapoints to prepare

Datapoint What to capture Evidence hint Owner
Confirmed corruption count The total count of corruption incidents that have been confirmed in the reporting period, using the organisation’s agreed case closure criteria. Closed case log, investigations register, compliance or legal sign-off, incident tracker. Compliance
Corruption incident types A plain description of what the confirmed corruption incidents involved, grouped in a way that reflects the actual case types seen in the period. Case summaries, investigation reports, compliance review notes, legal case files. Compliance
Disciplinary corruption cases The total count of confirmed corruption incidents that led to employee dismissal or other disciplinary action during the period. HR disciplinary records, case closure notes, investigation outcomes, employee relations files. HR
Partner contract terminations The total count of confirmed corruption incidents where a business partner’s contract was ended or not renewed because of corruption-related breaches. Procurement records, contract termination notices, supplier case files, legal or compliance approvals. Procurement
Corruption legal cases Public court or regulator cases about corruption involving the organisation or its employees during the reporting period, together with the outcome of each case. Legal case register, external counsel updates, court filings, regulator correspondence, public judgments or settlements. Legal
+ Show GRI 205-3 sub-elements (LRA working checklist)

How to prepare it

1Set the reporting boundary first: decide which parts of the organisation and which period you will include, then use that same scope consistently for every figure and case note you prepare.
2Agree your counting rules before you start compiling data. Define what you will treat as a confirmed corruption incident, how you will classify the incident type, and how you will separate employee discipline, contract action, and legal cases so the same event is not counted in more than one place unless your source records clearly support that treatment.
3Gather the underlying records from the teams that hold them. Typical sources include investigation files, HR action records, supplier or customer contract decisions, and legal or compliance logs that show the incident, the response taken, and the outcome.
4Build the disclosure from the evidence. Prepare the total count of confirmed incidents, a short description of what those incidents involved, the number of cases leading to dismissal or other discipline, the number of contract terminations or non-renewals linked to corruption-related breaches, and a narrative on public legal cases and their results.
5Record any exclusions, restatements, or changes in method. If a case is left out, reclassified, or moved between periods, note why and make the treatment clear so readers can follow the basis of the numbers and narrative.
6Check the draft against the official source and the supporting files. Confirm that every required item is covered, the totals match the evidence, the wording is consistent with the records, and any assumptions or judgments are documented for review.
Request the data

Request the corruption case log and outcomes

Translate the disclosure into an internal business question — then adapt it to your organisation's own language.

What confirmed corruption matters were recorded in the period, and what action was taken in each case?

Use your organisation’s own terms first, then map them to the reporting fields. For example, ask for the ethics case log, investigations register, disciplinary outcomes, contract exit records, and litigation tracker if those are the names used internally. Keep the request in business language and check the source material before sign-off.

Weak request

Please provide the GRI 205-3 data for confirmed incidents of corruption, including the number of incidents, disciplinary actions, contract terminations, and legal cases.

Why it fails: This uses framework wording only, so the owner has to translate the request before they can act. It does not say which internal records to pull, what period to cover, which boundary to use, or how to show the evidence. It also bundles several measures without telling the team how to identify the underlying cases.

Better request

Please send the ethics/investigations case log for [reporting period] covering confirmed corruption matters in [organisation boundary], plus the related outcomes. For each case, include the internal reference, date confirmed, your usual case label, a short summary, whether any employee was disciplined or dismissed, whether any partner contract was ended or not renewed, and whether any public legal case was brought and how it ended. Please attach the source extract or link and note any gaps.

Formal email template
Subject: Data request for corruption cases and outcomes for [reporting period]

Hi [name],

Could you please share the case log or extract for [reporting period] covering confirmed corruption matters within [organisation boundary]?

Please include, for each matter:
- the internal case reference
- the date confirmed
- the type of matter, using your usual internal labels
- a short description of what happened
- the outcome recorded
- whether any employee was dismissed or otherwise disciplined
- whether any contract with a business partner was ended or not renewed because of the matter
- whether any public legal case was brought against the organisation or any employee, and the outcome
- the source system or register used
- any supporting evidence or links to the underlying file

If the information sits across more than one team, please coordinate a single response and note any gaps or assumptions. Please adapt this to your organisation’s own terminology and check the source material before sign-off.

Many thanks,
[preparer name]
Short Teams / Slack version
Hi [name] — could you send the [reporting period] extract for confirmed corruption matters in [organisation boundary]? Please include the case ref, date confirmed, internal category, short summary, outcome, any staff discipline, any supplier/partner contract exit, and any public legal case outcome. Please use your usual internal labels and share the source file/link. Thanks.
Industry examples
Manufacturing

Context. The ethics team holds the investigation tracker, while HR records discipline and Procurement records supplier exits.

Adapted request. Please share the confirmed corruption case list for [reporting period] from the investigations tracker, and cross-check it with HR discipline records and Procurement supplier exit records. For each confirmed case, include the internal case ID, date confirmed, plant or site, your usual case label, outcome, any staff action, and any supplier contract end or non-renewal linked to the matter.

Example response. A single table with 4 confirmed cases: 2 with written warnings, 1 with dismissal, 1 with a supplier contract not renewed; source links to the tracker, HR outcome notes, and supplier exit memo.

Financial services

Context. Compliance owns the conduct register and Legal tracks litigation; business partner exits are recorded in vendor management.

Adapted request. Please provide the conduct register extract for [reporting period] covering confirmed bribery or corruption matters, together with any linked legal case log and vendor exit record. Use the firm’s internal conduct categories and include the case outcome, any employee sanction, any counterparty relationship ended or not renewed, and any public case outcome.

Example response. A combined extract showing 3 confirmed matters: 1 employee dismissed, 1 formal warning, 1 counterparty agreement not renewed; no public legal cases in the period; evidence references to the conduct register and legal tracker.

Draft your disclosure

Notes that turn data into a disclosure

LRA training templates — adapt them to your organisation, and check the official source before sign-off.

Method note

State how you defined a confirmed corruption case, how you counted each incident, and whether the figures cover the whole reporting period and all relevant parts of the organisation and its business relationships.

Context note

Explain what the figures indicate about the scale and character of corruption-related issues, including whether any cases led to staff sanctions, contract changes, or public legal action.

Fluctuation statement

If the numbers moved materially from the prior period, note whether that was driven by a small number of larger cases, improved detection, changes in reporting practice, or a genuine shift in underlying conduct.

Content index entry
GRI 205-3 Confirmed incidents of corruption and actions taken — [location / page] / [notes]
Download Centre

Preparation tools & forms

Professional preparation tools for GRI 205-3 — free with an LRA Community membership. Register once (it's free) and every download unlocks, together with the Disclosure Library, templates and the LRA AI-assistant.

Free · Community members
Assurance readiness

For each claim, check the evidence

ClaimRiskEvidence to check
We compiled the figure from our confirmed cases log for the reporting year, using only matters that had been closed out as confirmed before we finalised the report.An assurer will check whether the count includes only confirmed cases, whether the cut-off date was applied consistently, and whether any open or unverified matters were excluded.Case register or investigation log; confirmation notes or closure records; reporting cut-off memo; reconciliation between the log and the published count.
We summarised the type of each confirmed case from the underlying case files, so the narrative reflects what was actually established rather than a broad allegation or media report.An assurer will probe whether the descriptions are supported by the case evidence, whether categories were applied consistently, and whether the wording overstates what was proven.Case summaries; investigation reports; legal or disciplinary findings; mapping of each case to the published description; review sign-off on the wording.
We counted only those confirmed cases where a staff member was formally sanctioned, and we excluded allegations that did not lead to a disciplinary outcome.An assurer will test whether the count is limited to confirmed matters with a documented employment action, and whether dismissals and other sanctions were treated consistently.HR case files; disciplinary outcome letters; dismissal records; internal case tracker; reconciliation from confirmed cases to the published total.
We included a business-partner case in the total only when the contract decision was recorded as a direct response to a confirmed breach, and we left out routine commercial exits.An assurer will examine whether the contract action was genuinely linked to a confirmed breach, whether renewals and terminations were classified consistently, and whether ordinary contract changes were excluded.Supplier or customer case files; contract termination or non-renewal notices; breach findings; procurement or legal approvals; list of included and excluded cases.
We listed public court matters only where the case was brought during the reporting year, and we recorded the outcome from the latest reliable status available before publication.An assurer will check whether the timing of inclusion is correct, whether the cases were genuinely public, and whether the outcome stated matches the court record or other authoritative source.Court filings or docket extracts; legal correspondence; public register searches; case status tracker; evidence of the outcome used in the report; publication review notes.

Evidence pack to prepare

Common reporting gaps

Figures are stated without the supporting narrative, or narrative without figures.Scope is inconsistent between the text and the numbers.The reporting boundary is left undefined.Material changes since the previous period are not disclosed.Estimates and measured values are not distinguished.Source records for the figures are not identified.
Common gaps

Mistakes to avoid when collecting the data

Wrong owner
The request goes to the wrong team, so the count is built from the wrong case files instead of the people who hold the investigation, HR, legal, or contract records.
Framework terms only
The data call uses disclosure language rather than the organisation’s own case labels, so local teams cannot map their records to the request without guesswork.
Scope not fixed
No one states which parts of the business, subsidiaries, or joint arrangements are in scope, so some incidents are included twice while others are missed.
Period basis drift
The team mixes cases opened in one year with cases closed in another, so the figures do not match the reporting window used for the rest of the pack.
Counting rule mix-up
One extract counts every allegation while another counts only substantiated cases, so the totals for incidents and follow-up actions are not built on the same basis.
Source labels lost
Original case references, status tags, and outcome notes are stripped out during consolidation, making it impossible to trace each number back to the underlying record.
Populations merged
Employee discipline, supplier contract action, and legal case data are rolled into one file without separation, so the different measures cannot be checked independently.
Evidence trail missing
The spreadsheet is saved without the supporting documents, timestamps, and reviewer sign-off, so no one can show how the figures were assembled or approved.

Where judgement is often needed

Set the cut-off date for counting cases
Choose one reporting cut-off and apply it consistently so each confirmed case is counted in only one period, then explain that basis if it differs from how internal case logs are dated.
Decide how to treat newly acquired or sold parts of the business
State whether incidents from businesses added or removed during the year are included only for the time they were under your control, and explain any change in the population covered compared with last year.
Use one working definition where local rules differ
If countries or business units label misconduct differently, map those local labels to a single group-wide interpretation for this disclosure and say how you aligned the figures across locations.
Be clear on borderline people and entities
Explain whether cases involving contractors, agency staff, joint-venture staff, or other close third parties are included in your counts, and keep the same inclusion rule across all measures.
Separate confirmed cases from allegations or open reviews
Count only matters that have been established as corruption under your chosen internal process, and describe how you handled cases that were still under review at period end.
Link the action count to the same incident basis
Make sure dismissals, discipline, contract endings, and non-renewals are counted only where they relate to a confirmed corruption case, and state if one case led to more than one action.
Decide how to present legal matters with privacy limits
Where naming cases or outcomes could breach confidentiality or data-protection rules, aggregate the description so the nature and result are still understandable without identifying individuals unnecessarily.
Round numbers without changing the story
If you round the incident counts, use one rounding rule throughout and note it so readers can see that small totals or zero values have not been distorted.
Choose whether to use measured counts or estimates for late data
If some locations report late or incomplete case data, explain whether you used direct counts, a documented estimate, or a later true-up, and keep the method consistent from one year to the next.
Describe the outcome of public court matters at the same level of detail
For public cases brought against the organisation or its people, state the final status or result in plain language and explain any unresolved matters separately from closed ones.
Examples

Illustrative examples

Synthetic, written by LRA — not from a company report, not text from any standard.

Illustrative (synthetic) example — utilities

We recorded 4 confirmed corruption incidents in the year, all involving improper gifts or hospitality; 2 led to dismissal or formal discipline, and 1 business contract was ended after a partner breach. There were no public court cases brought against us or our staff during the period.

Synthetic illustration only. Shows how to report the count of confirmed corruption matters, the broad nature of those matters, the number of staff sanctions, the number of partner-contract terminations, and whether any public legal cases arose and how they ended.

Illustrative breakdown of confirmed corruption matters and related actions (cases)
Improper gifts or hospitality4
Dismissed or disciplined staff cases2
Partner contracts ended or not renewed1
Public legal cases brought during the year0
Illustrative (synthetic) example — food manufacturing

We confirmed 3 corruption incidents, made up of 2 procurement-related bribery cases and 1 facilitation-payment case; 1 employee was dismissed, and 2 supplier agreements were not renewed. No public legal proceedings were filed against the company or its employees in the reporting year.

Synthetic illustration only. Shows a second plausible reporting pattern with a different mix of incident types, while still covering the incident count, the nature of the cases, staff consequences, partner-contract outcomes, and the presence or absence of public legal action.

Illustrative breakdown of confirmed corruption matters and related actions (cases)
Procurement-related bribery cases2
Facilitation-payment case1
Dismissed employee cases1
Supplier agreements not renewed2
Public legal cases brought during the year0
Company reports

How companies report GRI 205-3

Real reports where this topic is disclosed. These are report practice, not exact disclosure templates to copy.

Mega Financial Holding Co., Ltd.
Banks / Diverse Financials / Insurance · Taiwan · 2024
Open report →
Mega Financial Holding Co., Ltd.'s 2024 Sustainability Report provides numeric data on work-related injuries and fatalities, reporting 56 to 73 injuries and zero to one fatality in different years (p.191). The report also includes figures related to new employee hires, turnover, and benefits under GRI 401 Employment standards (p.195), as well as data on communication and training about anti-corruption policies (p.193). However, no narrative explanations or qualitative descriptions related to these disclosures were found in the report.
Globalvia
Ground Transportation — Highways and Railtracks · Spain · 2025
Open report →
Globalvia's 2025 Sustainability Report provides clear numeric evidence that there were no confirmed cases of corruption or bribery in 2025 (p.107). The report also details measures taken to prevent corruption and bribery, including processes to remediate negative impacts and channels for affected communities to raise concerns (p.107). However, while some supporting context on compliance policies is present (p.85), there is no comprehensive narrative or headline statement explicitly summarising anti-corruption efforts, and no quotable narrative item was found elsewhere in the report.
Hankook Tire & Technology
Tires · South Korea · 2025
Open report →
Hankook Tire & Technology’s ESG Report 2024-25 provides numeric data on anti-corruption policies and training, with specific references to communication and confirmed incidents on pages 27-28 and 79. The report also includes figures related to employees and workforce characteristics on page 73, and details about the business model and stakeholder interests on pages 11-12, 16, and 31. However, there is no quotable narrative evidence found in the report for certain disclosure items, indicating gaps in descriptive or contextual information.
✓ LRA AI Assistant · Human-in-the-loop
Dr Ross Kurinko
Ask Study Studio AI assistant about this disclosure
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
TryHow do I prepare GRI 205-3?What data do I need to collect?Where can I see a real-report example?What mistakes should I avoid?
1 free answer
Check your understanding

Scenarios to work through

During the year, an internal investigation confirms one bribery case involving a procurement manager and two separate supplier-side kickback cases. The HR file shows the manager was dismissed, one supplier contract was ended, and the other was allowed to run to term.

QHow should you decide what to count and describe for this disclosure, and what action details belong in the narrative?
Reveal model answer →

A whistleblowing review finds that a sales employee offered a payment to speed up a permit, but the allegation against a regional director is not substantiated. The employee is disciplined, and the permit application is withdrawn before any contract is signed.

QWhich events belong in the disclosure, and how should you avoid overstating the case?
Reveal model answer →

The legal team reports that a public court case was filed against the company and one employee over alleged bribery. By year-end, the case is still open, with no judgment and no settlement, while a separate internal case has already been confirmed and led to dismissal.

QDo you include the open court case, and if so, what should you say about its outcome?
Reveal model answer →

Two confirmed corruption incidents led to employee discipline, and one of those incidents also caused a distributor agreement to be ended early. A third confirmed incident involved a consultant, but the contract was not renewed for commercial reasons unrelated to the misconduct.

QHow do you avoid double counting and make sure the contract-related figure is accurate?
Reveal model answer →
Framework references

Related framework references

How this disclosure maps across the major reporting frameworks.

GRI
GRI 205-3
within GRI 205: Anti-corruption
Open official source →
Primary
Related & explore
FAQ

Questions this page answers

What data do I need to collect for GRI 205-3 Anti-corruption before I start drafting the disclosure?+
How should I set the scope and methodology for GRI 205-3 Anti-corruption in practice?+
Who should own the GRI 205-3 Anti-corruption data collection and sign-off?+
What evidence should I keep for GRI 205-3 Anti-corruption to make the disclosure assurance-ready?+
What are the five assurance claims on the GRI 205-3 Anti-corruption page and how do I use them?+
What are the common reporting gaps or mistakes on the GRI 205-3 Anti-corruption page?+
How do I use the GRI 205-3 Anti-corruption workbook and printable Library Card?+
Can I use the synthetic example on the GRI 205-3 Anti-corruption page as a template for my own disclosure?+
How do I turn the GRI 205-3 Anti-corruption data into a draft narrative and content index line?+
How can I use the GRI 205-3 Anti-corruption page for cross-framework reporting with ESRS G1 Business Conduct?+
More questions this page can help with
GRI 205-3 Anti-corruption: what counts as the confirmed corruption count for this page?GRI 205-3 Anti-corruption: how do I classify corruption incident types for reporting?GRI 205-3 Anti-corruption: what should I include in disciplinary corruption cases?GRI 205-3 Anti-corruption: when should partner contract terminations be counted?GRI 205-3 Anti-corruption: what qualifies as a corruption legal case in the workbook?GRI 205-3 Anti-corruption: how do I build an evidence pack from the five datapoints?GRI 205-3 Anti-corruption: what should I check before I send the draft for assurance review?GRI 205-3 Anti-corruption: how do I use the step-by-step preparation section to complete the disclosure?GRI 205-3 Anti-corruption: what does the synthetic example disclosure show me about formatting the table?GRI 205-3 Anti-corruption: what narrative starters are available on the page for the draft output?GRI 205-3 Anti-corruption: where do I find the printable Library Card and what is it for?GRI 205-3 Anti-corruption: how do I avoid the common reporting gaps listed on the page?