Corporate governance is a system of controls and procedures designed to ensure the proper management of a company. It comprises elements such as a professional management team, a management and supervisory board structure, and a well-organized management system and processes. Properly organized corporate governance reduces a company's risk exposure and aims to ensure that important decisions are made in accordance with the interests of the company and its shareholders.
In terms of non-financial reporting, the relevant information to be disclosed is (in accordance with ESRS standards):
1. Corporate Governance Aspects (G-P1 – G-P3)
G-P1 Structure of the company’s management bodies – refers to the characteristics of the members of the highest bodies in the company, i.e. the management board and the supervisory board, in such areas as: experience and qualifications (also in relation to aspects of sustainable development), roles and competences, as well as the length of their term of office.
G-P2 Independent members of governing bodies – please indicate the percentage of independent members of the management board and supervisory board.
G-P3 Diversity in the Composition of Bodies – This section indicates whether the organization's governing bodies are composed of individuals with diverse characteristics, including gender, in addition to skills and experience. The percentage of women on the management board and supervisory board should be reported here.
2. Business Ethics (G-P4)
Business ethics refers to the moral principles and standards of conduct that guide a company in operating ethically, in accordance with the law and common norms of conduct.
G-P4 Code of Ethics
A code of ethics is a formal document specifying ethical standards and norms of conduct to which an entity commits. It defines the organization's values and principles. It also provides instructions for employees (and third parties) on how to proceed in situations that may raise ethical concerns. A company should disclose whether it has adopted a code of ethics. It should be available internally and to external parties.
G-P5 Anti-corruption policy
An anti-corruption policy is a formal document outlining the company's position on corruption and bribery, defining these concepts and specifying what behaviors are and are not acceptable, preferably through examples. The company should report whether it has an anti-corruption policy, which individuals or entities it covers, and whether it also applies to suppliers and business partners. The policy should also address conflicts of interest, facilitation payments, and other issues. The anti-corruption policy should be communicated internally and externally.
G-P6 Violation Reporting Mechanism
In addition, the entity should also have a mechanism in place for reporting potential or actual violations, i.e. a system in which employees or other people can report cases of violation of rules, unethical behavior or even violation of the law.
This mechanism may be internal or managed by an external entity. In this regard, the company should disclose whether it has a reporting mechanism in place, and how violations can be reported and addressed. It is recommended that the reporting mechanism allows for reporting anonymously and without fear of negative repercussions, and is accessible to suppliers and third parties.
3. Security and data protection (G-D1)
Data privacy protection refers to the right of every individual (including employees, customers, and business partners) to protect their data from unauthorized access by third parties. Data security, in turn, refers to the process by which data is managed.
The entity should have and implement a policy to protect employee, customer, and business partner data from unauthorized third-party access. The report should indicate whether it has a data protection policy, the scope of data protection, the established process for managing the risk of data theft, leaks, or loss, and also outline the procedures for managing the risk of data theft, leaks, or loss, as well as those implemented to prevent malware, unauthorized access, and other digital attacks.
To sum up, the assessment of corporate governance principles will be a huge challenge, as it requires verification of their practical application at least on three levels:
- assessment of the entity's possession of the required information and documents, which should not pose any problems,
- substantive assessment of the content of the above-mentioned information and documents, both in terms of their impact on improving the management system and compliance with regulations, but also in terms of their actual usefulness, which requires a much greater investment of time and detail,
- assessment of the actual compliance and application of the declared principles, which may in some cases even be impossible to verify.
This demonstrates how difficult the ESG "G" assessment is and will continue to be. For example, it's not enough to simply indicate that an entity has a data protection policy; it will also be necessary, and perhaps above all, to assess whether and to what extent it is effective. It's also not enough to "have" a supervisory board—it must also actually fulfill its duties and functions and possess the appropriate tools to do so.
Corporate governance cannot be achieved merely on paper. Corporate governance must be effective in practice.
This article is for informational purposes only and does not constitute legal advice.
Legal status as of October 23, 2024
author:![Katarzyna Liput-Nowicka](https://kglegal.pl/wp-content/uploads/Katarzyna-Liput-Nowicka.webp ""G" for Governance, i.e. corporate governance 1")
![Mateusz Grosicki](https://kglegal.pl/wp-content/uploads/Mateusz-Grosicki.webp ""G" for Governance, i.e. corporate governance 2")
