Business ethics and compliance
Strong values and principles guide the decisions and conduct of GF employees in their daily work. As a sustainable leader, the company believes it can generate sustainable, long-term value only if it adheres both legally and ethically to the highest standards of conduct. Respect and responsibility – in both the physical and digital sphere – towards its stakeholders and the environment underpin the sustainable development of its business.
Code of Conduct
The GF Code of Conduct is a comprehensive declaration of the company's mission, values and ethical principles. It helps GF to maintain the highest levels of professional conduct by defining the expected standards of behavior for its employees, contractors and partners.
The company has now revised its Code of Conduct to clarify its requirements and expectations. As the company global workforce encompasses a diverse range of nationalities, languages and cultures, its improved code more accurately aligns its divisions and employees with its high ethical and behavioral standards. The new Code of Conduct was approved in 2022 with the release planned for 2023 in 18 languages and is a cornerstone in all employment contracts and staff onboarding programs.
GF has an ISO 27001-compliant whistleblower platform in place, which enables individuals to securely and anonymously report any issues or wrongdoing (eg, discrimination, bullying, sexual assault and legal violations) via the confidential GF Transparency Line. The line is available 24/7 in nine languages: English, German, Chinese, French, Italian, Portuguese, Romanian, Spanish and Turkish.
- The number of issues reported in 2022 was 19.
Internal Audit and the Chief Compliance Officer (CCO) monitor compliance with the applicable laws and guidelines worldwide, as well as with business ethics standards. The CCO reports to the General Counsel or, where necessary, directly to the CEO. As a member of the Corporate Risk Council, the CCO’s task is to ensure that risk management is given appropriate importance within the organization.
In addition, employees are required, and business partners are encouraged, to report potential misconduct by calling the CCO or writing to a special compliance e-mail address, contacting the Legal department in Schaffhausen (Switzerland), or sending the report anonymously. A corporate instruction details the procedure that employees follow for reporting such violations and governs the conduct of persons receiving the report. Proven misconduct is subject to appropriate sanctions.
Data ethics and cybersecurity
GF’s centralized IT organization now includes the specialized IT Security team managed by a Chief Security Officer, who reports to the Chief Information Officer (CIO).
In 2022, the company rolled out its Security and Privacy campaign (awareness and training) to all employees worldwide. In addition, it began implementing a new Corporate Policy Framework that outlines the management of its IT, IT security and data privacy systems. The framework enables the company to remain compliant with all local and international data privacy regulatory requirements, including the EU’s General Data Protection Regulations (GDPR). GF expects to complete its roll-out of the framework by the third quarter of 2023.
- The number of data breaches reported in 2022 was zero.
- GF also began implementing an ISO 27001-based Information Security Management System (ISMS) across all its divisions. The ISMS will enable the company to maintain the "CIA triad" of confidentiality, integrity and availability, while permitting robust business continuity plans, including regular tests where appropriate. GF’s upgraded security controls will ensure it continues to meet the standards of its customers and suppliers.
In addition, the ISO 27001-based ISMS will help the company to:
- secure new business and strengthen its existing customer base;
- demonstrate that the organization regards cyber security as a critical priority;
- reaffirm its integrity and credibility with its partners; and
- protect its customers and suppliers and build stronger working relationships.
Cyberattacks are increasing in frequency and scale. The financial and reputational damage caused by inadequate IT security systems can have severe consequences for GF and its partners. The company therefore endeavors to avoid any financial penalties or other losses associated with data breaches through its increased security awareness and robust security controls.
Compliance training, via e-learning or in person, is carried out under the direction of the CCO at the corporate companies. Supported by the CCO, the Executive Committee determines the focus topics. In 2022, over 3’500 in-house compliance training sessions included an e-learning program on:
- antitrust/competition law
- export controls/sanctions
- data privacy, including the GDPR
Globally, the company also held on-site training sessions for specific employees with compliance responsibilities at its companies in the EU, the US and China. In addition, to reinforce compliance, the company has implemented the following measures:
- improved regular performance checks of the GF Compliance Agreement for intermediaries to ensure the compliance of business partners who act on behalf of or in the interests of GF and its companies;
- the introduction of a web-based system that helps GF to ensure it does not conduct business with any sanctioned organizations or individuals; and
- on-site compliance officers who work to identify and assess compliance risks, implement internal compliance controls, and provide support in identifying and implementing appropriate new measures.
GF published its Corporate Policy on Human Rights, emphasizing the critical need to uphold and promote human rights within the company and its supply chain. In addition, GF endorses core international labor standards of the International Labour Organization (ILO) and maintains anti-corruption standards, which it has enshrined in its Code of Conduct, emphasizing the critical need to uphold and promote human rights within the company and its supply chain. In addition, GF endorses core international labor standards of the International Labour Organization (ILO) and maintains anti-corruption standards, which it has enshrined in its Code of Conduct.
GF is also a signatory and an active participant in the UN Global Compact (UNGC), underscoring its commitment to responsible business conduct. GF issues an annual "Communication on Progress" update to the UNGC.
Human rights in the supply chain and products
The company is committed to maintaining and continually improving its internal processes to avoid any potential human rights issues associated with its supply chain or products. Its core focus areas include child labor, human trafficking and modern slavery, freedom of association, the recognition of the right to collective bargaining, as well as diversity and inclusion.
GF works to maintain these critical human rights standards by:
- monitoring its progress and reviewing the performance of its targets;
- reporting on issues regarding human rights and consulting with key stakeholders;
- seeking the participation of its employees and management teams to communicate its aims and raise overall awareness;
- ensuring that human rights are understood, complied with and promoted by all training personnel and managers; and
- committing to adopting grievance mechanisms, providing corrective actions for negative impacts, applying due diligence and conducting risk assessments.
Product and service information and labeling
GF complies with all relevant laws and regulations regarding product safety, labelling and information provided to its customers. These efforts include, but are not limited to, the following:
- enclosing the CE and RoHS labels, when relevant;1
- providing customers, where required or at their request, with information regarding conflict minerals (as defined by the Dodd-Frank Act) and the presence of substances of very high concern in products (as defined by REACH).2
Corporate Conflict Minerals Policy
Striving to be a good corporate citizen, GF is committed to ensuring the health, safety and protection of people who come into contact with its products and business. The company requires its suppliers to have high social, environmental and human rights standards. Managing its obligations in relation to conflict minerals is part of this corporate responsibility.
The company recognizes the risks of significant adverse impacts that may be associated with the extraction, trading, handling and exporting of minerals from conflict-affected and high-risk areas. Recognizing that GF has the responsibility to respect human rights and avoid contributing to conflict, it has adopted a Corporate Policy on Conflict Minerals on responsible sourcing from conflict-affected and high-risk areas, representing a common reference for conflict-sensitive sourcing practices and suppliers' risk awareness from the point of extraction until the end user.
In protecting human rights, suppliers offering goods that potentially contain conflict minerals are asked to provide proof of their supply chain due diligence using the Conflict Minerals Reporting Template (CMRT) or the Extended Minerals Reporting Template (EMRT) of the Responsible Minerals Initiative (RMI). In addition, a sustainability self-assessment is mandatory for all new suppliers. In parallel, GF requires its existing suppliers to provide a sustainability assessment as part of its ongoing program for sustainable supply chains.
More information is available in the Corporate Policy on Conflict Minerals.
GF recognizes that the administration and payment of taxes form an integral part of each company’s responsibility to a functioning society. GF is committed to responsible tax governance and
- following all applicable laws and regulations relating to its tax activities;
- maintaining a transparent and honest relationship with the tax authorities based on collaboration and integrity;
- applying diligence and care in its management of the processes and procedures by which all tax related activities are undertaken, and ensuring that the corporation’s tax governance is appropriate; and
- using incentives and reliefs to minimize the tax cost of conducting its business while ensuring that these reliefs are not used for purposes that are knowingly contradictory to the intent of the legislation.
The GF Tax Policy is a Board directive that presents the foundation on which GF bases its tax activities, including the information on the corporation’s tax governance structure and risk management process. GF’s Executive Committee and Audit Committee discuss and assess the company’s tax position and tax development at least once a year and present the results to the Board of Directors. This process ensures that all tax activities are planned and executed in line with the GF Tax Policy.
GF’s tax results and disclosures are part of the annual half-year and year-end results and are audited semi-annually by an external auditor.
The company also carries out annual tax surveys across all group companies to ensure compliance with the GF Tax Policy and detect any adverse conduct. In these surveys, any tax risks and uncertain tax positions must be disclosed. The results are assessed centrally, and, if necessary, the company takes appropriate measures in accordance with the GF Tax Policy.
In addition, GF also engages with its stakeholders on tax-related issues. For example, the company participates in various organizations involved with tax policies and international tax developments, such as its membership and participation in the SwissHoldings association. This activity promotes exchanges with other groups and tax authorities and ensures that GF recognizes any relevant changes within the tax environment and implements them accordingly. By doing so, the Corporation maintains strict compliance with the GF Tax Policy, is transparent and open in its decisions, governance and tax planning and follows all applicable laws and regulations.