Skip to main content

Quiz Bank — ESRS G1: Business Conduct

Course: ESRS G1 – Business Conduct Total questions: 100 (10 modules × 10 questions) Format: Multiple choice, single correct answer (TMC) Module pass threshold: 80% (8 of 10) Final exam: 40 questions drawn randomly from all 10 module groups

Module 1 — G1-1 Business Conduct Culture & Policies

Q1.1 ESRS G1-1 requires disclosure of:

  • A. Only the company's code of conduct document
  • B. The company's corporate culture, ethics policies, and how the business conduct framework is implemented and monitored ✓
  • C. Only anti-corruption training statistics
  • D. Only board-level governance structures

Explanation: G1-1 goes beyond a code of conduct — it covers culture, policies, implementation, monitoring, and the tone set from the top.

Q1.2 "Tone from the top" in G1-1 context means:

  • A. The CEO's speaking style in press conferences
  • B. The commitment and visible leadership of senior management and the board in setting ethical standards and expectations ✓
  • C. Only the formal ethics policy text
  • D. Only the company's advertising tone

Explanation: Tone from the top is the most powerful driver of ethical culture — when leaders visibly champion ethics, the organisation follows.

Q1.3 A company's business conduct framework should include:

  • A. Only an employee handbook
  • B. A code of conduct, ethics policies, training programmes, reporting channels, investigation procedures, and disciplinary framework ✓
  • C. Only an anti-corruption policy
  • D. Only a whistleblower hotline

Explanation: G1-1 expects a comprehensive framework — code, policies, training, channels, investigation, and enforcement — not isolated elements.

Q1.4 G1-1 requires disclosure of whether and how the company trains employees on business conduct. This includes:

  • A. Only annual compliance certificates
  • B. Coverage (% of employees trained), frequency, content areas, and how training effectiveness is assessed ✓
  • C. Only the name of the training provider
  • D. Only online training completion rates

Explanation: Training metrics should demonstrate reach, relevance, and effectiveness — not just box-ticking.

Q1.5 The concept of "corporate culture" in G1-1 extends beyond policies to:

  • A. Only office design and dress code
  • B. The actual behaviours, norms, incentive structures, and decision-making patterns that shape how people act — especially when no one is watching ✓
  • C. Only team-building activities
  • D. Only the company's mission statement

Explanation: Culture is "how we actually behave" — policies state intentions, but culture determines reality. G1-1 expects disclosure of both.

Q1.6 A company that has a strong code of conduct but no mechanism for employees to report violations:

  • A. Is fully compliant with G1-1
  • B. Has a governance gap — policies without accessible reporting channels and investigation procedures are unenforceable ✓
  • C. Only needs to add reporting channels if violations occur
  • D. Can rely on external whistleblower organisations

Explanation: A code without channels is a document, not a governance system. G1-1 requires the full chain: policy → training → channels → investigation → enforcement.

Q1.7 G1-1 disclosure should cover:

  • A. Only the board's composition
  • B. How the company's governance body (board) oversees business conduct, including any board committee responsible for ethics and compliance ✓
  • C. Only shareholder voting rights
  • D. Only executive remuneration

Explanation: Board-level oversight of business conduct — typically through an ethics, audit, or risk committee — is a key G1-1 element.

Q1.8 "Third-party due diligence" under G1-1 refers to:

  • A. Only customer credit checks
  • B. Screening business partners, agents, intermediaries, and joint venture partners for corruption, sanctions, and integrity risks before entering into relationships ✓
  • C. Only supplier quality audits
  • D. Only tax compliance checks

Explanation: Third-party due diligence is essential because many corruption risks materialise through agents, distributors, and intermediaries — not through the company's own employees.

Q1.9 ISO 37001 (Anti-Bribery Management Systems) is relevant to G1-1 because:

  • A. It replaces G1-1 requirements
  • B. It provides a certifiable management system framework for anti-bribery, which can demonstrate the "adequate procedures" expected under G1-1 and laws like the UK Bribery Act ✓
  • C. It only applies to government contracts
  • D. It was withdrawn in 2024

Explanation: ISO 37001 provides an internationally recognised framework for anti-bribery — useful for structuring and benchmarking G1-1 compliance.

Q1.10 The Omnibus I simplification affected G1 by:

  • A. Removing G1 entirely
  • B. Delaying reporting timelines for Waves 2 and 3, but maintaining all G1-1 through G1-6 substance ✓
  • C. Making G1 voluntary for all companies
  • D. Merging G1 into ESRS 2

Explanation: As with all ESRS standards, Omnibus I delayed timelines but did not weaken substance.

Module 2 — G1-2 Management of Relationships with Suppliers

Q2.1 G1-2 requires disclosure of:

  • A. Only supplier pricing negotiations
  • B. How the company manages business conduct in its supplier relationships, including due diligence, contract terms, and monitoring ✓
  • C. Only the number of suppliers
  • D. Only supplier diversity statistics

Explanation: G1-2 covers the governance of supplier relationships — integrity screening, contractual conduct requirements, and compliance monitoring.

Q2.2 G1-2 connects to S2 (Workers in the Value Chain) because:

  • A. They are unrelated
  • B. Corruption in supplier relationships (kickbacks, falsified audits, bribery of inspectors) directly enables labour exploitation in the value chain ✓
  • C. G1-2 replaces S2
  • D. Only large suppliers are covered

Explanation: Governance failures in supply chain management create the conditions for worker exploitation — G1-2 and S2 are deeply connected.

Q2.3 "Responsible purchasing practices" under G1-2 include:

  • A. Only paying the lowest possible price
  • B. Fair pricing, reasonable payment terms, stable order volumes, and procurement criteria that include social and environmental performance ✓
  • C. Only selecting EU-based suppliers
  • D. Only using competitive tendering

Explanation: Responsible purchasing — pricing, terms, stability — is both a G1-2 governance issue and an S2 root-cause issue.

Q2.4 Supplier codes of conduct are relevant to G1-2 because:

  • A. They replace the need for due diligence
  • B. They set conduct expectations for suppliers and form the contractual basis for monitoring and enforcement — but they must be implemented and monitored, not just distributed ✓
  • C. They only apply to Tier 1 suppliers
  • D. They are legally binding in all jurisdictions

Explanation: A code distributed but never monitored is governance theatre. G1-2 expects implementation: training, monitoring, and enforcement.

Q2.5 Due diligence on supplier integrity should include:

  • A. Only financial credit checks
  • B. Sanctions screening, beneficial ownership verification, corruption risk assessment, and reference checks — proportionate to the risk level of the relationship ✓
  • C. Only checking the supplier's website
  • D. Only relying on supplier self-declarations

Explanation: Integrity due diligence goes beyond financials — it covers sanctions, ownership, corruption risk, and reputation — calibrated by risk.

Q2.6 A company discovers that a supplier has been using forged safety certifications. Under G1-2 principles:

  • A. The company should accept the certifications at face value
  • B. The company should investigate, suspend procurement pending verification, require independent re-certification, and review its verification processes ✓
  • C. The company should wait for regulatory intervention
  • D. The company should only address it at contract renewal

Explanation: Forged certifications are a serious integrity failure that requires immediate investigation and corrective action.

Q2.7 Contract clauses relevant to G1-2 include:

  • A. Only price and delivery terms
  • B. Anti-corruption representations, audit rights, termination for conduct violations, subcontracting restrictions, and compliance with applicable laws ✓
  • C. Only warranty provisions
  • D. Only insurance requirements

Explanation: Conduct-related clauses give the company contractual tools for enforcement — audit rights and termination clauses are essential.

Q2.8 The concept of "know your supplier" (KYS) parallels:

  • A. Know your customer (KYC) in anti-money laundering — applying the same due diligence principles to the supply chain ✓
  • B. Only marketing research
  • C. Only quality assurance
  • D. Only logistics optimisation

Explanation: KYS extends the same integrity screening logic to supply chain relationships — who are you doing business with, and do they meet your standards?

Q2.9 G1-2 is particularly important for companies that:

  • A. Only sell to governments
  • B. Operate through agents, distributors, intermediaries, or joint ventures — where corruption risk is amplified by arm's-length relationships ✓
  • C. Have fewer than 10 suppliers
  • D. Only operate domestically

Explanation: Intermediary relationships are the primary channel for corruption. G1-2 governance must extend to these arm's-length relationships.

Q2.10 A "red flag" in supplier due diligence includes:

  • A. A supplier offering a competitive price
  • B. A supplier requesting payment to an undisclosed third party, in a high-risk jurisdiction, through an unusual intermediary, with opaque ownership ✓
  • C. A supplier based in a different country
  • D. A supplier with multiple clients

Explanation: Red flags include unusual payment routes, opaque ownership, high-risk jurisdictions, and intermediary involvement — these warrant enhanced scrutiny.

Module 3 — G1-3 Prevention & Detection of Corruption and Bribery

Q3.1 G1-3 requires disclosure of:

  • A. Only the existence of an anti-corruption policy
  • B. The measures taken to prevent and detect corruption and bribery, including risk assessment, controls, training, and monitoring ✓
  • C. Only confirmed bribery cases
  • D. Only the compliance officer's name

Explanation: G1-3 covers the full prevention and detection system — not just the policy document.

Q3.2 The OECD Anti-Bribery Convention criminalises:

  • A. Only domestic bribery
  • B. Bribery of foreign public officials in international business transactions ✓
  • C. Only bribes exceeding €100,000
  • D. Only bribery by government officials

Explanation: The Convention targets supply-side bribery — companies bribing foreign officials to win business.

Q3.3 The UK Bribery Act 2010 is distinctive because:

  • A. It only covers UK-based companies
  • B. It creates a corporate offence of "failure to prevent bribery" with an "adequate procedures" defence — meaning companies must proactively prevent bribery, not just react ✓
  • C. It only covers public-sector bribery
  • D. It has no extraterritorial reach

Explanation: The "failure to prevent" offence reversed the burden: companies must prove they had adequate procedures. This influenced G1-3 expectations.

Q3.4 A corruption risk assessment should cover:

  • A. Only the company's own employees
  • B. Employees, agents, intermediaries, joint venture partners, and the sectors and geographies where the company operates — proportionate to exposure ✓
  • C. Only the finance department
  • D. Only transactions above €1 million

Explanation: Corruption risk materialises through multiple channels — employees, agents, JVs — and varies by sector and geography.

Q3.5 "Facilitation payments" — small payments to expedite routine government actions — are:

  • A. Legal in all jurisdictions
  • B. Illegal under the UK Bribery Act and many other frameworks, and increasingly prohibited by company policies aligned with G1-3 ✓
  • C. Required by ESRS
  • D. Only relevant in developing countries

Explanation: While some jurisdictions historically tolerated facilitation payments, the trend is toward prohibition. Leading practice: zero tolerance.

Q3.6 Anti-corruption training under G1-3 should:

  • A. Only be provided to senior management
  • B. Cover all employees with enhanced training for high-risk roles (procurement, sales, government relations, agents), using realistic scenarios ✓
  • C. Only be an online module completed once
  • D. Only explain the company's policy document

Explanation: Training must be risk-proportionate: general awareness for all, enhanced scenario-based training for high-risk roles.

Q3.7 Gift and hospitality policies are relevant to G1-3 because:

  • A. Gifts are always acceptable
  • B. Gifts, entertainment, and hospitality can be used to create obligations, influence decisions, or disguise bribes — policies must set clear thresholds, approval processes, and recording requirements ✓
  • C. Only cash gifts matter
  • D. Only gifts to government officials are relevant

Explanation: The line between relationship-building and corruption often passes through gifts and hospitality. Clear policies with thresholds and approval processes are essential.

Q3.8 Monitoring and auditing of anti-corruption controls should include:

  • A. Only annual external audit
  • B. Continuous monitoring of high-risk transactions, periodic internal audits, forensic data analytics, and testing of speak-up channel effectiveness ✓
  • C. Only checking training completion rates
  • D. Only reviewing the policy document annually

Explanation: Effective monitoring combines continuous (transaction monitoring, analytics) and periodic (audits, channel testing) approaches.

Q3.9 "Tone from the middle" complements tone from the top by:

  • A. Being less important than board messaging
  • B. Ensuring that middle managers and line supervisors reinforce ethical standards in daily operations — the level where most business decisions actually happen ✓
  • C. Only applying to HR managers
  • D. Only mattering in large companies

Explanation: Middle management translates board-level ethics into operational reality. If middle managers tolerate shortcuts, top-level messaging is undermined.

Q3.10 A company operating in a country ranked highly on Transparency International's Corruption Perceptions Index (i.e., low corruption) should:

  • A. Assume corruption is not a risk
  • B. Still assess corruption risk — low national scores do not eliminate sectoral, transactional, or third-party corruption risks, and domestic complacency is itself a risk factor ✓
  • C. Only monitor operations in high-risk countries
  • D. Reduce anti-corruption spending

Explanation: Low-corruption countries are not zero-risk. Sector-specific risks (real estate, defence, healthcare) and third-party channels exist everywhere.

Module 4 — G1-4 Confirmed Incidents of Corruption or Bribery

Q4.1 G1-4 requires disclosure of:

  • A. Only criminal convictions
  • B. Confirmed incidents of corruption or bribery during the reporting period, including legal proceedings, fines, and the nature of the incidents ✓
  • C. Only allegations
  • D. Only incidents involving senior management

Explanation: G1-4 covers confirmed incidents — not just criminal convictions, but also regulatory findings, settlements, and substantiated internal investigations.

Q4.2 "Confirmed" under G1-4 means:

  • A. Only court judgments
  • B. Incidents confirmed through internal investigation, regulatory finding, legal settlement, or court judgment ✓
  • C. Only media reports
  • D. Only allegations by competitors

Explanation: Multiple confirmation paths exist — internal investigations and regulatory findings count alongside court judgments.

Q4.3 A company that reports zero confirmed incidents should:

  • A. Celebrate and move on
  • B. Disclose that no incidents were confirmed, describe the prevention and detection systems in place, and demonstrate why this conclusion is reliable ✓
  • C. Not disclose G1-4 at all
  • D. Report at least one incident to show awareness

Explanation: Zero incidents is credible only when supported by evidence of effective prevention and detection — otherwise it signals weak detection rather than strong ethics.

Q4.4 If a confirmed corruption incident involves a senior executive, the disclosure should:

  • A. Conceal the seniority level
  • B. Disclose the nature and seniority level of the incident — transparency about senior-level failures is more important, not less, because it tests governance credibility ✓
  • C. Only disclose if the executive has been terminated
  • D. Only disclose after all legal proceedings are complete

Explanation: Senior-level incidents are the most governance-relevant. Concealing seniority undermines disclosure credibility.

Q4.5 Fines and settlements related to corruption should be disclosed under G1-4 because:

  • A. They are already in the financial statements
  • B. They demonstrate the financial consequences of governance failures and enable stakeholders to assess the severity and trend of conduct issues ✓
  • C. Only fines above €1 million matter
  • D. Settlements are confidential by definition

Explanation: Financial consequences quantify the impact. Trends over time signal whether the company is improving or not.

Q4.6 Deferred prosecution agreements (DPAs) are relevant to G1-4 because:

  • A. They are not incidents
  • B. They are agreements where authorities defer prosecution in exchange for compliance remediation — the company acknowledges the conduct and the terms should be disclosed ✓
  • C. They only exist in the US
  • D. They replace the need for G1-4 disclosure

Explanation: DPAs are quasi-admissions with remediation requirements. They are material G1-4 events that should be disclosed.

Q4.7 A company with confirmed incidents in year 1 and no incidents in year 2 should:

  • A. Not mention year 1
  • B. Disclose the year-on-year change and explain what corrective actions produced the improvement — demonstrating the feedback loop from detection to prevention ✓
  • C. Only report year 2 data
  • D. Delete year 1 data from all records

Explanation: Year-on-year context demonstrates whether the company is learning and improving — the most credible narrative.

Q4.8 Third-party incidents (corruption by agents, distributors, or JV partners) should be disclosed under G1-4 when:

  • A. Never — third parties are separate entities
  • B. The company is directly linked to the incident through the business relationship and has been subject to legal proceedings, regulatory findings, or internal investigation as a result ✓
  • C. Only when the third party is convicted
  • D. Only when the company is explicitly named in a court judgment

Explanation: Third-party incidents connected to the company through business relationships are within G1-4 scope.

Q4.9 The distinction between corruption and bribery is:

  • A. They are identical
  • B. Bribery is one form of corruption — corruption also includes extortion, embezzlement, fraud, nepotism, and abuse of power. G1-4 covers all forms ✓
  • C. Bribery is worse than corruption
  • D. Corruption only involves government officials

Explanation: Corruption is the broader concept; bribery (offering/receiving undue advantage) is its most common manifestation in business.

Q4.10 G1-4 disclosure should be cross-referenced with:

  • A. Only the financial statements
  • B. G1-3 (prevention measures — were they adequate?), G1-1 (culture — did tone from the top fail?), and the company's remediation response ✓
  • C. Only S1-17 (workforce incidents)
  • D. Only the auditor's report

Explanation: G1-4 incidents should be analysed against G1-3 controls (prevention failure?) and G1-1 culture (systemic or isolated?) — the golden thread.

Module 5 — G1-5 Political Influence and Lobbying

Q5.1 G1-5 requires disclosure of:

  • A. Only party political donations
  • B. The company's activities and expenditures related to political influence, including lobbying, political contributions, and membership of trade associations that engage in advocacy ✓
  • C. Only meetings with EU commissioners
  • D. Only registered lobbyists

Explanation: G1-5 covers the full spectrum of political influence — direct lobbying, contributions, trade association advocacy, and revolving-door arrangements.

Q5.2 Lobbying expenditure should be disclosed:

  • A. Only if it exceeds €1 million
  • B. Transparently, including the amount, the topics advocated, and the institutions targeted — enabling stakeholders to assess alignment between stated sustainability commitments and political advocacy ✓
  • C. Only if the company is a registered lobbyist
  • D. Only for lobbying in Brussels

Explanation: Transparency enables the critical question: does your lobbying match your sustainability strategy, or contradict it?

Q5.3 A company that publicly commits to climate action (E1) while lobbying against carbon pricing legislation faces:

  • A. No governance issue
  • B. An integrity gap between its sustainability disclosure and its political advocacy — a material G1-5 concern ✓
  • C. Only a PR problem
  • D. Only a risk if caught by the media

Explanation: Misalignment between sustainability commitments and lobbying positions is a credibility and governance issue — increasingly tracked by investors and NGOs.

Q5.4 The EU Transparency Register requires:

  • A. All EU citizens to register
  • B. Organisations engaging in lobbying EU institutions to register, disclosing their activities, budget, and clients ✓
  • C. Only NGOs to register
  • D. Only registration for in-person meetings

Explanation: The Transparency Register promotes accountability for EU-level lobbying — directly relevant to G1-5 disclosure.

Q5.5 Trade association memberships are relevant to G1-5 because:

  • A. They are purely social activities
  • B. Trade associations often lobby on behalf of members — a company should disclose significant memberships and assess whether the association's advocacy aligns with its own sustainability commitments ✓
  • C. Only large trade associations matter
  • D. Trade associations are never political

Explanation: Indirect lobbying through trade associations is common. Companies should disclose memberships and assess advocacy alignment.

Q5.6 Political contributions (donations to parties, candidates, or campaigns) under G1-5:

  • A. Are prohibited in all EU countries
  • B. Vary by jurisdiction in legality and limits — where permitted and made, they must be disclosed with amounts, recipients, and the rationale ✓
  • C. Are always tax-deductible
  • D. Only matter above €10,000

Explanation: Political contribution rules vary by country. Where made, transparency is the G1-5 expectation.

Q5.7 "Revolving door" arrangements are relevant to G1-5 because:

  • A. They improve ventilation
  • B. The movement of individuals between government/regulatory roles and the private sector can create conflicts of interest and inappropriate influence — G1-5 expects transparency about such arrangements ✓
  • C. They only matter in the US
  • D. They are always illegal

Explanation: Revolving-door movements can create real or perceived conflicts of interest — disclosure promotes accountability.

Q5.8 Investors increasingly use G1-5 data to assess:

  • A. Only the company's marketing budget
  • B. Whether a company's political advocacy is consistent with its stated sustainability strategy — misalignment signals governance risk ✓
  • C. Only the CEO's political opinions
  • D. Only lobbying in the company's home country

Explanation: ESG investors explicitly check for lobbying-strategy alignment — it is a governance quality signal.

Q5.9 A company that makes no political contributions and conducts no direct lobbying should:

  • A. Not disclose G1-5
  • B. Disclose that it makes no political contributions and conducts no direct lobbying, and disclose any trade association memberships that involve advocacy ✓
  • C. Report zero without context
  • D. Ignore G1-5 entirely

Explanation: Absence of activity is a valid and disclosable finding — but trade association advocacy (indirect lobbying) should still be assessed.

Q5.10 Transparency about political influence builds trust because:

  • A. It has no effect
  • B. It demonstrates that the company is confident its advocacy is defensible — companies that hide their lobbying are implicitly acknowledging that it might not withstand scrutiny ✓
  • C. Only NGOs care about lobbying
  • D. Only government cares about lobbying

Explanation: Transparency is a credibility signal. Companies with defensible advocacy embrace disclosure; companies with problematic advocacy avoid it.

Module 6 — G1-6 Payment Practices

Q6.1 G1-6 requires disclosure of:

  • A. Only the company's bank details
  • B. The company's payment practices, including standard payment terms, average payment days, and the proportion of invoices paid within agreed terms ✓
  • C. Only payments to employees
  • D. Only late payment penalties incurred

Explanation: G1-6 addresses how the company treats its suppliers financially — a governance issue with direct value chain impact.

Q6.2 The EU Late Payment Directive (2011/7/EU) establishes:

  • A. No payment deadlines
  • B. Maximum 30-day terms for public authorities and a default 60-day maximum for business-to-business transactions (extendable only if expressly agreed and not grossly unfair) ✓
  • C. Only guidance, not requirements
  • D. A 120-day standard term

Explanation: The Directive sets enforceable payment term limits — companies with terms exceeding these face legal and G1-6 disclosure risk.

Q6.3 Aggressive payment practices (e.g., 120-day terms) affect G1 because:

  • A. Long payment terms have no governance implications
  • B. They transfer working capital risk to suppliers — often SMEs — and can constitute abuse of dominant position, undermining the sustainability of the supply chain ✓
  • C. Only affect large suppliers
  • D. Are only relevant for construction companies

Explanation: Payment practices are a power issue. Large companies with long terms effectively use SME suppliers as involuntary lenders.

Q6.4 G1-6 connects to S2 because:

  • A. They are unrelated
  • B. Aggressive payment terms force suppliers to cut costs — often at the expense of worker conditions, safety, and wages in the supply chain ✓
  • C. G1-6 replaces S2
  • D. Only financial suppliers are affected

Explanation: Payment practices are a root cause of value chain worker exploitation — the connection between G1-6 and S2 is direct and material.

Q6.5 Disclosure of average payment days should:

  • A. Only state the contractual terms
  • B. Show both the contractual terms and the actual average payment days, with explanation of any discrepancy ✓
  • C. Only show payments made on time
  • D. Only cover payments above €10,000

Explanation: The gap between contractual terms and actual payment behaviour is the most revealing metric — many companies that state "30-day terms" actually pay in 60+ days.

Q6.6 The proposed EU Late Payment Regulation (replacing the Directive) would:

  • A. Extend payment terms to 180 days
  • B. Strengthen enforcement with a strict 30-day maximum for B2B payments, mandatory interest, and enhanced enforcement mechanisms ✓
  • C. Make late payment voluntary
  • D. Only apply to government payments

Explanation: The proposed Regulation tightens terms and enforcement — signalling that the EU considers late payment a systemic governance failure.

Q6.7 A company with excellent G1-1 to G1-5 disclosure but 120-day payment terms to SME suppliers signals:

  • A. Strong governance
  • B. A credibility gap — ethical business conduct (G1) is undermined if the company uses its market power to impose terms that squeeze smaller partners ✓
  • C. Normal business practice
  • D. Only a procurement issue

Explanation: Payment practices are a test of whether ethics are genuine or performative. G1-6 makes this visible.

Q6.8 Payment practice data should be disaggregated by:

  • A. Only total averages
  • B. Supplier size (SME vs large), geography, and whether the supplier is a critical/strategic partner — revealing where the most vulnerable suppliers face the longest terms ✓
  • C. Only payment method
  • D. Only currency

Explanation: Disaggregation reveals whether payment pressures fall disproportionately on the most vulnerable suppliers.

Q6.9 "Dynamic discounting" and "supply chain finance" programmes are relevant to G1-6 because:

  • A. They always benefit suppliers
  • B. They can provide suppliers with earlier payment in exchange for a discount — but can also effectively shift the cost of the buyer's late payment to the supplier, especially when "voluntary" participation is de facto required ✓
  • C. They replace the need for payment term reform
  • D. They only apply to financial institutions

Explanation: SCF programmes can be beneficial or exploitative — G1-6 disclosure should explain the terms and whether supplier participation is genuinely voluntary.

Q6.10 Leading practice for G1-6 includes:

  • A. Only meeting legal deadlines
  • B. Prompt payment commitments (e.g., signing the UK Prompt Payment Code), public reporting of actual payment days, and linking procurement team KPIs to payment timeliness ✓
  • C. Only paying large invoices quickly
  • D. Only offering early payment for a discount

Explanation: Commitments, transparency, and internal incentive alignment demonstrate genuine governance commitment to fair payment.

Module 7 — Whistleblowing, Speak-Up Culture & Retaliation Protection

Q7.1 The EU Whistleblower Protection Directive (2019/1937) requires:

  • A. Only public-sector whistleblower channels
  • B. Companies with 50+ employees to establish internal reporting channels, protect reporters from retaliation, and ensure reports are investigated within defined timeframes ✓
  • C. Only large companies with 1,000+ employees
  • D. Only channels for financial fraud reports

Explanation: The Directive covers companies with 50+ employees and protects reporters of breaches across a broad range of EU law.

Q7.2 Retaliation against whistleblowers under the Directive can include:

  • A. Only dismissal
  • B. Dismissal, demotion, harassment, blacklisting, disciplinary action, withholding of benefits, negative performance reviews, and any other detrimental treatment ✓
  • C. Only financial penalties
  • D. Only criminal prosecution

Explanation: The Directive defines retaliation broadly — any detrimental action as a consequence of reporting.

Q7.3 A "speak-up culture" differs from a whistleblower hotline because:

  • A. They are identical
  • B. A hotline is a channel; a speak-up culture is an environment where employees feel safe raising concerns at any level, without fear of consequences — the hotline is only one element ✓
  • C. Only large companies need a speak-up culture
  • D. Speak-up cultures eliminate the need for formal channels

Explanation: Culture creates the willingness to speak; channels provide the mechanism. Both are needed — one without the other is insufficient.

Q7.4 The effectiveness of a speak-up system should be measured by:

  • A. Only the number of reports
  • B. Report volume, reporter demographics (are all levels reporting?), substantiation rates, investigation timeliness, outcome fairness, reporter satisfaction, and retaliation incidents ✓
  • C. Only the cost of the hotline
  • D. Only reports that led to terminations

Explanation: Multiple metrics are needed to assess whether the system is trusted, accessible, and effective.

Q7.5 Anonymous reporting should be:

  • A. Prohibited to ensure accountability
  • B. Available as an option — many reporters will not come forward without anonymity, and the quality of anonymous reports is often comparable to identified reports ✓
  • C. The only option offered
  • D. Only available to senior managers

Explanation: Anonymity increases reporting willingness. Many jurisdictions and the Directive encourage anonymous reporting options.

Q7.6 Investigation of speak-up reports should be:

  • A. Conducted by the accused person's manager
  • B. Independent, confidential, timely, and conducted by trained investigators with no conflict of interest ✓
  • C. Only conducted by external lawyers
  • D. Only conducted when criminal conduct is alleged

Explanation: Independence and confidentiality are essential for investigation credibility — conflict of interest must be actively managed.

Q7.7 G1-1 and whistleblowing connect because:

  • A. They are unrelated
  • B. The speak-up system is the enforcement mechanism for the business conduct framework — without it, policies are unenforceable and culture is untestable ✓
  • C. Whistleblowing replaces G1-1
  • D. Only G1-4 relates to whistleblowing

Explanation: The speak-up system closes the loop: policies set expectations, training builds awareness, and reporting channels enable enforcement.

Q7.8 Low speak-up reporting volumes may indicate:

  • A. A perfect ethical culture
  • B. Either genuine compliance OR a culture of fear, low awareness of channels, lack of trust in investigation, or active suppression — context determines which ✓
  • C. That channels are too accessible
  • D. That training is too effective

Explanation: Low volumes are ambiguous — they may signal trust failure rather than ethical excellence. G1 disclosure should address this ambiguity.

Q7.9 The Directive requires feedback to the reporter within:

  • A. 24 hours
  • B. A reasonable timeframe, with acknowledgment within 7 days and feedback on actions taken within 3 months ✓
  • C. 12 months
  • D. No timeframe is specified

Explanation: The 7-day acknowledgment and 3-month feedback deadlines create accountability for timely processing.

Q7.10 External reporting channels (to regulators, authorities) are:

  • A. Prohibited under the Directive
  • B. Available to reporters who have first used internal channels without receiving an adequate response, or who have reasonable grounds to believe internal reporting would be ineffective or could lead to retaliation ✓
  • C. The only permissible channels
  • D. Only available for criminal matters

Explanation: The Directive allows external reporting when internal channels are inadequate or risky — creating an escalation path.

Module 8 — G1 ↔ S1/S2/E1 Cross-Standard Integration

Q8.1 G1 connects to S1 (Own Workforce) when:

  • A. They are unrelated
  • B. Corruption and governance failures directly affect workers — falsified safety data (S1-14), suppressed complaints (S1-17), and discriminatory practices enabled by weak oversight ✓
  • C. G1 replaces S1
  • D. Only HR policies connect them

Explanation: Governance failure cascades into workforce harm. A manager who falsifies H&S data to meet bonus targets is a G1 and S1 issue simultaneously.

Q8.2 G1 connects to S2 (Value Chain Workers) through:

  • A. Only supplier contracts
  • B. Corruption in supplier relationships (kickbacks, fraudulent audits, bribery of inspectors) that enables labour exploitation; and payment practices (G1-6) that force suppliers to cut labour costs ✓
  • C. Only logistics
  • D. Only procurement policies

Explanation: G1 failures enable S2 harms. Bribed auditors don't find forced labour. Squeezed suppliers can't pay living wages.

Q8.3 G1 connects to E1 (Climate Change) when:

  • A. They are unrelated
  • B. A company lobbies against climate regulation (G1-5) while claiming climate leadership (E1) — creating a material integrity gap ✓
  • C. Only emissions trading is affected
  • D. Only carbon credits are relevant

Explanation: Climate lobbying misalignment is one of the most scrutinised G1-E1 connections — investors track it actively.

Q8.4 G1 connects to E5 (Circular Economy) through:

  • A. Only waste management contracts
  • B. Greenwashing of circular claims (G1 conduct issue) and corruption in waste disposal (falsified waste transfer notes, illegal dumping enabled by bribed regulators) ✓
  • C. Only recycling targets
  • D. Only packaging design

Explanation: Environmental crime — illegal dumping, falsified waste records — is a G1 governance failure with E5 consequences.

Q8.5 "Compliance programme effectiveness" as an integrated concept means:

  • A. Passing an external audit
  • B. Demonstrating that the G1 framework actually prevents misconduct, detects it when it occurs, and corrects it — assessed through outcome metrics, not just programme existence ✓
  • C. Only having a compliance officer
  • D. Only completing annual training

Explanation: Effectiveness is measured by outcomes (incidents prevented, detected, corrected), not inputs (policies written, training delivered).

Q8.6 Board-level oversight of G1 should include:

  • A. Only annual compliance reports
  • B. Regular reporting to the board or a designated committee on conduct risks, speak-up trends, investigation outcomes, and political advocacy activities ✓
  • C. Only approval of the code of conduct
  • D. Only setting the compliance budget

Explanation: Active board oversight — receiving regular data, questioning trends, and ensuring accountability — is the governance expectation.

Q8.7 Incentive structures connect to G1 when:

  • A. They are unrelated
  • B. Bonus and performance metrics that reward results without considering how they are achieved can create pressure for unethical conduct — G1 governance should ensure incentives align with ethical standards ✓
  • C. Only sales bonuses are affected
  • D. Only executive compensation is relevant

Explanation: "Hit the number at any cost" cultures are a primary driver of misconduct. G1 governance should scrutinise incentive design.

Q8.8 Environmental crime (illegal dumping, emissions fraud, false environmental reporting) is:

  • A. Only an environmental issue
  • B. A G1 governance failure — enabled by weak internal controls, inadequate monitoring, or corrupt practices — with environmental consequences ✓
  • C. Only a regulatory issue
  • D. Only relevant for heavy industry

Explanation: Environmental crimes are conducted by people and enabled by governance failures. They sit at the intersection of G1 and E-standards.

Q8.9 The CS3D (Corporate Sustainability Due Diligence Directive) reinforces G1 by:

  • A. Replacing G1
  • B. Making value chain due diligence — including governance, anti-corruption, and human rights — a legal obligation with civil liability ✓
  • C. Only covering environmental due diligence
  • D. Only covering companies with 10,000+ employees

Explanation: CS3D creates legal teeth for value chain governance — directly strengthening the imperative for robust G1 programmes.

Q8.10 Integrated G1 disclosure should show:

  • A. Only policies and numbers
  • B. How the business conduct framework (G1-1) prevents corruption (G1-3), enables detection (G1-4), governs political activity (G1-5), ensures fair payment (G1-6), and connects to environmental and social outcomes across other ESRS standards ✓
  • C. Only financial effects
  • D. Only training statistics

Explanation: The golden thread runs through all G1 DRs and connects outward to S1, S2, S3, S4, and E1–E5.

Module 9 — Financial Effects, Enforcement & Next Steps

Q9.1 G1 financial effects (ESRS 2) should cover:

  • A. Only compliance programme costs
  • B. Material risks (fines, debarment, litigation, reputational damage), opportunities (trust, preferred partner status, ESG capital access), and dependencies (ethical supplier relationships, social licence) ✓
  • C. Only charitable donations
  • D. Only lobbying expenditure

Explanation: The three ESRS 2 categories apply: risks, opportunities, and dependencies.

Q9.2 Corruption-related fines can reach:

  • A. Maximum €100,000
  • B. Billions of euros — major FCPA and UK Bribery Act settlements have exceeded €1 billion, with additional debarment from public contracts ✓
  • C. Maximum €1 million
  • D. Only administrative penalties

Explanation: Corruption enforcement has escalated dramatically. Siemens (€1.6 billion), Airbus (€3.6 billion), and others demonstrate the scale.

Q9.3 Debarment from public procurement is a G1 financial risk because:

  • A. Public procurement is a small market
  • B. EU public procurement directives allow exclusion of companies with corruption convictions — potentially cutting off access to billions in government contracts ✓
  • C. Only defence companies are affected
  • D. Debarment is temporary and inconsequential

Explanation: Debarment can exclude companies from all public contracts across the EU — a devastating commercial consequence.

Q9.4 Reputational damage from corruption is:

  • A. Always temporary
  • B. Often the most costly consequence — exceeding fines — through customer loss, talent attrition, share price decline, and loss of banking/insurance relationships ✓
  • C. Only relevant for consumer brands
  • D. Easily managed through PR

Explanation: Reputational damage from corruption persists for years. Trust, once broken, is expensive and slow to rebuild.

Q9.5 Companies with strong G1 programmes benefit from:

  • A. No competitive advantage
  • B. Preferred partner status with ethical customers, reduced insurance premiums, ESG-linked financing, regulatory goodwill, and talent attraction ✓
  • C. Only lower legal costs
  • D. Only tax benefits

Explanation: Strong ethics is a commercial asset — measurable through customer retention, financing terms, and talent metrics.

Q9.6 A 90-day action plan for G1 readiness should include:

  • A. Only writing a code of conduct
  • B. Review existing code and policies, assess anti-corruption controls, evaluate speak-up channel effectiveness, audit payment practices, review political activities, and present findings to the board ✓
  • C. Only hiring a compliance officer
  • D. Only conducting anti-corruption training

Explanation: Systematic: review policies → assess controls → evaluate channels → audit payments → review political activity → board presentation.

Q9.7 The "three lines of defence" model applied to G1 means:

  • A. Three levels of password protection
  • B. Line 1 (business units own conduct risk), Line 2 (compliance/risk functions provide oversight), Line 3 (internal audit provides independent assurance) ✓
  • C. Only three compliance officers
  • D. Three levels of management approval

Explanation: The three lines model distributes accountability — business units don't delegate ethics to compliance; compliance provides oversight; internal audit verifies.

Q9.8 "Culture audits" or "ethical climate surveys" are relevant to G1 because:

  • A. They measure office temperature
  • B. They assess whether the formal G1 framework translates into actual behaviour — the gap between what policies say and what employees experience ✓
  • C. They replace internal audits
  • D. They only measure satisfaction

Explanation: Culture assessment is the ultimate effectiveness test — do employees feel safe speaking up, see ethics enforced consistently, and trust the system?

Q9.9 After completing this course, the most important first step is:

  • A. Publishing a new code of conduct
  • B. Honestly assessing whether your G1 framework is effective — not just whether policies exist, but whether they change behaviour ✓
  • C. Benchmarking against competitors
  • D. Reducing the compliance budget

Explanation: Effectiveness, not existence, is the test. Policies without behaviour change are governance theatre.

Q9.10 The ultimate goal of ESRS G1 is:

  • A. To increase compliance costs
  • B. To drive corporate transparency and accountability in business conduct — ensuring that ethical governance is not just stated but demonstrated, measured, and continuously improved ✓
  • C. To eliminate all business risk
  • D. To standardise corporate policies

Explanation: G1 exists to make governance visible and accountable — converting stated values into demonstrated behaviour.

Module 10 — Integration & Assessment Preparation

Q10.1 The golden thread in G1 connects:

  • A. Only codes and policies
  • B. G1-1 (culture/policy) → G1-2 (supplier conduct) → G1-3 (prevention) → G1-4 (incidents) → G1-5 (political influence) → G1-6 (payment) → ESRS 2 (financial effects) ✓
  • C. Only anti-corruption measures
  • D. Only financial metrics

Explanation: The chain runs through all 6 DRs and financial effects — with cross-connections to every other ESRS standard.

Q10.2 G1 is the "connective tissue" of ESRS because:

  • A. It is optional
  • B. Governance failures enable every other kind of harm — environmental crime (E), worker exploitation (S), consumer deception (S4) — making G1 the foundation standard ✓
  • C. It only covers one topic
  • D. It has the fewest DRs

Explanation: G1 is foundational: strong governance prevents environmental and social harm; weak governance enables it.

Q10.3 A company that excels at E1–E5 and S1–S4 but has weak G1 disclosure signals:

  • A. Full ESRS compliance
  • B. A credibility risk — strong environmental and social performance is less trustworthy without demonstrated ethical governance ✓
  • C. That G1 is immaterial
  • D. That only environmental/social standards matter

Explanation: G1 is the credibility test. Without it, environmental and social disclosures rest on unverified governance claims.

Q10.4 The single most important G1 concept is:

  • A. The number of policies in place
  • B. That governance is about behaviour, not documents — policies, training, and channels matter only insofar as they change how people actually conduct business ✓
  • C. The compliance budget
  • D. The number of investigations

Explanation: Behaviour is the test. The question is not "do you have a code?" but "does your code change what people do?"

Q10.5 Effective G1 governance requires:

  • A. Only top-down directives
  • B. Tone from the top (board commitment), tone from the middle (management reinforcement), accessible channels (speak-up), effective investigation, consistent enforcement, and continuous improvement ✓
  • C. Only a large compliance department
  • D. Only external audits

Explanation: The full chain: commitment → reinforcement → channels → investigation → enforcement → learning.

Q10.6 The interaction between incentive structures and ethical conduct means:

  • A. Incentives are irrelevant to ethics
  • B. When performance metrics reward results without questioning methods, they create pressure for misconduct — governance must ensure incentives align with ethical standards ✓
  • C. Only sales incentives matter
  • D. Only executive bonuses are relevant

Explanation: "Hit the number" cultures are root causes of misconduct. G1 governance should audit incentive design for ethical alignment.

Q10.7 Payment practices (G1-6) are a governance issue, not just a procurement issue, because:

  • A. Procurement is not part of governance
  • B. Payment terms reflect the power dynamics and ethical choices of the company — using market power to impose unfair terms is a conduct choice, not just a commercial one ✓
  • C. Only finance departments set payment terms
  • D. Only government procurement has payment obligations

Explanation: Payment terms are a governance choice — they reveal whether a company's ethics extend to its treatment of commercial partners.

Q10.8 The most effective way to demonstrate G1 programme effectiveness is:

  • A. Publishing a longer code of conduct
  • B. Showing outcome data: speak-up volumes and trends, investigation outcomes, training effectiveness metrics, incident reduction over time, and culture survey results ✓
  • C. Increasing the compliance budget
  • D. Hiring more lawyers

Explanation: Outcomes, not inputs, demonstrate effectiveness. Data-driven disclosure is more credible than narrative claims.

Q10.9 G1 disclosure quality is improving across Europe because:

  • A. Companies enjoy governance reporting
  • B. CS3D civil liability, enhanced enforcement (FCPA, UK Bribery Act, EU AMLD), investor ESG screening, and CSRD assurance requirements are creating compound incentives for genuine governance transparency ✓
  • C. Only regulatory pressure drives improvement
  • D. Only large companies are improving

Explanation: Multiple pressures — legal, regulatory, investor, and assurance — are converging to drive better G1 disclosure.

Q10.10 After completing this course, a professional should be able to:

  • A. Only recite the 6 G1 DRs
  • B. Assess their company's business conduct framework, identify gaps against G1 requirements, evaluate the effectiveness of anti-corruption controls and speak-up channels, and build a governance improvement roadmap ✓
  • C. Only pass the exam
  • D. Only write a code of conduct

Explanation: Applied competence — assessment, gap identification, effectiveness evaluation, and roadmap development — is the course outcome.

GitHub RepoRequest for Change (RFC)