The Independent Commission Against Corruption (ICAC) offers guidance on how to comply with Hong Kong’s upgraded disclosure requirements relating to anti-corruption policies and performance.

Globally, there is an increasing demand for better disclosure by listed companies, and stakeholders nowadays focus not only on listed companies’ financial performance but also on their performance in environmental, social and governance (ESG) aspects, including anti-corruption. In the international arena, some jurisdictions (such as Mainland China and Singapore) regulate the disclosure of ESG information through the listing rules of their local stock exchanges, while other jurisdictions (such as the UK and France) have introduced statutory amendments to codify disclosure requirements relating to non-financial information. In nearly all jurisdictions where disclosure of ESG information is required, anti-corruption is one of the essential disclosure aspects.

Anti-corruption measures form a vital part of corporate governance and are thus crucial to a company’s success. These measures include the means by which companies manage corruption risks and tackle corruption-related issues. Apart from the conventional financial and corporate governance reporting, quality disclosure of anti-corruption information and transparency of a company’s anti-corruption policies not only enhances a company’s goodwill and value, but also helps stakeholders, in particular investors, to understand the companies’ commitment, abilities and performance in anti-corruption initiatives and to make informed investment decisions.

In 2016, Hong Kong reached an important milestone in the enhancement of the transparency of listed companies’ ESG aspects when Hong Kong Exchanges and Clearing Ltd (HKEX) upgraded its required and recommended ESG reporting standards. Listed companies need to disclose, among other things, information on their anti-corruption policies and compliance with relevant laws and regulations on a comply-or-explain basis. This means that a listed company must report on such provisions or provide considered reasons for non-disclosure. In addition, HKEX recommends that listed companies disclose details of concluded legal cases regarding corrupt practices brought against them or their employees, and a description of their preventive measures and whistleblowing procedures.

Anti-corruption guidelines

Compliance with the HKEX upgraded ESG reporting requirements necessitates the implementation of a robust anti-corruption system. To assist listed companies in establishing and reviewing their anti-corruption systems, the Corruption Prevention Advisory Service (CPAS) of the Corruption Prevention Department, ICAC, published its Anti-corruption Programme – A Guide for Listed Companies (the Guide) in late 2016. The Guide provides comprehensive guidance on the components of a robust anti-corruption programme.

The Guide also recommends best practices in anti-corruption governance with reference to international standards. These include practices recommended by the G20 Anti-Corruption Working Group, the Global Compact Working Group, Global Reporting Initiative, Transparency International and the World Bank. The recommended practices of the Guide generally align with the requirements of ISO 37001 (Anti-bribery Management Systems – Requirements with Guidance for Use) published in 2016, which specifies the requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The recommended practices relate to the following areas:

  • anti-corruption laws and regulations – major anti-corruption laws and regulations relevant to business entities, including the Prevention of Bribery Ordinance (Cap 201) and overseas anti-corruption legislation, as well as regulations relating to the prevention of corruption in listed companies
  • roles and responsibilities – the governance framework adopted to implement an anti-corruption programme and the suggested roles and responsibilities of different personnel and parties in the programme
  • anti-corruption policies – top-level commitment to ethical business practices and anti-corruption, key integrity and conduct requirements for company’s personnel and business partners, the company’s whistleblowing policy and a brief description of corporate anti-corruption programme, and
  • anti-corruption programme – key elements of companies’ codes of conduct and recommended practices for corruption risk assessment, anti-corruption controls and integrity training.

Hong Kong’s current scorecard

In 2018, to assess listed companies’ performance in implementing the upgraded reporting requirements in anti-corruption, CPAS reviewed a number of ESG reports and/or annual reports for the financial year commencing in 2016. The samples covered companies listed on both the Main Board and GEM Board, in different industries and with different market capitalisation, reflecting the landscape of anti-corruption compliance among listed companies in Hong Kong. The major observations of the review were generally in line with those identified in the HKEX Analysis of ESG Practice Disclosure in 2016/2017. The following is a summary, which is by no means exhaustive, of the major findings of the review.

Compliance with the reporting requirements

Although the vast majority of sampled companies disclosed information on their anti-corruption policies and compliance (as required by the HKEX comply-or-explain provisions), a number of companies did not give considered reasons for non-disclosure, which amounted to a breach of the listing rules. The review also noted that, on average, only around 75% of sampled companies disclosed information relating to the HKEX ‘recommended disclosures’.

Disclosure of recommended core elements

There was a substantial gap between listed companies’ disclosures and CPAS’s recommended core disclosure elements (see below). For instance, only around 40% of sampled listed companies disclosed information about their policies on the acceptance of advantages and entertainment, and managing conflicts of interest. As for disclosure on corporate websites, only a small proportion of listed companies made the integrity requirements for directors, staff and business partners, as well as their whistleblowing policy, available on their corporate websites for reference by stakeholders.

Quality of disclosure

Where listed companies complied with HKEX’s reporting requirements, the quality of disclosures varied. While some listed companies made very good disclosure by providing comprehensive descriptions of their anti-corruption policies and compliance information, some companies appeared to have adopted a box-ticking approach and sought only to disclose minimum information required by HKEX. For instance, some listed companies either gave vague descriptions of their anti-corruption policies and compliance information, or merely provided generic statements, such as ‘we have an anti-corruption policy’, or ‘we have complied with all relevant laws and regulations’ without further elaboration. Such statements are neither informative nor helpful to stakeholders. As far as the anti-corruption policy is concerned, while it may be impractical to set out the policy in full, listed companies are expected to provide a summary of the policy and/or embed links to the related codes of conduct, guidelines and integrity requirements so as to provide useful information for stakeholders.

Recommended core disclosure elements

The ICAC understands that a checkbox approach may not be appropriate or effective for listed companies deciding on the anti-corruption information to be disclosed, but it will be useful to bear in mind the core elements needed by stakeholders in their assessment of companies’ risk controls. As there is no one-size-fits-all approach in ESG reporting, listed companies (and the parties which help them prepare the ESG reports) should assess the materiality of individual elements and their impact on the companies’ operations when deciding on the anti-corruption information to be disclosed.

In light of the upgraded reporting standards and having taken into account international practices in anti-corruption disclosure, CPAS recommends five core elements of a corporate anti-corruption programme that listed companies should disclose in their ESG reports.

Anti-corruption policies. Companies should disclose their anti-corruption policies, including management’s zero-tolerance against corruption in Hong Kong and elsewhere, and commitment to ethical practices/standards.

Corruption risk assessment. Companies should disclose their assessment of the risks and impacts of corruption on the key operations of the company, including their materiality assessment of anti-corruption issues.

Compliance with laws and regulations. Companies should disclose information on compliance with laws and regulations having a significant impact on the company (including local and overseas legislations related to corruption), and the number of concluded legal cases regarding corrupt practices brought against the company or its staff, and their outcomes.

Management approach and measures. Companies should disclose the anti-corruption measures adopted, and their execution and monitoring, including: (i) integrity requirements for directors and staff, covering the policy on offering and acceptance of advantages and entertainment, and managing conflicts of interest; (ii) whistleblowing policy, procedures and channels for reporting corruption or irregularities; (iii) integrity requirements for business partners and associates; (iv) corruption prevention controls for high-risk areas or procedures; and (v) clear and measurable target key performance indicators for the forthcoming years to facilitate continuous monitoring.

Capacity building. Companies should disclose their efforts in anti-corruption training to promote ethical business practices and awareness of directors, staff and business partners on corruption prevention, and statistics on anti-corruption training (for example the number of participants and training hours).

Apart from disclosing the above information in ESG reports, CPAS also recommends listed companies upload important anti-corruption policy documents to their corporate websites, including their codes of conduct for directors and staff, their integrity requirements for business partners (for example suppliers and contractors) and their whistleblowing policies and procedures, so that business counterparts and the investing public may obtain readily available information on the companies.

Corruption Prevention Advisory Service, Corruption Prevention Department

Independent Commission Against Corruption

The CPAS ‘Anti-corruption Programme – A Guide for Listed Companies’ is available for view and download at the CPAS website (, or via the ESG Resources Hyperlinks on the HKEX website (

SIDEBAR: At your service

The ICAC’s Corruption Prevention Advisory Service (CPAS) provides corruption prevention advice and services to private companies, organisations and individuals. The CPAS website ( offers access to corruption prevention resources, such as corruption prevention guides and toolkits, case studies, quick tips and red flags. Individuals and organisations can also subscribe to CPAS’s email alert service by scanning the QR code below to receive regular news and updates on corruption prevention (including newsletters and training packages).

CPAS can be contacted by email:, or via its hotline: 2526 6363. The hotline is available Monday to Friday, 9am to 6pm, with a voice message after office hours.