This Code of Conduct guides and instructs the work of Corisk AS, its employees, and representatives.

The Code of Conduct was approved by the Board of Directors as of 17 February, 2024.

Corisk AS: Code of Conduct

By “Corisk”, this Code of Conduct and Policies refer to the company Corisk AS, registered in Norway, and any of its subsidiaries.

This Code of Conduct and its Policies are approved and managed by the Board of Directors.

This Code of Conduct and Policies apply to all representatives, managers, employees, trustees, contractors, and entities of Corisk AS, in all circumstances and in relations with all stakeholders.

Corisk is a Norwegian company working under Norwegian Law including, but not restricted to: The Company Act, the Taxation Act, the Labour Act, the Transparency Act, the Public Procurement Act, and the Sanctions Act.

This Code of Conduct and its Policies shall be made available to all employees, trustees, and contractors without undue delay. Failure by employees, management, trustees, or contractors to honour the provisions of this Code of Conduct and Policies is a breach of the Code of Conduct, and may lead to disciplinary action, up to and including termination of contract.

This Code of Conduct includes the following, integrated Policies:

  1. Transparency and Open Information Policy
  2. Anti-Corruption Policy
  3. Anti-discrimination and Human Rights Policy
  4. External Impact Policy
  5. Conflict of Interest Policy
  6. Contractual and Legal Policy

Last revised and approved by the Board of Directors of Corisk at: February 17, 2024

1. Transparency and Open Information policy

Corisk AS depends on transparency and accountability in our relations with all stakeholders. We report and disclose key registry information, annual reports and accounts, and policies in accordance with best international practice and Norwegian law. Further, we report and disclose information as requested by funding partners and their national legislation.

Corisk acts in good faith and in the interest of clients, and always provides advise and services under full consideration of honesty, truthfulness, and available facts.

Within the limits of contractual confidentiality and commercial interest, we release as much of our research and other publications as possible, and as far as possible in open license (Creative Commons). Non-disclosure shall be reasoned and practiced in accordance with this policy. Conventional understanding of the value of confidentiality and consideration for client interest is always applied.

The reporting and policy language of Corisk AS, is British English.

Information shall, as far as commercial interest and this policy permits, be available at the Corisk website (www.corisk.no).

We generally share the following information:

  • Governing documents, codes of conduct and policies.
  • Annual accounts, annual reports, and audit reports.
  • Contact details of key management.
  • Research and reports, unless otherwise specifically agreed with clients and in accordance with the provisions of this policy.
  • General information about evaluations or closed misconduct cases.

We generally do not share the following information:

  • Personal information about management, staff, partners, or clients
  • Information concerning or impacting clients’ or stakeholder’s right to privacy, data protection, physical security, personal safety, fundamental or human rights, or other legitimate concerns.
  • Information that is confidential based on legal, contractual, copyright, or legitimate commercial provisions.
  • Company strategies, plans of action, handbooks, pricing strategies, etc.
  • Core methodologies such as our methodologies and standards pertaining to advisory within country risk, due diligence, mergers & acquisitions, etc.
  • Internal audit reports, reviews, or similar information.
  • Client contracts or client lists.

 

Corisk only collects, stores, and manages personal and company information that is necessary to deliver services and perform advisory consulting, and for as long as necessary to deliver the service. We never share personal or company information processed for one client or partner, with another client or partner.

Corisk adheres to the provisions of the EU General Data Protection Regulation (GDPR), and Norwegian legislation concerning privacy and data storage. Information about employees, contractors, clients, or partners shall be stored and managed in a secure space in accordance with Norwegian laws and regulations.

 

2. Anti-Corruption Policy

Corisk endorses the principles and provisions defined by the UN Convention Against Corruption, and the OECD Anti-Bribery Convention.

We define corruption as any abuse of power for illegitimate individual or group benefits, including but not limited to bribery, facilitation payment, kickbacks, hush money, sweeteners, gratuities, boodle, payola, baksheesh, embezzlement, theft, extortion, fraud, and sexual services. We also define corruption as illegitimate, non-earned, or otherwise favoured treatment including services, employment, frills, contract awards, or payments of any kind.

We define a bribe as an improper or undue advantage that someone offers to gain influence over a third party’s decision.  We define facilitation payments as a small or limited amount paid to secure or expedite the performance of a routine or necessary action to which the payer has legal or other entitlement to, not providing an undue advantage.

Corisk takes a firm stand against all corruption, and actively strives to prevent, avoid, and detect any kinds of corruption including among own personnel, trustees, or those of clients, partners, or other stakeholders. We practice zero tolerance for corruption throughout our value-chain.

Corisk will not take on work, contractual obligations, or funding from individual or entities related to governments or publicly owned entities of countries that are under United Nations sanctions, Norwegian sanctions, the FATF Grey List, or the FATF Black List.

Corisk will not take on work, contractual obligations, or funding from individual or entities wholly or partly owned by individuals directly related to such governments as mentioned above, including their family members.

To establish risks of corruption, Corisk will undertake Know Your Customer (KYC) and Due Diligence (DD) measures to screen potential clients or partners in accordance with best practice including the OECD Due Diligence Guidance for Responsible Business Conduct.

Corisk employees, management, trustees, or contractors must never accept or provide bribes or other benefits defined as corruptions under this Policy.  The only exception to this rule occurs when the representative has legitimate reason to believe that denying facilitation or briberies may put his or others’ life, health, or substantial property in danger. In such emergency case, the Board of Directors shall be informed, and (if relevant) the value be precisely entered in the accounts.

Corisk employees, management, trustees, or contractors must never accept any honour, decoration, favour, gift, or economic remuneration from external sources without the prior authorisation.

Corisk personnel or trustees who become aware of potential corruption must report this, without undue delay, to the Board of Directors.

If Corisk representatives have received any gift or favour as described in this policy, the Board of Directors shall be notified and the recipient shall return the gift or favour to its original source. If such return appears impossible, a physical gift or remuneration shall be donated to a certified charitable organisation that is independent of, and non-related to, Corisk and its representatives.

Corisk representatives may only take part in events that have a clear and legitimate business reason, arranged with reasonable costs and limits, in a legitimate context. Corisk representatives will accept travel and expense coverage from existing or prospective clients, or from established external donors, if that is an agreed liability of the third-party or if it is reasoned in direct business interests with the third party such as client acquisition, kick-offs, negotiations, etc.

Corisk may support sponsorships or charitable donations, but never for the purpose or the effect of obtaining an unfair advantage.

Corisk shall report in the Annual Report any instance of investigation or invention against the company or its representatives under anti-corruption regulations.

3. Non-discrimination and Human Rights Policy

Corisk practices non-discriminatory management throughout all our operations, including equal pay for equal work. We have a zero-tolerance policy against sexual exploitation or harassment. We respect the rights of freedom from slavery, freedom from forced labour, freedom from child labour, and the freedom to organize and exercise freedom of expression. Corisk follows the provisions of key labour market frameworks in Norway (“Hovedavtalen” and labour legislation).

Corisk employees and contractors shall be given informed access to whistle­blowing without fear or threats of any disciplinary repercussions. Whistleblowing or similar reporting shall be directed to the Chairman of the Board of Directors.

Corisk adheres to the provisions and standards as defined by the UN Declaration of Human Rights, the European Convention of Human Rights, the ILO Core Conventions, the UN Guiding Principles for Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and related  topical frameworks such as the UN Convention on the Rights of the Child, and the UN Convention against Transnational Organised Crime and its protocols.

Corisk rejects clients and partners with a known record or practice of ignoring fundamental human rights as mentioned above, including freedoms of expression or representation, freedoms against repression or slavery, social or gender rights, ethnic or religious rights, land rights, labour rights, or the rights of the child.

4. External Impact Policy

Corisk identifies and reports all external impact on public health or the environment in accordance with Norwegian law.

Corisk practices, and rejects clients or partners with a known record or practice of ignoring, fundamental ecological rights and provisions including but not restricted to those regulated under the UN Sustainable Development Goals, the UN Framework Convention on Climate Change, the Convention of Biological Diversity, the UN Convention on the Law of the Sea including the Biodiversity Beyond National Jurisdiction Treaty and other conventions and frameworks under the International Maritime Organisation or the International Seabed Authority, and the UN Fish Stock Agreement and its derived regional agreements.

Corisk performs all business and operations under due consideration of the health, environment, safety and security of the company’s own employees or contractors, and all other stakeholders. Our operations continuously strive to avoid negative external impacts on health or environment, by reducing impacts from energy consumption, procurement, waste management, and travel. We conduct travel only after due consideration of viable alternatives of conducting meetings or encounters digitally.

5. Conflict of Interest Policy

Corisk depends on the trust and confidence from our clients, partners, and other stakeholders. We act with professionalism, integrity, and honesty. practice the following Conflict of Interest Policy which also applies to our suppliers and partners that we engage across the value-chain.

Throughout this policy, we base our liabilities on the following definitions:

  • Appropriate person: Manager or process owner leading a process, contract or clientship involving Corisk.
  • Board member: Member of the Board of Directors of Corisk or its subsidiaries.
  • Conflict of interest: A situation in which someone’s personal interests could induce making decisions that are not in the best interests of Corisk.
  • Connected organisation: An organisation that someone or their connected person have an association with through ownership or influence, and which relates to Corisk as a client, partner, vendor, funder, or competitor.
  • Connected person: An individual bound by relations beyond professional relationships, including but not restricted to current or former kinship, family ties, intimate relationship, business partnership, employment, creditor or debtor position, or other similarly close connections.
  • Client: A customer of advisory or other services, or someone funding or commissioning research or other work carried out by Corisk.
  • Personal interest: An interest that may bring direct or indirect personal gain to Corisk representatives, connected persons, or connected organisations. Personal gain includes financial, political, religious, ethnic, or family benefits or advantages.

Corisk delivers advisory services, consulting, research or other work under due consideration of professionalism, integrity, honesty, and confidentiality. We never take on work or contractual liabilities for two or more clients that are in competition between them, unless expressively approved by those clients.

Corisk never performs advisory, research, or other work for clients that serves a purpose of hurting the legitimate interests of other client/s. When performing research, commissioned or non-commissioned by clients, Corisk may encounter material facts or analytical learnings that may imply conclusions contrary to the legitimate interest of (other) clients. In such cases, the freedom and integrity of scientific research and scrutiny takes precedence. Corisk is a firm believer in progress through scientific scrutiny and open exchange of views and information.

If existing clients assert that conclusions in our research counters their legitimate interests, Corisk will agree to seek renegotiation of contractual liabilities on fair and reasonable terms. We will enter such renegotiations with the precondition that our preference for scientific integrity and independence is a guiding principle to our work ethics and visible to all clients through this policy.

 

When making a decision on behalf of Corisk, our employees, management, trustees, or contractors must act in the best interests of the company and safeguard that they do not utilise their position to create real or perceived undue advantages for themselves, their relatives, or their close connections.

Corisk employees, management, trustees, or contractors must always act in accordance with the Code of Conduct and Policies of Corisk.

Corisk employees, management, trustees, or contractors must avoid getting into a position where one’s duty to act in the best interest of Corisk, may conflict with personal gain, interests, or political or religious beliefs or convictions.

Corisk employees, management, trustees, or contractors must avoid acting under instruction or undue influence by any government or authority external to Corisk.

Corisk employees, management, trustees, or contractors must disclose conflict of interest whenever that is perceived as potentially occurring, or when the nature of an association may arouse outsider allegations of actual or perceived conflict of interest. Disclosure of a potential conflict of interest shall be submitted to the Appropriate person, or to a member of the Board of Directors of Corisk.

Corisk employees, management, trustees, or contractors that become aware of, or suspect, that other similar representatives of Corisk may induce a conflict of interest, should disclose this to the Chairman of the Board of Directors.

In addition to the provisions established elsewhere under this Policy, Corisk employees, management, trustees, or contractors must not commit or contribute to any of the following:

  • Recruit, recommend, or promote family members unless as part of a competitive process, or as otherwise approved by the Board of Directors.
  • Take part in decisions involving a Connected person or a Connected organisation.
  • Undertake employment or engagement by another organisation than Corisk, unless approval is granted by the CEO or the Board of Directors. This also includes employment or engagement under annual leave, etc.
  • Undertake interest in Connected organisations without disclosing this to the Appropriate person, or to the CEO, or to the Board of Directors.
  • Commit or induce others to acquire or hold shares, bonds, or similar direct financial instruments of a company that is a client, a partner, or a target of other professional engagement by Corisk.
  • Acquire or hold shares, bonds, or similar direct financial instruments of a company that is a competitor of Corisk.

Corisk reports procurements and other business relationships with Connected organisations as part of annual reporting.

6. Contractual and Legal Policy

Corisk shall follow all laws and regulations of its domicile of registration (Norway), and of the countries relevant to the registration or operations of clients, partners, and funders. We will never contribute to, or uphold contractual liabilities to clients who contribute to, obstruction of the rule of law or the process of law.

In contractual situations, and unless otherwise agreed and approved by the Board of Directors, Corisk offers services under Norwegian Law with arbitration administered by Norwegian courts. Corisk strives to resolve conflicts with clients, partners, or funders in a spirit of honesty and mutual respect. Whenever possible, we will strive to resolve conflicts by arbitration before judicial litigation.

Unless otherwise agreed, terms of delivery and performance in contracts with clients follows the provisions of the relevant Standard Contract for Public Procurement of Norway. Customer-driven contracts with customer result responsibility and input guidance will be based on the terms of “Bistandsavtalen” (SSA-B), Research-driven and development contracts with consultant or shared result responsibility and input guidance will be based on the terms of “Oppdragsavtalen” (SSA-O). Publicly funded research contracts or obligations will be based on the terms of “Forskningsavtalen” (SSA-F).

Rull til toppen
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active
eu_cookies_bar
eu_cookies_bar_block
eu_cookies_bar_decline
Corisk adheres to a strict privacy policy. We do not anaylse or utilise cookie or traffic data in any way, and we do not share such data with any third parties. Corisk runs its websites through the WordPress technical publishing platform. WordPress' privacy policy statement includes provisions regarding their platform publishing customers, reading: "We [WordPress] and our partners process your personal data (such as browsing data, IP addresses, cookie information, and other unique identifiers) based on your consent and/or our legitimate interest to optimize our website, marketing activities, and your user experience."
Save settings
Cookies settings