CSRD and Governance: Background Checks as an ESG Topic
The Corporate Sustainability Reporting Directive (CSRD) has significantly expanded reporting obligations for large companies since 2026. Many companies focus on “E” (Environment) and “S” (Social) — but underestimate “G” (Governance). The ESRS G1 Business Conduct standard explicitly requires reporting on anti-corruption, whistleblowing, supplier due diligence, and internal control systems. Background checks are a key building block here — and therefore subject to reporting requirements.
CSRD scope: Who reports when?
CSRD application unfolds in four waves:
2025 (for fiscal year 2024): companies previously subject to NFRD (Public Interest Entities with more than 500 employees)
2026 (for fiscal year 2025): large companies (2 of 3: more than 250 employees, more than €50 million in revenue, more than €25 million in total assets)
2027 (for fiscal year 2026): listed SMEs
2029 (for fiscal year 2028): non-EU companies with at least €150 million in EU revenue
Across the EU: around 50,000 companies are additionally affected — many for the first time required to report.
ESRS G1: What governance reporting specifically requires
The European Sustainability Reporting Standard G1 “Business Conduct” includes five disclosure requirements:
G1-1: Corporate culture and business conduct policies
Description of the mechanisms for identifying, reporting, and investigating suspected cases. Background checks are not explicitly named, but are part of the “due diligence processes” for cultural integrity.
G1-2: Managing supplier relationships
Due diligence processes toward suppliers — including the integrity of business partners. For critical suppliers: background checks on the key individuals of the supplier (UBO, management) are standard practice.
G1-3: Corruption and bribery prevention
Three subpoints:
Business partner integrity (background checks, PEP, sanctions lists)
Employee training
Document confirmations
G1-4: Confirmed corruption or bribery incidents
Number and type of incidents, measures taken. This makes documentation mandatory — without systematic screening, reporting here is not possible.
G1-6: Payment practices
Concerns supplier payments; less relevant for background checks.
Why this is an HR topic
At first glance, ESRS G1 looks like a topic for compliance and procurement. Wrong. HR is central in at least three areas:
Hiring as a governance risk: Anyone hiring a person with a sanctions-list hit or a problematic history introduces a governance risk into the company. CSRD reporting requires how this risk is managed
Integrity of the leadership level: PEP status, adverse media, conflicts of interest — all of this is part of the G1 governance narrative
Double materiality: HR processes have an impact on corruption risk (materiality outside-in) and are in turn affected by corruption cases within the organization (materiality inside-out)
What must appear in the annual report
Concrete reporting language that addresses background checks:
“The company conducts structured integrity checks for hires into sensitive positions, including identity verification, qualification checks, sanctions-list screening (EU, UN, OFAC), PEP screening, and adverse media analysis.”
“The review processes are documented in a Group Compliance Policy. Execution takes place via the digital platform [provider name]. All results are archived in an audit-proof manner.”
“For regulated roles (management, compliance officer, MaRisk functions), an additional fit-and-proper assessment is carried out in accordance with § 25c KWG, FINMA Art. 3 BankG, or BWG § 5 (depending on jurisdiction).”
“During the reporting period, [number] screenings were carried out. Of these, [number] led to further case-by-case review. In [number] cases, a hiring decision was declined due to integrity risks.”
These metrics are CSRD-ready narratives with concrete numbers — exactly what auditors expect in the assurance process (Art. 34a Accounting Directive).
Double materiality assessment
CSRD requires double materiality: the company’s impacts outward and external influences on the company. For background checks:
Inside-out: What impact does the company have on society and the environment? Example — by hiring a sanctioned person, international sanctions regimes are circumvented
Outside-in: What governance risks threaten the company? Example — reputational damage from a publicly exposed mis-hire at C-level, sanctions violations due to careless screening
Both dimensions are subject to reporting requirements.
Interfaces with other regulations
LkSG / CSDDD — supply chain due diligence obligations. Background checks on key supplier personnel are part of this
EU Whistleblowing Directive (implemented through HinSchG in Germany) — integrity of ombudspersons
GDPR Art. 32 — appropriate technical and organizational measures, including personnel security
What about Switzerland?
Switzerland has not adopted CSRD. However, since 2024 the counterproposal to the Responsible Business Initiative has applied in the Swiss Code of Obligations (Art. 964a-c), with requirements for non-financial reporting for large groups. Swiss subsidiaries of EU-based groups are also indirectly subject to CSRD when the group reports.
What about Austria?
CSRD has been implemented through the Sustainability Reporting Act (NaBeG). Scope and timeline correspond to the EU wave.
Indicium for CSRD reporting
Indicium provides the operational foundation for G1 reporting:
Background check volume and results as a reporting metric
Audit-proof documentation for auditor assurance
GDPR-compliant data storage
Integrity narrative templates for the annual report on request
Conclusion
CSRD makes governance measurable. Background checks are no longer just HR compliance, but part of sustainability reporting. Companies that switch now to structured, documented processes will have an advantage in assurance audits — and with investors who evaluate ESG data in a structured way.
Talk to us about your CSRD reporting in the governance area.
Read more — related articles
Nabil El Berr
