Published : June 14, 2016  /  Updated : December 9, 2019

6. Prevent corruption through third parties

Our business partners who provide services, either formally or informally, to Stora Enso are expected to operate with integrity. They must refrain from paying or receiving any Bribes, Facilitation Payment or Kickback on behalf of Stora Enso, or as part of their business.

6.1 General

In some circumstances third parties with whom we have a business relationship or which act for us (“Third Parties”) can put Stora Enso at risk of criminal liability if they bribe another person to obtain or retain business or a business advantage for Stora Enso.

The process in this Section 6 must be followed when engaging any new Third Party or when renewing the contract for any existing Third Party.

6.2 Critical Third Party

Critical Third Parties  are Third Parties who act on our behalf, and therefore present increased bribery risks as they are in a position to obtain or retain business or a business advantage for us, e.g. because they are helping us to win business from a commercial customer or interacting with a Public Official on our behalf. The most typical Critical Third Parties  include all types of agents, brokers, lobbyists and business consultants. The process in this Section 6 starts with identifying Critical Third Parties .

6.3 Process and Responsibility

Step 1 Assign Relationship Owner

The business responsible person for a given team / area of business shall assign responsibility for managing the process set forth in this Section 6 to a single point of contact (the “Relationship Owner”).

Step 2 Identify Critical Third Parties 

Follow the steps below to identify whether a Third Party  is a Critical Third Party  :


Step 3 Due diligence and Decision Making

Use this GAN Third Party Relationship Tool to assess the risk level of the Critical Third Party, conduct due diligence and make informed decision before engaging any Critical Third Party. Read here for more practical instruction about this tool.

For Critical Third Parties with long or revolving contract terms, due diligence needs to be repeated every 12 months for high risk parties, and every 24 months for medium risk parties. You will receive system notification 30 days before such time is due.

6.4 Mergers and acquisitions and joint venture partners

During mergers and acquisitions, the potential entities that Stora Enso may acquire or merge with may present Corruption risks if we do not take adequate procedures. A joint venture partner could also present Corruption risks if they perform services on behalf of Stora Enso and/or the joint venture. Therefore the “M&A Guideline” or its equivalent states that a risk assessment and due diligence must be performed as part of the acquisition analysis considering bribery, as well as other compliance risks.

The M&A compliance due diligence questionnaire can be found here and an example of anti-bribery representations which should be considered for inclusion in a shareholders agreement can be found here.