Business integrity
Practical Guide
Zero-tolerance for corruption and bribery
The UPM way
UPM's guiding principle is clear: we do not tolerate corruption or bribery in any form. We never offer or pay bribes to government officials or to private individuals, and we never solicit or accept bribes.
Examples and good practices for you
General principles
- Do not give or offer anything of value to improperly influence a business decision to get business, keep business, or gain an unfair advantage. This applies both directly and indirectly (i.e. through a third party acting on your behalf).
- Do not, directly or indirectly, ask for or accept anything of value that could affect – or appear to affect – your objectivity in business decisions.
- Understand that “anything of value” is broadly understood. It includes any payment, loan, discount, political or charitable contribution, reimbursement, gift, gift card, meal, entertainment, trip, employment or internship, business opportunity, service, or other benefit.
- Remember that with government officials the rules on corruption and bribery are even stricter. Even minor benefits offered or given to public officials may be considered bribery.
- Note that the term "government official" has a wide range of meanings in anti-corruption laws. It can include any officer, employee, representative of or candidate for a government department, agency, state-owned or state-controlled enterprise, municipality, parish, political party, or public international organization.
Corruption and other improper and illegal business practices
- Do your share in weeding out corruption by identifying and rejecting it.
- Avoid other improper business practices, including any unfair and unethical methods used to get business, keep business, or benefit improperly from your own or someone else’s business. Do not engage in extortion, embezzlement, fraud, misrepresentation, or false advertising. Many of these practices are illegal in different countries.
Gifts and hospitality
- Do not offer, give, or accept gifts, hospitality, meals, travel, or entertainment that are excessive or used to improperly influence business decisions or secure special treatment, or that could create the appearance of impropriety.
- Ensure that gifts or hospitality provided have a legitimate business purpose and are reasonable in type and value.
- Maintain clear and accurate expense records for all gifts, hospitality, meals, travel, and entertainment.
Risk management
- Regularly assess and document internal and external corruption and bribery risks your organization may face.
- Maintain prevention procedures, such as policies, training, and encouragement to report misconduct, that are proportionate to the level of risk.
- Ensure that your top management demonstrates – in communication and in practice – full commitment to zero-tolerance for corruption and bribery. All managers must lead by example.
- Train your employees and ensure they are aware of and committed to your anti-corruption policies. Perform background checks on suppliers and third parties acting on your behalf. Include contractual obligations to comply with applicable anti-corruption and anti-bribery laws and monitor compliance.
- Monitor and review your anti-corruption procedures and make improvements, where necessary.
Business transparency
The UPM way
By knowing our customers, suppliers, and other business partners and developing business relationships with them, UPM can improve business performance, supply security, and business continuity. At the same time, UPM can mitigate the risk of becoming involved in illegal business activities and suffering losses or reputational damage because of such relationships. This is why we must select our business partners carefully on the basis of objective criteria, such as requiring them to conduct business in compliance with applicable laws.
Examples and good practices for you
- Complete the appropriate registration requirements for your legal entity.
- Obtain and maintain all necessary licenses and permits required to conduct your business and enter into agreements.
- Ensure you have a valid agreement with a reputable insurance company that provides adequate insurance coverage for your activities with UPM.
- Regularly conduct effective risk assessment to identify risks for your business, such as economic, raw material supply, environmental (storms, floods, etc.), social and human rights, and cyber risks.
- Deal with risks consistently and establish controls to manage them.
- Inform UPM if you become aware of any risks that could impact UPM's business. Doing so helps us proactively and effectively manage the risk together
- Provide UPM with necessary information about your company’s sustainability performance or any human rights risk or environmental harm that could be connected to UPM’s business. We have a shared responsibility to address and transparently report sustainability risks and impacts.
- Be aware of the tax legislation that applies to your business and of any taxes or other official payments your business is subject to. Prevent tax evasion through appropriate monitoring.
- Prevent money laundering, fraud and other forms of financial crimes in your operations, e.g. by doing appropriate risk assessments and financial and other background checks on your business partners.
- Stay up to date with and apply trade restrictions imposed due to international sanction regimes. In practice, screen your suppliers, customers and other business partners against sanctions lists to avoid transactions with sanctioned parties. Conduct additional monitoring where necessary, e.g. in certain geographic areas, to identify and mitigate compliance risks.
Conflicts of interest
- Avoid situations when your interests as a UPM supplier or third-party intermediary conflict with UPM’s interests.
- Normal conflicting interests, such as those relating to commercial terms and customer service, are not considered conflicts of interest in this context. A conflict arises when objective decision-making is threatened by such interests.
- Disclose any situations where your employees have personal affiliations with UPM, or UPM employees have a material financial interest in your business. Transparency ensures objective and fair decision-making on both sides.
Compliance with competition laws
The UPM way
In UPM, our actions need to comply with all applicable laws regulating competition at all times. Compliance with competition laws prevents us from making agreements or establishing other practices that restrict competition. We do not discuss or provide any sensitive information to a competitor.
Examples and good practices for you
- Do not engage in price fixing, market or customer allocation, bid rigging, boycotting, or limiting production with competitors.
- Do not discuss or exchange sensitive information with competitors in ways that violate competition laws.
- Ensure that all contacts or commercial agreements with competitors, as well as participation in trade and professional associations, fully comply with applicable competition laws.
- Be aware that certain contractual terms, such as resale restrictions, resale price maintenance, and exclusivity arrangements, may require legal review.
- If your company holds a dominant market position, do not abuse it.
Protect assets and information
The UPM way
UPM employees are responsible for handling UPM's and our business partners' assets, such as machinery, equipment, raw materials, vehicles, IT and mobile devices, and funds, with care and protect them from damage, loss, theft, and misuse. We handle confidential information and personal data carefully, use artificial intelligence ethically and responsibly, and protect the company against cyber risks.
As a publicly listed company, all public disclosures of UPM's information need to be made in compliance with the applicable laws and rules of the stock exchange.
Examples and good practices for you
- Use UPM's assets, including information, only for the purposes for which they have been entrusted to you.
- Take appropriate measures to safeguard the confidentiality and security of data, including UPM's trade secrets. Use non-disclosure agreements and other protection systems, and restrict access to confidential data only to those who need it for their work.
- Do not discuss confidential topics in public spaces, social media, or with relatives or friends.
- Ensure that IT tools used in your business are appropriately protected against cyber risks.
- Implement IT information security policies to protect data and assets from cyber risks.
- Ensure that your employees and business partners understand and commit to your confidentiality and cybersecurity requirements through training and communication.
- Collect, process, store and dispose of personal data in accordance with applicable data protection laws.
- Understand how AI is used in your business and by your employees. Ensure that it complies with applicable legislation.
- Safeguard UPM's intellectual property, such as inventions, patents, trademarks, and domain names, by maintaining adequate legal protection or confidentiality.
- Ensure that your products and services do not infringe on the intellectual property rights of any third parties.