The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How Varma promotes ethical business contact

Case study: How Varma promotes ethical business contact

Varma provides pension insurance for work carried out in Finland, taking care of the statutory pension cover of private entrepreneurs and employees. Varma’s core task, securing pensions, is a significant social mandate that requires a high level of ethics and transparency.  Tweet This! Accordingly, knowing and abiding by common rules is an essential part of responsibility for Varma employees.

This case study is based on the 2019 Annual and Sustainability Report by Varma published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

Varma’s major societal role and the economic and social responsibility included in its core function call for a highly ethical corporate culture, and the ability to transparently communicate on its operations and the principles that guide them. In order to promote ethical business contact Varma took action to:

  • implement a Code of Conduct
  • introduce a Supplier Code of Conduct
  • foster compliance
  • promote data security

What are the material issues the company has identified?

In its 2019 Annual and Sustainability Report Varma identified a range of material issues, such as economic performance, mitigating climate change in investments, occupational health and safety, diversity and equal opportunity. Among these, promoting ethical business contact stands out as a key material issue for Varma.

Stakeholder engagement in accordance with the GRI Standards

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Varma engages with:

Stakeholder Group
Members of Varma’s governance bodies
Authorities and decision-makers
Labour market organisations
Sector organisations
Non-governmental organisations

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics Varma carried out an extensive email survey among more than 47,000 people representing different stakeholder groups: entrepreneurs, representatives of client companies, private customers, office space customers, Varma employees, partners and service providers, representatives of Varma’s administration, representatives of organisations and associations in the pension sector, labour market representatives, legislators, nongovernmental organisations and representatives of the media.

What actions were taken by Varma to promote ethical business contact?

In its 2019 Annual and Sustainability Report Varma reports that it took the following actions for promoting ethical business contact:

  • Implementing a Code of Conduct
  • Varma’s way of operating is described in its Code of Conduct. The purpose of the Code is to guide Varma employees in behaving responsibly. In the Code of Conduct, Varma commits to making purchases on market terms and conditions, combating the grey economy and bribery, and following responsible investment principles, among other things. Varma is committed to operating in accordance with the UN’s principles concerning business and human rights, and expects the same from its supply chain. The Code of Conduct includes guidelines on what to do if one sees or experiences inappropriate behaviour at the workplace and is complemented by Varma’s other internal guidelines and instructions, which have been drawn up, for example, to guarantee data security and data protection, to identify money laundering and to comply with insider regulations. Every Varma employee must abide by the Code of Conduct. In case of problems and suspected violations, employees can contact the Compliance Officer. In 2020, Varma intended to update its anti-corruption guidelines and open an independent whistleblowing channel for reporting any violations anonymously. The possibility for anonymous reporting is required in cases where the reporter believes that his/her supervisor is involved in the violation or fears that reporting the violation may cause problems at work or in partner relationships.
  • Introducing a Supplier Code of Conduct
  • Varma has drawn up a Supplier Code of Conduct in order to promote sustainability in its supply chain. The premise of the Supplier Code of Conduct is that Varma expects its direct service providers, i.e. first-tier suppliers, to commit to its sustainability requirements. The Supplier Code of Conduct covers, among other things, good business practices, human rights, occupational safety and health, and respect for the environment. It also includes a notification requirement and a permission for audits.
  • Fostering compliance
  • Through its Compliance function Varma ensures adherence to regulations, the Code of Conduct and other guidelines, and prevents legal risks from materialising. As a Compliance Officer, the head of legal affairs is responsible for organising the Compliance function. Compliance is promoted through the use of online courses, which every Varma employee is expected to complete at the start of their employment and every two years thereafter. The data security course is taken annually. The completion rate is monitored and reported, for example, to the Board of Directors. The online Code of Conduct course was completed in 2018 by 91% and the online data security course in 2019 by 92% of Varma employees.
  • Promoting data security
  • Varma tends to the data protection of its private customers by making sure that the processing of personal data fully conforms to laws, and other rules and regulations. As a Controller, Varma is also responsible for its suppliers’ compliance. The targets, responsibilities and means of data security management at Varma are defined in its data security policy. Data security management at Varma consists of planning based on the assessment of data security risks, measures that improve data security, reviewing and monitoring the level of data security, and the continuous improvement of data security practices.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 205-2 Communication and training about anti-corruption policies and procedures

Disclosure 205-2 Communication and training about anti-corruption policies and procedures corresponds to:


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified, IEMA & CIM recognised Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI Standards Certified, IEMA & CIM recognised course you will be taking the first step in gaining the many benefits of sustainability reporting.

Most importantly, you will gain the knowledge to use the GRI Standards, project manage your own first-class sustainability report and:

  • Identify your most important impacts on the Environment, Economy and Society
  • Begin taking solid, focused, all-round sustainability action ASAP



1) This case study is based on published information by Varma, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:


Note to Varma: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.