15 August, 2025
BlueOnion fully supports the Hong Kong Securities and Futures Commission's initiative to launch a voluntary Code of Conduct for providers of Environmental, Social, and Governance (ESG) ratings and data products (the “Code”). This Self-Assessment Document outlines BlueOnion's commitment to adhering to the standards and principles established by the Code, particularly in relation to its proprietary ESG scores and related data products (together, “ESG Solutions”). BlueOnion continues to implement measures designed to ensure its ESG Solutions meet the expectations set forth in the Code.
This Self-Attestation Document is prepared pursuant to paragraph 2.3 of the Code of Conduct for ESG Ratings and Data Products Providers, developed under the sponsorship of the Hong Kong Securities and Futures Commission through the Hong Kong ESG Ratings and Data Products Providers Voluntary Code of Conduct Working Group.
BlueOnion commits to managing its business with rigorous transparency, robust governance, effective management of conflicts of interest, and responsible handling of data.
Endorsing this voluntary Code, BlueOnion seeks to contribute to fostering greater transparency, reliability, and market integrity within the ESG ratings and data industry. We remain open to collaboration with regulators and peers to support the growth and development of consistent industry standards in Hong Kong and beyond.
In completing this document, BlueOnion provides references to its relevant policies and frameworks where appropriate and clarifies any regulatory obligations or operational considerations affecting its application of the Code's principles. Additionally, BlueOnion references its alignment with comparable voluntary codes or regulatory regimes in other jurisdictions to demonstrate conformance with the Code's intended objectives.
BlueOnion's ESG Solutions are utilized by a wide range of clients, including institutional investors, asset managers, private equity firms, and corporations. Our integrated ESG content, advanced workflow solutions, and dedicated client support services enable streamlined due diligence and engagement processes. BlueOnion's scalable platform is designed to reward sustainability leadership and support evolving market best practices.
| Principles and actions | How has the principle / action been implemented? |
|---|
| 1. Principle on Good Governance | |
| 1.1 ESG ratings and data products providers should ensure appropriate governance arrangements are in place that enable them to promote and uphold the Principles and overall objectives of the Code of Conduct. | Governance arrangements for ESG Ratings and Data Products are embedded within BlueOnion's existing corporate and data governance policies, with oversight provided by the senior management team through established processes, controls, and periodic reviews. |
| Actions: ESG ratings and data products providers should have appropriate governance arrangements in place that: |
|
| 1.4 (A) include a clear organisational structure with well-defined, transparent and consistent roles and responsibilities for personnel involved in the determination, publication, or oversight, as appropriate, of an ESG rating or of an ESG data product; and which | BlueOnion maintains a documented organizational structure, with defined roles and responsibilities for ESG Ratings and Data Products functions, ensuring that teams responsible for data, research, product, and compliance are operationally separated to promote independence and integrity. |
| 1.5 (B) enable them to follow the Principles set out in this Code of Conduct. | BlueOnion ensures compliance with the Code through its established corporate and data governance policies, supported by internal controls and documented procedures. These cover key areas such as quality assurance, conflicts of interest, transparency, confidentiality, and stakeholder engagement, with all controls subject to periodic review and continuous improvement. |
| 2. Principle on Securing Quality (Systems and Controls) | |
| 2.1 ESG ratings and data products providers should adopt and implement written policies and procedures designed to help ensure the issuance of high quality ESG ratings and data products. | BlueOnion has implemented formal quality policies and procedures that govern the development, validation, and maintenance of ESG Ratings and Data Products, ensuring their accuracy, consistency, and integrity. |
| Actions: These policies and procedures should be drafted taking into account the nature, scale and complexity of ESG ratings and data products providers' respective businesses and should require that ESG ratings/data products are based on: |
|
| 2.4 (A) publicly disclosed data sources, where possible, and other information sources, where necessary; | BlueOnion discloses data origins, assumptions, and methodology considerations transparently in methodology papers and on its SaaS platform. Data is sourced from a combination of publicly available information and established third-party providers, including annual reports, regulatory filings, and disclosures from regulators and international organizations. All sources undergo verification and quality assurance processes. |
| 2.5 (B) the adoption, implementation and provision of transparency around methodologies for their ESG ratings and data products that are defined, rigorous, systematic, applied continuously, in accordance with Principle 4, while maintaining a balance with respect to proprietary or confidential aspects of the methodologies; and | BlueOnion develops its methodologies through continuous research and stakeholder consultation. The product teams are responsible for creating and maintaining the methodology documents, which are reviewed and updated annually to ensure consistency, accuracy, and relevance. Transparency is prioritized through methodology papers, while proprietary and confidential elements are appropriately protected. |
| 2.6 (C) a thorough analysis of relevant information consistent with the applicable methodologies available to the ESG ratings and data products providers at the time of determination. | BlueOnion conducts thorough analyses of relevant information available at the time of determination, ensuring consistency with approved methodologies. Automated validation tools and manual reviews are applied to support accuracy, with audit trails maintained to document decisions and processes. |
| Furthermore, having regard to the nature, scale and complexity of their respective businesses, ESG ratings and data products providers should also ensure: | |
| 2.8 (A) they monitor on an ongoing basis and regularly update, as appropriate, their ESG ratings and data products, except where specifically disclosed that the rating is a point in time rating; | BlueOnion monitors its ESG Ratings and Data Products on an ongoing basis and updates them periodically in accordance with stated methodologies and product specifications. |
| 2.9 (B) they regularly review the relevant methodologies and sufficiently communicate changes made to the methodologies as well as potential impacts of these changes to the ESG ratings and data products; | The ESG Product teams are responsible for creating and maintaining methodology documents, which are reviewed and updated annually to ensure consistency, accuracy, and relevance. Any changes to methodologies are communicated transparently through methodology papers and client updates as appropriate. |
| 2.10 (C) they maintain internal records to support their ESG ratings and data products; | BlueOnion maintains comprehensive internal records to support its ESG Ratings and Data Products, including data sources, assumptions, methodologies, validation checks, and review processes. Records are retained in accordance with internal processes and controls. |
| 2.11 (D) they have sufficient resources (personnel and technological capabilities) to consistently apply the relevant methodologies to determine high quality ESG ratings and data products, to seek out information they need in order to make an assessment, analyse all the information relevant to their decision-making processes, and conduct quality control on their processes and production of ESG ratings and data products. The quality controls should include both (i) procedural checks to ensure that the methodology and internal processes are followed correctly; and (ii) holistic checks to ensure that the process considering the plausibility, coherence and logic of the product is sound. The quality control framework should also allow for the appropriate and timely consideration of information brought to ESG ratings and data products providers' attention by covered entities or users, as outlined at action 6.10 below; and | BlueOnion maintains dedicated experts, resources, and technologies to consistently apply its methodologies and ensure robust quality controls. |
| 2.12 (E) the personnel involved in the determination, publication or oversight, as appropriate, of ESG ratings and data products are professional, competent, and of high integrity | BlueOnion recruits, retains, and develops personnel with relevant expertise and backgrounds, ensuring they uphold high standards of integrity and professional competence in the determination, publication, and oversight of ESG Ratings and Data Products. |
| 2.13 ESG ratings and data products providers could consider providing ESG ratings and data products to clients in a machine-readable format. | BlueOnion provides most ESG Ratings and Data Products in machine-readable formats, including CSV, JSON, and XML, accessible via the SaaS platform and APIs to enhance usability and integration into client workflows. |
| 3. Principle on Conflicts of Interest | |
| 3.1 ESG ratings and data products providers should adopt and implement written policies and procedures designed to help ensure their decisions are independent, free from political or economic interference, and appropriately address actual or potential conflicts of interest that may arise from, among other things, the ESG ratings and data products providers' organisational structure, business or financial activities, or the financial interests of the ESG ratings and data products providers and their officers and employees. | BlueOnion has implemented a Conflicts of Interest (COI) Policy designed to ensure decisions are independent and free from political or economic interference. The policy covers the identification, management, and disclosure of actual and potential conflicts that may arise from organizational structure, business activities, or financial interests of the company and its employees. |
| 3.2 ESG ratings and data products providers should identify, avoid or appropriately manage, mitigate and disclose actual or potential conflicts of interest that may compromise the independence and integrity of the ESG ratings and data products providers' operations. | In accordance with its COI Policy, BlueOnion identifies, manages, mitigates, and, where relevant, discloses actual or potential conflicts of interest to safeguard the independence and integrity of its ESG Ratings and Data Products. |
| Actions: ESG ratings and data products providers should: |
|
| 3.5 (A) adopt written internal policies and procedures and mechanisms designed to (1) identify, and (2) eliminate, or manage, mitigate and disclose, as appropriate, any actual or potential conflicts of interest related to their ESG ratings or data products that may influence the opinions and analyses ESG ratings and data products providers make or the judgment and analyses of the individuals they employ who have an influence on their ESG ratings or data products decisions; and | In accordance with its COI Policy, BlueOnion identifies, manages, mitigates, and, where relevant, discloses actual or potential conflicts of interest to safeguard the independence and integrity of its ESG Ratings and Data Products. |
| 3.6 (B) disclose such conflict avoidance and management measures. | In accordance with its COI Policy, BlueOnion identifies, manages, mitigates, and, where relevant, discloses actual or potential conflicts of interest to safeguard the independence and integrity of its ESG Ratings and Data Products. |
| ESG ratings and data products providers should take steps to help ensure that any existing or potential business relationship between them (or their affiliates) and any entity or any other party for which they provide ESG ratings or data products would not affect the integrity of the ESG ratings and data products being offered to those entities or other parties. These steps could include (but are not limited to) the following measures in respect of appropriate staff: | |
| 3.8 (A) putting in place measures to help ensure such staff refrain from any securities or derivatives trading presenting inherent conflicts of interest with the ESG ratings and data products; | BlueOnion takes appropriate steps to ensure staff involved in ESG Ratings and Data Products refrain from activities that could create conflicts of interest, in line with its COI Policy. |
| 3.9 (B) structuring reporting lines for such staff and their compensation arrangements to eliminate or appropriately manage actual and potential conflicts of interest related to their ESG ratings and data products; | ESG Ratings teams are structurally separated from commercial functions, with compensation based on objective performance metrics rather than client revenue. |
| 3.10 (C) not compensating or evaluating such staff on the basis of the amount of revenue that an ESG rating and data products provider derives from an entity for which such staff provides ESG ratings and data products, or with which such staff regularly interact regarding such ESG ratings and data products; and | Staff involved in ESG Ratings are not compensated or evaluated on the basis of revenue generated from rated entities, ensuring independence and integrity of assessments. |
| 3.11 (D) where consistent with confidentiality, contractual and other business, legal and regulatory requirements, disclosing in respect of such staff the general nature of the compensation arrangement or any other business or financial relationships that exist with an entity for which the ESG ratings and data products provider provides ESG ratings or data products. | BlueOnion does not maintain business or financial relationships that would compromise independence in ESG Ratings. Where appropriate, the general nature of staff compensation structures is disclosed, subject to confidentiality and regulatory requirements. |
| 4. Principle on Transparency | |
| 4.1 ESG ratings and data products providers should make adequate levels of public disclosure and transparency a priority for their ESG ratings and data products, including their methodologies and processes to enable the users of the product to understand what the product is and how it is produced, including any potential conflicts of interest and while maintaining a balance with respect to proprietary or confidential information, data and methodologies. | BlueOnion places transparency at the core of its ESG Ratings and Data Products, recognizing it as essential for building trust with clients and stakeholders. We are committed to delivering high-quality outputs through well-defined, data-driven methodologies, while maintaining an appropriate balance between transparency and the protection of proprietary information. |
| Actions: ESG ratings and data products providers should, where applicable: |
|
| 4.4 (A) make public disclosure and transparency a priority for their ESG ratings and data products offerings, subject to commercial sensitivity considerations; | BlueOnion makes its methodologies available to clients and stakeholders. BlueOnion continues to review and refine its approach to ensure alignment with the Code of Conduct, while balancing transparency with proprietary considerations. |
| 4.5 (B) clearly describe their ESG ratings and data products to enable the users to understand the ESG rating's or ESG data product's intended purpose including its measurement objective; and | BlueOnion provides methodology documentation that clearly describes the intended purpose of its ESG Ratings and Data Products, including their objectives, approaches, and scope, enabling users understand how the outputs should be interpreted. |
| 4.6 (C) publish sufficient information about the methodologies underlying their ESG ratings and data products and how they ensure their consistent implementation to enable the users of these products to understand how their outputs were determined. | BlueOnion provides sufficient information on the methodologies underlying its ESG Ratings and Data Products. Consistent application of methodologies is ensured through automated processes and internal review controls, enabling users to understand how outputs are determined and maintained over time. |
| 4.7-4.16 ESG ratings and data products providers should, where applicable, publish information that is relevant to understanding their methodologies, subject to any proprietary or confidentiality considerations. This information may include, but is not limited to: (A) the measurement objective of the ESG rating; (B) the criteria used to assess the entity or company; (C) the KPIs used to assess the entity against each criterion; (D) the relative weighting of these criteria to that assessment; (E) the scope of business activities and group entities included in the assessment; (F) the principal sources of qualitative and quantitative information used in the assessment, including for example whether the information is forwardlooking (such as transition plans), the use of industry averages, estimations or other methodologies when actual data is not available, as well as information on how the absence of information was treated; (G) the time horizon of the assessment; (H) the meaning of each assessment category; and (I) a regular evaluation of their methodologies against the outputs which they have been used to produce. | BlueOnion views transparency as essential to the credibility of its ESG Ratings and Data Products. We provide users with clear insight into the objectives, criteria, data sources, and assumptions underlying our methodologies, while ensuring consistency through defined processes and regular reviews. In line with the Code of Conduct, BlueOnion continues to refine its methodologies to reflect evolving standards and market practices, balancing transparency with the protection of proprietary information. |
| 5. Principle on Confidentiality (Systems and Controls) | |
| 5.1 ESG ratings and data products providers should adopt and implement written policies and procedures designed to address and protect all non-public information received from or communicated to them by any entity, or its agents, related to their ESG ratings and data products, in a manner appropriate in the circumstances. | BlueOnion has established policies and procedures to protect non-public information and data subject to privacy requirements, ensuring confidentiality and integrity in the development of ESG Ratings and Data Products. |
| Actions: ESG ratings and data products providers should: |
|
| 5.4 (A) adopt and implement written policies and procedures and mechanisms related to their ESG ratings and data products designed to address and protect the non-public nature of information shared with them by entities under the terms of a confidentiality agreement or otherwise under a mutual understanding that the information is shared confidentially; | BlueOnion applies documented procedures and technical safeguards to protect confidential data received under explicit agreements or mutual understanding, ensuring it remains restricted and appropriately managed. |
| 5.5 (B) adopt and implement written policies and procedures designed to address the use of non-public information only for purposes related to their ESG ratings and data products or otherwise in accordance with their confidentiality arrangements with the entity; and | BlueOnion enforces strict policies ensuring non-public information is used solely for ESG Ratings and Data Products purposes, in line with confidentiality commitments and regulatory obligations. |
| 5.6 (C) include information on data confidentiality management and on the protection of non-public information to the extent terms of engagement are published. | BlueOnion maintains internal procedures on data confidentiality management and the protection of non-public information, with governance frameworks ensuring that confidentiality obligations are consistently applied. |
| 6. Principle on Engagement (Systems and Controls) | |
| 6.1 ESG ratings and data products providers should regularly consider whether their information gathering processes with entities covered by their products leads to efficient information procurement for both the providers and these entities. Where potential improvements to information gathering processes are identified, ESG ratings and data products providers should consider what measures can be taken to implement them. | BlueOnion conducts regular reviews of its information-gathering processes through established feedback channels. Potential enhancements identified are systematically evaluated and, where appropriate, integrated into product development. |
| 6.2 Where feasible and appropriate, ESG ratings and data products providers should respond to and address issues flagged by entities covered by their ESG ratings and data products and by users while maintaining the independence and integrity of these products. | BlueOnion has governance procedures in place to evaluate and address issues raised by users. Responses are managed that ensure timely consideration while upholding the independence and methodological integrity of our ratings and data products. |
| Actions: Where they collect information from covered entities on a bilateral basis, ESG ratings and data products providers should: |
|
| 6.5 (A) communicate sufficiently in advance by when they expect to request this information regarding their ESG ratings and data products; and | For certain Data Products, BlueOnion may request information directly from entities, in which case timelines are communicated in advance. |
| 6.6 (B) include in their requests, pre-inputted information either from publicly available sources or from the covered entities' previous submissions, where possible, for the covered entities' review or confirmation. | Where information requests are made, BlueOnion minimizes burden by including, where possible, pre-populated data from public sources or previous submissions for review and confirmation. |
| ESG ratings and data products providers should: | |
| 6.8 (A) provide a clear and consistent contact point with whom the covered entity can interact to address any queries relating to the assessment provided by the ESG ratings and data products provider; | Where information requests are made, BlueOnion provides clear resources or a dedicated email to ensure consistent communication. |
| 6.9 (B) where feasible and appropriate, inform covered entities: (i) that they are in the process of being assessed; and (ii) of the principal categories of data on which an ESG rating is based before the publication of the ESG rating; | Where information requests are made, BlueOnion provides clear resources or a dedicated email to inform covered entities of requests and relevant data categories. |
| 6.10 (C) allow the covered entity and users to draw attention to any factual errors or omissions in the ESG rating or ESG data product, including the data and information underlying the ESG rating or ESG data product; and | Where information requests are made, BlueOnion provides clear resources or a dedicated email for covered entities to raise factual errors or omissions. |
| 6.11 (D) publish terms of engagement describing how ESG ratings and data products providers will typically engage with their covered entities, including when information is likely to be requested and the opportunities available (if any) to the covered entity for review. | Where information requests are made, BlueOnion provides clear resources or a dedicated email describing the process of interaction and opportunities for review. |
| Disclaimer | |
|
The content presented in these materials, including any supplementary information provided verbally or in writing, is intended only as a general guide and may be revised periodically. It does not create or imply any form of contractual agreement or legally enforceable obligation. The BLUEONION SERVICES (“Services”) are managed and offered by the BLUEONION GROUP, which operates across Hong Kong SAR, Singapore, Malaysia, Australia, Taiwan, and the United Kingdom. These Services are standard offerings from BLUEONION. Users bear full responsibility for how they utilize the Services and should independently evaluate whether the Services satisfy any applicable regulatory requirements relevant to their situation. BLUEONION does not provide any warranties regarding the completeness or accuracy of pricing or information delivered through the Services. Nothing provided here or via the Services is an offer of financial instruments, nor should it be used as professional investment advice, recommendations, or endorsements to buy, sell, or hold any asset. Users should not use information through the Services as the sole basis for making investment decisions. This content is not intended as, nor should it serve as, advice. Users uncertain about their responsibilities or seeking specific counsel should consult qualified professionals. BLUEONION expressly disclaims any representations or guarantees concerning the environmental, social, or governance attributes, data accuracy, or profiles of issuers, products, or services referenced, and users should conduct their own evaluations in these areas. All trademarks and service marks, including but not limited to BlueOnion.Today, BlueConnect, BlueOnion FundBase, and BlueOnion DueD Vault are owned by BlueOnion Group Holdings Limited, a company registered in the Cayman Islands. The lack of explicit trademark symbols here does not imply relinquishment of any intellectual property rights by BLUEONION. All rights reserved. © BLUEONION |