No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Governance

The Code of Conduct – A Cornerstone for Effective Governance

by Jim DeLoach
June 30, 2016
in Governance
The code of conduct is key to strengthening ethics and compliance programs

In today’s rapidly changing environment, two things are needed to achieve sustainable success. First, adaptive and agile organizations and cultures are most likely to sustain superior performance over time because they are best prepared to anticipate and adjust effectively to change. Organizations with adaptive cultures are proactive, entrepreneurial, creative and willing to take prudent risks. Second, if there is one other constant for success in a dynamic global marketplace, it is the immutable bedrock of an unwavering commitment to ethical and responsible business behavior. These two attributes position companies to face change with confidence.

Business ethics reach beyond the moral code most are taught from childhood that enables us to differentiate between what is good and what is bad. Business ethics are the principles of conduct governing an organization and the individuals within it. These principles are defined through the day-to-day behaviors of managers and employees, creating a culture in which everyone is able to observe management’s actions and reactions in response to events.

The focus here is on observable actions, as they speak much louder than anything an organization’s leaders say. These observations lead, in turn, to an understanding of how individuals throughout the organization are expected to behave in various situations. In essence, business ethics help shape the tone at the top, as well as the tone in the middle. Both must be aligned to ensure principled behavior.

A formal, written code of conduct transforms ethical behavior into something more tangible and real in an organization. While a code has been considered a leading practice for a long time among many companies, it is now a requirement of the U.S. Securities and Exchange Commission (SEC) and by the listing standards of major stock exchanges. Companies are required to disclose their code on their websites.

That all said, even Enron had a world-class code of conduct. Words mean little by themselves. Below, we discuss a few steps for boards and management to consider in designing and implementing a code of conduct that is more than a montage of words.

Set the Tone

Governance is not just about rules and regulations. It is about corporate culture and the way a company conducts its business in an ethical, responsible way. “Tone at the top” is an often-used term because it captures the essence of where a commitment to responsible business behavior begins: with the CEO. From the top, the executive team follows the chief executive’s lead in fostering a strong ethical environment in their various dealings with employees, customers, suppliers, investors, creditors, insurers, regulators, competitors, auditors and other stakeholders – behavior observed by their direct reports and, either directly or indirectly, by many other individuals both within and outside the organization.

Simply stated, the process by which C-suite executives make decisions and the manner in which they communicate and implement those decisions can have just as significant an impact on the organization and its culture as the decisions themselves.

An open and empowering culture in which responsible business behavior is expected, as well as practiced at all levels of the organization, is fundamental to preserving reputation and brand image in the marketplace. An organization’s policies may specify what the board of directors and management want to happen, but the company’s culture influences what actually happens, as well as which rules are obeyed, sidestepped or ignored. That is why an effective tone at the top is so essential to provide employees a framework for decision-making as they deal with the inevitable ambiguities associated with complex business situations.

Put It in Writing – But Don’t Stop There

Codes of conduct are written for two reasons:

  • To establish the organization’s expectations regarding ethical behavior and regulatory compliance.
  • To provide employees with core values and other guidance in the event they find themselves in situations where the “right” answer may not be obvious.

While a written code is certainly preferable, there is no evidence that the investor community or the public at large have inferred that companies that have had a code for many years are more ethically managed than companies that only recently published a code. The absence of a written code does not necessarily mean the absence of a commitment to ethical behavior. Conversely, the existence of a written code without a supporting infrastructure for enforcement does not fully define an organization’s commitment to responsible business behavior, nor does it ensure the organization will actually behave responsibly when the crucial moment presents itself.

The operating style of supervisors, the frequency and substance of executive management’s communications, the openness and transparency of decision-making processes, the emphasis on compliance with laws and regulations, the manner in which management responds to ethical violations, the existence of effective monitoring processes and the organization’s day-to-day practices and rituals say much more to employees about what a company stands for and its leaders’ values than the publication of a written code. While a written code formalizes certain aspects of the organization’s commitment to ethical behavior and is an integral part of the governance process, it is neither a panacea, nor a substitute for a commitment at all levels of the organization to align personal interests with the organization’s interest.

Make the Code Robust

Most organizations find there is no single off-the-shelf approach to implementing a business ethics program. To be effective in making the program a part of an employee’s day-to-day decision making, its underlying elements should reflect the unique aspects of the organization’s culture, operating style and business model.

Typically, a code of conduct includes the following:

  • A statement by the CEO that the organization is committed to conducting its business with integrity in accordance with the highest ethical standards and in compliance with applicable laws, regulations, internal policies and contractual obligations. Additional language may emphasize the proper handling of conflicts of interest between personal and professional relationships. A statement may also be included about avoiding specific illegal acts, e.g., deceptive advertising, illegal pricing practices, discrimination, harassment, etc.
  • Practical examples of situations that an individual might encounter and that provide guidance to help clarify how the code should be applied in such situations.
  • A discussion of the role the organization’s policies, structure, risk management and internal controls play in ensuring the organization’s business objectives are met, including the role of personal accountability. For multinational organizations, this discussion may address relevant international considerations.
  • Recognition of the company’s responsibilities to shareholders, employees, customers and other stakeholders, e.g., management and the board have a responsibility to recognize the importance of sustainability issues to their stakeholders before taking on huge risky bets.
  • Prohibitions on conflicts of interest, e.g., borrowing from the organization, accepting gifts from customers or vendors, entering into transactions with unapproved related parties, making political contributions, entering into relationships with unvetted third parties, etc. Material transactions or relationships that could reasonably be expected to create a conflict of interest should be reported to a designated person (or persons) for approval.
  • Prohibitions of and restrictions on the use of confidential and proprietary information, as well as respect for the intellectual property rights of others.
  • Various corporate guidelines, including expense policies, asset usage policies, third-party relationship due diligence, vacation policies (where the absence from a job is viewed as a control mechanism), insider trading, filing of personal tax returns, etc.
  • Accountability for adherence to the code, with requirements for prompt internal reporting of violations to a designated person (or persons). The code should specify the consequences for breach of policy and unethical conduct and include provisions for reporting a summary of code violations to a designated committee of the board of directors.

A written code of conduct applies to everyone in a “boundaryless” organization. In a global marketplace, the code should extend to outsiders as a condition for doing business. There may also be more detailed code provisions required for executives in certain positions, such as job qualifications and specific responsibilities. For example, the SEC stipulates certain code provisions directed to senior executives involved with public reporting.

In writing their codes, companies should differentiate areas warranting one-up approvals (e.g., vacation policy) from areas requiring a waiver approved by the board (e.g., conflicts of interest).

Communicate and Disclose the Code

The following are suggestions for communicating and disclosing the code:

  • Write the code in a way that all employees can read and understand. This includes publishing the code in several languages, if necessary, and considering the education and experience level of line employees.
  • Circulate the code internally to all employees on a regular basis (annually at a minimum), and require everyone to acknowledge that he or she has read the code, understands his or her responsibility to comply with it and has reported through appropriate channels any violations he or she has observed.
  • Circulate the code externally to institutional investors and other constituents. Publish the code on the company’s website (e.g., within the investor relations pages) and in the company’s annual report or, alternatively, refer readers to the company website where the code is posted.
  • Post the code in break rooms, in employee manuals, etc. Conduct regular employee training on the code, e.g., annual reinforcement, orientation for new hires and experienced staff, etc.
  • Conduct periodic “audits” of the workforce’s understanding of key elements of the code, e.g., scenario-based “ethical dilemma” tests. Use the results of these audits to evaluate the effectiveness of internal communications and training. Require periodic compliance assessments of selected employees using appropriate code provisions.

Reinforce the Code

A written code of conduct articulates both expected and unacceptable standards of behavior. However, a code without discipline lacks substance. Ethical behavior results from articulating standards clearly in both management communications and employee training, ensuring employees comprehend the standards through written acknowledgements and reinforcing the standards in practice every day.

In the event of violations, management must undertake timely disciplinary action. Experience has shown, and the U.S. Federal Sentencing Guidelines clearly specify, that organizations that do not respond strongly to violations of basic values invite further violations and risk fostering an environment where business ethics exist in writing only. That’s not good enough. Lessons learned from such violations should be communicated to employees and reinforced through training. An internal reporting mechanism should be in place for employees to ask questions concerning ethics issues and report ethical violations or breaches of company policy without fear of retribution.

Often, these reporting mechanisms take the form of an “integrity hotline,” although some companies are creating websites to receive issues and provide reporting employees or outside parties the option of remaining anonymous. When using these mechanisms, management should have protocols in place to handle reported violations consistently, including use of legal counsel, coordination with law enforcement, and prompt reporting to senior management and the board of directors.

Management and the board should be cautious about waiving provisions of the code. A waiver can be either a formal board approval obtained in advance or a de facto, post hoc approval granted after a violation is reported. The same result occurs – a provision in the code of conduct has been waived instead of enforced. In both cases, the waiver should be disclosed to investors. If significant changes are made to the code of conduct, such changes should also be disclosed.

Summary

Ethical expectations of business have been on a steady rise for some time, and organizations must meet these expectations. Executive management and the board need assurance that, no matter how demanding the performance expectations, employees will focus on doing the right thing. It is one way these demanding organizations can face the future with confidence. To that end, we’ve discussed the importance of setting the proper tone for responsible business behavior, writing the code of conduct, making the code robust and communicating, disclosing and enforcing the code.

More Resources About Codes of Conduct

mcds
Ethics

What Charges Against Former McDonald’s CEO Can Teach Us About Investigations of Senior Officers

January 18, 2023
nfl main art_j
Compliance

Touchdown or Fumble? What Compliance Can Learn From the NFL’s Disciplinary System

September 7, 2022
Study: 1 in 3 Major Corporations Have Ineffective Codes of Conduct
Compliance

Study: 1 in 3 Major Corporations Have Ineffective Codes of Conduct

June 15, 2022
3d illustration of scooter carrying packages last mile.
Ethics

Ensure Last Mile Delivery of Your Code of Conduct, Or Your Message Won’t Be Received

September 23, 2021
illustration of business meeting, training
Compliance

Key Topics to Cover in Your Compliance Training – and How to Ensure It Sticks

July 12, 2021
Miniature figures shake hands standing on dollar bills.
FCPA

Did You Just Buy an FCPA Problem? How to Design Post-M&A Compliance Integration and Audit Plans

July 6, 2021
candy toothpaste oozing from a tube
HR Compliance

The Toothpaste Is Out of the Tube: Here’s How to Revamp Policies For a Workforce Unlikely to Fully Return to the Office

May 6, 2021
welcome written on yellow post-it note stuck to keyboard
Compliance

Reimagining Compliance Onboarding in the New Business Environment

November 11, 2020

Previous Post

Try Improvising to Improve Your Office Relationships

Next Post

Australia Considers Introducing Deferred Prosecution Agreements

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
Australian government seeks to use DPAs for anti-corruption compliance

Australia Considers Introducing Deferred Prosecution Agreements

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT