Codes of Conduct are designed to set forth an organization’s values and principles, while detailing expectations for employees. In many ways, it is one of the most important documents an organization can develop. At times, when an employer decides it needs to develop a Code, it often asks counsel whether there is a sample Code or boilerplate language the company can adopt. But is an “off-the-shelf” Code of Conduct really of any value to an organization? The answer should be apparent – sufficient consideration should be devoted to a task that the organization will say this is the standard by which our business will operate!

Legal sources recommending or requiring Codes of Conduct and Business Ethics typically offer little in the way of details as to what an effective Code must include. For example, Section 802.1(a) of the Federal Sentencing Guidelines provides that in order for an organization to mitigate vicarious liability for the criminal conduct of its employees, it must have an effective compliance and ethics program in place. However, in describing an effective compliance and ethics program, the Guidelines provide little guidance other than requiring the organization to use due diligence to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct by its employees and a commitment to compliance with legal requirements. The Guidelines state that compliance and ethics programs must be “reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct.”

Similarly, Item 406 of Securities and Exchange Commission Regulation S-K requires covered companies to adopt a Code applicable to the principal executive officer, financial officer, accounting officer or controller or other persons performing similar functions. The Code must be reasonably designed to deter wrongdoing and to promote:

  • honest and ethical conduct;
  • full, fair and accurate timely and understandable reports to the Commission as well as public disclosures;
  • compliance with applicable laws; and
  • prompt internal reporting and accountability for adherence to the Code.

In addition to the requirements of Item 406, companies listed on the New York Stock Exchange are required to have a Code that applies to all directors, officers, and employees that addresses conflicts, corporate opportunities, confidentiality, fair dealing, protection of company assets, and legal compliance. Companies listed on NASDAQ must have a Code that applies to all directors, officers, and employees and contains an enforcement mechanism that ensures prompt and consistent enforcement of the Code, provides for anti-retaliation protection, clear and objective compliance standards, and a fair process to determine violations.

Beyond statutory and regulatory requirements, the particular industry a company operates within also may present particularized challenges that should be addressed in a Code. For example, is the company in a heavily-regulated industry like healthcare? Does the company have operations outside the United States? Does the company have government contracts that impose obligations on the company? In drafting or reviewing a Code of Conduct, these various factors must be taken into consideration. What works for one company might not work for another, even if the companies operate in the same industry. Since the fundamental principle underlying a Code of Conduct is that it be part of an effective compliance and ethics program, due consideration must be paid to what topics the Code needs to cover, whether the Code accurately and adequately reflects the company’s mission and core values, and whether the policies and reporting structures set forth in the Code are adequately designed to ensure issues raised by employees are timely and appropriately addressed.