Code of Conduct: Definition and Compliance Guide

Why It Matters

A code of conduct is the foundation of a compliance program. The US Department of Justice explicitly evaluates whether a company has "a well-designed compliance program" when deciding charges — and the code of conduct is the first thing they look at. Beyond legal protection, a strong code shapes organizational culture, reduces misconduct, and demonstrates values to customers and investors.

What to Include

Core Sections

Ethics and integrity — honesty, transparency, acting in good faith
Conflicts of interest — disclosure requirements, prohibited situations
Anti-corruption and bribery — zero tolerance, gift policies, third-party due diligence
Confidentiality and data protection — handling proprietary and personal information
Fair competition — antitrust compliance, fair dealing
Workplace behavior — harassment, discrimination, diversity and inclusion
Health and safety — workplace safety, reporting obligations
Financial integrity — accurate reporting, internal controls, fraud prevention
Use of company assets — technology, intellectual property, social media
Reporting and whistleblowing — how to report concerns, anti-retaliation protections
Consequences — disciplinary actions for violations

Modern Additions

AI and technology use — responsible AI, data ethics, acceptable use policies
ESG and sustainability — environmental commitments, social responsibility
Remote work — cybersecurity, data handling, professional conduct
Social media — personal vs professional use, company representation

Best Practices

Tone from the top — CEO or board letter demonstrating commitment
Accessible language — avoid legalese; write at a reading level all employees understand
Real examples — use scenarios and Q&As to make abstract principles concrete
Translated — available in all languages your employees speak
Annual acknowledgment — require employees to read and sign annually
Training — don't just distribute the code; train on it with interactive scenarios
Regular updates — review and refresh at least annually
Enforcement — consistent, fair disciplinary process documented and followed

Regulatory Expectations

DOJ Guidelines — evaluates code as part of corporate compliance program assessment
US Federal Sentencing Guidelines — effective compliance programs (including codes) can reduce penalties
UK Bribery Act — "adequate procedures" defense requires a code and training
EU Whistleblowing Directive — code should reference internal reporting channels
SOX — code required for listed companies; must be disclosed publicly

Key Frameworks

DOJ Evaluation of Corporate Compliance Programs — US benchmark
ISO 37001 — Anti-bribery management systems
Ethics & Compliance Initiative (ECI) — best practice guidance

Why It Matters

What to Include

Core Sections

Ethics and integrity — honesty, transparency, acting in good faith
Conflicts of interest — disclosure requirements, prohibited situations
Anti-corruption and bribery — zero tolerance, gift policies, third-party due diligence
Confidentiality and data protection — handling proprietary and personal information
Fair competition — antitrust compliance, fair dealing
Workplace behavior — harassment, discrimination, diversity and inclusion
Health and safety — workplace safety, reporting obligations
Financial integrity — accurate reporting, internal controls, fraud prevention
Use of company assets — technology, intellectual property, social media
Reporting and whistleblowing — how to report concerns, anti-retaliation protections
Consequences — disciplinary actions for violations

Modern Additions

AI and technology use — responsible AI, data ethics, acceptable use policies
ESG and sustainability — environmental commitments, social responsibility
Remote work — cybersecurity, data handling, professional conduct
Social media — personal vs professional use, company representation

Best Practices

Tone from the top — CEO or board letter demonstrating commitment
Accessible language — avoid legalese; write at a reading level all employees understand
Real examples — use scenarios and Q&As to make abstract principles concrete
Translated — available in all languages your employees speak
Annual acknowledgment — require employees to read and sign annually
Training — don't just distribute the code; train on it with interactive scenarios
Regular updates — review and refresh at least annually
Enforcement — consistent, fair disciplinary process documented and followed

Regulatory Expectations

DOJ Guidelines — evaluates code as part of corporate compliance program assessment
US Federal Sentencing Guidelines — effective compliance programs (including codes) can reduce penalties
UK Bribery Act — "adequate procedures" defense requires a code and training
EU Whistleblowing Directive — code should reference internal reporting channels
SOX — code required for listed companies; must be disclosed publicly

Key Frameworks

DOJ Evaluation of Corporate Compliance Programs — US benchmark
ISO 37001 — Anti-bribery management systems
Ethics & Compliance Initiative (ECI) — best practice guidance

Code of Conduct

Why It Matters

What to Include

Core Sections

Modern Additions

Best Practices

Regulatory Expectations

Key Frameworks

7 Best Ethics & Code of Conduct Training Platforms in 2026: In-Depth Comparison

Want more than the definition?

Code of Conduct

Why It Matters

What to Include

Core Sections

Modern Additions

Best Practices

Regulatory Expectations

Key Frameworks

7 Best Ethics & Code of Conduct Training Platforms in 2026: In-Depth Comparison

Want more than the definition?