Code of Conduct

A code of conduct is the foundation of a compliance program. The US Department of Justice explicitly evaluates whether a company has "a well-designed compliance program" when deciding charges — and the code of conduct is the first thing they look at. Beyond legal protection, a strong code shapes organizational culture, reduces misconduct, and demonstrates values to customers and investors.

Core Sections

• Ethics and integrity — honesty, transparency, acting in good faith
• Conflicts of interest — disclosure requirements, prohibited situations
• Anti-corruption and bribery — zero tolerance, gift policies, third-party due diligence
• Confidentiality and data protection — handling proprietary and personal information
• Fair competition — antitrust compliance, fair dealing
• Workplace behavior — harassment, discrimination, diversity and inclusion
• Health and safety — workplace safety, reporting obligations
• Financial integrity — accurate reporting, internal controls, fraud prevention
• Use of company assets — technology, intellectual property, social media
• Reporting and whistleblowing — how to report concerns, anti-retaliation protections
• Consequences — disciplinary actions for violations

Modern Additions

• AI and technology use — responsible AI, data ethics, acceptable use policies
• ESG and sustainability — environmental commitments, social responsibility
• Remote work — cybersecurity, data handling, professional conduct
• Social media — personal vs professional use, company representation

• Tone from the top — CEO or board letter demonstrating commitment
• Accessible language — avoid legalese; write at a reading level all employees understand
• Real examples — use scenarios and Q&As to make abstract principles concrete
• Translated — available in all languages your employees speak
• Annual acknowledgment — require employees to read and sign annually
• Training — don't just distribute the code; train on it with interactive scenarios
• Regular updates — review and refresh at least annually
• Enforcement — consistent, fair disciplinary process documented and followed

• DOJ Guidelines — evaluates code as part of corporate compliance program assessment
• US Federal Sentencing Guidelines — effective compliance programs (including codes) can reduce penalties
• UK Bribery Act — "adequate procedures" defense requires a code and training
• EU Whistleblowing Directive — code should reference internal reporting channels
• SOX — code required for listed companies; must be disclosed publicly

• DOJ Evaluation of Corporate Compliance Programs — US benchmark
• ISO 37001 — Anti-bribery management systems
• Ethics & Compliance Initiative (ECI) — best practice guidance