Five Best Practices for Every Code of Conduct

This is a guest post written by Diana Trevley, Spark Compliance Consulting’s Chief of Global Services.

We’ve seen the good, the bad, and the ugly when it comes to Codes of Conduct.  In 2018, Spark Compliance launched Spark Score, a new benchmarking standard that measures how your compliance program looks to the outside world, and as part of our groundbreaking research, we’ve reviewed hundreds of Codes of Conduct at companies of every size and across all industry.  Following are the top five best practices consistently displayed by companies that receive a high Spark Score:

 1.      Tailored to YOUR Company

 Creating a bespoke Code is deceptively time-intensive, but incredibly important because people don’t read what they perceive to be boilerplate language.  Some of the best practices we have seen from Spark Score’s highest-scoring companies include the following:

  • The Code has your branding, logos, fonts, and colors

  • Leadership (generally the CEO) introduces and endorses the Code

  • The authority and autonomy of the CCO is emphasized

  • The name of your CCO and DPO are included instead of being referred to just by their title

  • The origins of your company and what values led to its success are prominently featured

  • Highest risks are prioritized and given separate sections

  • The Code references operations and locations where your company actually does business

  • Leaders and employees from various levels, locations and departments are featured in photographs and interviews.  (Extra Credit:  While professional photography is great, less formal photographs of employees at promotional and charity events, at holiday parties, or even socializing in the break room really create a personal touch AND it will get your employees to crack open the Code with each new update to see whether they and their friends are featured in it.  One of our clients revamped their Code by including employees with pictures of their dogs.  It was a huge hit.  Just be sure that you are complying with local data protection laws.)

  • The Code includes a FAQ section of actually frequently asked questions at your company

2.      Online and Easy to Find

If you’ve got it, flaunt it!  While most companies do have their Code of Conduct on their website, there are still some companies that don’t post their Code. 

Usually, these are companies that are not publicly traded in the U.S. and thus are not obligated by the Securities and Exchange Commission to comply with Section 406 of the Sarbanes-Oxley Act, which requires companies to disclose their Code of Ethics for its senior financial officers. 

But even some publicly traded companies don’t prominently post their Code, instead burying it in a random link on an obscure page of their website.  Anyone doing business with you or considering doing business with you should be able to find out your company’s commitment to ethics in just a few minutes.  Companies that follow best practices have a downloadable version of their Code available on their website’s homepage or on a prominent page accessible from their homepage, devoted to ethics and compliance. 

3.      Not in Legalese

To liberally misquote from the FCPA, a Code of Conduct that reads like it was written by a lawyer is NOT “a thing of value.”  Too many Codes of Conduct include or paraphrase statutory or regulatory language instead of telling employees what is expected of them and what they need to do if X or Y or (heaven-forbid) Z happens.  While no one—not even lawyers—wants to read legalese, this is particularly critical for companies that have employees or business associates in countries where English is not the primary language and your Code is only available in English. 

Write in simple sentences, don’t use grandiose language (including words like grandiose), and prioritize translating your Code into the local language of regions where you have high risk and a sizable employee population.  And most importantly:  focus on telling your employees what specific red flags they need to look out for and how they need to respond in situations that they are likely to face.

4.      Visually Appealing

With a wide range of online tools and software available today, there’s no excuse for a black and white text version of your Code of Conduct.  Yet an astonishing 29% of Codes reviewed thus far for Spark Score are in black and white.  Your Code of Conduct should be in color, with pictures, graphics, text boxes, and fonts in various sizes with the layout of each page varying somewhat to keep the readers’ eyes interested.  Your company’s values, inspirational quotes from leaders, and key points to remember should be prominently displayed.

5.      Provides Clear Guidance

A great Code of Conduct makes it clear what is expected of employees in general and also gives them resources should they need more guidance.  This includes:

  • Providing links to specific policies or procedures that are referenced in the Code, especially to the reporting hotline

  • Making various reporting channels clear

  • Featuring, in multiple places throughout your Code, your whistleblower hotline and other reporting channels

  • Stressing that asking questions is always okay and that retaliation for good faith reporting will not be tolerated under any circumstances

  • Providing a FAQ section

  • Stating that questions and concerns will be addressed in a timely manner

  • Stressing that people will not be penalized for prioritizing ethics over making money

Following these top five best practices will transform a perfectly acceptable Code of Conduct into a best-in-class Code that drives ethical business practices and reinforces your Company’s commitment to compliance.