A central element to good corporate governance is a concise, effective and accessible corporate code of ethics. Whether an organization has fifty employees or thousands, a well-drafted code of ethics that is actively supported by management is as much a statement about an organization’s culture and beliefs as it is an effective legal document that sets forth the duties and obligations of the board, management, employees and other stakeholders of the organization. Furthermore, the code serves as a foundation for all other corporate policy documents, such as an accounting whistleblower policy, a Foreign Corrupt Practices Act policy (in international business environments), Insider Trading and Regulation FD policies (in publicly-traded contexts), and all other secondary policies and standard procedures (such as fixed-asset and authorization-for-expenditure policies, records retention policies, and the employee handbook and all related HR policies).
This blog entry shall discuss some of the key considerations with regard to the preparation and administration of a corporate code of ethics, namely drafting and style, regular review and revisions, and administration and enforcement.
A code of ethics is a high-level, organization-wide document that must also be sufficiently comprehensive to address all potential corporate issues, ranging from accounting and expenditures policies to human resources matters. As such, it is incumbent upon the drafter to prepare a document that is broad enough to address the central categories of potential issues but specific enough to effectively state the company’s foremost position on all relevant topics and introduce the additional corporate policies referenced above. Furthermore, the document must be meaningful and resonate with every individual in the organization to be truly effective since the code will apply to every employee, agent, officer and board member of the company. While no two organizations are alike, I typically would recommend that a code of ethics be no longer than 10-15 pages.
Review and Revision
Much like the U.S. Constitution, a code of ethics can be regarded as a “living document” for a company, continually requiring review, interpretation and, on occasion, amendment as the organization proceeds through its various growth stages and evolves over time. Consequently, management should review the code at least once a year and evaluate its relevance against the current state of the company’s affairs, the prevailing business environment and the current legal environment. This review should be conducted with the assistance of outside counsel, particularly with regard to provisions applicable to compliance with law. Here, outside counsel should provide management with a concise yet comprehensive overview of laws that should be addressed in the code in view of the company’s industry and growth phase.
Upon completion of management’s review, management should make recommendations to the board as to ongoing changes to the code of ethics and ancillary policies, which would then facilitate independent discussion of the same at the board level. This regular review and evaluation process is no longer just a hallmark of good corporate governance and a proactive approach to maintaining sound corporate ethics. At the public company level, it is typically reviewed as a required component of SOX 404 compliance.
Administration and Reporting Considerations
As a practical matter, the best drafted code of ethics is meaningless unless it is also properly administered and an effective reporting program implemented. Administration involves close coordination between a company’s legal department, executive management team and human resources, and it is the process whereby employees and stakeholders are introduced to the code and it is acknowledged by them. With the rollout of a new or revised code of ethics, the legal department and/or executive management should meet with all employees to introduce and review the central provisions of the company’s code. Furthermore, employee acknowledgement of the code, usually through signature, should occur on a regular basis and as a component to intake of new hires. Finally, the code should be introduced to key stakeholders (i.e. vendors, suppliers, large customers, etc.) and appropriately disseminated as a public statement of the company’s position on corporate responsibility. Careful preparation and drafting of the document should both ease and increase the effectiveness of an administration program. Nevertheless, outside counsel should be available to assist management and in house counsel with crafting these messages and advising on a proposed administration program.
Simultaneous with an administration plan, the company should also have ready a reporting program to report questions, concerns or suspected violations of the code of ethics to responsible parties within the executive management team. Whether this is accomplished through a hotline, IT solution or both, sound internal controls dictate receipt of reports by multiple offices of executive management. For example, while a report concerning a suspected violation of accounting policies would typically be the responsibility of the office of the CFO, the CEO’s office should also receive the report and have the ability to monitor the CFO’s response. The most effective reporting programs also give reporters the option to report and receive responses from management on an anonymous basis, and, at minimum, the program should emphasize anti-retaliation throughout the reporting process. Naturally, access to and use of the reporting program should be a central component of management’s presentation introducing a new or revised code.