The Code of Conduct is essential to any company’s Compliance and Integrity Program. After creating a “tone at the top” atmosphere – which requires full leadership commitment – and conducting all necessary risk assessments, it’s time to draft the Code of Conduct, considering the probability of the risks and their potential impact on the company.
A Code of Conduct can address both general and specific aspects and the company’s most serious risks, thus, its importance to the business as a whole.
It is recommended that the Code’s first pages include a letter and a picture of the company leader. This is standard practice for companies that have the best programs. In this letter, the leader must commit to complying with the legislation and with ethical and professional values while encouraging all stakeholders to adopt the same conduct. This section should also explicitly state the organization’s mission, vision, and values.
A Code of Conduct is, by nature, generic. It should touch on several aspects, even if superficially. Each topic must take up a few paragraphs at most. Some examples of topics are the prohibition of improper payments (aka bribes), commitment to non-discrimination of any kind and the combat of harassment, aspects related to the intellectual property of the company, relationship with the authorities, gifts and entertainment, money laundering, data protection, complaint channels, whistle-blowing, relationship with suppliers, customers and other business partners, conflict of interests, human rights, privacy, the use of social networks, and many others.
Some specific topics can also be addressed, depending on the organization’s business context and seeing as a Code of Conduct can also be adopted by associations, non-governmental organizations, financial institutions, and public agencies.
A specific topic would be, for example, competition rules, especially for companies operating in markets with few competitors, which increases the chances of illegal cartel practices. It is also worth mentioning organizations that operate in regulated markets under regulatory government agencies’ jurisdiction, like the pharmaceutical industry.
Being “compliant” implies observing all the legislation, an entire universe of rules of the most varied natures, and addressing different topics. Therefore, it is essential to pay attention to risk management and prioritize what is potentially most impactful for the organization. These risks should be identifiable in the Code of Conduct. The Code must be suitable to all audiences and written in simple, direct language accessible to all. The use of examples is encouraged whenever possible.
The Compliance Program strives for social effectiveness, which is effective compliance. It should not be left in a drawer. It should be the object of continuous and repeated dissemination by the company’s Communication department.
But, Communication is not all. Training must be offered on a regular basis to all employees of the organization, including during the process of integrating new employees into the company.
The Code of Conduct must be available to all in print and online on the company’s website. Following the example of the Consumer’s Code in commercial establishments in Brazil, a company should ideally make printed copies of the Code of Conduct and have at least one copy available for consultation in every office.
Some Code of Conduct topics – like gifts and entertainment – need to be expanded on. In this case, a specific policy should also be drafted. However, it is not recommended that too many policies are elaborated. Only policies that address critical issues should be drafted since the most important thing is that all employees and stakeholders know and comply with all existing policies.
Edmo Colnaghi Neves is a lawyer and a Corporate Compliance Expert, he is a partner at Colnaghi Neves Consultoria Empresarial, and the author of the book Doing Compliance in Brazil, published by Editora B18.