[Return To Selected Articles]
July/August 2003 - By Joe Murphy and Win Swenson
20 Questions To Ask About Your Code Of Conduct
Codes of conduct—the old war-horse of compliance programs—are back in the spotlight. Even before Sarbanes-Oxley and the proposed stock exchange listing requirements, anyone working on a company compliance and ethics program has had to wrestle with this program element. Of
course, there has to be a place where the rules are set forth, values explained, and guidance provided to employees. Codes have long been recognized as the right place to achieve these objectives. Yet even though we have been dealing with them for years, codes still generate great interest and pose difficult questions. Now, in the post-Enron era, they have taken on new significance.
In this article we look at questions that confront those who are responsible for codes today. We start
with the assumption that there is no need to explain the ABCs of code drafting, or to discuss why companies adopt codes. We look instead at the questions that today’s compliance and ethics professionals are considering in reviewing their codes to meet current standards.
1. Should there be one code, two, or even more?
Sarbanes-Oxley and the SEC’s rules tell us that publicly traded companies must either have codes for their top financial people and CEO, or explain why they
do not. For companies that do not want to suggest that they are irresponsible, this makes a code mandatory. But should you have a separate code for the top people, and a different one for everyone else?
The proposed New York Stock Exchange listing rules would require that codes include directors in their coverage, even though directors are significantly different from full-time employees. Indeed, elsewhere the legal system and the exchanges are pushing companies to have more
"independent," i.e., non-employee directors. Yet how can a company apply the same rules on conflicts (such as limits on outside employment) to those directors who are required to be independent, i.e., employed elsewhere? Should companies consider separate codes just for plant floor employees who have no management responsibility and do not need to know about antitrust and advertising, but do need coverage on harassment and safety?
2. Does the code cover newly developing risks?
Have you considered risk areas that are either new, or have found new life in the courts and agencies, such as money laundering, wages and hours, accounting fraud/earnings management, privacy, e-mail, and the USA Patriot Act?
3. For what you already cover, have you kept up with developments in the law?
Have you modified your Foreign Corrupt Practices Act (FCPA) coverage to reflect the Organization for Economic
Cooperation and Development (OECD) treaty on bribery and amendments to the FCPA? Does your description of your program reflect the learning from the post-Kolstad and post-Ellerth cases on what needs to be in compliance programs? (See Rebecca Walker, "What We Can Learn About Effective Compliance Programs from Recent Employment Discrimination Cases," ethikos, July/August 2000.) Have you addressed Sarbanes-Oxley’s new emphasis on protecting whistleblowers?
4. What do you tell employees about raising questions?
Do you call your reporting line a "hotline" or use the more inviting term, "helpline"? Is the number easy to find in the code? Do you clearly prohibit retaliation? Do you still provide unqualified guarantees of confidentiality, even though this may be impossible to assure? Or do you just permit anonymity, even though Sarbanes-Oxley appears to require that the audit committee set up a "confidential"
reporting system for accounting and auditing issues? In any case, have you included accounting and auditing questions in the subjects that are covered by the helpline, in response to Sarbanes-Oxley?
5. Do employees certify to the code?
Do you require employee certification? Do employees certify only that they "received" the code, or is the certification more of a commitment, for example, that they will follow it? Are there any disclaimers—for example, that the
code is not an employment contract? Do you handle union employees separately? Have you considered electronic certification by employees?
6. Does the code include examples?
Are there questions and answers and real cases that employees can relate to? If there has been a compliance problem in the company’s history, is that acknowledged and used as a teaching tool, as in the recent General Electric code-of-conduct video?
7. Is the format inviting and effective?
When you look at the code, is it in an interesting and readable format, or is it unbroken blocks of text and too busy? Is it something your company’s advertising people would reject as ineffective? Is the code so brief that it lacks useful detail, or is it pedantic and too long? Does it use color? Does a dark background make it difficult to photocopy if someone wants to reproduce an excerpt? Can the code be opened to lie flat, so that it can be effectively used as a reference?
8. What does the code say about values?
Does the code include values, and explain the values behind the rules? Does it have "the questions"? Today, many codes contain a list of questions to serve as an ethical compass for circumstances not specifically covered in the code. Codes advise employees to ask these questions of proposed conduct: "Is it legal and ethical? Is it something you could tell your spouse/children/mother? How would it look in the newspaper?"
If the code says you will live by "the highest ethical standards," does your company really mean it, or is it dangerous overstatement? Is this commitment to "the highest" ethics reflected in your standards for such things as conflicts and for giving and receiving gifts and entertainment?
9. Is the code’s organization useful?
Is the code organized in a user-friendly mode, e.g., by constituencies? Or is it organized by "history," i.e., as
someone thought of something it was added? Is it organized by laws? Alphabetically? Or is it based on a method that users will understand?
10. Are there ‘finding’ aides in the code?
Is the code really intended as a tool for everyday use? Is there a table of contents and index? Would the typical employee be able to find answers using his or her own language?
11. Does the code lead to other information sources?
Are there adequate, more detailed guides
in areas like antitrust, FCPA, harassment and environment, and are these understandably cross-referenced in the code? Are there phone numbers of subject matter experts, or other practical ways to consult them, such as references to on-line resources where useful information like the names and phone numbers of such advisors can be kept up to date?
12. Did the code get the benefit of input from key constituencies?
Did the code drafting process draw input from employees,
from overseas business units, etc.? Were focus groups conducted to assess readability and cultural effectiveness? Did executives review it? Have you obtained enough input so you avoid putting things in the code that no one will follow? Did you test the language, format, substance of the rules, etc., on your employees?
13. Is there a communications plan for use after the code is issued?
Will the code be an ongoing compliance tool, or will it be just a one-time flash? Is
there a well-developed communications plan to keep the code in front of employees? (Even Moses had to do something more than just passively deliver the tablets.)
14. Has the code entered the electronic age?
Will there be an electronic version that can be searched and printed? Will the code be on the Intranet? Is electronic distribution enough, or do you still need hard copies? Will you consider training and coverage via the Web? How can you tell if employees have had
15. Does the code’s message reach third parties?
Do you have any coverage for agents, consultants and other third parties? Do you have a special "code" for non-employees? If you send your entire code to a supplier like General Electric, is it realistic to insist that this supplier adopt your code? Would an alternative approach, negotiated in the supply contract, work better?
16. Is the code global?
For companies that do any
business outside the United States, does your code have global coverage? Is it based just on U.S. law? Does it include the application of U.S. law overseas (e.g., export control, FCPA, Anti-Boycott Act)? Does your code cover compliance with foreign laws? What if U.S. and foreign laws conflict (e.g., technology transfer, the U.S. Anti-Boycott Act)? Do you issue foreign supplements for particular countries or regions? Does your code respond to other countries’ compliance standards (e.g.,
Australia’s standard AS 3806)? Apart from substantive content, are the code’s language and examples too "U.S.-centric"?
17. Is the code translated?
Do you have a Spanish version in the U.S.? If you operate in Canada, is your code also in French? Does your code make sense after it has been translated into the other languages? Should there be a version for blind employees?
18. Does your code include things that no longer make sense?
items included in your code solely because they have always been there? For example, does your conflicts standard allow employees to own 1 per cent of a publicly traded company that is a supplier or competitor (even though the dollar equivalent would be outrageously large in many cases)? Does your code waste words telling everyone the Foreign Corrupt Practices Act was enacted in 1977 (which was big news in 1977, but not useful now)?
19. Does the code go to all employees?|
Does your code go only to managers, or to every employee? Is it distributed to part-time employees? Do you have different codes for managers and non-managers? Are unionized employees treated differently?
20. Is your code ethical and legal?
What would happen if you asked yourself the same questions about the code that you tell employees to ask about ethical decision-making: Would you feel comfortable showing your code to your spouse, mother or children, or reading
about it in the newspapers? Would you feel comfortable reading it to a judge and jury?
Joe Murphy is co-editor of ethikos, and vice-chairman of Integrity Interactive Corporation. Win Swenson is a partner in Integrity Interactive and former Deputy General Counsel of the U.S. Sentencing Commission.
Reprinted from the July/August 2003 issue of ethikos.
© 2004 Ethikos, Inc. All rights reserved.
[Return To Selected Articles]