Best Practices in Code of Conduct Development 2013.authcheckdam

Best Practices in Code of Conduct Development
A well-written and designed Code of

Business Conduct is the focal point of an
effective compliance and ethics program.
The contents of this document are protected by U.S. and international law. ALL RIGHTS RESERVED.
Any other use of information in this document, including reproduction, modification, distribution, or
republication without prior written permission from Corpedia, Inc. is strictly prohibited.
Contents
Executive Summary 2
Planning 4
Stakeholder Selection 4
Project Timeline Development 5
Planning Considerations for International Organizations 7
Developing the Code 8
Tone from the Top 8
Readability and Tone 10
Non-Retaliation and Reporting 12
Values Statements and Stakeholder Commitments 15
Risk Topic Coverage 16
Learning Aids 18
Presentation, Style and Organization 19
Communicating the Code 21
Translations 21
Distribution 21
Certification and Disclosure 22
Bringing the Code 3.0 to Life 23
The Genesis of the Code Meeting Requirements 23
Cultural Reawakening Adopting a User-Friendly Code 23
Code 3.0 Engaging the Audience 23
Maintaining the Code 24
Appendix A: Selected Requirements for Codes of Conduct 25
Federal Sentencing Guidelines 25
Sarbanes-Oxley Act of 2002, Section 406 25
Securities and Exchange Commission 33
New York Stock Exchange 40
NASDAQ 41
Appendix B: About Corpedia 44
Acknowledgments 44
CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 1

Executive Summary
A properly assembled and distributed code of conduct is the single most effective and
impactful part of any compliance and ethics program. Such a code is a written record of
not only an organizations expectations, but also its ethical culture. This fulfills the first
hallmark set forth by the Federal Sentencing Guidelines (FSG), which recommends the
promotion of an organizational culture that encourages ethical conduct and a
commitment to compliance with the law [through the establishment of] standards and
procedures to prevent and detect criminal conduct.
However, organizations often view the code of conduct as a necessary evil, mandated
by various regulatory and governmental agencies (see the Appendix for a listing of
select requirements), rather than an opportunity to educate employees about the
standards to which they are held. The resulting document is frequently formal and
difficult to read, having clearly been written by a team of lawyers. Organizations that
take this approach miss a prime opportunity to pronounce their values, standards and
expectations to both internal and external constituents. Studies show that companies
exhibiting a pronounced emphasis on ethics and trust have higher employee retention
rates and attract more prospective employees.1 Therefore, taking time to relate your
companys values, reputation and success with compliance in a meaningful way not
only helps your organization fulfill the FSG, but is also a shrewd business decision.
The code serves as the primary means for your organization to communicate its
commitment to ethical and legal conduct to both internal and external stakeholders:
employees as well as vendors, customers, agents, shareholders, and the communities
in which you do business. While a single document cannot anticipate every possible
situation that an employee might face, your code should provide proper and effective
guideposts for behavior. To achieve this, tie the codes guidelines to your companys
values and ethical commitments. Do so in a manner that facilitates employees grasp of
the critical nature of compliance and ethical decision making, consistent with the code.
In addition, the code should enable employees to quickly recognize when to seek
guidance, encourage them to report concerns, and provide various avenues through
which they can do both.
When revising or creating the code, consider the audience to which the code is directed.
Ensure that the language is at such a level that your largest employee base will fully
comprehend the content. Take into account the locations in which your employees
conduct business and ensure that all code content is applicable to all of the audiences
receiving it. Scrub this content to ensure that it will resonate with employees in foreign
jurisdictions, and be sure to provide translated versions of the code in these locations,
as appropriate. Furthermore, in order to reach your employees in an effective and
engaging manner, allocate proper resources to layout and graphic design.
1
The New ROE: Return On Ethics, at http://www.forbes.com/2009/07/21/business-culture-corporate-
citizenship-leadership-ethics.html, and a recent Stanford business school study, at
http://www.gsb.stanford.edu/news/research/montgomery_mba.html.

When engaging in the code-creation or code-revision process, be sure to account for
the many ways in which the code will be used. For example, factors such as
proliferation, certification and training should all be considered. Properly distributing the
code, tracking its acknowledgement and conducting training on its subject matter send
strong signals to regulatory and legal entities that your organization is making a good
faith effort to implement an effective compliance program.
The code-creation or -revision process is a daunting task and can quickly become
overwhelming without proper planning and knowledge of the issues at hand. Corpedia,
with its team of attorneys, analysts, subject matter experts, writers and editors, has
provided this article as a useful reference guide for those embarking on or considering
the code of conduct revision or development process.
Throughout this report are examples of codes of conduct that

demonstrate the principles and practices discussed.
Complete copies of the codes included can be found on the
respective companies websites.

Planning
Many an organization has fallen prey to miscalculated budgets, poorly planned timelines
and improper preparation of or delegation to project stakeholders. Taking the time to
properly define the scope and reach of the code-creation or code-revision process will
save your organization substantial time and moneynot to mention headacheslater
on in the process.
Stakeholder Selection
Decide whether you will engage a vendor or create the code in-house
First, you will need to consider whether you will engage an external vendor to handle
the code-creation process. Working with an external vendor that has a dedicated focus
on writing, editing and designing compliance- and ethics-related documents can
significantly benefit the average organization. Generally, engaging outside vendors to
develop the code is more cost- and time-effective than creating or revising in-house.
The right vendor will bring to the table the collective view of expert attorneys and subject
matter experts on applicable compliance risks as well as a team of writers, editors and
designers with expertise on best practices for code drafting, language selection,
formatting and graphic design. A vendor should also be able to provide project
management resources to guide you through the process from inception to completion.
Ensure that the process of engaging a vendor is thoughtful and carefully planned; failure
to do so can result in unmet expectations and strained relationships on one or both
sides.
Determine who will be involved in the process

If you choose to draft the code in-house, you will need to coordinate a code-writing
team, commonly comprising attorneys, writers, editors and subject matter experts. To
avoid falling victim to the obtuse, legal language that commonly results from asking
inside counsel to handle drafting duties, be sure to involve professional writers and
editors (see Readability and Tone). Clearly, the content of the document will also need
extensive legal and subject matter review. Thoroughly establish who is responsible for
writing or editing each draft of the code, as this will reduce confusion and simplify the
code-creation process.
Furthermore, you will need to establish a review team. Whether you are engaging an
external vendor or writing the code in-house, it is important to involve all applicable
internal stakeholders at the outset of the process. If these individuals share a cohesive
view of the final products look and are apprised of the timeline for code drafting, they
will be more likely to provide effective and timely feedback. The input and involvement
provided by key internal stakeholders will also translate into increased buy-in from these
groups when it comes time to roll out the codean invaluable asset.

It can be difficult to determine exactly which internal parties should be asked to
contribute feedback throughout the creation process. Obviously, this list will vary from
one company to the next, based on factors such as size and corporate structure. To
develop a list of internal stakeholders whom you will involve in the code-creation
process, identify key contacts among your ethics and compliance function, human
resources department, legal department and various other operational departments. For
international organizations, establish key contacts from each major geographical region
for location-specific feedback. Also, be sure to involve any European works councils, as
council representatives must often review the code before it can be disseminated to the
employees they represent.
Determine at what point stakeholders will be involved

It is advisable to involve internal stakeholders as early in the process as is feasible.
Involving reviewers on an ad hoc basis may potentially lead to radical or sweeping
changes to the second or third iterations of the draft, which can significantly prolong the
drafting process and quickly exhaust your companys resources. Gathering feedback
from critical stakeholders as early as the outline phase will help mitigate the likelihood of
substantial changes occurring late in the drafting process.
While it can be difficult to involve international reviewers before the code has been
translated, keep in mind that engaging these stakeholders at the earliest possible
juncture will help your company avoid future difficulties (particularly when seeking
approval from works councils). Often, it is helpful to provide these groups with a
summary list of the pertinent risk topics addressed and policies cited (in the case of a
code creation) or of the major revisions made (in the case of a code rewrite). Doing so
allows international reviewers to formulate an understanding of the final products look
and feel, and gives them a sense of ownership in the project.
Project Timeline Development

It is critical that your organization establish a realistic process timeline before embarking
on the project. This requires budgeting adequate time for the various integral phases of
the code-creation and code-revision processes, such as outlining, drafting, reviewing
legal content and subject matter, and editing. When writing or revising a code of
conduct, a typical process includes the following:
1. Project Initiation During the initiation phase, establish the project scope and
assign resources and stakeholders. Holding a project kickoff meeting is generally
advisable. The primary purpose of this phase is to identify project goals, intended
audience and communication objectives. Gather all necessary content material at
this point, such as relevant policies, any Company values language, and internal
style or communication guides.
2. Outline Development Here, a high-level content outline of the code is created;

this outline should focus on overall structure and topics to be included. When
determining topics and the order in which they will be presented, take into

account your organizations key risk areas, as determined by factors such as
structure, size and industry, as well as by the results of organizational risk
assessments and litigation history. Submit the outline to key stakeholders for
review and then revise accordingly upon receiving feedback. Generally, two to
three outline drafts should be sufficient.
3. Code Drafting Once the outline is finalized, the development of code content
should begin. The drafting process should follow the communication objectives
and outline approved in the previous stages. Generally, two to three drafts of the
code are necessary.
4. Review The draft should then be distributed to the predetermined project

stakeholders for their feedback. The person or team responsible for drafting
should implement all suggested edits and circulate the revised draft amongst the
project stakeholders assigned to the second draft (who may or may not be the
same stakeholders assigned to the first draft) for their feedback. Ultimately, each
draft of the code should undergo a review.
5. Quality Control The final draft must be comprehensively reviewed for quality
control by a legal expert and an editor, as well as by subject matter experts, if
applicable.
This process should take approximately 1416 weeks from the Project Initiation phase
to the Quality Control stage; of course, this is merely an approximation and will vary
from one organization to the next.
In addition, it is important to account for the design, layout and publication phases of the
code creation process. These phases typically include the following:
1. Project Initiation During this phase, identify the principal design contacts and
determine whether you will design the code in-house or engage an external
vendor. If developing the design in-house, your organization may wish to enlist
your marketing or communications team in the design process. Schedule a
design kick-off meeting to discuss and agree upon design goals. At this point,
collect all content material, including photography and other graphic design
elements.
2. Determine Theme and Layout Whether you are working with an external
vendor or designing in-house, you will need to develop a design theme and
layout for your code of conduct. This will involve deciding on color scheme,
pictorials, graphic design, and the like. Typically, external vendors will provide
layout mock-ups that include spread samples for several different pages. If
designing in-house, you may wish to assign your design team this task.
3. Code Layout The design team will follow the layout objectives decided upon in
the previous stage. This process generally consists of two drafts, but may require
more.

4. Quality Control The designed version of the code should go through a
minimum of three quality reviews by predetermined stakeholders to ensure that
all content has been properly formatted and all design components have been
properly executed.
Generally, this process will take around eight to ten weeks, depending on your
organization and the design team you have chosen (whether internal or external).
However, keep in mind that much of the design process can be done concurrently with
certain stages of the code drafting process. For instance, if the design team is
developing layout mock-ups, this can be done during the Outline Development or Code
Drafting stages.
Planning Considerations for International Organizations

International organizations face several unique challenges in the code-creation process,
and as such need to consider several additional issues in the planning stage. If your
organization has an international presence, you will first need to determine whether to
develop one, global code or to proliferate multiple versions of the code for employees
based on their geographic location, job function and so forth. Although many companies
feel that the obstacles associated with developing a globally applicable code cannot be
overcome, this is generally not the case. In fact, creating a single code that applies to
an organizations entire employee base, regardless of location, is actually quite a
feasible process that can produce not only a legally sound document, but also a unifying
guidebook that contributes to a cohesive ethical culture.
There are several considerations to keep in mind when deciding whether to draft a
global code. The most common obstacle that discourages companies from developing a
single, global code is the challenge of ensuring that the code complies with all
applicable laws and regulations in all jurisdictions. For example, navigating the murky
waters of EU data protection laws and avoiding the pitfalls associated with discussing
non-discrimination and harassment laws can certainly pose difficulties. While such
dilemmas can normally be solved with relative ease during the drafting phase, it is
important that you give such matters strong consideration and consult with legal experts
before initiating and throughout the code-drafting process.
In addition, international organizations must ensure that the code provides accessible
contact information that is relevant and useful for all readers. Oftentimes, companies
worry that this will be an impossible feat, considering the inevitable variation in
international contacts and various laws prohibiting corporations from requiring that their
constituents report to foreign contacts. There are several solutions to this seeming
dilemma, however, as discussed in the Non-Retaliation and Reporting section of this
whitepaper.

Developing the Code
Once the team responsible for code revision or creation has completed the planning
process and established a basic timeline, the drafting process may commence. Below,
you will find points of consideration when drafting your code of conduct.
Tone from the Top

Communicate clearly the executive teams support for the code
One of the most effective tools a company can utilize to communicate confidence in a
code, and the ethics and compliance program as a whole, is a clear and pronounced
endorsement of the document by the executive leadership team. A common format for
demonstrating a convincing tone from the top is an introductory message from a
member of this team. This most commonly takes the form of an introductory letter from
the companys CEO, President and/or Chairperson. It is critical that this letter employ a
tone and vocabulary that employees will recognize as coming from the executive author
to whom the letter is attributed.
Since the code is often one of the first documents new hires read when they join a
company, this introduction by a high-level executive should also serve as a welcoming
smile and handshake. Consider including a photograph and/or signature of the
executive in question to provide a visual connection between the executive team and
the code.
Personalize the executive message or introduction to the company

The executive statement is much more effective if it is personalized to the company.
Companies fortunate enough to have an expansive history or a unique culture or
operational environment are wise to leverage these elements in the introductory letter to
show employees that the code was produced by the company, and with the company's
people in mind. If your company serves the public in a particularly crucial way (such as
those in the healthcare, food or pharmaceuticals industries), it is appropriate to talk
about the services your company provides to its consumer group, local communities
and/or the global community as a whole.
In keeping the code topical and relevant, the executive introduction piece will often
provide an update as to how the code document has changed since its predecessor.
You may also wish to discuss the general status of the compliance and ethics program,
including any recent improvements that have been made and any awards or accolades
it has earned.
Communicate the codes applicability across the organization

Establishing a tone from the top requires that the introductory letter engage the
audience by using a first-person we, our and us voice that inclusively speaks to all
employees, officers and directors alike. It is important to avoid using a dictatorial we

that implies that we, the Company created the rules and you, the employee must
follow them. Provide explicit language on the codes applicability to all levels and areas
of your organization, including directors, executives, managers, and full- and part-time
employees. Doing so will ensure broad acceptance of the code and the guidelines it
sets forth.
Explain the code's role within the broader ethics and compliance program
The introductory letter should speak to the role of the code and its relation to the overall
ethics and compliance program. This provides an excellent opportunity for companies to
sell the code and the program in one fell swoop. Show employees why the code is
important by clearly stating its purpose. Explain that, while the code cannot address
every conceivable issue employees might face, it sets forth guidelines for proper
business conduct that will help employees make ethical decisions consistent with the
companys values and the way it does business. Link ethical behavior to the success of
employees as individuals and that of the company as a whole.
Include reporting information and an affirmation of the non-retaliation policy

Within the introductory letter, include a discussion of the importance of reporting and
provide contact information, as applicable. Frequently, companies that maintain a
reporting hotline will choose to display the hotline information in the introductory letter.
Doing so highlights the hotline as a viable and convenient reporting tool for employees.
Remember, the most boldly pronounced reporting hotline will go unused if executive
management or the ethics and compliance team do not express confidence in its
effectiveness. You may also wish to highlight your companys open door policy at this
time. You can further reiterate the importance of these policies in a section aimed at the
additional responsibilities owed by those in managerial or supervisory positions, a
section that is more and more common as companies seek to convey a strong tone
from the middle.
Pair this discussion with an affirmative statement of your companys non-retaliation

policy. Establishing tone from the top and middle with respect to commitment to non-
retaliation will ensure that employees adhere to the policy and will solidify employees
confidence that it will be enforced.
Keep in mind that rules about how an individual may report, maintaining the anonymity
of a reporters identity, as well as the method by which a hotline is maintained (i.e.,
whether it is safe harbor certified) may be subject to different laws, depending on the
locations of the particular business. It is imperative that you checkand accessibly
communicatethe applicable laws to ensure that employees fully understand how
reports are conducted and investigated.

Readability and Tone
Ensure the code is of an appropriate length
As with any professional document, balancing the codes content to ensure that the
document will cover all requisite information while maintaining the appropriate degree of
brevity can be a difficult task. Codes that are overly brief often do not adequately cover
the necessary risk areas, prompting many questions and providing too few answers.
Conversely, verbose codes run the risk of losing employee interest and begin to
resemble a policy manual or employee handbook. As a rule of thumb, effective codes
fall somewhere between 8,000 and 10,000 words in length. However, companies with
complex international operations, a bevy of unrelated business units, operations in
highly regulated fields or high-risk geographic locations, or U.S. government contracts
frequently must maintain slightly longer codes. As a rule, the code should not exceed
11,000 words in order to retain maximum readability and employee engagement.
Shorten your organizations code by removing immaterial risk areas entirely or by

moving them to the employee handbook. Migrate more rule-heavy topics to a policy
manual as appropriate. In addition to referencing policies and other ancillary internal
informational materials, also consider electronically linking to these policies where
practicable and appropriate. This allows employees to quickly access additional
information pertinent to a particular section of the code. Further, companies with up-to-
date and comprehensive standalone policies will likely find it easier to truncate the code
via this route. While it is important to achieve the target length for the document, it is
equally important to strike a balance between ensuring that employees will read the
document and delivering all pertinent information to this group in an easy-to-read
fashion.
Adopt a warm and inclusive tone to engage employees

While organizations are becoming increasingly adept at crafting effective executive
introductions, far fewer are able to maintain a consistently warm tone beyond the
preamble. Commonly, the remainder of the code is handed off to internal counsel for
drafting, leaving this majority of the document a legalistic, incomprehensible
encyclopedia of "thou shalt not" rhetoric. Simply put, a codes success is defined by its
ability to energize employees and motivate them to ethical behaviorin order to
achieve such success, the language and tone used must be well received by the
employee base.
To achieve an engaging and inviting tone, it is important that you pay ample attention to
voice during the drafting phase. Generally speaking, avoid the third-person voice, as
this tone can appear condescending. Instead, use a warm, first-person voice. An
inclusive voice allows employees to feel a sense of ownership of the code.
You may also wish to use the second-person you in areas in which you would like to
provide more direct guidance. For example, You should contact the General Counsel if
you have concerns about auditing or accounting matters. The second-person voice is
quite appropriate in such situations, but it is important that you ensure that such usage

is consistent and that the voice does not vacillate between the first- and second-person
so much that the effect is jarring to the reader.
Creating an engaging tone also involves limiting the amount of passive language in the
document. While passive language can be employed to soften the tone in certain
instances, the active voice delivers content in a much more compelling and lively
manner. Oftentimes, the reduction of passive language will naturally occur as you avoid
the third person and implement the first. For example, instead of saying, It is Company
policy that all Company employees be cautious to avoid the appearance of impropriety,
consider saying, We must all avoid the appearance of impropriety. This more direct
statement is far more likely to maintain readers interest and inspire employees to
ethical behavior.
Focus on expected behaviors rather than prohibitions

To avoid alienating employees with what sounds like a list of state lottery rules, begin
each risk area with a positive explanation of the guidelines they must follow rather than
a list of prohibitions. If the topic in question is based on clear, right-versus-wrong
reasoning, focus your efforts on explaining the preferred behaviors rather than those
that are forbidden. For example, when discussing guidelines for giving and receiving
gifts, set forth the criteria that a gift must meet in order to comply with Company policy.
For those risk topics that require a degree of interpretation, provide examples of positive
or recommended behavior along with the internal or external resources available for
seeking guidance.
Tailor the complexity of the material to your target audience

While codes are frequently written by lawyers, they do not have to sound as though they
were. Remember, the purpose of a code is to present behavioral guidelines and explain
ethical decision making to your average employee, not necessarily the most educated
individual in your organization. When drafting your code, target the level of complexity to
your broadest employee base. Modern word processing software contains the
necessary tools to determine the approximate grade level of the document as you draft
it. Be sure to employ the services of a professional editor to vet the complexity of your
codes language.
In order to align the code language to an appropriate grade level, work to reduce the
average sentence length and replace long words with shorter synonyms. Use of
complex jargon and a plethora of lengthy, complicated sentences tend to cloud the
codes message and may discourage employees from reading the material altogether.
While long words such as discrimination and harassment are par for the course in all
codes of conduct, replacing terms such as furthermore, moreover and additionally
will serve you well in terms of reducing the grade level and eliminating legalese from the
document. In addition, take definition clauses out of long sentences and instead
introduce definitions in the succeeding sentence. Doing so will reduce the number of
times employees will have to re-read sentences, thereby increasing the likelihood that
they will comprehend and retain code content. Finally, when designing your code, you

may also consider utilizing call-out boxes to emphasize important definitions, while
staying mindful to avoid redundancies in the text.
Infuse the document with your companys culture

Oftentimes, the high degree to which generic, legalistic language is employed within a
code results in a document that is overly formal and difficult to differentiate from other
codes. It is critical that you embed company-specific terminology and references
throughout the code content in order to brand the document to your company. For
instance, consider discussing scenarios that have occurred in the past, and utilize any
ethics-related buzz words frequently used in company-wide communications.
Consider international audiences

When writing a global code, avoid U.S.-centric wording, as well as terminology that
specifically references U.S. law. For instance, global codes should stay away from
language such as foreign government official when defining non-U.S. government
employees, and should discuss U.S. antitrust law under the broader and more globally
applicable term competition law.
Because global codes will likely be translated into several languages, it is important to
avoid colloquialisms that may be difficult to translate. Engage culture experts to scrub
the code for such inconsistencies as part of the quality control review.
Non-Retaliation and Reporting

Clearly communicate resources for asking questions or making reports
It is pivotal that whatever resources your company provides to employees for asking
questions or reporting misconduct are clear and outlined within the code. Commonly,
code documents will include a dedicated reporting section that sets forth the avenues by
which employees should seek guidance and report ethical or legal misconduct. Such a
section should be placed near the beginning of the code to educate employees about
the necessity of reporting known or suspected misconduct, as well as the process by
which they are expected to do so. This section does not necessarily need to be an
exhaustive list of reporting channels and contact information, but should include the
most important contacts and state where a comprehensive list is available.
This section should discuss in detail the process of asking questions or reporting actual
or potential misconduct. It should provide specific avenues through which employees
may raise ethical concerns, as well as contact information for each avenue. This
reporting chain may be hierarchical in nature, or it may simply take the form of a list. If
your organization maintains an open-door policy, take the opportunity to provide an in-
depth explanation of that policy here. Encourage employees to seek face-to-face
guidance first, but give them reporting options for situations in which they are
uncomfortable talking to (or unable to talk to) their supervisor or manager. Provide any
other applicable resources, including a member of the human resources department,
the general counsel or corporate secretary, the legal department and/or the board of

directors. In addition, in line with establishing a credible tone from the top, introduce the
ethics and compliance team and provide general contact information (including roles
and departments, but omitting names of current contacts to avoid dating the code).
Doing so further signifies the importance management places on ethics and adherence
to the code.
In addition to providing employees the above reporting resources, your company should
give strong consideration to establishing a hotline by which employees can
anonymously and confidentiallywhere allowed by local lawsreport misconduct.
Maintaining such a hotline has been an increasing trend for companies in recent years,
and is now the standard rather than the exception. Indeed, SOX 301 requires U.S.
publicly traded companies to maintain one for reporting audit or financial concerns. In
addition, amendments to the Federal Acquisition Regulations require that certain
government contractors2 display a government agency hotline poster. Commonly, such
hotlines are run by independent third parties and are set up to accommodate upwards
of 150 local languages via phone and/or website. If your company maintains such a
service, provide employees with contact information for the hotline in the dedicated
reporting section and elsewhere throughout the code. If you have international
operations, be sure to include local access numbers for the hotline. Often, companies
will opt to embed a chart within the code text or at the end of the code to house these
numbers. You may also wish to create internet or intranet landing pages for the
hotline. Such landing pages can be set up to provide local access codes for specific
locations and country-specific reporting guidelines for those locations.
Make a firm statement of the non-retaliation policy

It is important that a code not only shows employees how to report misconduct, but also
takes steps to ensure that they fully understand and act in accordance with the clearly
stated culture of non-retaliation within the organization. Best practices dictate that codes
provide a clear and affirmative expression of the companys non-retaliation policy. More
and more, best practices codes are explaining the various ways retaliation can occur, so
that employees are clear about what behavior is unacceptable. Retaliation, including
what it looks like and how employees react to it, is a complex and serious issue, and
fear of retaliation is a leading cause of employees failing to report misconduct. All
employeesespecially those with managerial dutiesare expected to abide by and
endorse a firm culture of non-retaliation. Managers have the additional responsibility to
encourage their direct reports to communicate unethical conduct and ensure that any
good faith report is not met with acts of retaliation.
A reminder about your companys commitment to non-retaliation should accompany the

initial reporting discussion. In addition, since employees might feel particularly
vulnerable to retaliation with regard to interpersonal workplace situations, such as
discrimination, harassment and certain conflicts of interest, as well as to situations
2
Those companies that have engaged in work on a government contract (as a contractor or
subcontractor) which is expected to exceed $5 million with a performance period of 120 days or more.

involving financial record keeping, it is appropriate to anticipate these issues and to
reiterate the commitment to non-retaliation within such risk areas.
Provide information on the complaint resolution process

Illustrating the reporting and investigation processes will instill greater confidence in
those contemplating reporting. If your company maintains an anonymous reporting
mechanism, it is important to explain in detail the hotline structure. This is particularly
true if the hotline is operated by a third party, as employees are sometimes
apprehensive of third-party services and their claims of confidentiality.
In addition, communicate that all concerns will be investigated promptly and thoroughly,
allowing employees to know that their report will adhere to a structured and documented
process. Assure employees that all possible steps will be taken to ensure their
confidentiality, consistent with applicable laws (see Ensure compliance with
international reporting laws, below) and proper resolution of the concern.
Also, it can be useful to provide employees with guidance or recommendations as to

what information to have ready when reporting a violation, such as names of the
persons involved, the date and location of the incident, and any other pertinent facts.
Emphasize that by reporting concerns, employees are doing the right thing and
helping the company halt and/or prevent misconduct
It is important to create a link between ethical conduct and reporting, rather than to
simply emphasize that reporting violations is mandatory and that failing to do so violates
company policy. While the latter can have its intended effect, the former method is more
likely to inspire employees to overall ethical behavior and is therefore more effective.
Elucidate the ways in which reporting concerns allows your company to halt or prevent
misconduct, and thus contributes to the ethical culture at your company.
Given the whistleblower provisions of Dodd-Frank3 that provide lucrative incentives for
those who report wrongdoing to the government in furtherance of its investigations, it is
more important than ever to encourage employees to report internally rather than
reporting to a government agency firstor worse, not speaking up at all.
Ensure compliance with international reporting laws

While U.S. law allows companies to mandate that employees report ethics and legal
violations, this is not true in all countries. Many nations permit language indicating that
employees should report, but failure to report is not necessarily considered sufficiently
egregious to justify termination, depending on the seriousness of the unreported
incident. In certain jurisdictions, such as France, you may only go so far as to
encourage employees to report. The French Data Protection Authoritys (CNIL) 2005
guidelines state that reporting should always be discretionary and by no means
3
Dodd-Frank Wall Street Reform and Consumer Protection Act, 12 USC 5301 (2010).

mandatory.4 Thus, it is important to ensure code language is consistent with such
guidelines; you should also stress face-to-face interaction.
While making a hotline available to all employees is strongly recommended, certain

countries have enacted data protection laws that govern the ways your company may
communicate about such a reporting mechanism to employees operating in their
jurisdictions, and the extent to which you may discuss anonymous reporting. As the
CNIL states in its 2005 guidelines, anonymous reportingthough inevitableshould
not be the rule.5
Explicitly encouraging employees to make anonymous reports is not recommended,

and may also violate applicable data protection law. Indeed, the CNILs 2005 guidelines
state that employees should be requested to identify themselves when filing an alert, it
being specified that their confidentiality will be and must be protected.6 Additionally, the
laws of many EU countries dictate that the code should contain language discouraging
the use of anonymous reporting.
It is also important to note that some jurisdictions require not only that the company
protect good faith reports, but also that it expressly inform employees that making
reports not in good faith is a behavior that is not protected from retaliation and will result
in disciplinary action.
Finally, if you have EU subsidiaries, it is generally recommended that you check for
possible conflicts with local labor legislation. For example, in Germany if the subsidiary
has established a works council, you need to obtain prior approval from this body before
adopting the code. In France, you will likely need to request the non-binding opinion of
the works council before proliferating any reporting requirements to local employees via
the code or other document. While challenging, satisfying the requirements of these and
other laws is feasible without necessitating country-specific codes of conduct.
Values Statements and Stakeholder Commitments

Clearly and enthusiastically communicate the companys values
Frequently, companies will choose to define their corporate values on a separate page
at the very beginning of the code. This approach shows a clear commitment to
upholding these values and sets them apart from the rest of the text. In addition, it
provides a concrete link in readers minds between the document itself and the
principles upon which it is based. If your organization does not yet have a well-defined
4
Anonymous Reporting Procedures and Codes of Ethical Conduct in the European Union, at
http://www.gibsondunn.com/Publications/Pages/AnonymousReportingProceduresandCodesofEthicalCon
ductintheEuropeanUnion.aspx
5
Ibid.
6
Ibid.

or well-disseminated values statement, the code creation or revision process provides
an opportunity to create and communicate one.
If your organization does have a widely disseminated values statement that employees
will recognize and associate with your ethics and compliance program, you may also
wish to organize your code around these values. This can provide an excellent method
of organization and further link the code to your corporate values.
Regardless of how you introduce your companys values, what is most important is that
you clearly and passionately communicate them. So doing will energize your employee
base by explaining the why of compliance, rather than providing a tedious list of rules
and regulations. Clearly illustrate at the beginning of each risk area what is expected of
employees by tying behavioral expectations to values or ethical commitments. Codes
that fail to do so often sound like laundry lists of prohibitions.
Discuss the commitments employees hold to key stakeholders

Employees have ethical commitments to all of the companys important stakeholders,
including their colleagues, the company itself, customers, shareholders (if your
organization is publicly held), vendors/suppliers and other business partners, local
communities, the environment and various governmental regulatory agencies. To fully
explain behavioral expectations to employees, a code must address all applicable
stakeholder commitments. However, a code should go beyond merely referencing these
commitments, and instead should explain why these obligations exist and why they
must be fulfilled. For example, discuss specific commitments such as upholding the
trust that customers have placed in the company, respecting the environment, working
to benefit local communities and ensuring mutually beneficial relationships with
suppliers. Be sure to discuss all applicable stakeholder commitments in appropriate
depth and detail given your organizations stakeholder profile.
In recent years, the trend for organizing the code document around stakeholder
commitments has been evident. If your company chooses to utilize this organization,
group sections of risk topics by their corresponding stakeholder group. For example,
Our Commitments to Each Other might house Workplace Safety and Diversity, and
Our Commitments to Our Communities might discuss Environmental Responsibility
and Political Activities. This method of organization can prove an effective way to
introduce these obligations in a positive light, ensuring that readers will associate
upholding these commitments with ethical conduct.
Risk Topic Coverage

Give thought to risk topics in accordance with your organizations size, structure
and industry
While regulatory mandates require organizations to implement a code of conduct, very
little guidance is provided regarding what that code should contain. Instead, SOX, the
FSG and various stock market regulations focus on what should be the intended

purpose of the codegenerally, to deter wrongdoing and promote honest, ethical
conduct and compliance with laws.
Determining the substance of the code is the most important step in the code
development process. Obviously, you will need to consider factors such as the size and
structure of your company when determining what risk topics to include and the depth of
coverage each will receive. In addition, you should consider the industry in which your
company operates. Many organizations are subject to myriad industry-specific
regulatory obligations. For example, organizations in the pharmaceuticals industry must
be particularly cautious to ensure that their employees are abiding by the various
regulations established by the PhRMA Code, the FDA and international regulatory
agencies, such as those supporting international product registrations.
Consider the risks your organization faces, looking to those risks that are both systemic
to your organization and unique to your industry. Leveraging recently completed internal
audits and/or compliance risk assessment results will provide focus as to which topic
areas to cover. If no such risk assessment or audit information exists, give serious
consideration to the deployment of resources to further identify, prioritize and mitigate
your companys ethics and compliance risks. Referencing the codes of peer companies
will provide additional insight into applicable risk areas.
You will also need to consider the geographic areas in which your company operates.
There are several risk topics that pose drafting difficulties for U.S. organizations looking
to adopt a single, global code. For example, a U.S. company operating in certain Middle
Eastern countries will need to take care when discussing discrimination in terms of
gender and religion. Keep in mind that making employment-related decisions based
on gender or religion may be perfectly permissible in these locations. In addition, some
Asian countries have laws in place that preclude women from working as many hours
as men, and Germany requires employers to take into account an employees age and
disability when making workforce reduction decisions. Therefore, when discussing non-
discrimination in an international code, you may wish to use rather general language
when discussing these issues.
Define the terms and concepts used within each risk area
Codes frequently utilize concepts and terms that are not often heard in everyday
conversation, or are often misused in common parlance. When drafting your code, be
sure to define all potentially confusing terminology, such as harassment, insider
trading, material, nonpublic information and antitrust. In addition, clarify any
concepts that may have slightly different meanings within the code than they would
normally have, including conflict of interest, retaliation, relative or good faith.
Clearly communicate behavioral expectations for each risk area

While choosing the appropriate coverage of risk topics is obviously of the utmost
importance, devoting time to this task means little if the code does not properly

communicate the acceptable and unacceptable behaviors for each risk area. Applicable
laws and regulations can often be very confusing to the average employee, and
company policy can be equally obtuse. By providing clear-cut guidance as to what is
allowable under company policy and the law, well-written codes can eliminate much of
this confusion. When clear guidance simply is not availablefor example, when
organizations operate in diverse geographic locations or when rules are fact-specific
provide employees clear avenues through which they should seek guidance.
Reference corresponding company policies

Faced with the difficulty of communicating a wide range of topics to a broad audience,
operationally diverse and globally reaching organizations often struggle to maintain
codes of reasonable depth. Failing to appropriately limit guidance can result in a lengthy
document, posing legitimate readability concerns (see Ensure the code is of an
appropriate length). To provide employees adequate detail on topics while maintaining
reasonable document length, codes should aim to illustrate expected behaviors for
important risk areas rather than to duplicate the companys collection of standalone
policies. Providing the name and/or location of the corresponding policy (or policies)
provides quick access for those who require additional information. If the code is
distributed electronically, consider including hyperlinks to policies located on your
companys intranet, wherever applicable.
Communicate how the code relates to U.S. and international laws and
regulations, local laws and other company policies
It is also important to establish how the code relates to the various laws, regulations,
policies and procedures that employees might encounter in their work. Doing so will
provide a proper framework and context for employees, who may encounter conflicts
between local laws and business practices, the code and/or other company policies. It is
important to specify which standard shall govern; if this is fact-specific, it is generally
best to direct employees at the outset of the code to seek guidance from your legal
department in such situations.
Learning Aids
Supplement the code content with learning aids
Keep in mind that, while codes aim to break down policy material into a more digestible
and direct format, some readers are less skilled than others at comprehending the
written word. While the codes text should explain difficult-to-understand concepts and
terms, you can further ensure comprehension of these by embedding learning aids,
which supplement these explanations and bring theoretical and abstract concepts into
the realm of practical advice. Learning aids can take many forms, including question-
and-answer segments, real-life scenarios and vignettes that demonstrate the
implications for certain courses of action.
Consider placing learning aids with the risk topics that are most important for your
organization or among those that are fact-specific. For example, you may wish to

supplement risk topic discussions such as anti-bribery or gifts and entertainment, since
policies vary widely by company and determining whether an action is in violation of
these policies is often fact-specific.
Although learning aids are generally invaluable code resources, it is important to

consider overall word count when drafting them. Embedding too many learning aids
may also detract from the content of the code itself. In general, aim for learning aids to
compose approximately five to fifteen percent of the codes total word count. To
maximize the effectiveness of the learning aids, prioritize with respect to key risk areas
when determining which scenarios to include.
Ensure that the learning aids are relevant

It is important that you ensure that the learning aids depict realistic scenarios for your
organization and the business you conduct. This requires that you utilize relevant job
titles, geographic locations, work environments and scenarios. Usually, scenarios are
drawn from actual situations that have occurred in the past, common questions and
complaints, and hotline reports. If the learning aids are written in the form of vignettes,
be sure to use names that represent all geographic locations in which you operate.
Deliver the learning aids in a manner that complements your company culture
Taking advantage of available modalities of information delivery throughout your
organization can better position you to effectively deliver the code and its contents. As
electronic-based file formats are becoming common methods of code distribution,
companies are increasingly opting to link online, interactive learning scenarios to
pertinent content areas. Allowing the reader to access only those learning aids and tools
he or she requests allows for the code itself to remain uncluttered and, to a degree,
customized to the needs of the user. Of course, organizations with a significant offline
community will need to place learning aids in the hard-copy version of the code.
Presentation, Style and Organization

Ensure the code is visually appealing and consistent with design cues found in
other company documents
While we are taught not to judge a book by its cover, the converse is often true when it
comes to codes of conduct. When a code looks like just another policy, it will likely be
disregarded as such. Oftentimes, organizations choose to enlist their marketing and
communications teams to create a look-and-feel for the code of conduct. Having a
colorful and vibrant code can vastly increase the likelihood that the code will be read
from cover to cover.
When designing the look and feel of your organizations code, adopt a visual style that
fits with existing internal and external company communications. For example, employ
the same design resources responsible for your companys annual report. Keeping a
design aesthetic consistent with existing company branding will convey that this code is
unique to your organization. A code that is branded in this manner can serve not only as

an internal marketing tool for ethics and compliance, but also as an external marketing
tool.
Format the code in a manner that properly utilizes white space

While lavish page layouts are certainly engaging to readers, keep in mind that they are
not necessarily imperative. It is quite possible to create a relatively low-tech document
that will engage your reader, so long as your design team pays proper attention to
format and use of white space.
To allow for a user-friendly reading experience, limit the width of the text to
approximately 10 to 12 words across. In addition, migrate long lists of information (such
as lists of examples and sets of guidelines) into bulleted lists where appropriate. These
white-space-maximizing techniques will increase comprehension for your average
reader, who generally finds dense walls of text daunting and difficult to digest.
Structure your code in an organized, logical fashion

Gone are the days in which companies alphabetically listed the contents of the code or
arranged them haphazardly or arbitrarily by overall risk area. As discussed in the
Values Statements and Stakeholder Commitments section of this whitepaper, a
heightened emphasis on promoting an ethical workplace culture has increasingly led
companies to organize their code topics according to the commitments held to key
stakeholder groups or their applicability relative to corporate values. Providing an
overarching umbrella under which topics are grouped lends a more cohesive feel to the
document and allows employees to perform searches more easily when revisiting the
code for reference.
Whatever the structure, a code should be organized in a way that fits your
organizations culture and makes sense for your business.
Include a table of contents, as well as other navigational devices

Provide the tools necessary for your readers to access the information they need in as
timely and efficient a manner as possible. To accomplish this, provide a table of
contents at the outset of the code. Ensure that at least two levels of headings are
present so that employees can more readily find material.
In addition, consider concluding the document with an index and a glossary of terms.

Communicating the Code
Translations
According to 8B2.1 of the FSG, companies must show they have made a good faith
effort to educate their employees on the standards and laws to which they will be held.
Therefore, companies with a global reach will often provide publicly available copies of
their code in various local languages. Generally, if your company maintains more than
50 employees in a given jurisdiction, you will want to translate the code into the local
language of that jurisdiction. This remains true even when you are fairly certain your
employees speak English as a second language, as their reading comprehension is
likely to be higher in their first language. Additionally, if you are operating in a high-risk
area from a compliance perspective (such as doing business with the government in the
Peoples Republic of China), you should consider translating the material regardless of
the number employees you maintain in this location. When determining such high-risk
areas, utilize the results of your most recent compliance risk assessment or external
tools such as Transparency Internationals Corruption Perception Index7, which ranks
the risk of corruption by country.
Distribution
Determine the method of distribution
You will also need to consider how you will disseminate the code to your employees.
Organizations are increasingly choosing to distribute fewer and fewer printed copies of
their codes. Providing the code to employees primarily in electronic format is both a
cost-effective and an environmentally friendly solution. However, if a segment of your
companys employee base does not have access to a computer or the internet, this is
not a feasible option.
Make the code readily available to external constituents

External stakeholders are increasingly turning to an organization's code of conduct as a
barometer of its ethical culture and organizational health. Providing a pronounced link to
the document on your external website not only provides these outside stakeholders
easy access to the code, but doing so also communicates your confidence behind the
document itself, your overall ethics and compliance program, and your ethical culture.
Code documents should be provided in a logical location on your website, such as the
Investor Relations (for publicly traded companies), Corporate Governance, About
Us, Company Values or Corporate Social Responsibility pages of the site. You may
also wish to maintain the code in multiple places on the website.
7
Transparency Internationals 2012 Corruption Perception Index
http://cpi.transparency.org/cpi2012/results/

Provide an electronic version of the code in a format that is easy to view and
download
Best practices dictate that companies provide their code documents in every applicable
language in a similar fashion, and in a file format that is easy to search, print and
download, such as Adobes Portable Document Format (PDF). Advanced features of
the PDF format allow for clickable navigation within the document; when implemented,
these tools further enhance the document as a user-friendly resource.
Certification and Disclosure

A common element of a code of conduct is a paper or electronic form that employees fill
out to acknowledge that they have received the code, will comply with its guidelines and
are aware of no instances of non-compliance. Organizations typically collect and retain
these acknowledgements as part of their efforts to show they have made a good-faith
effort to educate employees on compliance. Employees should be required to certify
acknowledgement and compliance with the code on an annual basis. Requiring such
certification only when the code is first distributed or on the date of hire is no longer best
practice.
In the past, many companies could feasibly require annual certification of only certain
employee groups. As these forms are increasingly distributed in electronic format,
however, acquiring certification from your entire employee base on an annual basis is a
more viable option. If you are providing training on the code via e-learning courseware,
you may wish to forego the acknowledgement and certification in the code itself, and
instead utilize a certification and disclosure option in the course, which is then stored on
your companys learning management system (LMS). You may also choose to combine
this process with your annual conflict of interest certifications.

Bringing the Code 3.0 to Life
Codes have followed a predictable trajectory of evolution following the implementation
of various regulatory and federal mandates. Charting the history of code drafting and
distribution yields insight into the future of best practices. Having reviewed thousands of
codes, Corpedia notes three distinct stages of development.
The Genesis of the Code Meeting Requirements

In the beginning, codes resembled little more than a collection of corporate policies or
summaries of such policies, haphazardly assembled by in-house counsel. Code
documents were crafted using intricate legal language with the sole objective of
satisfying existing regulatory requirements. Revisions to these introductory codes
commonly took the form of stapling addendums and additions to the existing treatise.
Cultural Reawakening Adopting a User-Friendly

Code
Witnessing the often severe costs to organizations who failed to comply with FSG and
SOX requirements, companies began to place more importance on their ethics and
compliance programs, and therefore their codes. Shrewd organizations leveraged this
compliance reawakening as a chance to direct the messaging of their codes in terms of
company values, rather than policies and procedures. Such organizations invested
additional resources to produce visually stimulating documents that presented content
in a user-friendly format. Company values, not rules, became drivers of the content
within codes.
Code 3.0 Engaging the Audience

As more and more organizations migrated to implementing user-friendly and
aesthetically pleasing documents, leading organizations identified a need to further
engage their audience through a modular, interactive and online version of their code.
This should not be confused with a code of conduct course. Rather, the Code 3.0
document is one that is commonly hosted on an organizations secure intranet and
provides relevant policies, reporting resources, learning aids and contextual news
content available on-demand and dynamically updated. The result is a living, breathing
document that serves not only as a reference guide, but also as a repository of
instruction and knowledge responsive to any job function or level within the
organization.

Maintaining the Code
Update the code on a regular basis
Periodically, your organization will need to re-examine and revise the code to keep it
fresh as a teaching document. In the event of significant corporate compositional
changes (such as mergers, acquisitions or overseas expansion) or regulatory changes
affecting your operations, you will most likely need to update the guidelines set forth in
the code at the time these changes occur. Otherwise, consider updating the content of
the code every two to three years. Keep in mind that a regular schedule of review and
revision of the code is consistent with the FSG, which require organizations to evaluate
periodically the effectiveness of their programs.
Refreshing the code does not necessarily require changing the precepts of the code,
and can be as simple as updating the presentation to ensure that readers remain
engaged. Better yet, add new examples, comprehension aids and other attention-
getters, or migrate to Code 3.0. A static code will quickly lead to perfunctory review on
the part of employees, and such review undercuts the purposes of the code and the
annual certification process.
CELC ADVISORY SERVICES POWERED BY CORPEDIA | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 24
Appendix A: Selected
Requirements for Codes of
Conduct
Federal Sentencing Guidelines
Chapter 8 - PART B - REMEDYING HARM FROM CRIMINAL CONDUCT, AND
EFFECTIVE COMPLIANCE AND ETHICS PROGRAM
8B2.1. Effective Compliance and Ethics Program
b) Due diligence and the promotion of an organizational culture that encourages
ethical conduct and a commitment to compliance with the law within the meaning
of subsection (a) minimally require the following:
(1) The organization shall establish standards and procedures to prevent and
detect criminal conduct.
***
(4) (A) The organization shall take reasonable steps to communicate periodically
and in a practical manner its standards and procedures, and other aspects of
the compliance and ethics program, to the individuals referred to in subdivision
(B) by conducting effective training programs and otherwise disseminating
information appropriate to such individuals respective roles and
responsibilities.
Sarbanes-Oxley Act of 2002, Section 406

15 USC Section 7264, Code of ethics for senior financial officers
(a) Code of ethics disclosure
The Commission shall issue rules to require each issuer, together with periodic
reports required pursuant to section 78m(a) or 78o(d) of this title, to disclose
whether or not, and if not, the reason therefore, such issuer has adopted a code of
ethics for senior financial officers, applicable to its principal financial officer and
comptroller or principal accounting officer, or persons performing similar functions.
(b) Definition
In this section, the term code of ethics means such standards as are reasonably
necessary to promote -

(1) honest and ethical conduct, including the ethical handling of actual or apparent
conflicts of interest between personal and professional relationships;
(2) full, fair, accurate, timely, and understandable disclosure in the periodic reports
required to be filed by the issuer; and (3) compliance with applicable
governmental rules and regulations.
The Commission shall -
(1) propose rules to implement this section, not later than 90 days after July 30,
2002; and
(2) issue final rules to implement this section, not later than 180 days after July 30,
2002.
Dodd-Frank Wall Street Reform and Consumer

Protection Act, Section 922
SEC. 922. WHISTLEBLOWER PROTECTION.
(a) IN GENERAL.The Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.) is
amended by inserting after section 21E the following:
SEC. 21F. SECURITIES WHISTLEBLOWER INCENTIVES AND PROTECTION.
(a) DEFINITIONS.In this section the following definitions shall apply:
(1) COVERED JUDICIAL OR ADMINISTRATIVE ACTION.The term covered judicial
or administrative action means any judicial or administrative action brought by the
Commission under the securities laws that results in monetary sanctions exceeding
$1,000,000.
(2) FUND.The term Fund means the Securities and Exchange Commission Investor
Protection Fund.
(3) ORIGINAL INFORMATION.The term original information means information
that
(A) is derived from the independent knowledge or analysis of a whistleblower; (B) is
not known to the Commission from any other source, unless the whistleblower is the
original source of the information; and (C) is not exclusively derived from an allegation
made in a judicial or administrative hearing, in a governmental report, hearing, audit, or
investigation, or from the news media, unless the whistleblower is a source of the
information.
(4) MONETARY SANCTIONS.The term monetary sanctions, when used with
respect to any judicial or administrative action, means
(A) any monies, including penalties, disgorgement, and interest, ordered to be paid;
and (B) any monies deposited into a disgorgement fund or other fund pursuant to
section 308(b) of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246(b)), as a result of
such action or any settlement of such action.
(5) RELATED ACTION.The term related action, when used with respect to any
judicial or administrative action brought by the Commission under the securities laws,
means any judicial or administrative action brought by an entity described in subclauses
(I) through (IV) of subsection (h)(2)(D)(i) that is based upon the original information
provided by a whistleblower pursuant to subsection (a) that led to the successful

enforcement of the Commission action.
(6) WHISTLEBLOWER.The term whistleblower means any individual who provides,
or 2 or more individuals acting jointly who provide, information relating to a violation of
the securities laws to the Commission, in a manner established, by rule or regulation, by
the Commission.
(b) AWARDS.
(1) IN GENERAL.In any covered judicial or administrative action, or related action,
the Commission, under regulations prescribed by the Commission and subject to
subsection (c), shall pay an award or awards to 1 or more whistleblowers who
voluntarily provided original information to the Commission that led to the successful
enforcement of the covered judicial or administrative action, or related action, in an
aggregate amount equal to
(A) not less than 10 percent, in total, of what has been collected of the monetary
sanctions imposed in the action or related actions; and (B) not more than 30 percent, in
total, of what has been collected of the monetary sanctions imposed in the action or
related actions.
(2) PAYMENT OF AWARDS.Any amount paid under paragraph (1) shall be paid
from the Fund.
(c) DETERMINATION OF AMOUNT OF AWARD; DENIAL OF AWARD.
(1) DETERMINATION OF AMOUNT OF AWARD.
(A) DISCRETION.The determination of the amount of an award made under
subsection (b) shall be in the discretion of the Commission.
(B) CRITERIA.In determining the amount of an award made under subsection (b),
the Commission
(i) shall take into consideration (I) the significance of the information provided by
the whistleblower to the success of the covered judicial or administrative action; (II) the
degree of assistance provided by the whistleblower and any legal representative of the
whistleblower in a covered judicial or administrative action; (III) the programmatic
interest of the Commission in deterring violations of the securities laws by making
awards to whistleblowers who provide information that lead to the successful
enforcement of such laws; and (IV) such additional relevant factors as the Commission
may establish by rule or regulation; and
(ii) shall not take into consideration the balance of the Fund.
(2) DENIAL OF AWARD.No award under subsection (b) shall be made
(A) to any whistleblower who is, or was at the time the whistleblower acquired the
original information submitted to the Commission, a member, officer, or employee of
(i) an appropriate regulatory agency; (ii) the Department of Justice; (iii) a self-
regulatory organization; (iv) the Public Company Accounting Oversight Board; or
(v) a law enforcement organization; (B) to any whistleblower who is convicted of a
criminal violation related to the judicial or administrative action for which the
whistleblower otherwise could receive an award under this section; (C) to any
whistleblower who gains the information through the performance of an audit of financial
statements required under the securities laws and for whom such submission would be
contrary to the requirements of section 10A of the Securities Exchange Act of 1934 (15
U.S.C. 78j1); or (D) to any whistleblower who fails to submit information to the
Commission in such form as the Commission may, by rule, require.

(d) REPRESENTATION.
(1) PERMITTED REPRESENTATION.Any whistleblower who makes a claim for an
award under subsection (b) may be represented by counsel.
(2) REQUIRED REPRESENTATION.
(A) IN GENERAL.Any whistleblower who anonymously makes a claim for an award
under subsection (b) shall be represented by counsel if the whistleblower anonymously
submits the information upon which the claim is based.
(B) DISCLOSURE OF IDENTITY.Prior to the payment of an award, a whistleblower
shall disclose the identity of the whistleblower and provide such other information as the
Commission may require, directly or through counsel for the whistleblower.
(e) NO CONTRACT NECESSARY.No contract with the Commission is necessary for
any whistleblower to receive an award under subsection (b), unless otherwise required
by the Commission by rule or regulation.
(f) APPEALS.Any determination made under this section, including whether, to
whom, or in what amount to make awards, shall be in the discretion of the Commission.
Any such determination, except the determination of the amount of an award if the
award was made in accordance with subsection (b), may be appealed to the
appropriate court of appeals of the United States not more than 30 days after the
determination is issued by the Commission. The court shall review the determination
made by the Commission in accordance with section 706 of title 5, United States Code.
(g) INVESTOR PROTECTION FUND.
(1) FUND ESTABLISHED.There is established in the Treasury of the United States a
fund to be known as the Securities and Exchange Commission Investor Protection
Fund.
(2) USE OF FUND.The Fund shall be available to the Commission, without further
appropriation or fiscal year limitation, for
(A) paying awards to whistleblowers as provided in subsection (b); and
(B) funding the activities of the Inspector General of the Commission under section 4(i).
(3) DEPOSITS AND CREDITS.
(A) IN GENERAL.There shall be deposited into or credited to the Fund an amount
equal to
(i) any monetary sanction collected by the Commission in any judicial or administrative
action brought by the Commission under the securities laws that is not added to a
disgorgement fund or other fund under section 308 of the Sarbanes-Oxley Act of 2002
(15 U.S.C. 7246) or otherwise distributed to victims of a violation of the securities laws,
or the rules and regulations thereunder, underlying such action, unless the balance of
the Fund at the time the monetary sanction is collected exceeds $300,000,000;
(ii) any monetary sanction added to a disgorgement fund or other fund under section
308 of the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7246) that is not distributed to the
victims for whom the Fund was established, unless the balance of the disgorgement
fund at the time the determination is made not to distribute the monetary sanction to
such victims exceeds $200,000,000; and (iii) all income from investments made under
paragraph (4).
(B) ADDITIONAL AMOUNTS.If the amounts deposited into or credited to the Fund
under subparagraph (A) are not sufficient to satisfy an award made under subsection
(b), there shall be deposited into or credited to the Fund an amount equal to the

unsatisfied portion of the award from any monetary sanction collected by the
Commission Courts. Determination. Deadline. in the covered judicial or administrative
action on which the award is based.
(4) INVESTMENTS.
(A) AMOUNTS IN FUND MAY BE INVESTED.The Commission may request the
Secretary of the Treasury to invest the portion of the Fund that is not, in the discretion of
the Commission, required to meet the current needs of the Fund.
(B) ELIGIBLE INVESTMENTS.Investments shall be made by the Secretary of the
Treasury in obligations of the United States or obligations that are guaranteed as to
principal and interest by the United States, with maturities suitable to the needs of the
Fund as determined by the Commission on the record.
(C) INTEREST AND PROCEEDS CREDITED.The interest on, and the proceeds
from the sale or redemption of, any obligations held in the Fund shall be credited to the
Fund.
(5) REPORTS TO CONGRESS.Not later than October 30 of each fiscal year
beginning after the date of enactment of this subsection, the Commission shall submit to
the Committee on Banking, Housing, and Urban Affairs of the Senate, and the
Committee on Financial Services of the House of Representatives a report on
(A) the whistleblower award program, established under this section, including
(i) a description of the number of awards granted; and
(ii) the types of cases in which awards were granted during the preceding fiscal year;
(B) the balance of the Fund at the beginning of the preceding fiscal year;
(C) the amounts deposited into or credited to the Fund during the preceding fiscal year;
(D) the amount of earnings on investments made under paragraph (4) during the
preceding fiscal year;
(E) the amount paid from the Fund during the preceding fiscal year to whistleblowers
pursuant to subsection (b);
(F) the balance of the Fund at the end of the preceding fiscal year; and
(G) a complete set of audited financial statements, including
(i) a balance sheet;
(ii) income statement; and
(iii) cash flow analysis.
(h) PROTECTION OF WHISTLEBLOWERS.
(1) PROHIBITION AGAINST RETALIATION.
(A) IN GENERAL.No employer may discharge, demote, suspend, threaten, harass,
directly or indirectly, or in any other manner discriminate against, a whistleblower in the
terms and conditions of employment because of any lawful act done by the
whistleblower
(i) in providing information to the Commission in accordance with this section;
(ii) in initiating, testifying in, or assisting in any investigation or judicial or administrative
action of the Commission based upon or related to such information; or
(iii) in making disclosures that are required or protected under the Sarbanes-Oxley Act
of 2002 (15 U.S.C. 7201 et seq.), the Securities Exchange Act of 1934 (15 U.S.C. 78a
et seq.), including section 10A(m) of such Act (15 U.S.C. 78f(m)), section 1513(e) of title
18, United States Code, and any other law, rule, or regulation subject to the jurisdiction
of the Commission.

(B) ENFORCEMENT.
(i) CAUSE OF ACTION.An individual who alleges discharge or other discrimination
in violation of subparagraph (A) may bring an action under this subsection in the
appropriate district court of the United States for the relief provided in subparagraph (C).
(ii) SUBPOENAS.A subpoena requiring the attendance of a witness at a trial or
hearing conducted under this section may be served at any place in the United States.
(iii) STATUTE OF LIMITATIONS.
(I) IN GENERAL.An action under this subsection may not be brought
(aa) more than 6 years after the date on which the violation of subparagraph (A)
occurred; or
(bb) more than 3 years after the date when facts material to the right of action are
known or reasonably should have been known by the employee alleging a violation of
subparagraph (A).
(II) REQUIRED ACTION WITHIN 10 YEARS.Notwithstanding subclause (I), an
action under this subsection may not in any circumstance be brought more than 10
years after the date on which the violation occurs.
(C) RELIEF.Relief for an individual prevailing in an action brought under
subparagraph (B) shall include
(i) reinstatement with the same seniority status that the individual would have had, but
for the discrimination;
(ii) 2 times the amount of back pay otherwise owed to the individual, with interest; and
(iii) compensation for litigation costs, expert witness fees, and reasonable attorneys
fees.
(2) CONFIDENTIALITY.
(A) IN GENERAL.Except as provided in subparagraphs (B) and (C), the Commission
and any officer or employee of the Commission shall not disclose any information,
including information provided by a whistleblower to the Commission, which could
reasonably be expected to reveal the identity of a whistleblower, except in accordance
with the provisions of section 552a of title 5, United States Code, unless and until
required to be disclosed to a defendant or respondent in connection with a public
proceeding instituted by the Commission or any entity described in subparagraph (C).
For purposes of section 552 of title 5, United States Code, this paragraph shall be
considered a statute described in subsection (b)(3)(B) of such section.
(B) EXEMPTED STATUTE.For purposes of section 552 of title 5, United States
Code, this paragraph shall be considered a statute described in subsection (b)(3)(B) of
such section 552.
(C) RULE OF CONSTRUCTION.Nothing in this section is intended to limit, or shall
be construed to limit, the ability of the Attorney General to present such evidence to a
grand jury or to share such evidence with potential witnesses or defendants in the
course of an ongoing criminal investigation.
(D) AVAILABILITY TO GOVERNMENT AGENCIES.
(i) IN GENERAL.Without the loss of its status as confidential in the hands of the
Commission, all information referred to in subparagraph (A) may, in the discretion of the
Commission, when determined by the Commission to be necessary to accomplish the
purposes of this Act and to protect investors, be made available to
(I) the Attorney General of the United States;

(II) an appropriate regulatory authority;
(III) a self-regulatory organization;
(IV) a State attorney general in connection with any criminal investigation;
(V) any appropriate State regulatory authority;
(VI) the Public Company Accounting Oversight Board;
(VII) a foreign securities authority; and
(VIII) a foreign law enforcement authority.
(ii) CONFIDENTIALITY.
(I) IN GENERAL.Each of the entities described in subclauses (I) through (VI) of
clause
(i) shall maintain such information as confidential in accordance with the requirements
established under subparagraph (A).
(II) FOREIGN AUTHORITIES.Each of the entities described in subclauses (VII) and
(VIII) of clause (i) shall maintain such information in accordance with such assurances
of confidentiality as the Commission determines appropriate.
(3) RIGHTS RETAINED.Nothing in this section shall be deemed to diminish the
rights, privileges, or remedies of any whistleblower under any Federal or State law, or
under any collective bargaining agreement.
(i) PROVISION OF FALSE INFORMATION.A whistleblower shall not be entitled to
an award under this section if the whistleblower
(1) knowingly and willfully makes any false, fictitious, or fraudulent statement or
representation; or
(2) uses any false writing or document knowing the writing or document contains any
false, fictitious, or fraudulent statement or entry.
(j) RULEMAKING AUTHORITY.The Commission shall have the authority to issue
such rules and regulations as may be necessary or appropriate to implement the
provisions of this section consistent with the purposes of this section..
(b) PROTECTION FOR EMPLOYEES OF NATIONALLY RECOGNIZED STATISTICAL
RATING ORGANIZATIONS.Section 1514A(a) of title 18, United States Code, is
amended
(1) by inserting or nationally recognized statistical rating organization (as defined in
section 3(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78c), after 78o(d)),;
and
(2) by inserting or nationally recognized statistical rating organization after such
company.
(c) SECTION 1514A OF TITLE 18, UNITED STATES CODE.
(1) STATUTE OF LIMITATIONS; JURY TRIAL.Section 1514A(b)(2) of title 18, United
States Code, is amended
(A) in subparagraph (D)
(i) by striking 90 and inserting 180; and
(ii) by striking the period at the end and inserting , or after the date on which the
employee became aware of the violation.; and
(B) by adding at the end the following:
(E) JURY TRIAL.A party to an action brought under paragraph (1)(B) shall be
entitled to trial by jury..
(2) PRIVATE SECURITIES LITIGATION WITNESSES; NONENFORCEABILITY;

INFORMATION.Section 1514A of title 18, United States Code, is amended by adding
at the end the following:
(e) NONENFORCEABILITY OF CERTAIN PROVISIONS WAIVING RIGHTS AND
REMEDIES OR REQUIRING ARBITRATION OF DISPUTES.
(1) WAIVER OF RIGHTS AND REMEDIES.The rights and remedies provided for in
this section may not be waived by any agreement, policy form, or condition of
employment, including by a predispute arbitration agreement.
(2) PREDISPUTE ARBITRATION AGREEMENTS.No predispute arbitration
agreement shall be valid or enforceable, if the agreement requires arbitration of a
dispute arising under this section..
(d) STUDY OF WHISTLEBLOWER PROTECTION PROGRAM.
(1) STUDY.The Inspector General of the Commission shall conduct a study of the
whistleblower protections established under the amendments made by this section,
including
(A) whether the final rules and regulation issued under the amendments made by this
section have made the whistleblower protection program (referred to in this subsection
as the program) clearly defined and user-friendly;
(B) whether the program is promoted on the website of the Commission and has been
widely publicized;
(C) whether the Commission is prompt in
(i) responding to
(I) information provided by whistleblowers; and
(II) applications for awards filed by whistleblowers;
(ii) updating whistleblowers about the status of their applications; and
(iii) otherwise communicating with the interested parties;
(D) whether the minimum and maximum reward levels are adequate to entice
whistleblowers to come forward with information and whether the reward levels are so
high as to encourage illegitimate whistleblower claims;
(E) whether the appeals process has been unduly burdensome for the Commission;
(F) whether the funding mechanism for the Investor Protection Fund is adequate;
(G) whether, in the interest of protecting investors and identifying and preventing fraud,
it would be useful for Congress to consider empowering whistleblowers or other
individuals, who have already attempted to pursue the case through the Commission, to
have a private right of action to bring suit based on the facts of the same case, on
behalf of the Government and themselves, against persons who have committee
securities fraud;
(H)(i) whether the exemption under section 552(b)(3) of title 5 (known as the Freedom
of Information Act) established in section 21F(h)(2)(A) of the Securities Exchange Act of
1934, as added by this Act, aids whistleblowers in disclosing information to the
Commission;
(ii) what impact the exemption described in clause (i) has had on the ability of the public
to access information about the regulation and enforcement by the Commission of
securities; and
(iii) any recommendations on whether the exemption described in clause (i) should
remain in effect; and
(I) such other matters as the Inspector General deems appropriate.

(2) REPORT.Not later than 30 months after the date of enactment of this Act, the
Inspector General shall
(A) submit a report on the findings of the study required under paragraph (1) to the
Committee on Banking, Housing, and Urban Affairs of the Senate and the Committee
on Financial Services of the House; and
(B) make the report described in subparagraph (A) available to the public through
publication of the report on the website of the Commission.
Federal Acquisition Regulation (FAR), Section 52.203-

13
Contractor Code of Business Ethics and Conduct
(a) Definitions. As used in this clause
Agent means any individual, including a director, an officer, an employee, or an

independent Contractor, authorized to act on behalf of the organization.
Full cooperation (1) Means disclosure to the Government of the information

sufficient for law enforcement to identify the nature and extent of the offense and the
individuals responsible for the conduct. It includes providing timely and complete
response to Government auditors and investigators' request for documents and access
to employees with information;
(2) Does not foreclose any Contractor rights arising in law, the FAR, or the terms of the
contract. It does not require
(i) A Contractor to waive its attorney-client privilege or the protections afforded by the
attorney work product doctrine; or
(ii) Any officer, director, owner, or employee of the Contractor, including a sole
proprietor, to waive his or her attorney client privilege or Fifth Amendment rights; and
(3) Does not restrict a Contractor from
(i) Conducting an internal investigation; or
(ii) Defending a proceeding or dispute arising under the contract or related to a potential
or disclosed violation.
Principal means an officer, director, owner, partner, or a person having primary

management or supervisory responsibilities within a business entity (e.g., general
manager; plant manager; head of a division or business segment; and similar positions).
Subcontract means any contract entered into by a subcontractor to furnish supplies or

services for performance of a prime contract or a subcontract.
Subcontractor means any supplier, distributor, vendor, or firm that furnished supplies
or services to or for a prime contractor or another subcontractor.
United States, means the 50 States, the District of Columbia, and outlying areas.

(b) Code of business ethics and conduct. (1) Within 30 days after contract award,
unless the Contracting Officer establishes a longer time period, the Contractor shall
(i) Have a written code of business ethics and conduct; and
(ii) Make a copy of the code available to each employee engaged in performance of the
contract.
(2) The Contractor shall
(i) Exercise due diligence to prevent and detect criminal conduct; and
(ii) Otherwise promote an organizational culture that encourages ethical conduct and a
commitment to compliance with the law.
(3)(i) The Contractor shall timely disclose, in writing, to the agency Office of the
Inspector General (OIG), with a copy to the Contracting Officer, whenever, in
connection with the award, performance, or closeout of this contract or any subcontract
thereunder, the Contractor has credible evidence that a principal, employee, agent, or
subcontractor of the Contractor has committed
(A) A violation of Federal criminal law involving fraud, conflict of interest, bribery, or
gratuity violations found in Title 18 of the United States Code; or
(B) A violation of the civil False Claims Act (31 U.S.C. 3729-3733).
(ii) The Government, to the extent permitted by law and regulation, will safeguard and
treat information obtained pursuant to the Contractors disclosure as confidential where
the information has been marked confidential or proprietary by the company. To the
extent permitted by law and regulation, such information will not be released by the
Government to the public pursuant to a Freedom of Information Act request, 5 U.S.C.
Section 552, without prior notification to the Contractor. The Government may transfer
documents provided by the Contractor to any department or agency within the
Executive Branch if the information relates to matters within the organizations
jurisdiction.
(iii) If the violation relates to an order against a Governmentwide acquisition contract, a
multi-agency contract, a multiple-award schedule contract such as the Federal Supply
Schedule, or any other procurement instrument intended for use by multiple agencies,
the Contractor shall notify the OIG of the ordering agency and the IG of the agency
responsible for the basic contract.
(c) Business ethics awareness and compliance program and internal control system.
This paragraph (c) does not apply if the Contractor has represented itself as a small
business concern pursuant to the award of this contract or if this contract is for the
acquisition of a commercial item as defined at FAR 2.101. The Contractor shall
establish the following within 90 days after contract award, unless the Contracting
Officer establishes a longer time period:
(1) An ongoing business ethics awareness and compliance
program.
(i) This program shall include reasonable steps to communicate periodically and in a
practical manner the Contractors standards and procedures and other aspects of the
Contractors business ethics awareness and compliance program and internal control
system, by conducting effective training programs and otherwise disseminating
information appropriate to an individuals respective roles and responsibilities.

(ii) The training conducted under this program shall be provided to the Contractors
principals and employees, and as appropriate, the Contractors agents and
subcontractors.
(2) An internal control system.
(i) The Contractors internal control system shall
(A) Establish standards and procedures to facilitate timely discovery of improper
conduct in connection with Government contracts; and
(B) Ensure corrective measures are promptly instituted and carried out.
(ii) At a minimum, the Contractors internal control system shall provide for the following:
(A) Assignment of responsibility at a sufficiently high level and adequate resources to
ensure effectiveness of the business ethics awareness and compliance program and
internal control system.
(B) Reasonable efforts not to include an individual as a principal, whom due diligence
would have exposed as having engaged in conduct that is in conflict with the
Contractors code of business ethics and conduct.
(C) Periodic reviews of company business practices, procedures, policies, and internal
controls for compliance with the Contractors code of business ethics and conduct and
the special requirements of Government contracting, including
(1) Monitoring and auditing to detect criminal conduct;
(2) Periodic evaluation of the effectiveness of the business ethics awareness and
compliance program and internal control system, especially if criminal conduct has
been detected; and
(3) Periodic assessment of the risk of criminal conduct, with appropriate steps to design,
implement, or modify the business ethics awareness and compliance program and the
internal control system as necessary to reduce the risk of criminal conduct identified
through this process.
(D) An internal reporting mechanism, such as a hotline, which allows for anonymity or
confidentiality, by which employees may report suspected instances of improper
conduct, and instructions that encourage employees to make such reports.
(E) Disciplinary action for improper conduct or for failing to take reasonable steps to
prevent or detect improper conduct.
(F) Timely disclosure, in writing, to the agency OIG, with a copy to the Contracting
Officer, whenever, in connection with the award, performance, or closeout of any
Government contract performed by the Contractor or a subcontract thereunder, the
Contractor has credible evidence that a principal, employee, agent, or subcontractor of
the Contractor has committed a violation of Federal criminal law involving fraud, conflict
of interest, bribery, or gratuity violations found in Title 18 U.S.C. or a violation of the civil
False Claims Act (31 U.S.C. 3729-3733).
(1) If a violation relates to more than one Government contract, the Contractor may
make the disclosure to the agency OIG and Contracting Officer responsible for the
largest dollar value contract impacted by the violation.
(2) If the violation relates to an order against a Governmentwide acquisition contract, a
multi-agency contract, a multiple-award schedule contract such as the Federal Supply
Schedule, or any other procurement instrument intended for use by multiple agencies,
the contractor shall notify the OIG of the ordering agency and the IG of the agency
responsible for the basic contract, and the respective agencies contracting officers.

(3) The disclosure requirement for an individual contract continues until at least 3 years
after final payment on the contract.
(4) The Government will safeguard such disclosures in accordance with paragraph
(b)(3)(ii) of this clause.
(G) Full cooperation with any Government agencies responsible for audits,
investigations, or corrective actions.
(d) Subcontracts. (1) The Contractor shall include the substance of this clause, including
this paragraph (d), in subcontracts that have a value in excess of $5,000,000 and a
performance period of more than 120 days.
(2) In altering this clause to identify the appropriate parties, all disclosures of violation of
the civil False Claims Act or of Federal criminal law shall be directed to the agency
Office of the Inspector General, with a copy to the Contracting Officer.
UK Bribery Act 2010

Section 7, Failure of Commercial Organisations to Prevent Bribery
(1) A relevant commercial organisation (C) is guilty of an offence under this section if a
person (A) associated with C bribes another person intending
(a) to obtain or retain business for C, or
(b) to obtain or retain an advantage in the conduct of business for C.
(2) But it is a defence for C to prove that C had in place adequate procedures designed
to prevent persons associated with C from undertaking such conduct.
(3) For the purposes of this section, A bribes another person if, and only if, A
(a) is, or would be, guilty of an offence under section 1 or 6 (whether or not A has been
prosecuted for such an offence), or
(b) would be guilty of such an offence if section 12(2)(c) and (4) were omitted.
(4) See section 8 for the meaning of a person associated with C and see section 9 for a
duty on the Secretary of State to publish guidance.
(5) In this section partnership means
(a) a partnership within the Partnership Act 1890, or
(b) a limited partnership registered under the Limited Partnerships Act 1907, or a firm or
entity of a similar character formed under the law of a country or territory outside the
United Kingdom,
relevant commercial organisation means
(a) a body which is incorporated under the law of any part of the United Kingdom and
which carries on a business (whether there or elsewhere),
(b) any other body corporate (wherever incorporated) which carries on a business, or
part of a business, in any part of the United Kingdom,
(c) a partnership which is formed under the law of any part of the United Kingdom and
which carries on a business (whether there or elsewhere), or
(d) any other partnership (wherever formed) which carries on a business, or part of a
business, in any part of the United Kingdom, and, for the purposes of this section, a
trade or profession is a business.

Securities and Exchange Commission
17 CFR 229.406
PART 229_STANDARD INSTRUCTIONS FOR FILING FORMS UNDER SECURITIES
ACT OF 1933, SECURITIES EXCHANGE ACT OF 1934 AND ENERGY POLICY AND
CONSERVATION ACT OF 1975_REGULATION S-K--Table of Contents
Sec. 229.406 (Item 406) Code of ethics.
(a) Disclose whether the registrant has adopted a code of ethics that applies to the
registrant's principal executive officer, principal financial officer, principal
accounting officer or controller, or persons performing similar functions. If the
registrant has not adopted such a code of ethics, explain why it has not done so.
(b) For purposes of this Item 406, the term code of ethics means written standards
that are reasonably designed to deter wrongdoing and to promote:
(1) Honest and ethical conduct, including the ethical handling of actual or
apparent conflicts of interest between personal and professional relationships;
(2) Full, fair, accurate, timely, and understandable disclosure in reports and
documents that a registrant files with, or submits to, the Commission and in
other public communications made by the registrant;
(3) Compliance with applicable governmental laws, rules and regulations;
(4) The prompt internal reporting of violations of the code to an appropriate
person or persons identified in the code; and
(5) Accountability for adherence to the code.
(c) The registrant must:
(1) File with the Commission a copy of its code of ethics that applies to the
registrant's principal executive officer, principal financial officer, principal
accounting officer or controller, or persons performing similar functions, as an
exhibit to its annual report;
(2) Post the text of such code of ethics on its Internet website and disclose, in its
annual report, its Internet address and the fact that it has posted such code of
ethics on its Internet Web site; or
(3) Undertake in its annual report filed with the Commission to provide to any
person without charge, upon request, a copy of such code of ethics and
explain the manner in which such request may be made.
(d) If the registrant intends to satisfy the disclosure requirement under Item 10 of Form
8-K regarding an amendment to, or a waiver from, a provision of its code of ethics
that applies to the registrant's principal executive officer, principal financial officer,
principal accounting officer or controller, or persons performing similar functions
and that relates to any element of the code of ethics definition enumerated in
paragraph (b) of this Item by posting such information on its Internet website,
disclose the registrant's Internet address and such intention.

Instructions to Item 406. 1. A registrant may have separate codes of ethics for different
types of officers. Furthermore, a code of ethics within the meaning of paragraph (b) of
this Item may be a portion of a broader document that addresses additional topics or
that applies to more persons than those specified in paragraph (a). In satisfying the
requirements of paragraph (c), a registrant need only file, post or provide the portions of
a broader document that constitutes a code of ethics as defined in paragraph (b) and
that apply to the persons specified in paragraph (a).
2. If a registrant elects to satisfy paragraph (c) of this Item by posting its code of ethics
on its website pursuant to paragraph (c)(2), the code of ethics must remain accessible
on its Web site for as long as the registrant remains subject to the requirements of this
Item and chooses to comply with this Item by posting its code on its Web site pursuant
to paragraph (c)(2).
[68 FR 5127, Jan. 31, 2003, as amended at 70 FR 1594, Jan. 7, 2005]
17 CFR 228.406
Sec. 228.406 (Item 406) Code of ethics.
(a) Disclose whether the small business issuer has adopted a code of ethics that
applies to the small business issuer's principal executive officer, principal financial
officer, principal accounting officer or controller, or persons performing similar
functions. If the small business issuer has not adopted such a code of ethics,
explain why it has not done so.
(b) For purposes of this Item 406, the term code of ethics means written standards
that are reasonably designed to deter wrongdoing and to promote:
(1) Honest and ethical conduct, including the ethical handling of actual or
apparent conflicts of interest between personal and professional relationships;
(2) Full, fair, accurate, timely, and understandable disclosure in reports and
documents that a small business issuer files with, or submits to, the
Commission and in other public communications made by the small business
issuer;
(3) Compliance with applicable governmental laws, rules and regulations;
(4) The prompt internal reporting of violations of the code to an appropriate
person or persons identified in the code; and
(5) Accountability for adherence to the code.
(c) The small business issuer must:
(1) File with the Commission a copy of its code of ethics that applies to the small
business issuer's principal executive officer, principal financial officer,
principal accounting officer or controller, or persons performing similar
functions, as an exhibit to its annual report;
(2) Post the text of such code of ethics on its Internet website and disclose, in its
annual report, its Internet address and the fact that it has posted such code of
ethics on its Internet website; or

(3) Undertake in its annual report filed with the Commission to provide to any
person without charge, upon request, a copy of such code of ethics and
explain the manner in which such request may be made.
(d) If the small business issuer intends to satisfy the disclosure requirement under
Item 10 of Form 8-K regarding an amendment to, or a waiver from, a provision of
its code of ethics that applies to the small business issuer's principal executive
officer, principal financial officer, principal accounting officer or controller, or
persons performing similar functions and that relates to any element of the code of
ethics definition enumerated in paragraph (b) of this Item by posting such
information on its Internet website, disclose the small business issuer's Internet
address and such intention.
Instructions to Item 406. 1. A small business issuer may have separate codes of ethics
for different types of officers. Furthermore, a code of ethics within the meaning of
paragraph (b) of this Item may be a portion of a broader document that addresses
additional topics or that applies to more persons than those specified in paragraph (a).
In satisfying the requirements of paragraph (c), a small business issuer need only file,
post or provide the portions of a broader document that constitutes a code of ethics as
defined in paragraph (b) and that apply to the persons specified in paragraph (a).
2. If a small business issuer elects to satisfy paragraph (c) of this Item by posting its
code of ethics on its website pursuant to paragraph (c)(2), the code of ethics must
remain accessible on its website for as long as the small business issuer remains
subject to the requirements of this Item and chooses to comply with this Item by posting
its code on its Web site pursuant to paragraph (c)(2).
[68 FR 5126, Jan. 31, 2003, as amended at 70 FR 1593, Jan. 7, 2005]

New York Stock Exchange
Listed Company Manual Section 303A.10
303A.00 Corporate Governance Standards
303A.10 Code of Business Conduct and Ethics
Listed companies must adopt and disclose a code of business conduct and
ethics for directors, officers and employees, and promptly disclose any waivers
of the code for directors or executive officers.
Commentary: No code of business conduct and ethics can replace the thoughtful
behavior of an ethical director, officer or employee. However, such a code can focus the
board and management on areas of ethical risk, provide guidance to personnel to help
them recognize and deal with ethical issues, provide mechanisms to report unethical
conduct, and help to foster a culture of honesty and accountability.
Each code of business conduct and ethics must require that any waiver of the code for
executive officers or directors may be made only by the board or a board committee and
must be promptly disclosed to shareholders. This disclosure requirement should inhibit
casual and perhaps questionable waivers, and should help assure that, when
warranted, a waiver is accompanied by appropriate controls designed to protect the
listed company. It will also give shareholders the opportunity to evaluate the board's
performance in granting waivers.
Each code of business conduct and ethics must also contain compliance standards and
procedures that will facilitate the effective operation of the code. These standards
should ensure the prompt and consistent action against violations of the code. Each
listed company website must include its code of business conduct and ethics. The listed
company must state in its annual proxy statement or, if the company does not file an
annual proxy statement, in the company's annual report on Form 10-K filed with the
SEC, that the foregoing information is available on its website and that the information is
available in print to any shareholder who requests it.
Each listed company may determine its own policies, but all listed companies should
address the most important topics, including the following:
Conflicts of interest. A "conflict of interest" occurs when an individual's private
interest interferes in any wayor even appears to interferewith the interests of
the corporation as a whole. A conflict situation can arise when an employee,
officer or director takes actions or has interests that may make it difficult to
perform his or her company work objectively and effectively. Conflicts of interest
also arise when an employee, officer or director, or a member of his or her family,
receives improper personal benefits as a result of his or her position in the
company. Loans to, or guarantees of obligations of, such persons are of special
concern. The listed company should have a policy prohibiting such conflicts of
interest, and providing a means for employees, officers and directors to
communicate potential conflicts to the listed company.
Corporate opportunities. Employees, officers and directors should be
prohibited from (a) taking for themselves personally opportunities that are

discovered through the use of corporate property, information or position; (b)
using corporate property, information, or position for personal gain; and (c)
competing with the company. Employees, officers and directors owe a duty to the
company to advance its legitimate interests when the opportunity to do so arises.
Confidentiality. Employees, officers and directors should maintain the
confidentiality of information entrusted to them by the listed company or its
customers, except when disclosure is authorized or legally mandated.
Confidential information includes all non-public information that might be of use
to competitors, or harmful to the company or its customers, if disclosed.
Fair Dealing. Each employee, officer and director should endeavor to deal fairly
with the company's customers, suppliers, competitors and employees. None
should take unfair advantage of anyone through manipulation, concealment,
abuse of privileged information, misrepresentation of material facts, or any other
unfair-dealing practice. Listed companies may write their codes in a manner that
does not alter existing legal rights and obligations of companies and their
employees, such as "at will" employment arrangements.
Protection and proper use of company assets. All employees, officers and
directors should protect the company's assets and ensure their efficient use.
Theft, carelessness and waste have a direct impact on the listed company's
profitability. All company assets should be used for legitimate business purposes.
Compliance with laws, rules and regulations (including insider trading
laws). The listed company should proactively promote compliance with laws,
rules and regulations, including insider trading laws. Insider trading is both
unethical and illegal, and should be dealt with decisively.
Encouraging the reporting of any illegal or unethical behavior. The listed
company should proactively promote ethical behavior. The company should
encourage employees to talk to supervisors, managers or other appropriate
personnel when in doubt about the best course of action in a particular situation.
Additionally, employees should report violations of laws, rules, regulations or the
code of business conduct to appropriate personnel. To encourage employees to
report such violations, the listed company must ensure that employees know that
the company will not allow retaliation for reports made in good faith.
NASDAQ
Market Rule 4350(n)
(n) Code of Conduct
Each issuer shall adopt a code of conduct applicable to all directors, officers and
employees, which shall be publicly available. A code of conduct satisfying this rule must
comply with the definition of a code of ethics set out in Section 406(c) of the Sarbanes-
Oxley Act of 2002 (the Sarbanes-Oxley Act) and any regulations promulgated
thereunder by the Commission. See 17 C.F.R. 228.406 and 17 C.F.R. 229.406. In
addition, the code must provide for an enforcement mechanism. Any waivers of the

code for directors or executive officers must be approved by the Board. Issuers, other
than foreign private issuers, shall disclose such waivers in a Form 8-K within four
business days. Foreign private issuers shall disclose such waivers either in a Form 6-K
or in the next Form 20-F or 40-F.
Cross Reference IM-4350-7 Code of Conduct
IM-4350-7 Code of Conduct
Amendments to this rule have been approved, but the effective date has not yet
been announced. To view this version of the rule click the "Approved Rule
Changes, Effective Date Pending" tab to the right.
Ethical behavior is required and expected of every corporate director, officer and
employee whether or not a formal code of conduct exists. The requirement of a publicly
available code of conduct applicable to all directors, officers and employees of an issuer
is intended to demonstrate to investors that the board and management of NASDAQ
issuers have carefully considered the requirement of ethical dealing and have put in
place a system to ensure that they become aware of and take prompt action against
any questionable behavior. For company personnel, a code of conduct with
enforcement provisions provides assurance that reporting of questionable behavior is
protected and encouraged, and fosters an atmosphere of self-awareness and prudent
conduct.
Rule 4350(n) requires issuers to adopt a code of conduct complying with the definition
of a code of ethics under Section 406(c) of the Sarbanes-Oxley Act of 2002 (the
Sarbanes-Oxley Act) and any regulations promulgated thereunder by the Commission.
See 17 C.F.R. 228.406 and 17 C.F.R. 229.406. Thus, the code must include such
standards as are reasonably necessary to promote the ethical handling of conflicts of
interest, full and fair disclosure, and compliance with laws, rules and regulations, as
specified by the Sarbanes-Oxley Act. However, the code of conduct required by Rule
4350(n) must apply to all directors, officers, and employees. Issuers can satisfy this
obligation by adopting one or more codes of conduct, such that all directors, officers and
employees are subject to a code that satisfies the definition of a "code of ethics."
As the Sarbanes-Oxley Act recognizes, investors are harmed when the real or
perceived private interest of a director, officer or employee is in conflict with the
interests of the company, as when the individual receives improper personal benefits as
a result of his or her position with the company, or when the individual has other duties,
responsibilities or obligations that run counter to his or her duty to the company. Also,
the disclosures an issuer makes to the Commission are the essential source of
information about the company for regulators and investors there can be no question
about the duty to make them fairly, accurately and timely. Finally, illegal action must be
dealt with swiftly and the violators reported to the appropriate authorities. Each code of
conduct must require that any waiver of the code for executive officers or directors may
be made only by the board and must be disclosed to shareholders, along with the
reasons for the waiver. All issuers, other than foreign private issuers, must disclose
such waivers in a Form 8-K within four business days. Foreign private issuers must
disclose such waivers either in a Form 6-K or in the next Form 20-F or 40-F. This
disclosure requirement provides investors the comfort that waivers are not granted

except where they are truly necessary and warranted, and that they are limited and
qualified so as to protect the company and its shareholders to the greatest extent
possible.
Each code of conduct must also contain an enforcement mechanism that ensures
prompt and consistent enforcement of the code, protection for persons reporting
questionable behavior, clear and objective standards for compliance, and a fair process
by which to determine violations.

Appendix B: About Corpedia
Corpedia Corporation, founded in 1998, offers a wide variety of innovative and user-
friendly compliance and ethics solutions.
Developed and implemented by a team of experts with years of experience and industry
insight, our compliance risk assessment solutions identify, quantify and provide
actionable plans for mitigating and preventing compliance breakdowns. Our e-learning
programs bolster these assessments by familiarizing employees with all facets of
regulations affecting their company and offering the most measurable outcomes for their
compliance and ethics initiatives.
With over 500 customers in more than 150 countries, including Wal-Mart, Time Warner,
OfficeMax, Dun & Bradstreet and PepsiCo, Corpedia delivers the right compliance and
ethics solutions to the right people at the right timeevery time. For more information,
call 877.629.8724.
Acknowledgments
Corpedia Contributors
Erica Salmon-Byrne Nicole Tarasoff

Executive Vice President, Senior Writer and Editor
Compliance & Governance Advisory Services
Solutions
Katherine Jones
Robert Leffel Writer and Editor
Director Advisory Services
Advisory Services
Jennifer Campisano
Compliance Counsel
Advisory Services
Elisabeth Van Derslice

Compliance Counsel
Advisory Services

WWW.CORPEDIA.COM | 877.629.8724

Best Practices in Code of Conduct Development 2013.authcheckdam

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Best Practices in Code of Conduct Development 2013.authcheckdam

Hochgeladen von

Copyright:

Verfügbare Formate

Best Practices in Code of Conduct Development

A well-written and designed Code of

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 1

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 2

Throughout this report are examples of codes of conduct that

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 3

Determine who will be involved in the process

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 4

Determine at what point stakeholders will be involved

Project Timeline Development

2. Outline Development Here, a high-level content outline of the code is created;

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 5

4. Review The draft should then be distributed to the predetermined project

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 6

Planning Considerations for International Organizations

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 7

Tone from the Top

Personalize the executive message or introduction to the company

Communicate the codes applicability across the organization

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 8

Include reporting information and an affirmation of the non-retaliation policy

Pair this discussion with an affirmative statement of your companys non-retaliation

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 9

Shorten your organizations code by removing immaterial risk areas entirely or by

Adopt a warm and inclusive tone to engage employees

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 10

Focus on expected behaviors rather than prohibitions

Tailor the complexity of the material to your target audience

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 11

Infuse the document with your companys culture

Consider international audiences

Non-Retaliation and Reporting

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 12

Make a firm statement of the non-retaliation policy

A reminder about your companys commitment to non-retaliation should accompany the

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 13

Provide information on the complaint resolution process

Also, it can be useful to provide employees with guidance or recommendations as to

Ensure compliance with international reporting laws

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 14

While making a hotline available to all employees is strongly recommended, certain

Explicitly encouraging employees to make anonymous reports is not recommended,

Values Statements and Stakeholder Commitments

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 15

Discuss the commitments employees hold to key stakeholders

Risk Topic Coverage

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 16

Clearly communicate behavioral expectations for each risk area

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 17

Reference corresponding company policies

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 18

Although learning aids are generally invaluable code resources, it is important to

Ensure that the learning aids are relevant

Presentation, Style and Organization

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 19

Format the code in a manner that properly utilizes white space

Structure your code in an organized, logical fashion

Include a table of contents, as well as other navigational devices

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 20

Make the code readily available to external constituents

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 21

Certification and Disclosure

CORPEDIA, INC. | BEST PRACTICES IN CODE OF CONDUCT DEVELOPMENT | 22