Corporate Governance

Corporate Ethics Codes

On this page

• Conference Board Report: Third Party Ethics Not A High Priority for Most Companies
• CPA's Model Code of Conduct for Political Spending
• OECD Guide For Assessing Corporate Governance
• Effective Codes - Raising Concern and Non-Retaliation
• Professor Cragg of York University on Ethics Codes
  
  
  

* * *

Third Party Ethics Not A High Priority for Most Companies

Integration of third parties into ethics and compliance programs “is the exception, not the rule,” says Conference Board report

The most common method for handling third party ethics and compliance issues is to adopt and stick to a code of practice or policies that governs the manner in which a company's own employees deal with third parties, according to a report by The Conference Board. Overall, companies rated their own ethics and compliance programs as only “somewhat effective,” but seemed satisfied with current methods of including third parties in ethics and compliance programs.

Third Parties Not Usually Included in Ethics & Compliance Programs

Ninety-five percent of the 169 companies surveyed by The Conference Board and the Ethics and Compliance Officer Association (ECOA) for the report on the essentials of corporate third party ethics programs said that while it is vitally important to address third party ethics and compliance issues through codes of conduct for their own employees, they are less inclined to involve third parties directly in these programs.

"With the exception of helplines or whistle-blowing systems, the direct inclusion of third parties in companies' ethics and compliance programs is the exception, not the rule," says Ronald E. Berenbeim, principal researcher at The Conference Board and author of the report with Rebecca Walker, an attorney specializing in corporate compliance and business ethics. "Nevertheless, companies are growing more dependent on third party relationships for the achievement of business objectives-either via joint venture, which may be mandated for entering into a new country, or working with suppliers or contractors."

In addition, written policies applicable to specific third parties are not common. In more than two-thirds of the responding companies (69 percent), the standards for third parties apply in the same manner to all third parties. Among the companies that had policies for specific third parties, contractors and agents are most likely to be mentioned.

The most common component that companies extend to third parties is offering employees of third parties an opportunity to report ethics — or compliance — related concerns. Virtually all of these systems (98 percent) rely on the same means used for a company's own employees to report suspected misconduct, rather than a separate system for third parties.

Training Programs Are Sometimes Required, Audits Are Infrequent

Ethics and compliance training programs are the third most frequent step that survey participants take in extending their own program to third parties. Slightly more than one-third (38 percent) of survey participants offer but don't insist on some kind of training program for third parties. Most of these programs devote some discussion to the company's own code. In almost every case, those parties that are asked to adopt or certify to the company's internal code of conduct are offered some form of training.

Company audits of third party compliance with ethics policies and practices are infrequent, and a majority of the companies that audit don't do so routinely. Slightly more than 35 percent of the survey participants perform audits or otherwise verify that third parties conduct themselves as required by the company's own compliance and ethics policies. Of this group, slightly less than half conduct audits on a routine basis, while the remainder focuses their audits on specific concerns.

The surveyed companies showed little interest in the third party's own ethics programs. Slightly more than one quarter of the survey respondents ask third parties whether or not they have them, but only 14 percent of respondents ask for documentation. Companies are especially likely to seek information on the third party's compliance program when considering an acquisition or a joint venture.

To download the full report, please visit the Conference Board website.

See also Language and Culture Worldwide 2007 report on incorporating international employees/stakeholders into ethics and compliance programs.

Posted 3/3/08

Back To Top

* * *

Open Windows: How Company Codes of Conduct Regulate Political Spending and a Model Code

Faulting S&P 100 companies for weak regulation of their political spending, a report by the Center for Political Accountability, a US non-profit that advocates for increased corporate political spending transparency, urges the adoption of a strong model code of conduct to protect companies and their shareholders.

The report, entitled Open Windows: How Company Codes of Conduct Regulate Political Spending and a Model Code to Protect Company Interests and Shareholder Value, is based on a survey of company codes conducted between June 2006 and January 2007 of the S&P 100 companies. The survey found that most S&P 100 companies handled political spending in “a weak and cursory manner" and that none of the companies surveyed included comprehensive policies in their codes to ensure broad political transparency and accountability and ethical political behavior. Drawing from the findings, the report includes an 11-point model code to provide guidance to companies.

The following is the 11-point code, excerpted from the report.

1. Political spending shall reflect the company’s interests and not those of its individual officers or directors.

2. The company will disclose publicly all expenditures of corporate funds on political activities. The disclosure will include regular reports on the company’s website.

3. The company will disclose dues and other payments made to trade associations and other tax-exempt organizations that are or that it anticipates will be used for political expenditures. The disclosures shall describe the political activities undertaken. In the case of trade association payments, the disclosures will involve some element of pro-rating of the company’s payments that are or will be used for political purposes.

4. Company disclosure of political expenditures shall include direct and indirect political contributions (including in-kind contributions) to candidates, political parties or political organizations; independent expenditures; electioneering communications on behalf of a federal, state or local candidate; and the use of company time and resources for political activity.

5. The board of directors or a committee of the board shall monitor the company’s political spending, receive regular reports from corporate officers responsible for the spending, supervise policies and procedures regulating the spending, and review the purpose and benefits of the expenditures.

6. All corporate political expenditures must receive prior written approval from the General Counsel or Legal Department, and the company shall identify all senior management officials responsible for approving corporate political expenditures.

7. In general, the company will follow a preferred policy of making its political expenditures directly rather than through third party groups. In the event that the company is unable to exercise direct control, the company will monitor the use of its dues or payments to other organizations for political purposes to assure consistency with the company’s stated policies, practices, values and long-term interests.

8. No contribution will be given in anticipation of, in recognition of, or in return for an official act.

9. Employees will not be reimbursed directly or through compensation increases for personal political contributions or expenses.

10. The company will not pressure or coerce employees to make any personal political expenditures or take any retaliatory action against employees who do not.

11. The company shall report annually on its website on its adherence to its code for corporate political spending.

For the full report, including explanations for each of the 11 points, references to existing legal standards, current company codes that incorporate these policies, and more detailed findings from the survey, please visit CPA’s website.

Posted 4/2/07

Back to Top

* * *

OECD Publishes Guidance for Assessment of Corporate Governance Rules and Practices

The Organization for Economic Cooperation and Development (OECD) published on December 1, 2006 “Methodology for Assessing Implementation of the OECD Principles of Corporate Governance.”  The OECD Principles were first determined in 1999 and revised in 2004, but this is the first time that the organization has published a set of implementing guidelines.

The OECD has noted that the ultimate purpose of an assessment is to identify the nature and extent of specific strengths and weaknesses in corporate governance, and thereby underpin policy dialogue that will identify reform priorities leading to the improvement of corporate governance and economic performance.  The methodology can be used by public and private organizations and it will be used, for example, by the World Bank in its Review of Standards and Codes (ROSC) program.

The OECD press release quoted Grant Kirkpatrick, Senior Economist in the OECD’s Corporate Affairs Division, as noting: “We are seeing growing interest among analysts and researchers in assessing the corporate governance practices of companies and countries…This Methodology is intended to assist such assessments, in an environment where the importance of specific corporate governance features can vary greatly.”    

The new report by the OECD stated that the approach of the Methodology is largely related to outcomes and assessments and are seen as principally being qualitative: although the Methodology may take into account certain quantitative measures (e.g. the structure of company pyramids), the assessment cannot be reduced to a quantitative score or set of quantitative scores. No use is made of indicators based on the number of “yes” and “no” answers for the reason that the importance of some responses will be quite different across countries depending on such variables as company law, ownership concentration and company groups. Moreover, counting “yes” and “no” answers is dependent on agreement about the number of elements judged to be important (even if the indicator is expressed as a percentage) and the relationship between the individual questions. This does not preclude the development of statistical indicators once there is consensus about what is to be measured and how, and in the context of functional equivalence.

So what forms can assessments take under the new approach by the OECD?  The report provides the following summaries of the assessment scheme:

Fully Implemented 

The OECD Principle is fully implemented when it meets all applicable essential criteria and all material aspects. Where the Essential Criteria refer to standards (i.e. practices that should be required, encouraged or, conversely, prohibited or discouraged), all material aspects of the standards are present. Where the Essential Criteria refer to corporate governance practices, the relevant practices are widespread. Where the Essential Criteria refer to enforcement mechanisms, there are adequate, effective enforcement mechanisms. Where the Essential Criteria refer to remedies, there are adequate, effective and accessible remedies.

Broadly Implemented

A Broadly Implemented assessment is likely appropriate where one or more of the applicable Essential Criteria are less than fully implemented in all material respects, but, at a minimum:

• all of the applicable Essential Criteria are implemented to some extent;
  
  
• the core elements of the standards are present (e.g. general standards may be in place although some of the specific details may be missing); and
  
  
• incentives and/or disciplinary forces are operating with some effect to encourage at least a majority of market participants, including significant enterprises, to adopt the recommended practices.

Partly Implemented

A Partly Implemented assessment is likely appropriate in the following situations:

• One or more core elements of the standards described in a minority of the applicable Essential Criteria are missing, but the other applicable Essential Criteria are fully or broadly implemented in all material respects (including those aspects of the Essential Criteria relating to corporate governance practices, enforcement mechanisms and remedies);
  
  

• The core elements of the standards described in all of the applicable Essential Criteria are present, but incentives and/or disciplinary forces are not operating effectively to encourage at least a significant minority of market participants to adopt the recommended practices; or
  

• The core elements of the standards described in all of the applicable Essential Criteria are present, but implementation levels are low because some or all of the standards are new, it is too early to expect high levels of implementation and it appears that the reason for low implementation levels is the newness of the standards (rather than other factors, such as low incentives to adopt the standards).

Not Implemented
 
A Not Implemented assessment likely is appropriate where there are major shortcomings, e.g. where:

• The core elements of the standards described in a majority of the applicable Essential Criteria are not present; and/or

• Incentives and/or disciplinary forces are not operating effectively to encourage at east a significant minority of market participants to adopt the recommended practices.
  
  

Not Applicable

This assessment is appropriate where an OECD Principle (or one of the Essential criteria)
does not apply due to structural, legal or institutional features (e.g. institutional investors acting in a fiduciary capacity may not exist).

For more information see: http://www.oecd.org/corporate

Posted 12/7/06

Back to Top

* * *

Creating Effective Ethics Codes: Best Practices for Whistleblowing and Non-Retaliation

As more and more companies adopt corporate ethics codes, learning from case studies and best practices has become increasingly important for ensuring their force and successful implementation. While critical to an ethical corporate culture, guaranteeing that employees who raise concerns are protected from retaliation is particularly difficult. This report by Emily Heard and William Miller of the International Business Ethics Institute (IBEI), a leading non-profit that works to promote business ethics through consulting and public education, applies the Institute's research of the codes of 100 multinational companies to create a list of suggestions for establishing, implementing and managing effective code standards around this issue.

To download this article as .pdf

Effective Code Standards on Raising Concerns and Retaliation

By Emily Heard and William Miller

More and more companies are adopting formal standards on reporting misconduct and non-retaliation. However, an examination of code documents from 100 multinational companies by the International Business Ethics Institute revealed these standards to be often ineffective, containing language that is counterproductive to an environment of open communication. In fact, the Institute found that only 31% of standards examined were deemed to be effective (1).

As reporting misconduct and non-retaliation continue to become increasingly important within the ethics and compliance community and in the legal arenas, it is in the best interest of companies to assess their current code standards to identify ways in which their standards could be made more meaningful and effective. This article, an excerpt from the Institute’s forthcoming publication, Creating an Open and Non-Retaliatory Workplace, outlines best practices for creating effective code standards on raising concerns and on non-retaliation.

Code Standards on Raising Concerns

The following section highlights what to include in effective standards on raising concerns. 

Provide an Overview of Employee Responsibility to Raise Concerns and the Rationale for Raising Concerns
Often employees do not think that raising concerns is their responsibility. (2) Standards should clearly state that it is the responsibility of every employee to report concerns. The standards should also help employees understand why it is vital that they disclose their concerns. The rationale should be appropriate for the entire workforce. Multinational companies could use some of the following rationales to demonstrate the importance of raising concerns:

• Allows the company to resolve problems
• Fulfills a shared responsibility to stakeholders
• Helps to improve operations
• Fosters a more productive work culture
• Bolsters open communications within the company
• Contributes to a safer work environment

Organizations should be aware that solely encouraging employees to come forward to protect an organization’s reputation will not be persuasive to most employees outside of the United States. For employees outside of the United States, the notion of “corporate reputation” may have little to no meaning, or may be seen as an overly superficial or “self-serving” rationale.

Include Guidelines for Addressing Concerns Regarding Minor Misconduct Directly with Colleagues
Employees should be made to feel that they are part of their companies’ ethics programs, instead of simply being “subjected to them.” By offering employees the choice of addressing concerns directly with colleagues, the company demonstrates not only its commitment to its ethics and compliance program, but also the confidence it has in its workforce. 

While there seems to be a significant amount of legal discomfort in the United States with employees resolving issues directly with colleagues, such an approach can mitigate against creating a “culture of reporting” and might make “speaking up” more favorable, particularly in areas where employees are wary of reporting on colleagues for cultural and historical reasons.

Standards should encourage employees to approach colleagues directly with concerns provided the misconduct does not constitute illegal activity and does not pose significant potential damage to the organization. Companies should provide examples of the forms of misconduct that are appropriate to discuss directly with colleagues (e.g., sending inappropriate e-mail, misuse of office supplies, etc). For this option to be effective, the standards should provide tips for approaching colleagues directly, (e.g., express your concerns factually and do not be confrontational).

Additionally, employees know their colleagues and will be able to assess whether or not a colleague will be open to a direct conversation about ethics and compliance issues. If an employee feels that his/her colleague is apt to become overly defensive or react in some other negative way, the employee should be encouraged to refer the matter to one of the company’s ethics and compliance resources. 

Create a Carefully Worded “Good Faith” Policy
Many standards indicate that employees should only report misconduct in “good faith,” a term that is problematic because every employee is apt to understand it differently. Clear understanding is rendered even more challenging under multinational conditions. The expression in good faith is, in fact, discouraged in the U.S. literature on reporting sexual harassment because it has been found to have a “cooling effect” on reporting. One article notes, “the Equal Employment Opportunity Commission (EEOC) has taken the position that such provisions can amount to unlawful retaliation because they imply that disciplinary or other adverse action will be taken if the employer deems the complaint in ‘bad faith.’” (3)

Yet with regard to other types of reporting, companies do need to protect themselves from employees who intentionally make “bad faith” allegations. The UPS Code of Business Conduct offers employees particularly effective language regarding the expression good faith.

“‘Good faith’ does not mean an individual has to be right; but it does mean believing information provided is truthful.” (4)

By taking the extra step of providing a working definition of “good faith,” the UPS standard successfully mitigates against the possibility of any chilling effect.

Some companies may also wish to include language in the standard explaining that employees who knowingly provide false information or accusations are subject to disciplinary actions, i.e., demotion, termination, etc.

Cite and Explain All Channels for Raising Concerns
Corporate codes should describe all channels (e.g., manager, ethics office, helpline, ombuds, etc.) available to employees to raise concerns or ask questions about ethics and compliance issues. The standard should encourage employees to go to their manager first, but also demonstrate that employees are free to select the best channel for them.

It is likely that a company’s ethics and compliance resources will vary by geographical location. For example, some multinational companies may not have anonymous helplines in certain parts of Africa or Europe. Without providing specific local resources or contact information that may vary from one location to the next, the standards should detail the general global resources at an employee’s disposal (e.g., managers, Ethics Office, Legal, etc.).

Because different geographical regions are apt to have varying resources available and because ethics, compliance, and functional personnel can change periodically, it is best to include a separate regional or local insert in the company standards package that can be easily updated and replaced, as needed. For each resource, the insert should contain the following information:

• Names of responsible individuals
• Phone numbers
• Fax numbers
• E-mail addresses
• Office addresses
  
  

Some companies are now making mention of external reporting channels and resources in their code standards. Providing such information will cause even the most ardent skeptics in a company to start believing that the organization takes misconduct seriously. Such non-profit organizations as Public Concern at Work in the U.K. and the Government Accountability Project in the U.S. will provide employees with confidential advice regarding how to raise a concern. In certain environments, it may also be appropriate to refer employees to their unions or works council. Include this contact information on the regional insert to the global code document.

Offer Guidelines for Raising Concerns in a Constructive Manner  
It is rarely easy for employees to come forward with concerns of wrongdoing. They likely do not know what to expect and they may fear their managers’ reactions and retaliation. In order to ease the process of speaking up, the standard should provide some guidance on what employees should expect, as well as how best to express their concerns. For example, if reporting to a manager, the standard should instruct employees to schedule a meeting, discuss the concern calmly, and present any evidence they might have.

Explain the Difference Between Anonymity and Confidentiality
Many employees– and many companies – confuse anonymity and confidentiality. Legislation in some countries, particularly the United States, requires publicly traded companies to offer employees an anonymous resource for reporting certain types of misconduct. However, other areas discourage anonymous reporting. For example, French legal authority, the Commission nationale de l’informatique et des libertés (CNIL) was concerned that anonymous helplines may violate the privacy of French citizens and lead to false accusations. However, in November 2005, the CNIL adopted guidelines that allow companies to use helplines, but that also protect the rights of individuals who are incriminated in a helpline report. As well, the European Union’s Article 29 Working Party on Data Protection issued an opinion in February 2006 that encourages companies to promote confidential reporting instead of anonymous reporting. (5)

The standard should inform employees that in raising a concern to a manager, Ethics Officer, or functional department, their report will remain confidential, where possible, meaning that the individual’s identity will not be revealed unless an investigation or legal proceedings require his/her identity to be disclosed. The ombuds function (6) is the only function in the United States that can guarantee confidentiality. In the U.S. this function can invoke the “ombuds privilege,” which states that an ombudsperson will not have to disclose the identity of an employee who has brought forward allegations of misconduct, even if challenged in a third-party lawsuit. (7) Employees in the U.S. and some other areas may also be able to report issues anonymously to helplines. This should be noted in the standard.

Describe the Process Followed Once a Concern is Raised
The standard should convey to employees that reports of misconduct are treated seriously and the organization has procedures for investigating reports. While companies may not wish to disclose all of the details of the investigation process, they should address it in general terms in the code standard. For example:

• Discuss what takes place after the report is made to various channels
• Indicate that if employees call the helpline and wish to remain anonymous, they will receive a tracking number and a time to phone back to receive an update on their report or query
• Mention that employees may be required to participate in investigations and that investigations are conducted in a professional manner and in accordance with company standards
  
  

If, however, the company cannot guarantee that the procedures will be followed in each case, then this language should be omitted from the standard.

Include Guidelines for Receiving Reports of Misconduct  
Some companies are starting to include guidelines for managers to use when receiving reports of misconduct. This is an effective way to educate managers, as well as to reiterate messages delivered in training that managers might receive. For example, the standard should remind managers to:

• Talk to employees about their concerns in confidence
• Ask open-end questions
• Listen attentively to their colleagues
• Discuss and explain next steps
• Thank the individual for coming forward
  
  

The standard should also point out that employees are apt to be sensitive and feel vulnerable after raising a concern. Managers should be provided with additional tips to help them understand how to continue to treat that employee fairly, e.g., engage in friendly conversation, provide meaningful assignments, etc.

Employ Language Appropriate for a Global Workforce
Companies should use terminology appropriate for a diverse workforce. For example, individuals raising concerns may be described as witnesses to reduce the “informant” connotation that hinders speaking up in many regions. In addition, employees can be encouraged to seek advice and guidance about questionable situations, rather than reporting misconduct.

Code Standards on Retaliation

The fear of retaliation has a detrimental effect on open communications in the workplace. Companies should consider the following recommendations when drafting non-retaliation policies. 

Make the Non-Retaliation Statement Clear
The standard should indicate that retaliation against employees who raise concerns will not be tolerated. The following is an example of effective language:  

Retaliation against employees who raise concerns or questions about misconduct will not be tolerated. Employees who come forward with concerns play an important role in maintaining a healthy, respectful, and productive workplace, as well as protecting our stakeholders.

Note that the final sentence of the example provides a practical rationale for calling the company’s attention to retaliation when it is suspected or observed in the workplace. 

Offer Examples of Formal and Informal Retaliation
Examples of both formal and informal retaliation should be included in the standard. Examples of formal retaliation might include termination of employment or a negative performance appraisal without performance justification. Forms of informal retaliation might consist of avoidance by co-workers or failure to include the employee in social functions.

It is important that employees and managers understand that employees who have made reports may be extremely sensitive to any perceived change in treatment in the workplace. In fact, some employees may register a change in treatment when no actual change has occurred.

Explain the Consequences of Retaliation
The standard should note that those who do retaliate will be subject to disciplinary action, including possible termination. Such a statement will convey the message that the company means business when it comes to dealing with retaliation in the workplace.

Let Employees Know How to Raise Concerns about Retaliation
The standard should provide a clear process to disclose real or perceived retaliation. Organizations should encourage employees to discuss any suspected retaliation with their managers, Ethics Office, or other appropriate channel. Providing multiple resources to employees for dealing with issues of retaliation is critical because the concern that an employee might raise could involve his/her supervisor. 

Place No Conditional Protections on Retaliation
Fear of retaliation significantly inhibits employees from raising potentially important concerns. Yet, many standards only provide a brief statement about protections, which often does not guarantee protection from retaliation to employees who report misconduct. For example, language in some standards is similar to the following sample: Employees will be protected from retaliation to the extent possible.

With the exception of legal staff, no employee will understand what “to the extent possible” actually means. Under what circumstances will the company not be able to protect an employee from retaliation, especially if the company has already indicated that it has a zero tolerance policy on the matter? This type of language does not make employees feel comfortable in reporting concerns. Further, it most likely serves as an obstacle to reporting, meaning the company will miss out on invaluable opportunities to learn about wrongdoing. 

Conclusion
While many companies, particularly in the United States, have already adopted code standards on raising concerns and retaliation, it is essential that these standards are meaningful. Following the tips in this article can assist organizations in ensuring their standards are effective. Developing and implementing effective code standards on raising concerns and retaliation can help demonstrate that an organization values open communication, and is an important step in laying the foundation for an open and non-retaliatory workplace.

Emily Heard is Director of Education and Professional Services with the International Business Ethics Institute. William Miller is a consultant with the International Business Ethics Institute.

This article appears in the International Business Ethics Review (Volume 9, Issue 1).

Back to Top

* * *

Ethics Codes, Corporate Responsibility in a World of Rising Globalization

Professor Wesley Cragg, Principle Director, Voluntary Codes Research Group and Director and George R. Gardiner Programme in Business Ethics Schulich School of Business, York University, Toronto, is a leading international expert whose work, available in his books and on the Corporate Social Responsibility website of York University provide a comprehensive set of perspectives.  The two major publications were produced as part of a five-year project funded by the Social Sciences and Humanities Research Council led by Dr. Cragg.

• Compendium of Ethics Codes
• Ethics Codes, Corporations and the Challenge of Globalization
  

The research project was a response to the phenomenon of globalization which has altered in significant ways the tools available to regulate international commerce.  One result of globalization has been the emergence of international codes, norms, principles, guidelines and standards of ethical and responsible business conduct. In compiling the Compendium of Ethics Codes, the goal was to identify and assemble the most significant and influential codes and other instruments of corporate responsibility.

The comprehensive volume looks at these developments with particular focus on five topic areas:

• respect for human rights,
• treatment of labor,
• bribery and corruption,
• environmental protection, and
• international finance and the control of money laundering

Dr Cragg states at the outset:

“Globalization has altered in significant ways the tools available to regulate international commerce. One result is the emergence of ethics codes, codes of responsible conduct, and best practice codes designed to win adherence to internationally acceptable norms of conduct on the part of corporations and other organizations interacting in the global marketplace."

He continues: “What is significant about these developments is the emerging emphasis on self-regulation as the primary method for raising standards of corporate conduct. The contributors examine the reasons for the emergence of ethical codes and the phenomenon of self-regulation within the context of globalization and look at the role of national governments, international government institutions and other international organizations in shaping and enforcing them. They also study the implications of these developments for corporate governance and the changing roles of national and international institutions in the regulation of international commerce.”

Back to Top

* * *