I have been studying the legend of King Arthur and thought it would be good idea to have a week of blog posts around the legend of King Arthur, the Roundtable and his knights. One thing for which King Arthur is remembered are his chivalric knights. He helped create this legend, in large part, by establishing a Code of Conduct for the Knights of the Round Table.

The King required each one of them to swear an oath, called the Pentecostal Oath, which was Arthur’s ideal for a chivalric knight. The Oath stated, “The king established all his knights, and gave them that were of lands not rich, he gave them lands, and charged them never to do outrageousity nor murder, and always to flee treason; also, by no mean to be cruel, but to give mercy unto him that asketh mercy, upon pain of forfeiture of their worship and lordship of King Arthur for evermore; and always to do ladies, damosels, and gentlewomen succor upon pain of death. Also, that no man take no battles in a wrongful quarrel for no law, ne for no world’s goods. Unto this were all the knights sworn of the Table Round, both old and young. And every year were they sworn at the high feast of Pentecost.” (Le Morte d’Arthur, pp 115-116)

Interestingly, the Oath first appeared in Sir Thomas Malory’s Le Morte d’Arthur and in none of the prior incarnations of the legend. In Malory’s telling, after the Knights swore the Oath, they were provided titles and lands by the King. The Oath specifies both positive and negative conduct; that is, what a Knight might do but also what conduct he should not engage in. The Pentecostal Oath formed the basis for the Knight’s conduct at Camelot and beyond. It was clearly a forerunner of today’s corporate Code of Conduct.

What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be a lawyer-written and lawyer-driven document to wave in regulator’s faces during an enforcement action by using it to claim, “we are an ethical company”. Is such a legalistic code effective? Is a Code of Conduct more than simply your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?

In the 2012 FCPA Guidance, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) stated, “A company’s Code of Conduct is often the foundation upon which an effective compliance program is built. As the DOJ has repeatedly noted the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, the DOJ and SEC will review whether the company has taken steps to make certain that the Code of Conduct remains current and effective and whether a company has periodically reviewed and updated its code.

The DOJ 2019 Guidance also makes clear your Code of Conduct is foundational to your compliance program. In reviewing the compliance program of a company under DOJ investigation, prosecutors are mandated to begin with an analysis of the company’s Code of Conduct. The 2019 Guidance stated, “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant Federal laws that is accessible and applicable to all company employees.” It does not get much more foundational than that statement.

There are several purposes which should be communicated in your Code of Conduct. The overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating those requirements, to providing a process for proper decision-making and then requiring that all persons subject to the code put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored your company’s culture and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. Your company’s disciplinary procedures must be stated in the Code of Conduct and it should certainly be invoked if there is a violation. These would include all forms of disciplines, up to and including dismissal, for serious violations. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code of Conduct needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your compliance program are “Document, Document, Document”. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that it is applicable to, has received, read, and understands it. The DOJ expects each company to begin its compliance program with a very public and very robust code. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed your code for five years, I would suggest that you do so in short order, as much has changed in the compliance world.

How important is the Code of Conduct? Consider the 2016 SEC enforcement action involving United Airlines, Inc., which turned on violation of the company’s Code of Conduct. The breach of the code was determined to be a Foreign Corrupt Practices Act (FCPA) internal controls violation. It involved a clear quid pro quo benefit paid out by United to David Samson, the former Chairman of the Board of Directors of the Port Authority of New York and New Jersey, the public government entity which has authority over, among other things, United Airlines operations at the company’s huge east coast hub at Newark, NJ.

The actions of United’s former Chief Executive Officer (CEO), Jeff Smisek, in personally approving the benefit granted to favor Samson violated the company’s internal controls around gifts to government officials by failing to not only follow the United Code of Conduct but also violating it. The $2.4 million civil penalty levied on United was in addition to United’s Non Prosecution Agreement (NPA)resolution with the DOJ, which resulted in a penalty of $2.25 million. The scandal also cost the resignation of Smisek and two high-level executives from United.

Just as the Pentecostal Oath was required to be sworn out each year, you should have your employees recertify their adherence to your Code of Conduct. Moreover, just as King Arthur set his expectations for behavior your company should do so as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2020