Today focus in the Code of Conduct series is on the aspect of training on your finalized Code of Conduct. Eric Morehead, Principal of Morehead Compliance Consulting, joins me in this series. While there have been criticisms of Code of Conduct training, if you consider training as one source of your communication, the rollout of a new or updated Code of Conduct can be an opportunity. Morehead has noted that a Code of Conduct can be the “centerpiece of a broad communications and engagement plan.” The delivery of a Code of Conduct is a key element of its effectiveness. By allowing your employees and other stakeholders to engage and interact with the Code of Conduct, through live or interactive training, the effectiveness can be better monitored and measured. This can also be used as an

In a white paper, entitled “Top 5 Tips for Effective Code of Conduct Revisions, Morehead noted that often companies have a formal launch of the Code of Conduct where senior management and the corporate compliance function “conduct on-site activities across the organization to promote the launch of the new Code, or launch interactive activities such as video competitions that ask stakeholders to such submit short videos on Code topics.” However, this is not the sole manner to have such a rollout as other companies “keep the message more informal but use frequent touchpoints, for example, through email or cascading messages through line managers, to keep up the drumbeat on compliance topics and reinforce the role of compliance.” The key is to “capitalize on the opportunity a new Code gives you.”

One of area in the recently release Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs (Evaluation) that had a new emphasis was in the effectiveness of training. I think everyone would understand you do need to train but now the government’s talking to us about effective training. I asked Morehead what he has observed on what makes Code of Conduct training effective. Fortunately, from his professional background with Corpedia and the NYSC Governance Services, he is quite familiar with various types of training.

You can start with live training that can be held at the corporate headquarters with senior management and even executive involvement. Many companies will videotape a message from the Chief Executive Officer (CEO) to help celebrate the rollout. Then there is the opportunity for localized training that gives employees an opportunity to see, meet, and speak directly with a compliance officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to the Code of Conduct. It gives employees the opportunity to interact with the compliance officer by asking questions which are relevant to markets and locations outside the United States, which can often provide employees with the opportunity to have confidential in-person discussions.

An important part of in-person training is the opportunity to interact with the audience through Q&A. There are a couple different approaches to Q&A. The first is to solicit questions from the audience. However, many employees are reluctant, for a variety of different reasons, to raise their hands and ask questions in front of others. This can be overcome by soliciting written questions on cards or note pads. A second technique is to lead the audience through hypothetical examples in which the audience is broken down into small discussion groups (up to five people) to discuss a situation and propose a response. However, with a worldwide, multi-thousand person workforce with multiple languages, an entire Code of Conduct roll-out based on live training may not be feasible.

Not surprisingly, and one of the key themes in compliance, is to understand your company and tailor your compliance program, including your Code of Conduct training, for your audience. Companies have to consider their audience when considering drafting the Code of Conduct, the kind of tone it is going to have, how long it is going to be and topics you are going to cover in the Code of Conduct; the same analysis is true for your training.

Morehead believes most organizations put together custom training for their Code of Conduct rollout. It is typically online “and if it makes sense for them for their code of conduct training, and I think the same rules apply here, you want your training to really resonate with the audience that you’re trying to reach and I think the trends we see here, generally speaking, are that the code training is a lot shorter than it used to be in the past.”

He also suggested that your Code of Conduct training could be more modular in presentation. “For instance, if your company identified 12 key risk areas in the Code of Conduct, you could   train on six risk areas each year, instead of the full dozen. You could keep important topics like reporting and non-retaliation and similar aspects that always have to be talked about on an annual basis but maybe you split up the topics and try to shorten the length that way.”

Another mechanism Morehead has observed over the past few years is more interactive training. When audience members are required to answer questions on an ongoing basis it can foster more engagement. It can also help to meet the DOJ requirement to demonstrate the effectiveness of training. He also noted that “gamification which kind of goes hand in hand with interactivity has been talked about a lot over the last few years.” His understanding is that gamification and interactivity make “it a little bit more effective for millennial members of the workforce.”

At the end of the day, the reality is that just as with different types of codes making sense for different types of organizations the same is true for interactive training. As Morehead noted, “It may make sense for your population. It may not.” But it does mean you should consider your population, “take a look at the offerings that are out there to consider how does it fit into your organization.”

Morehead ended by noting that your “training really ought to bear some resemblance to the way you communicate in the Code and the topics that you communicate in the Code of Conduct.” It really does your organization no good, “If it’s completely divorced from that then you’re missing an opportunity to drive people from training to the Code and from the Code to you know better understanding the training. So you kind of missed, to use an overused term you’ve missed some synergy there if they are divorced from each other and they don’t really speak to the same topics or speak in the same way about those topics. So I would try to keep them similar and I guess that’s another call for considering a custom implementation rather than an off the shelf implementation”.

Whatever approach is used, one of the critical factors is the length of time of the training session. Although lawyers and ethics and compliance professionals can (sometimes) sit through a multi-hour Code of Conduct, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation and number of PowerPoint slides must be kept to a manageable length before the attendee’s eyes start to glaze over.

Tomorrow I will conclude this week’s series by looking at a Code of Conduct update as a way to operationalize your compliance regime.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today I continue my Code of Conduct exploration with Eric Morehead, Principal of Morehead Compliance Consulting. After having reviewed the legal requirement and business purpose in Part I, the structure and form of your Code of Conduct in Part II; today we turn to design. An analogy from my grandmother’s days as a seamstress, to “measure twice and cut once” will serve you well on a Code of Conduct project.

You must begin with a determination of what you are trying to accomplish. It does not serve you to try and list every compliance risk your lawyer mind thinks your company might face. You should determine the values you want to communicate, what the expectations are for employees and how to call the hotline. Under such an approach, a Code of Conduct can be the jumping off point for training on the issues stated in it. The Code of Conduct can also form the hub of the wheel for other policies and procedures and written standards you want to communicate to relevant stakeholders.

Morehead advises you should give “some thought about how you’re going to get that Code out there to your employees and stakeholders” whether it is an Adobe .pdf document, which is accessible by pretty much any stakeholder anywhere across your organization, or via another method. Morehead said, “you need to know who’s out there, who you’re trying to reach and what’s the best way to reach them. That’s going to inform you know right, you know right off the bat whether you’re even going to consider doing a web implementation if you don’t have, if you have a significant amount of your population that’s not online or is in a location where they can’t get access to the web then that’s a nonstarter.”

Values

One conundrum is whether and how to incorporate your ethical values into your Code of Conduct. Morehead emphasized they must be integrated into and integral to your Code of Conduct for if they are not and you “simply slap the value slap on the front of the document, it looks more like a Xerox error than that it’s purposeful in any way.” You can integrate values by incorporating them into your discussion of the risk topics in your Code of Conduct.

Morehead provided an example of integrity. He believes you can discuss integrity in several places in your Code of Conduct and pointed to internal reporting as an obvious location. Integrity can be discussed in the context of a no-retaliation policy. He also cited to the example of a corporate value of fun, noting, “Fun is hard but we managed to weave it in when we were talking about how and one place in particular that we talked about it was the workplace environment and what the expectations were. You know, we want to have a fun environment but we have to respect each other.” With values, you should consider them particularly if they have not been successfully communicated and there’s consideration internally that maybe they need to revised, to do that in conjunction with perhaps rolling out a new Code of Conduct, which allows the rollout to be part of that unveiling of the values language being communicated in several different areas.”

Benchmarking

Another tool Morehead advises is to benchmark Codes of Conduct with others in your industry, even if you are “rewriting your Code of Conduct or starting from scratch.” Morehead suggests you should at “least have looked at pure organizations in your industry, organizations that maybe operate in the same geographic jurisdictions that you do, organizations that have a similar employee size. So not just peers only in your industry but peers, peer organizations otherwise. Take a look at what they’re doing, what, see what you like, see what you don’t like or again it doesn’t necessarily have to be a formal benchmarking but I think it’s important to spend some time at the beginning seeing what’s out there.”

If you have not updated your Code of Conduct for some time, there will probably be new areas that you need to incorporate into the updated version. Two obvious new areas of risk involve social media and cybersecurity. Morehead believes that such an exercise will help with your goal setting at the beginning of the project and allow you to move directly to what he calls the “heavy lifting piece, which is the text itself.”

Drafting and Redrafting

If you are starting from scratch an outline is a good way to go. If you are working from a current version, Morehead suggests you do at least two or three run-throughs with redlining the text to eliminate confusing language and unnecessary legalize that does not mean anything to anybody other than lawyers. An example here is the move from a US-centric focus on the Foreign Corrupt Practices Act (FCPA) due to the proliferation of other countries enacting anti-corruption legislation such as the UK Bribery Act and the Brazil Clean Companies Act and maybe even talk about other international standards as well.

Morehead related that this part of the project will seem like a “tennis ball has to be hit back and forth a few times” until you are able to achieve organizational sign-off. However, you can use this time to work on the design elements, while the text is being edited and re-edited.  Morehead cautioned this will be a time-consuming process and “if you’re really going fast maybe 12 weeks but usually more like 15 weeks to do that part of the process because that’s the hard part because you’re going to inevitably have, for most organizations of size, half a dozen that have to sign off internally.”

Operationalizing

Although the Code of Conduct was not specifically mentioned in the Department of Justice’s (DOJ) recently released Evaluation of Corporate Compliance Programs (Evaluation), the over-riding concept of operationalization applies equally to your Code of Conduct drafting or updating exercise. This means you need to consider how are you going to involve the operational areas of your organization in that process, there is a clear DOJ expectation for this around your Code of Conduct.

Morehead suggests you engage a “small and manageable group that are going to do the actual redlines of the text. It’s just important to involve people in the process and different parts of the process so that you get that buy-in because it’s actually a smart move for launching the code a few months down the road too.” A key is to involve folks from different parts of your company.

Morehead suggests using the business folks to help develop Q&As or scenarios, which could answer common questions from the field. He notes, “there’s nothing better than having somebody in operations suggest to you what would be a good example or Q&A for safety because if that’s something they deal with on a day in day out basis they know where the pain points are. So there’s lots of different parts of this process where you can bring people in and bringing operational people, operational managers in is really important”. Indeed, the government will probably ask you who, outside the compliance/legal function, were involved and what their contributions were. (Insert-Document Document Document here!) Morehead concluded that by “getting those different perspectives I think is really important and bringing those people in early so that they can help participate in different parts of the process and again not necessarily reviewing the code and suggesting edits and drafts but actually helping you in the planning phase is really important.”

At this point, you have a completed version and all the relevant stakeholders have signed off. You are ready to begin your training, which we will take up tomorrow.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

I am dedicating this week to an exploration of the Code of Conduct. I am joined in this journey by Eric Morehead, Principal at Morehead Compliance Consulting. Today I want to consider the evolution of the structure and format of a best practices Code of Conduct, through what Morehead sees in his practice and in the marketplace.

Structure

My experience with Codes of Conduct were they were initially written by lawyers, largely for lawyers. This included basically ‘thou shalts’ and ‘thou shalt nots’ liberally sprinkled throughout a lengthy written document. This was what is now referred to as Code 1.0. The compliance community then evolved into Code 2.0, where at least the writing was less turgid and we moved to more employee friendly language and then somewhere along the line we started putting in hyperlinks and pictures. I asked Morehead if that evolution is what he currently sees in the marketplace.

Morehead has observed “a little bit of a divergence” at this point. He agreed the starting point was a written .pdf based document but some companies have moved beyond this up to the brink of having a fully interactive online Code of Conduct. He noted that whether your organization has a .pdf or interactive Code of Conduct, at the end of the day it comes down to whether there is “commitment to keep with it and update it on a regular basis or it’s going to be ultimately disappointing to you in the long run.”

Morehead said there are two factors which a company should consider on the structure of Code of Conduct. The first is to consider how your organization generally communicates, overlaid with the most effective manner in which to communicate with the various stakeholders who will read and use the Code of Conduct. These stakeholders can include such diverse groups as employees, shareholders and third parties on both the sales and supply side of your business. Morehead put it this way, “if you’re going to spend a lot of time and do a web based Code of Conduct does that really suit your stakeholders, your employees and everybody else you want to review and use the it, because if they don’t that’s not really going to work for them and you’re better off with a more traditional, for lack of a better term, document.”

In his second point, he stretches you to really think about the future in asking “are you going to be able to keep it up?” With the rapidly evolving technology, how will your Code of Conduct be viewed and used going forward? A simple example is the switch to mobile devices as a mainstay of corporate communications. Think about how laptops are viewed as the primary vehicle through which most employees and stakeholders interact with training and resources for many organizations. Morehead explained, “we’re going to tablets and mobile. I don’t think it’s really happened to a great extent yet but, it’s hard to know where we’re going to be when that next iteration comes around.”

Morehead believes this has led many companies to review current technology and decide they are not ready to fully commit to a totally interactive Code of Conduct. He further noted many companies “conclude it is still appropriate to do a more traditional document but to make it as interactive as possible. With a current Adobe .pdf platform for instance, you can have a .pdf document because it is the easiest thing to provide to people who are looking at it on a phone on a PC on a tablet or want to print it out and actually hold the pieces of paper as it is the most compatible format out there. Also, you can embed some interactivity into a .pdf document.” With such technology, Morehead said “you can kind of dip your toe in. So, I think we’re kind of, we’re at that edge of being you know completely interactive completely digital but I don’t see everybody buying in yet.”

Form

We next turned to the form of the Code of Conduct. What form should the document take to have the institutional strength to form the backbone of any best practices compliance program? To do so, must it be based in legalese, written by lawyers for lawyers or can it move to being something that, if not actually fun, can be presented so the user’s experience is more enjoyable?

“The key as to whether it’s fun or or not has to do with the personality of your organization.” Morehead related that if your organization is one where communication is more free flowing and there is more free-wheeling internal communications, that should be reflected in your Code of Conduct form. Morehead provide the example where he “was working with a client last year where we all know that you know part and parcel of a code of conduct these days is at least to have a discussion of company values. Well this company one of their five or seven values was actually fun. The term fun and so we had to figure out, if nothing else we had to figure some way to get the term fun into their Code of Conduct. So, I think a lot of this how it plays how it’s meant to play is really the audience expecting.”

“This means if your company is a tech startup in Silicon Valley or in Austin you know, there may more playful attitude and a more playful way to communicate sometimes very serious topics is probably part and parcel about how they typically communicate about those things. Conversely if you work for a hierarchical energy services company, which communicates in a top down strategy, such playfulness is not appropriate. What you should strive for is a consistent communications strategy. If your employees and other stakeholders are accustomed to receiving communications in a certain style and manner it would appropriate to maintain that style in your Code of Conduct.”

Morehead emphasized, “the key thing here is to really take a step back and consider how not just the compliance department and not just the legal department but how does the internal communication at the organization happen and what is, how does HR communicate to people, how does the executive group communicate to people.” Such inquiry would also include how do the operations people and marketing, other corporate disciplines communicate. You should strive for a consistent communication strategy in your Code of Conduct.

Think about the evolution of the Code of Conduct from the type of document that was akin to an annual report to one that now address a corporate culture. A Code of Conduct must speak to the typical important concepts such as values that define the ethical culture or should define the ethical culture of the company. Some Code of Conducts have been as long as 12,000 to 14,000 words but Morehead has seen others “that were very short that, you know some, I’ve worked on a couple codes of conduct that were only four to five thousand words long which is really as you know very short for a code of conduct.” It all means there is no set length and the style of writing can vary. But it must ring true with your employees, stakeholder and shareholders.

Morehead ended by considering the Code of Conduct readable. This is beyond simply eliminating legalese. It is writing English at a grade level that is sufficient for your employee population. It may be that an eighth-grade language level is appropriate for your work force. However, if you have a population consisting primarily of professionals, such as an “engineering company where English is their primary language or you’re translating it into the appropriate languages then maybe you don’t have to be grade level eight.” The same is true around the elimination of duplicate language. Morehead believes that you do not “have to say the same thing five different ways, I think that what you have to do is look at, again look at your population.”

Tomorrow, I will consider designing your Code of Conduct.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

I am joined by Eric Morehead as we begin a five-part series on the Code of Conduct, which serves as the foundational document of a compliance program. Morehead is well-known within the compliance community, having worked at Corpedia Corporation and NYSE Goverance Services before founding his own company, Morehead Compliance Consulting. He is one of the top compliance practitioners in several areas, including drafting, implementing and updating a Code of Conduct. By the end of this series, you will have the information needed to enable you to consider the current state of your Code of Conduct and then update, if appropriate.

The cornerstone of any compliance program, whether under the Foreign Corrupt Practice Act (FCPA), UK Bribery Act or other similar law’s, is its written protocols, including a Code of Conduct. These requirements have long been memorialized in the US Federal Sentencing Guidelines (FSG), which contain seven basic compliance elements that can be tailored to fit the needs and financial realities of any given organization. From these seven compliance elements, the Department of Justice (DOJ) has crafted its minimum best practices compliance program, which are now attached to every Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA). These requirements were incorporated into the 2012 FCPA Guidance. The FSG assumes that every effective compliance and ethics program begins with a written standard of conduct; i.e. a Code of Conduct. What should be in this “written standard of conduct? The starting point, as per the FSG, reads as follows:

Element 1

Standards of Conduct, Policies and Procedures (a Code of Conduct)

An organization should have an established set of compliance standards and procedures. These standards should not be a “paper only” document, but a living document that promotes organizational culture that encourages “ethical conduct” and a commitment to compliance with applicable regulations and laws.

 In the FCPA Guidance, the DOJ and Securities and Exchange Commission (SEC) state, “A company’s code of conduct is often the foundation upon which an effective compliance program is built. As DOJ has repeatedly noted in its charging documents, the most effective codes are clear, concise, and accessible to all employees and to those conducting business on the company’s behalf.” Indeed, it would be difficult to effectively implement a compliance program if it was not available in the local language so that employees in foreign subsidiaries can access and understand it. When assessing a compliance program, DOJ and SEC will review whether the company chapter has taken steps to make certain that the code of conduct remains current and effective and whether a company has periodically reviewed and updated its code.”

FCPA compliance best practices now require companies to have additional standards and controls, including, for example, detailed due diligence protocols for screening third-party business partners for criminal backgrounds, financial stability and improper associations with government agencies. Ultimately, the purpose of establishing effective standards and controls is to demonstrate that your compliance program is more than just words on a piece of paper.

Code of Conduct

In a Society for Corporate Compliance and Ethics (SCCE) 2017 Complete Compliance and Ethics Manual, article, entitled “Essential Elements of an Effective Ethics and Compliance Program”, authors Debbie Troklus, Greg Warner and Emma Wollschlager Schwartz, state that your company’s Code of Conduct “First and foremost, the standards of conduct demonstrate the organization’s overarching ethical attitude and its “system-wide” emphasis on compliance and ethics with all applicable laws and regulations.” They go on to state, “The code is meant for all employees and all representatives of the organization, not just those most actively involved in known compliance and ethics issues. This includes management, vendors, suppliers, and independent contractors, which are frequently overlooked groups.” From the board of directors to volunteers, the authors believe that “everyone must receive, read, understand, and agree to abide by the standards of the Code of Conduct.”

There are several purposes identified by the authors which should be communicated in your Code of Conduct. The overriding goal is for all employees to follow what is required of them under the Code of Conduct. You can do this by communicating those requirements, to providing a process for proper decision-making and then requiring that all persons subject to the Code of Conduct put these standards into everyday business practice. Such actions are some of your best evidence that your company “upholds and supports proper compliance conduct.”

The substance of your Code of Conduct should be tailored to the company’s culture, and to its industry and corporate identity. It should provide a mechanism by which employees who are trying to do the right thing in the compliance and business ethics arena can do so. The Code of Conduct can be used as a basis for employee review and evaluation. It should certainly be invoked if there is a violation. To that end, suggest that your company’s disciplinary procedures be stated in the Code of Conduct. These would include all forms of disciplines, up to and including dismissal, for serious violations of the Code of Conduct. Further, your company’s Code of Conduct should emphasize it will comply with all applicable laws and regulations, wherever it does business. The Code needs to be written in plain English and translated into other languages as necessary so that all applicable persons can understand it.

As I often say, the three most important things about your FCPA compliance program are ‘Document, Document and Document’. The same is true of communicating your company’s Code of Conduct. You need to do more than simply put it on your website and tell folks it is there, available and that they should read it. You need to document that all employees, or anyone else that your Code of Conduct is applicable to, has received, read, and understands it. The DOJ expects each company to begin its compliance program with a very public and very robust Code of Conduct. If your company does not have one, you need to implement one forthwith. If your company has not reviewed or assessed your Code of Conduct for five years, I would suggest that you do in short order as much has changed in the compliance world.

What is the value of having a Code of Conduct? I have heard many business folks ask that question over the years. In its early days, a Code of Conduct tended to be lawyer-written and lawyer-driven to “wave in a defense situation” by claiming that “see we have one”. But is such a legalistic code effective? Is a Code of Conduct more than simply, your company’s law? What is it that makes a Code of Conduct effective? What should be the goal in the creation of your company’s Code of Conduct?

Interestingly, Codes of Conduct were not specifically mentioned in the DOJ’s 2017 Evaluation of Corporate Compliance Programs (Evaluation) release. Morehead explained that may be because the compliance community has “been preaching the Gospel now for better part of a decade at least on Code of Conduct and I think most organizations now or many organizations now, certainly those that are listed public companies in particular, have had a code of conduct that’s been revised in the last, call it five or six years but now they’re getting to the point where it has been five or six years and they’ve got to think about revising it.”However there were several other areas in the Evaluation which impact the design, drafting and implementation of a Code of Conduct, which I will review this week.

Tomorrow, I will consider the structure and form of a Code of Conduct.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

 

 

  1. Get buy-in from decision makers at the highest level of the company

Your company’s highest level must give the mandate for a revision to a Code of Conduct. It should be the Chief Executive Officer (CEO), General Counsel (GC) or Chief Compliance Officer (CCO), or better yet all three to mandate this effort.

  1. Establish a core revision committee

You should create a cross-functional working group should head up your effort to revise your Code of Conduct. It can include representatives from the following departments: legal, compliance, communications, HR; there should also be other functions which represent the company’s domestic and international business units; finally, there should be functions within the company represented such as finance and accounting, IT, marketing and sales.

  1. Conduct a thorough technology assessment

The foundation of the revision process is how your company captures, collaborates and preserves the decisions during the revision. Use should utilize the technology available to you to do so. This is also important in your distribution plan, particularly if the Code will only be available in hard copy.

  1. Determine translations and localizations

The DOJ and SEC require a local language component. You need to use  translations experts and know what they are doing when it comes to translations. Everyone must have the same understanding of the company’s Code-no matter the language.

  1. Develop a plan to communicate the Code of Conduct

You should use the full panoply of tools available to it to publicize your new or revised Code of Conduct at roll-out. This can include a multi-media approach or physically handing out a copy to all employees at a designated time. You might consider having a company-wide Code of Conduct meeting where the new or revised Code is rolled out across the company all in one day. Also remember, you must document that each employee receives it.

  1. Stay on Target

If you set realistic expectations you should be able to stay on deadline and stay within your budget. Do not be distracted by other issues that might arise during the process.

Key Takeaways

  1. When did you last revise your Code of Conduct?
  2. You must have senior management buy-in to successfully revise your Code of Conduct.
  3. Keep your eye on the ball.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.