CODE OF CONDUCTWhat You Need to Know about Current Best Practices
July 18, 2013
JUST A LITTLE ABOUT CORPEDIA
2
1998 established
850+ clients
Millionstrained
2012 acquired by NYSE
2006advisory services started
8 point scoring matrix developed
4,500+ codes in database
180+codes of conduct rewritten
Confidential
AGENDA
3Confidential
The Foundation of Your Program
The Business Case for Best‐in‐Class Code
Getting Started
Benchmarking Data on Codes
Assessing Your Code and Best Practices
THE FOUNDATION
4
“A company’s code of conduct is often the foundation upon which an effective compliance program is built.”
WHAT DO WE WANT IN A FOUNDATION?
•It must be solid – well planned
•It must be purpose built – unique to your program
•It must be capable of supporting everything else –must be related to the rest of your program
•It must be maintained
6Confidential
RIGHT AND LEFT – COMPLIANCE & ETHICS
7Confidenial
Creative
Intuitive
Holistic
Synthesizing
Subjective
Focus on macro
Ethical Culture
Logical
Sequential
Rational
Analytical
Objective
Focus on the micro
Compliance Program
DON’T FORGET THE CODE’S PURPOSE
8Confidential
A Practical Roadmap
A Mission Statement
The Hub of the Wheel
Establishes Tone
Code
MORE FCPA GUIDANCE ON CODES OF CONDUCT
9Confidential
Clear, concise and accessibleFor employees and third parties conducting business on the company’s behalf – including in local languagesCurrent and effectivePeriodically reviewed and updated
THE BUSINESS CASE
10
THE BUSINESS CASE FOR A BEST‐IN‐CLASS CODE OF CONDUCT
“Ethical culture is the single biggest factor determining the amount of misconduct that will take place in a business.”
“Executives who don’t elevate culture to a priority risk long term business problems.”
‐ 2009 NBES Study by the Ethics Resource Center
‐ www.ethics.org
11
THE COST OF FAILURE IS HIGHFines keep skyrocketing
BP $4.5B ($34B claim from the states)
GlaxoSmithKline $3B
Pfizer $2.3B
Johnson & Johnson $2.2B
HSBC $1.9B
Abbott Labs $1.5B
Eli Lilly $1.4B
Intel $1.4B
10
STRENGTH OF CULTURE MATTERS
29%46%
67%
90%
0%10%20%30%40%50%60%70%80%90%100%
Strong Strong Leaning Weak Leaning Weak Leaning
% of Employees that Observed Misconduct in Previous 12 Months
Source: 2011 NBES Survey, Ethics Resource Center
11
STRONG PROGRAMS DRIVE STRONG CULTURE
86%
57%
23%
Well‐Implemented
Poorly Implemented
Little/No Program
% of Organizations w/ Strong or Strong‐Leaning Culture
Source: 2011 NBES Survey, Ethics Resource Center
12
A FOCUS ON ETHICS CAN HELP DRIVE RETURNS
Source: Ethisphere Institute
13
AVERAGE SHAREHOLDER RETURN OVER TEN YEARS
8.8%
‐7.4%
16%
Source: Corporate Executive Board, 2012
14
GETTING STARTED
17
MEASURE TWICE AND CUT ONCEPLANNING YOUR NEW OR REVISED CODE•Stakeholder Selection• Cross functional team
• Include IT
• Include international representation
• Include BU folks
•Have a plan• Make sure the team has authority and goals
•Establish a timeline
Confidential 18
CODE DEVELOPMENT PLANNING
•What currently exists?• Are there multiple “codes” out there?
• Regional / national codes
• M&A or subsidiary codes / legacy codes
• “Employee handbooks” and other similar documents
• How old is the code?• Most organizations update code on a 2‐3 year basis
• It is best practice to have a regular, annual review
• Can it be saved?• “Refresh” versus “rewrite”
Confidential 19
CODE DEVELOPMENT PLANNING
20Confidential
International concernsLanguage
Difference in laws and custom
Distribution
INDUSTRY SPECIFIC RISK TOPICS
21Confidential
Give Thought to Relevant Risk Topics
Define the Terms Used Within Each Risk Area
Clearly Communication Behavioral Expectations
Reference Corresponding Company Policies
Communicate How Code Relates to U.S. and International Law
CODE DEVELOPMENT PLANNING –IMPORTANT QUESTIONS TO ASK•What kind of code suits our company?• Values based versus risk based versus stakeholder based
• Tone (lighthearted, serious, professional, casual …)
•Who is in the audience?
•Who are we as a company?
•What are our core messages?
[SOME EXAMPLES]
Confidential 22
CODE BENCHMARKING DATA
23
CODE BENCHMARKING DATA ‐WME
24Confidential
88% Include CEO Letter
83% Review <3 years
99% Have Code
Source: Ethisphere’s 2012 World’s Most Ethical Database
WHEN WAS YOUR CODE LAST UPDATED? ‐WME
25Confidential
44%
17%
8%3%3%
24%
1%
20122011201020092008Currently> 4 years
Source: Ethisphere’s 2012 World’s Most Ethical Database
IS THE CODE FORMALLY DISTRIBUTED TO ALL EMPLOYEES? ‐WME
26Confidential
92.5%
6%
1.5%
All EmployeesSome EmployeesNo
Source: Ethisphere’s 2012 World’s Most Ethical Database
CODE BENCHMARKING DATA ‐WME
27Confidential
79% Require Acknowledge
ment
93% Distribute to All
Employees
Source: Ethisphere’s 2012 World’s Most Ethical Database
CODE OF CONDUCT TRAINING ‐ ACC
28Confidential
96% Mandatory Training
73% Require Formal Training
Source: ACC/Corpedia 2011 Compliance Program and Risk Assessment Benchmarking Survey
CODE OF CONDUCT TRAINING ‐WME
29Confidential
80% Mandatory Training
87% All Employees
97% Train NewEmployees
Source: Ethisphere’s 2012 World’s Most Ethical Database
CODE OF CONDUCT TRAINING ‐WME
30
6% 6%6%
10%
73%
Percentage of Employees Receiving Code of Conduct Training
Less than 30 percent
30 to 50 percent
50 to 70 percent
70 to 90 percent
90 to 100 percent
Source: Ethisphere’s 2012 World’s Most Ethical Database
Confidential
CODE OF CONDUCT TRAINING
31
2% 3% 4%
5%
9%
77%
Percentage of Employees Receiving Code of Conduct Training
Less than 10 percent10 to 25 percent
26 to 50 percent51 to 75 percent
76 to 90 percent
91 to 100 percent
Source: ACC/Corpedia 2011 Compliance Program and Risk Assessment Benchmarking
Survey
Confidential
CODE OF CONDUCT TRAINING
32
23%
2%
6%
8%10%
51%
Percentage of Employees Receiving Code of Conduct Training Online
Less than 10 percent10 to 25 percent26 to 50 percent51 to 75 percent76 to 90 percent91 to 100 percent
Source: ACC/Corpedia 2011 Compliance Program and Risk Assessment Benchmarking
Survey
Confidential
CODE OF CONDUCT TRAINING ‐ ACC
33
76% Report Training Board
on Code
Source: ACC/Corpedia 2011 Compliance Program and Risk Assessment Benchmarking
Survey
Confidential
CODE OF CONDUCT TRAINING ‐WME
34
51%
4%
41%
4%
Board Training on Code of Conduct
YesNoProvided Code OnlyNot Sure
Source: Ethisphere’s 2012 World’s Most Ethical Database
Confidential
CODE EVALUATION – WME & ACC
35Confidential
95% Evaluate Code as Part of
Regular Benchmarking
51% Use ERM Data to Modify Code
Source: Ethisphere’s 2012 World’s Most Ethical Database and ACC/Corpedia2011 Compliance Program and Risk Assessment Benchmarking Survey
RETALIATION AND DISCIPLINE IN CODE ‐WME
36Confidential
68% Include Discipline Policy
96% Anti‐Retaliation Included
Source: Ethisphere’s 2012 World’s Most Ethical Database
THIRD PARTIES AND CODE ‐WME
37Confidential
74% Require Supplier
Acknowledgement and Compliance
Source: Ethisphere’s 2012 World’s Most Ethical Database
ASSESSING YOUR CODE
38
CODE OF CONDUCT BEST PRACTICES:THEN & NOW
39
Best Practices ThenMeets minimum requirementsDrafted by in‐house counsel or retained counselContent written in legalistic, often incomprehensible rhetoricImpersonal messaging and tone No inclusion of Tone from the Top (i.e. Executive Letter)General, often non‐specific risk topics addressedSingle distribution option
Best Practices NowTone from the Top: Communicating the executive team’s supportReadability & Tone: Engaging employees through an inclusive message, tailored in complexity to target audience, including translationsReporting & Non‐Retaliation: Clearly setting forth reporting resourcesValues Statements & Stakeholder Commitment: Enthusiastically communicating company values and commitmentsAll Relevant Risk Topic Coverage: Addressing risk topicsLearning Aids: Presenting practical scenarios for increased comprehensionPresentation, Style and Organization: Appealing to readers visually with easy navigation, logical structure, and alignment with company branding and culture
Best Practices ThenMeets minimum requirementsDrafted by in‐house counsel or retained counselContent written in legalistic, often incomprehensible rhetoricImpersonal messaging and tone No inclusion of Tone from the Top (i.e. Executive Letter)General, often non‐specific risk topics addressedSingle distribution option
Confidential
CODE OF CONDUCT BEST PRACTICES:THEN & NOW
Confidential
DESIGN SHOULD REFLECT THE COMPANY
Confidential
EIGHT CRITERIA
42Confidential
Effective Code of Conduct
Tone from The Top
Readability & Tone
Non‐Retaliation & Reporting
Values and Commitments
Risk Topics
Comprehension Aids
Presentation & Style
Public Availability
BENCHMARKING YOUR CODE
43Confidential
BENCHMARKING YOUR CODE
44Confidential
Tone from the Top
Readability & Tone
Risk Topics
Overall Grade
Standards of Business Conduct and Ethics Benchmarks
Corpedia's Code Database Pharmaceuticals Industry Your Company
PUBLIC AVAILABILITYStakeholder access (including third parties)Regulatory or listing requirement
Tool for communicationHow is it used/located on website/clicks to get there
Confidential 45
TONE FROM THE TOPClear Communication of Executive Support for the Code
Personalize the ExecutiveMessage
Communicate the Code’s Applicability
Explain the Code’s Role
Include Reporting Information and an Affirmation of Non‐Retaliation
Confidential 46
READABILITY AND TONE
47Confidential
Ensure the Code is the Appropriate Length
(8,000 to 10,000 words)
Adopt a Warm and Inclusive Tone
Focus on Expected Behaviors
Tailor the Complexity to Your Target Audience
Infuse Company Culture
Consider International Audiences
NON‐RETALIATION AND REPORTING
48Confidential
Clearly Communication Resources for Asking Questions and Reporting
Make a Firm Statement of Non‐Retaliation and communicate it multiple times throughout the code
Provide Information on Complaint Resolution Process with multiple avenues
Emphasize by Reporting Concerns, Employees are doing the Right Thing
Ensure Compliance with International Reporting Laws
VALUES STATEMENT
49Confidential
Clearly and EnthusiasticallyCommunicate Company Values
Discuss the CommitmentsEmployees Hold to Key Stakeholders
RISK TOPIC COVERAGE
50Confidential
Give Thought to Relevant Risk Topics(+/‐ 30 topics) Define the Terms Used Within Each Risk AreaClearly Communication Behavioral ExpectationsReference CorrespondingCompany PoliciesCommunicate How CodeRelates to U.S. and International Law
LEARNING AIDS
51Confidential
Ensure the Learning Aids are Relevant and Compliment Company Culture
Provide Clarity and Keep the Code Interesting
LEARNING AIDS
52Confidential
Supplement the Code – not a replacement
PRESENTATION AND STYLE
53Confidential
Visual Appeal
Format Code Properly
Organize Your Code
Table of Contents
54Confidential
Translations
Distribution
Determine How to Distribute
Make Code Available to External Constituents
Provide an Electronic Version
Certification and Disclosure
COMMUNICATING THE CODE
CODE ROLLOUT
55Confidential
1
5
234
Develop email templates for regional business unit leaders to highlight the forthcoming code. Two templates – the first distributed one week after the first executive mention
Consider podcasts – would podcast interviews with regional leaders/senior leaders work? If yes, begin video process for distribution in the 4-6 months following code rollout
Develop branded posters matching code design
Develop and distribute message from compliance/ethics function regarding upcoming code
Distribute give-aways to regional leads for distribution day of launch – water bottles, stress balls, tent cards, etc.
2 weeks in advance - Second mention from regional business unit leaders highlighting code launch
2 weeks in advance - Distribute branded posters highlighting hotline to regions
Launch Day - Message from CEO, message from Regional Leaders highlighting both new code and code training, distribution of code itself (paper and online), posting of posters
Launch Training - Message from CEO, message from Regional Leaders highlighting importance of training
(Training managed by Corpedia post launch)
Post Launch - Manager communication toolkits on key training topics
mon
ths
out
mon
ths
out
CONTINUOUS COMMUNICATION
56Confidential
Translations
DistributionDetermine How to DistributeMake Code Available to External ConstituentsProvide an Electronic Version
Certification and Disclosure
CODE 3.0 “BRINGING YOUR CODE TO LIFE”
57Confidential
CODE OF CONDUCT DIAGNOSTIC*ADDRESSES
How effective your organization’s code is in terms of setting and reinforcing behavioral
Public availability
�� Tone from the top
�� Readability and tone
�� Non‐retaliation and reporting
�� Values and commitments
�� Risk topics
�� Comprehension aids
�� Presentation and style
Confidential 58
* Includes A Written Report, Unlike All Other Verbal Diagnostics.
Thank You
2012 FORTUNE 500 CODE OF CONDUCT DATASET
Ryan McConnell
Morgan Lewis
Houston
60Confidential
REPORTING AND DISCIPLINE
61Confidential
66 companies do not discuss discipline
436 companies do not discuss whistleblower
policy
30 companies do not mention retaliation
RISK TOPICS
62Confidential
176 companies do not mention
HSE
348 companies do not mention social media
3 companies do not
mention COI
STYLE AND CONTENT
63Confidential
197 companies do not use color or graphics
157 companies do not
include CEO letter
259 companies do not include
learning aids
SEEKING INFORMATION
64Confidential
396 companies do not offer helpline/
hotline in other languages
292 companies do not mention CCO/CECO
11 companies do not have public codes
NO CATS ALLOWEDWhich company has a “no cat” policy but allows employees to bring dogs to work because cats visiting offices would be stressed out?
1. Baker Hughes2. Google3. Pet Co.4. NYSE
EMPLOYEES BY ANOTHER NAME…What does Walt Disney call its employees in its publically available Code of Conduct?
1. Dwarfs2. Cast Members3. The Happiest People on Earth4. Helpers
SAFETY FIRST
Which Fortune 500 company discusses the importance of maintaining its system to monitor product defects?
1. Boeing
2. Abbott Laboratories
3. Phillip Morris
4. Coca-Cola
67Confidential
DO THE RIGHT THING
Which Fortune 500 company includes a special disclaimer to the employee urging them to “do the right thing” when they are unsure how to proceed?
1. US Bancorp
2. Allstate
3. FedEx
4. Johnson & Johnson
68Confidential
JUST SO WE ARE CLEAR
Which Fortune 500 company includes a special disclaimer to make sure no one reading the code has an express or implied contract of employment with the company?
1. Marriott International
2. H.J. Heinz
3. Dollar General
4. GameStop
69Confidential
POOF, PRESTO!
Which Fortune 500 company includes a special disclaimer that it can discontinue the Code without prior notice “at any time”?
1. Fluor
2. Norfolk Southern
3. US Airways
4. Applied Materials
70Confidential
EXCHANGED CODE EXERCISES
71Confidential
CODE EXERCISES
TAKE A FEW MINUTES TO REVIEW THE CODE YOU HAVE BEEN GIVEN
72Confidential
CODE EXERCISES
Setting the Code aside, can you:
1. Tell what business the company is engaged in?
2. Can you name three company values?
3. Can you name the avenues for reporting concerns?
73Confidential
CODE EXERCISES
Using the Code, can you:
1. Find if there is a dollar limit for gifts?
2. Does the code describe manager’s responsibilities regarding E&C?
3. What are those manager responsibilities?
4. Does the code state the company’s non‐retaliation policy?
74Confidential
CODE EXERCISESUsing the Code, can you:
1. Does the code explain the necessity for the code?
2. What are the possible repercussions for violating the code?
3. Who should an employee report to regarding a unsafe workplace, a bribery suspicion or a conflict of interest?
4. Does the code discuss how to handle confidential information?
75Confidential
CODE SCENARIOS AND ISSUES
76Confidential
ANY QUESTIONS?
77Confidential
SOME COMMON QUESTIONS
•What are some common roll‐out activities?
•How long can it take to write a code?
•Should we have different codes for different regions?•What are some key things to keep in mind for a global code?
•Our code is 12,000 words long, should we edit it down?•Our code is 8,000 words long, should we add to it?•What does a periodic code review include?
•How should we determine what needs to be added or removed from the code?
78Confidential