As the study of compliance has matured, most people involved in the field recognize one standard element that cannot be dispensed with and that is the Code of Ethics or the Code of Conduct. A Code of Conduct is where the organization announces its values, its priorities, its commitment to ethical behavior. It has to start with a commitment to that ethical behavior. I like to formally name the document, The Code of Ethics and Business conduct. Some organizations call it a Code of Ethics and Professional Conduct, or a Code of Ethics and Professional Practice. Some people believe that there should be two separate documents. But I like having one document. I think it's important to link conduct into the concept of ethics. In that way, it becomes more than just a simple list of general rules. It becomes both an aspirational document as well as a practical guide. It establishes the principles that guide how employees conduct themselves. It sets the tone for the way employees are supposed to act. Informally, we can just call it, the Code of Ethics or the Code. But whatever you call it, the code of ethics needs to be the bedrock of the compliance program. The Code is often found at the beginning of a Company's compliance manual, and it can start with a general statement about the company's values. The Code that I drafted has a statement of general policies followed by a statement of general principles. The Code needs to be comprehensive, but it also needs to be concise, easy to understand, and serve as a general everyday guide. The Code of Ethics in Business Conduct should also be regularly referenced at meetings and periodically circulated. It needs to be accessible to everyone at all times, routinely reviewed, and updated if necessary and of course, it needs to be supported by senior management as part of the Tone at the Top. In the financial services industry, the SEC has made it mandatory to establish, maintain, and enforce a written Code of Ethics. Rule 204A-(1) discusses certain minimum requirements that must be contained in a Code of Ethics for investment advisers, and any violations must be reported to the Chief Compliance Officer. Under Sarbanes-Oxley, all public companies must disclose in their annual reports whether they have adopted a written Code of Ethics for their Principal Executive Officer and Senior Financial Officers and if not, why not? Companies must also make their Code of Ethics publicly available by either attaching it to the annual report, or posting it on their website. The SEC rule promulgated under Section 406 of Sarbanes-Oxley define a Code of Ethics as written standards that are reasonably designed to deter wrongdoing and promote the following; One, honest and ethical conduct. Two, full, fair, accurate, timely, and understandable disclosure. Three, compliance with applicable governmental laws, rules, and regulations. Four, prompt internal reporting of violations of the code to the appropriate person. Lastly, fifth, accountability for adherence to the code. The SEC paints with very broad strokes. The rules do not describe in detail how a company should draft a particular Code of Ethics, or what procedures need to be developed. They actually acknowledge that every company is different. But while a company's code may not be detailed enough to drive specific compliant behavior, it should set the general tone for the organization, then doing what is right is the expectation, or really the requirement of the company, framed in a way that reflects the organization's culture and priorities.
