by Adam Balfour
I often hear of people, usually with good intentions, trying to attach their organization’s Code of Conduct to contracts with third parties as a way of trying to reduce compliance risks. I’m not a fan of this practice and this #SundayMorningComplianceTip explains why.
Your organization’s Code of Conduct is designed for your organization and employees. While it might have some sections that address the parties you work with and how to interact with them, the primary audience for your Code is internal to your organization. You are not doing much from a practical standpoint by simply attaching your Code of Conduct as an exhibit to a contract and expecting the other party and their employees to comply with it.
Will anyone from the other side read your Code of Conduct? Probably not – and even if someone from the other side does read your Code, they might only be involved in the contract review stage and not involved in the performance of the contract. Is attaching a Supplier Code of Conduct better? It is slightly better since it at least attempts to target the audience more, but even then the Supplier Code might be very broad and not address specific risks or situations.
Rather than adding your Code of Conduct as an unread exhibit, think about what ethics and compliance risks the relationship could present (including based on due diligence findings), and then craft and talk through the relevant provisions for a written contract that address those risks. And if you have audit rights in a contract, use them – there is no point in spending a whole bunch of time negotiating audit provisions and then never actually using them. If you use a contract management system, you can often leverage those systems to provide reminders about following up on relevant contract provisions to ensure they are being complied with.
Third parties can and do present compliance risks and those risks need to be managed. However, you need to be smart at how you address those risks and not simply throw in your organization’s Code of Conduct as a contract exhibit and think that’s going to add value or mitigate risk.
Search the site
While some organizations bar conflicts of interest in all cases, many opt for allowing COIs to exist where appropriate. But how should appropriate be defined for these purposes?
Attending SCCE conferences is always a source of insights and new information. In these conferences I have seen quite a bit of focus on data analytics, and deservedly so.
The first time I saw Kristy Grant-Hart she put on a show about magic compliance dust and then brought the audience to reality by breaking the news that there is
In our years of assessing compliance and ethics (C&E) programs, my partner Jeff Kaplan and I have pinpointed several key attributes that we consider essential to an effective program, including