There are better ways to manage risks than attaching your organization’s code of conduct to your contracts with third parties

Adam Balfour

by Adam Balfour

I often hear of people, usually with good intentions, trying to attach their organization’s Code of Conduct to contracts with third parties as a way of trying to reduce compliance risks. I’m not a fan of this practice and this #SundayMorningComplianceTip explains why.

Your organization’s Code of Conduct is designed for your organization and employees. While it might have some sections that address the parties you work with and how to interact with them, the primary audience for your Code is internal to your organization. You are not doing much from a practical standpoint by simply attaching your Code of Conduct as an exhibit to a contract and expecting the other party and their employees to comply with it.

Will anyone from the other side read your Code of Conduct? Probably not – and even if someone from the other side does read your Code, they might only be involved in the contract review stage and not involved in the performance of the contract. Is attaching a Supplier Code of Conduct better? It is slightly better since it at least attempts to target the audience more, but even then the Supplier Code might be very broad and not address specific risks or situations.

Rather than adding your Code of Conduct as an unread exhibit, think about what ethics and compliance risks the relationship could present (including based on due diligence findings), and then craft and talk through the relevant provisions for a written contract that address those risks. And if you have audit rights in a contract, use them – there is no point in spending a whole bunch of time negotiating audit provisions and then never actually using them. If you use a contract management system, you can often leverage those systems to provide reminders about following up on relevant contract provisions to ensure they are being complied with.

Third parties can and do present compliance risks and those risks need to be managed. However, you need to be smart at how you address those risks and not simply throw in your organization’s Code of Conduct as a contract exhibit and think that’s going to add value or mitigate risk.

Recent posts you may be interested in

Search the site

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors