This Wisdom of the Crowd, compiled from questions and responses posted on the Compliance and Ethics and Small Law Departments eGroups*, addresses issues involving agreements and requests to adhere to contracting parties' codes of conduct. The issues discussed include:
*(Permission was received from the ACC members quoted below prior to publishing their eGroup comments in this Wisdom of the Crowd resource.)
Rate this Wisdom of the Crowd
I. THIRD-PARTY ADHERENCE TO YOUR CODE OF CONDUCT
Question:
I am curious how others handle (1) sending requests to third parties to comply with your company's code of conduct and (2) responding to similar requests. We are reaching out to third parties who act on our behalf (consultants, JV partners, suppliers, etc.) asking that they adhere to the principles and standards in our code of conduct when conducting business on our behalf. We have also received similar requests from customers and others parties for whom we are acting on their behalf.
Given that a company's code of conduct is unique to the company and certain portions generally cannot apply to third parties (i.e. approval to exceed spending thresholds) we are only asking that the third parties agree to follow similar ethical business practices when acting on our behalf. We respond to similar requests by stating that we have our own code of conduct and all employees are bound by the code. I would like to hear from others on how they are balancing the need for assurance that third parties are acting in a manner consistent with your own company's code of conduct with the practical limitations associated with applying all aspects of your code of conduct to non-employees.
Wisdom of the Crowd
Response #1
I agree 100% as to both sides respecting their own Code without one side having to contractually force one onto the other. I've done some benchmarking for language that takes a "softer" approach to achieve the objective of responsibility - without the need for a contractual commitment. ______ and _____ take a neutral approach. ______ has good language based on mutual responsibility with their right for verification if needed. _____ allows other's codes to be verified. When it comes to anti-corruption (or similar), my company does put some compliance language in agreements, but when it comes to other matters falling under Corporate Responsibility, we state certain criteria as our expectations for following ours or similar practices.1
Response #2
The issue is not new but in the UK (where we're based and listed) there has been particular attention to this matter after the entry into force of the Bribery Act (not dissimilar to the FCPA), so we started getting requests for compliance with the Act and/or specific codes from customers, business partners and suppliers. We have a standard response, signed by our CEO, which goes along the lines of "Thank you for your interest in our anti-bribery and business ethics policy.
[X] is committed to the highest standard of ethics and expects the same commitment from its suppliers and business partners. I would therefore like to take this opportunity to share our own position on business ethics with you. I have set out [X}'s position on ethical standards of behaviour on our [website]. You can also find a copy of our internal Business Code of Conduct on the website. All this information can be found here.
If you do have any specific queries or concerns please do not hesitate to contact the Corporate Compliance Committee by e-mailing [...]"
We then have the Code during negotiations to show that is 99% similar to whatever the other party has in place and would wish us to undertake to comply with. It has helped a lot in dealing with such requests.2
Response #3
We understand that we are one of numerous suppliers selling to the same customers, and that our customers can't negotiate something different for every supplier. But at the same time we can't agree to adopt all of our customer's codes, because each one has a different code and they are all marginally different.
Plus, our own corporate conduct was developed through an exhaustive and consultative process to reflect a range of norms across our particular industry. Customer Codes of Conduct are quite naturally focused on the customer's industry line. As a supplier/vendor of knowledge-based services, we are not in the same line of business as our customers who may for instance, be in manufacturing, retail or distribution. Our customer's Codes will simply not reflect the realities of the challenges that we need to address in our particular service line.
Sure, ultimately we can probably sign a Code of Conduct that says, "No slave labour and no child labour" with perfect contentment that the statement is accurate and low risk on our side. Engineering-related services are unlikely to involve either slaves or children by the very nature of the higher education required to operate. Requiring us to sign something like that may make the sales people happy because they can close the deal faster but it is a check-box approach to corporate supply chain management. It doesn't meet any of the true objectives of a Code of Conduct program because it doesn't get at any of the core issues that affect integrity in providing high knowledge-based services. Our Code does. Once we have a chance to explain to our client who we are and what we do, we are confident that they will agree that our Code is appropriate for meeting their needs regarding integrity in supply chain management. We take a fairly principled stand on this.
The additional issue, of course, is the low cost efficiency of templates and that neither we nor our customers want to bear the cost of departing from our own forms. Providing individual responses to detailed Code of Conduct-related queries from each client becomes so time consuming that it is an actual, measureable indirect cost to have somebody running around gathering all the documentation required by complex customer questionnaires. We do understand that the reverse is true as well. If one of our clients is a big manufacturing customer and they have 45,000 suppliers in their chain, they don't want to read 45,000 client codes of conducts and compare them. And yet, we do continue to take the position that our Code of Conduct is better suited to demonstrating integrity in the services that we offer the client then would be gained by simply agreeing to whatever the client asked for to ease the procurement process.
This response manages 95% of it. That leaves the 5% that require detailed discussion and negotiation. Our biggest challenge is the clients who leave this kind of task to a procurement officer who neither knows nor cares about the actual principles that a code of conduct represents. They treat it as an administrative or clerical checkbox, and have been instructed by their own management that, "Your job is to make sure that nobody gets to the next step unless they sign this". That is the metric by which their own job performance is measured. Getting past that person to the one in the company who actually understands and cares about the value we are adding can be extremely challenging, but permitting ourselves to be bullied into signing an inappropriate Code that doesn't meaningfully relate to our service offering really doesn't help anybody. But generally by the approach below we can manage the vast majority of it and dramatically reduce the volume that need a lot of focused timed and energy to come up with a solution that works for both us and the customer.3
Response #4
I agree that you should not ask another company to adhere to your internal Code of Conduct, but simply acknowledging that the vendor (or whoever) has a Code of their own is insufficient. I had created (in my last two jobs as head of compliance & ethics) Supplier Codes of Conduct, that were brief, high level statements relying on universally accepted standards - e.g., no child labor, no sweatshops, no retaliation, observation of data privacy rules etc. etc. Yes we had to introduce a bit of flexibility, but vendors were hard pressed to object. We did not ask them to call our hotline with violations, and much was on the honor system, though we did reserve the right to audit compliance. The most recent example of what I created appears at http://bit.ly/11UZibc and, as you can see, many of the standards were based or derived from industry standards, UN and ILO conventions. Even where a vendor balked, we were able to point out where their Code was missing a few sections from our Supplier Code, and they relented - all leading to 100% compliance. Pretty good for a multinational company with operations in 150 countries.4
Response #5
I implemented the same process that Peter describes at Freescale Semiconductor, my prior company. Here is the public link to the Supplier Code I created there.5
Response #6
We have a code of conduct. It's pretty simple, and we enforce it and do a pretty good job with compliance. That's how we do business: honestly and ethically and legally.
As a general rule, I think requests for a customer or supplier to agree to follow our code of conduct is a waste of time. Some big company, and you know who they are, gets indicted for violating bribery laws and some bright prosecutor says, "Wow, I know what we will do, let's make them publish a code of conduct and get anyone who does business with them to sign it." Golly gee, if they had not asked us to sign that we would have gone on our merry way, enslaving children, exploiting AIDS victims, bribing foreign heads of state with blood diamonds, committing murder and kidnapping to assure that people would buy our products, which we continue to make with conflict minerals and radioactive uranium tailings which we conveniently flush into the city's water supply, and firing our furnaces with mercury. We don't do that anymore, because we signed the aforesaid code of conduct. Gosh, I had no idea all of those practices were problematic.
How arrogant of them to assume that their brand of morality is so much better than anyone else's.6
II. CONFLICTING CODES OF CONDUCT
Question:
As a supplier, do you often receive purchaser's Code of Conduct and are asked to confirm compliance in writing? What if your company has its own published Code? What if some of the "standards" that they reference are actually "guidelines" and while the company does not follow those specific guidelines, the company does follow other recognized, established guidelines and standards on the topic? How do you respond?
Wisdom of the Crowd
Response #1
My company is also a supplier and we have received several of these from our customers. Having the same concerns as you have pointed out, I instructed my group not to sign any compliance requests. For the most part, the ones we have received have been provided on an informational basis with no request for a response or confirmation of compliance. For some of the ones that required a compliance confirmation, which we did not want to provide, they indicated that their company would not continue to do business with our company.7
Response #2
We're a distributor and have received these from a number of OUR customers. My experience is identical to [that in Response #1]. The most frustrating part is that some of the "required" codes of conduct incorporate portions of the customer's employee handbook, which are largely inapplicable in the context of the transaction...8
Response #3
Some companies prepare a separate "vendor" code of conduct, rather than use a one-size-fits-all approach. What I have done in the past is counter with our code of conduct, which was posted on our website, after explaining the conflicts that would arise if required to certify compliance with their code.9
Response #4
We often get C of C and try to avoid being contractually obligated to follow them. We say that we will follow any specific guidelines applicable to our transaction, e.g. gifts, meals, golf outings etc. Sometimes however you may be selling to the 900-pound gorilla and are basically stuck. If you have your own Code they probably overlap. 10
III. CODE OF ETHICS VS. SUPPLIER CODE OF ETHICS
Question:
Frequently a company will have a code of ethics (COE) as well as a supplier code of conduct (SCOC). Certification to the COE is required of all employees and directors. Supply chain vendors are required to certify to the SCOC. What about other independent contracts, contractors and service providers fall? Where is it appropriate to draw the line? All feedback would be appreciated. Thank you.
Wisdom of the Crowd
Response #1
Frankly, these "supplier codes of conduct" are a lot of feel-good paper pushing. If your company believes it needs to engage in this for public relations reasons, then feel free to do so. But it's immensely annoying being on the receiving end of such things (prior "life" was in-house in automotive supplier industry). Any company conducting business in the U.S. needs to be aware of the relevant laws e.g. FCPA, and having my customer preach to my company about my company's need to be law-abiding is completely beside the point. Witness the string of guilty pleas for price-fixing in the automotive supplier industry right now: do any of the car companies seriously think that having or not having had those suppliers sign a code of conduct would have affected the behavior of those suppliers? Either you do or don't think your vendors are engaged in business in a way that comports with how your company chooses to do business. The better effort is spent doing due diligence on your suppliers/contractors if your company is concerned that they might be dealing with a company managed by people who are ethically challenged.
This is separate and apart, of course, from your own company's internal code of ethics and the efforts that your company does or doesn't do to periodically re-train and re-certify its employees on such things.
If your company has a unique bit in your own code of conduct that you wish your vendors to be aware of (for example, a prohibition on any gifts, period), it might indeed be a good idea to simply periodically make your vendors aware of this so as to avoid creating awkward situations around the holidays. But this is not the same as demanding that a supplier/vendor actually "certify" that they have read and agree to abide by a "supplier code of conduct".11
Response #2
I completely agree. We should all work to limit the amount of nonsense that is circulated... let's "keep it real!"12
1 Lee Bream, Senior Corporate Counsel & Chief Compliance Officer, Evonik Degussa Corp. (Compliance & Ethics, Feb.19, 2013).
2 Alessandro Galtieri, Senior Legal Advisor, Corporate, Colt Technology Services Group Limited, London, UK (Compliance & Ethics, Feb. 20, 2013).
3 Ellen Pekilis, General Counsel, CSA Group, Toronto, Canada (Compliance & Ethics, Feb. 21, 2013).
4 Peter Liria, Chief Ethics Officer – Director, Ethics Online, United Nations Development Programme (Compliance & Ethics, Feb. 20, 2013).
5 Larry Parsons, Vice President, Ethics and Compliance, McLance Company, Inc. (Compliance & Ethics, Feb. 21, 2013).
6 Floyd Grabiel, Corporate Counsel, TSI Incorporated (Compliance & Ethics, Feb. 22, 2013).
7 Assunta Rossi, General Counsel, De Nora Tech, Inc. (Small Law Departments, June 2, 2011).
8 Holly Saigo, General Counsel, Kimball Midwest (Small Law Departments, June 7, 2011).
9 Diane Flyer, Attorney (Small Law Departments, June 8, 2011).
10 Stuart Senescu, Attorney (Small Law Departments, June 2, 2011).
11 Laura Vogel, Assistant General Counsel (Small Law Departments, Nov. 1, 2012)
12 Michael Meltzer, General Counsel, Sirota Consulting, LLC (Small Law Departments, Nov. 1, 2012)