Writing A Five Star Ethics and Compliance Policy

Identify ethical risks your company faces, provide solutions for those situations and build an ethics and compliance policy around them.

Posted by Joe Gerard in Code of Conduct, Ethics, Ethics & Compliance, Human Resources on September 7th, 2010

You’ve heard it before: a strong ethics and compliance program begins with a top notch workplace ethics and compliance policy. But do any of these sources ever tell you exactly what makes an ethics and compliance policy “top notch”? To understand the elements of a top notch ethics and compliance program, it’s important to understand that each company’s ethics and compliance policy will be different, as policies are built around a company’s processes and influenced by the industry in which it operates. However, there are common elements that must be included in every company’s ethics and compliance policy- it’s the “little extras” that are included that separate the top notch ethics and compliance policies from the not-so-stellar ones.

Begin With the Basics

A good way to determine what to include in a corporate ethics and compliance policy is to identify the ethical risks your company encounters and provide solutions and guidance for those situations. Think about ethically compromising situations employees at all levels may face, document them, and build your ethics and compliance policy around them.

Basic elements of an ethics and compliance policy include:

  • Compliance with the law- Compliance with local and industry laws are the most basic forms of compliance. I believe that companies need to challenge themselves to go beyond complying with the minimum standards. Build upon existing laws to take your company’s ethics and compliance program to the next level.
  • Definition of unethical behaviour- Address various forms of unethical behaviour- harassment, discrimination, theft, fraud, retaliation, etc. Define each of these terms, provide real life examples and consequences for violating the policy. Some companies choose to adopt a zero tolerance attitude towards these issues. If your company does, make it clear.

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template
  • Integrity statement- Every company should promote honest business. Many companies include their mission, vision and goals for employee conduct in this section of the ethics and compliance policy. According to the Canadian Centre for Ethics & Corporate Policy,

“A code of ethics usually proposes specific principles and rules of conduct. A key objective of a code is to provide guidance on expected behavior as well as rationale for that behaviour. A code also provides a way for a company to measure and monitor performance designed to achieve objectives and to instill values.”

  • Anti-Bribery, gifts and entertainment- To avoid involvement in bribery, let employees know where your company stands on the issue of gifts and entertainment. Some companies allow gifts to be sent or received if the gift is under a given value. Isuggest eliminating as much grey area as possible from your company’s ethics and compliance policy. Make it clear- no gifts!
  • Reporting unethical behaviour- Employees are likely to uncover unethical practices in the workplace before senior executives. To catch violators earlier, let employees know how to report misconduct. Include hotline phone numbers, Ombudsman information, website addresses and other information pertaining to filing a complaint. This information is usually found at the beginning or end of the policy, or sometimes even both.
  • Confidentiality- In some cases, ultimate confidentiality cannot be maintained due to the discovery of a criminal act or a court case. Make a statement that confidentiality will be upheld to the highest possible degree for those making complaints or involved in internal investigations.
  • Accurate accounting- Corporate accounting is highly regulated, but often violated. Here’s a great example of an accounting integrity clause that Exxon Mobil has included in its corporate ethics policy:

“It is the Corporation’s policy that all transactions will be accurately reflected in its books and records. This, of course, means that falsification of books and records and the creation or maintenance of any off-the-record bank accounts are strictly prohibited. Employees are expected to record all transactions accurately in the Corporation’s books and records, and to be honest and forthcoming with the Corporation’s internal and independent auditors.”

Ethics and Compliance Policy Template

One of my co-workers passed along this ethics and compliance policy template to me. The template was developed by the Sans Technology Institute, and has been made available for use within organizations. The sections outlined in this template cover majority of the issues that should be outlined in an ethics and compliance policy, but I would recommend using this as guidance only. Tailor your ethics and compliance policy to your business and be specific. For example, don’t just state that consequences will be handed down to those who are found guilty of violating the policy, include the punishments in the policy.

Don’t forget, go public with your policy. Place the document on your company website to increase accountability and transparency.


VP Sales & Marketing

Spend my days showing off the i-Sight investigative case management software and finding ways to help clients improve their investigations. Usually working with corporate security, HR & employee relations, compliance and legal teams.

Visit Website