RILA, in partnership with UL, recently launched the Supplier Code of Conduct Project, a multiphase cross functional project designed to provide RILA members an opportunity to review and benchmark on their supplier codes of conduct. This initial blog is a part of a larger collection of Supplier Code of Conduct Project materials that will be available to RILA members as the project unfolds. For more information please reach out to Kathleen McGuigan, RILA’s Executive Vice President & Deputy General Counsel or Erin Hiatt, RILA’s Vice President of CSR. Special thanks to Daphne Guelker, Head of Advisory Services at UL for authoring this blog series.
Supplier Codes of Conduct express a company’s requirements, commitment and aspirations and often act as a company’s human rights policy. Supplier Codes should be grounded in a company’s risk assessment and reflect a company’s values and actions.
Supplier Codes of Conduct are a crucial feature of corporate compliance systems, and most companies now have some form of a Supplier Code of Conduct (Code or CoC) in place. However, despite their wide use it is apparent that supplier CoCs vary widely between companies in terms of purpose, scope and comprehensiveness.
This month’s blog is the first in a series of three blogs examining supplier CoCs. This blog will look at a supplier Code’s purpose and suggestions for how to get started when drafting or revising a supplier CoC. In the following months we will consider supplier CoC scope and implementation.
When thinking about your supplier CoC, it is helpful to first understand that the fundamental purpose of this document is to be your company’s primary policy statement on Ethical Compliance. Some companies choose to build their Supplier CoCs around their corporate vision and mission statements, and it can be helpful to articulate these before diving into the specifics of the Code, as they may highlight specific areas of focus. United Nations Global Compact participants follow the UN Guiding Principles on Business and Human Rights, which requires companies to adopt a policy commitment to human rights and often this is done through the supplier Code.
A Code should express your company’s supplier requirements, commitments, and even aspirations in relation to Ethical Compliance. At a minimum, your supplier CoC should establish clear requirements and commitments to abide by all applicable laws or even more stringent standards. The supplier Code should also address issues that are pertinent to your company, business and industry. Beyond compelling language which reflects your company’s values, your supplier Code should be rooted in your business practices and, as emphasized by the Department of Justice’s 2020 Guidance on Evaluation of Corporate Compliance Programs, should reflect your company’s actions. In practice, this means that your supplier Code should be based on internal risk assessments and practices. As company practices and risks change over time, your supplier CoC must also be reviewed and updated regularly to check whether it still accurately reflects your company’s activities, ethical positions or addresses all relevant risks.
A useful place to start is to ask which internal company groups will own the supplier CoC. The supplier Code should ultimately be owned at the most senior level within the company and communicated accordingly, but additional relevant company internal partners are important to identify. For example, Code implementation may be owned by the Sourcing Department, Ethics and Compliance or even a specific Corporate Responsibility department. Having the right internal partners involved from the outset and understanding how your supplier CoC will be implemented in your company’s structure and policy ecosystem is important. For example, if your company has separate teams focused on business ethics, human rights and environment but decides to consolidate all areas into one supplier Code, it is important to ask how each internal partner will relate to and own the Code.
After identifying the relevant Code owners and internal partners, make sure that your supplier Code reflects the findings of your compliance risk assessment and addresses the identified risk areas. Because your supplier Code operates in an ecosystem of other policies and procedures it should work as an overarching framework, leaving in-depth processes or applications to other policy and procedure documents such as detailed supplier manuals, country sourcing policies or product sourcing policies,
You also may find it important to take other external stakeholders’ views into account. Stakeholder and external expert views should be considered to help identify and address specific risks in a company’s risk assessment. In addition, it may also be relevant to consider whether some of your external stakeholders expect commitments to be expressed at a public Code-level instead of in other internal company policy documents. For example, investors, rating and benchmarking agencies as well as civil society organizations may only rely on publicly available information to make investment and rating decisions about a company’s compliance program. If relevant information is hidden in internal company policy documents but not publicly stated, these decisions will not reflect your company’s actual practices.
Finally, the supplier Code should be readily accessible by all individuals or groups covered by it. Companies should also consider the value of transparency by making sure that prospective suppliers and other external stakeholders are given easy access to the Code. Notably, the UN Guiding Principles requires human rights policies to be actively communicated to relevant internal and external stakeholders. This may involve translating the supplier Code into relevant languages and making it available in a way that is easily accessible, for example through the corporate website.
The following graphic provides a simple overview of issues to consider when determining your Supplier Code of Conduct’s purpose and how to get started when developing, reviewing or updating your supplier CoC.
In upcoming blogs in this series, we will take a closer look at the scope of supplier CoCs and managing Code implementation.
Please note, the information and content presented in this blog series represents the views, thoughts, and opinions of our strategic partner and should not be interpreted as representing the views, thoughts, or opinions of RILA on this topic.