UL Supplier Code of Conduct Series – Blog 2: Scope

Codes of Conduct are a key part of corporate compliance programs, and most companies now have some form of Code of Conduct (CoC or Code) in place. However, despite their wide use, CoCs’ purpose, scope, and comprehensiveness vary widely between companies. In Blog 1 we discussed the purpose of a supplier Code and its role as your company’s umbrella policy. The CoC should address areas flagged in your risk assessment and rely on both internal and external stakeholder input. In this second blog, we will look at the scope of your supplier Code in terms of the key issues covered and the entities to which the Code applies.
Deciding exactly which supplier entities will be subject to your company’s Code is a critical first step. Traditionally, supplier CoCs have focused on Tier 1 suppliers of private label goods. While this scope makes sense from a reputational standpoint, other entities deeper into a company’s supply chain, i.e., Tier 2 and lower, are beginning to attract more attention from stakeholders and might be flagged during a company’s risk assessment. It is becoming increasingly common for Codes to be applied all the way down the supply chain to the raw materials level. Additionally, non-product supplier groups such as service providers for logistics or customer care are also attracting attention from stakeholders and may need to be included in your CoC.

Service Suppliers

All suppliers providing services across diverse areas from logistics, distribution, janitorial and maintenance services to customer care could reasonably be flagged in your company’s risk assessment because they all create compliance risks related to labor/human rights, environment, or governance. These service providers also act as suppliers to your business and may need to be covered by your company’s supplier CoC. For example, in recent years, many retailers have expanded their operations to include online retail and have begun to develop new distribution channels. Suppliers within new distribution channels often raise unique risks that could be covered by your company’s CoC, even aside from traditionally recognized issues. For example, precarious work structures play a bigger role in many service sectors such as logistics, and you may want to set expectations for how to address these issues in your company’s Code.

Key Issues and Activities

Once you have established who will be within the scope of your company’s CoC, the next step is to determine what issues and activities need to be addressed. As discussed in Blog 1, a thorough risk assessment will establish the Code’s target audience and inform this decision regarding which issues and activities to include. It is important to keep in mind that if you expand the application of your company’s Code beyond Tier 1 suppliers, you may need to identify and address new issues and risks if not previously covered, e.g., use of seasonal workers, wider use of migrant labor as work becomes less skilled, or specific environmental risks. The same considerations concerning actual implementation and follow-up of requirements as discussed in the last blog apply here.

UN Guiding Principles on Business and Human Rights

The UN Guiding Principles on Business and Human Rights require due diligence to assess potential human rights impacts that a business may cause or contribute to through its own activities, or which may be directly linked to its operations, products, or services by its business relationship. This is a much wider scope than just private label goods suppliers and is one of the factors driving retailers to assess their business relationships more broadly, to identify potential human rights impacts from a larger range of suppliers. Of course, not every company’s risk profile is the same and the responses required to address risks may vary, leading to different aspects being identified in your Code. If you are a retailer considering expanding the scope of your Code, it is important to examine your company’s operational context and think about what leverage you have available before applying your company’s Code to additional groups.

Tier 2 and Beyond

A company’s CoC scope could be expanded through the inclusion of supplier tiers beyond direct (Tier 1) private label suppliers. There has been an increased focus by government regulators and enforcement officials as well as voluntary programs requiring due diligence that extends to indirect raw material suppliers. For example, increased U.S. enforcement of anti-forced labor statutes (e.g., cotton, silica and tomatoes suspected of being linked to Xinjiang), the Lacey Act, which protects endangered species, and the Dodd-Frank Act, which seeks to prevent conflict minerals from entering supply chains, as well as similar legislation emerging in other countries, have made it imperative in many cases for companies to have visibility into and exercise control throughout the supply chain, even to the raw material level. Your company’s Code can be a way to address these evolving due diligence expectations. Although in most cases Codes do not directly bind such suppliers, their application can be extended through a supply chain by establishing expectations for direct Tier 1 suppliers to apply their own due diligence to their direct suppliers, with cascading due diligence expectations to flow deeper into supply chains.


In summary, when conducting a human rights risk assessment, do not think just about your company’s direct private labels suppliers but also ask where other potential risks might exist. These risks might exist in your company’s goods supply chain beyond Tier 1 or in other business relationships with service providers or suppliers for other goods. As you identify these suppliers, be mindful that they may include new risks, including entirely new categories, that need to be addressed in your company’s CoC.
Finally, as you establish your company Code’s scope of application and issues to be covered, keep in mind that you will also need to establish clear internal ownership and a strategy for how to implement and monitor this expanded scope. If you are asking your company’s suppliers to develop their own due diligence strategy, think about how you will support and monitor this. If you are expanding your company’s Code to entirely new supplier groups, design a strategy for how this will be communicated and implemented. To consider these topics in greater detail, stay tuned for the final blog in this series in which we will explore Code implementation.

About This Project

RILA, in partnership with UL, recently launched the supplier Code of Conduct Project, a multiphase cross functional project designed to provide RILA members an opportunity to review and benchmark on their supplier Codes of Conduct. This second blog is a part of a larger collection of supplier Code of Conduct Project materials that will be available to RILA members as the project unfolds. For more information, please reach out to Kathleen McGuigan, RILA’s Executive Vice President & Deputy General Counsel or Erin Hiatt, RILA’s Vice President of CSR. Special thanks to Daphne Guelker, Head of Advisory Services at UL for authoring this blog series.


Please note, the information and content presented in this blog series represents the views, thoughts, and opinions of our strategic partner and should not be interpreted as representing the views, thoughts, or opinions of RILA on this topic.

  • Business Development
  • Code of Conduct
  • Supply Chain
  • Workforce

Stay in the know

Subscribe to our newsletter