A Benchmarking Survey on Third-Party Codes of Conduct

Society of Corporate Compliance & Ethics

Rebecca Walker of Kaplan & Walker LLP is the author of a report on A Benchmarking Survey on Third-Party Codes of Conduct (register to download) sponsored by The Society of Corporate Compliance and Ethics. The SCCE received survey results from more than 400 compliance professionals on how they deal with third-party compliance policies. As Rebecca point out in the report: “Organizations are also subject to risks of misconduct by virtue of the actions of agents and other third parties who act on their behalf or partner with the organization in some way.”

Among the relevant findings in the survey:

  1. Only 47% of companies disseminate their internal employee code of conduct to to third parties.
  2. Only 26% of companies require that third parties certify to their codes of conduct.
  3. Of those 26%, 92% did not have a threshold as when they required certifications.
  4. Only 17% of organizations have a code of conduct that is applicable to third parties.

Rebecca points out the U.S. Sentencing Guidelines provide incentives to have your compliance programs reach out to third parties:

Sentencing Guideline §8B2.1(4):

(A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.

(B) The individuals referred to in subdivision (A) are the members of the governing authority, high-level personnel, substantial authority personnel, the organization’s employees, and, as appropriate, the organization’s agents.

One of the problems with pushing out your compliance program to third parties is that they may have the may have their own which differs with your program. The bigger problem is you setting the compliance standards but not enforcing them. Rebecca offers some ways to extend compliance and ethics requirements to third-parties. These are some highlights:

  • Conduct due diligence regarding business partners’ compliance and ethics programs.
  • Incorporate language into contracts with third parties requiring compliance.
  • Train third parties on the ethics and compliance program or on particular company policies or procedures.

Thanks to Corporate Compliance Insights for pointing out this survey: Third Party Controls Lacking In Ethics and Compliance Expectations Says SCCE Survey.

Roundtable Discusses Supply Chain Risks

compliance_week_logo

On Jan. 27, 2009, Compliance Week and Integrity Interactive presented an editorial roundtable focusing on supply chain and vendor management risks. They were kind enough to invite me to participate. There is an article about the roundtable in the next issue of Compliance Week and a copy is available on line: Roundtable Discusses Supply Chain Risks. (subscription required)

One theme from the discussion was a desire for an industry or third party standard for compliance. We all thought it would be great if some industry association or auditing firm could review vendors and give the reliable ones a seal of approval.

Dave Curan, the Chief Executive Officer of Integrity Interactive, recommended that all companies have a separate code of conduct that applies to their suppliers. Many in the audience pointed out that vendors often have there own code of conduct which precipitates a “battle of the codes.”