Las Vegas tourism promoters used to promise, “What happens in Vegas, stays in Vegas.” It’s much harder to make such a claim these days, when even the most benign shenanigans are only a smartphone video away from global critique. Corporations are being held accountable, as well – not only by regulators, but by citizen journalists, activists, whistleblowers and customers, empowered by social media and the internet.
Companies are aware of this, and 92 percent have adopted formal codes of conduct for their organizations, according to a 2015 survey by Protiviti and the Economic Crime and Justice Studies Department at Utica College. According to that same survey, however, only a small fraction of those companies hold their vendors to the same standard, or even conduct reasonable due diligence on business practices – and that’s a problem.
In today’s collaborative economy, regulators (and consumers) recognize that companies are outsourcing everything from labor to IT infrastructure, and are holding the companies accountable for their vendors’ behavior. Witness the massive fines levied against global conglomerates under the Foreign Corrupt Practices Act. Consider recent personal data breaches attributable to third-party security lapses. In every instance, the corporation, and not only the vendor, was held accountable – especially in the court of public opinion.
Clearly, there is a case to be made for adopting – and enforcing – a supply chain “code of conduct,” establishing clear and communicated expectations for how suppliers will conduct their business – especially vendors authorized to act as agents on behalf of the organization. After all, it’s the company’s reputation and brand image that is at stake.
Codes of conduct are designed to prohibit any number of ethical lapses, including conflicts of interest, self-dealing, bribery and other inappropriate actions. They can be brief, although most are fairly detailed. A code of conduct is characteristically very concrete, delineating specific required and prohibited behaviors and practices. It differs from a code of ethics, which tends to deal more with principles and values and is difficult to enforce – although a code of ethics is often specified as a requirement of the code of conduct.
A code of conduct would typically address things like:
- Human rights – requiring vendors to treat their workers with dignity and respect and provide proof of a penalty-free reporting mechanism for employees to report violations. This provision typically includes anti-discrimination, anti-harassment, compensation and hours, as well as prohibitions against forced labor and child labor.
- Health and safety – including workplace temperatures, noise levels, ventilation, lighting, toilet facilities, safe working facilities and drinkable water.
- Environment – setting standards for environmental sustainability.
- Ethics – promoting fair trade and prohibiting corruption, unfair competition and conflicts of interest.
- Other critical items, including financial integrity, confidentiality, regulatory compliance and social responsibility.
In the increasingly connected global economy, it is critical for organizations to look beyond fiscal imperatives and hold suppliers to the same ethical conduct expected of employees, management and directors. Of course, a code of conduct is only going to be as good as the intentions of the vendors who sign on to it. That’s where third-party audit comes in. And that’s a topic for another day.