One afternoon at 4 PM, you get a call from the local Securities and Exchange Commission office, and they say they want to come by in two days to review your company’s Code of Conduct. You ask them why they want to review your Code. They tell you that it is a foundational document of your compliance program and view it as an internal control and, therefore, enforce it under the FCPA. They want to review all aspects of your Code design, implantation, training, and rollout.
What steps do you need to take to demonstrate the robustness of your Code but also your training and ongoing communications on it?
How do you dig deeper and review the Code of Conduct design, implementation, and review process?
How do you make sure facts on the ground have not changed and that your Code is still relevant?
IN THIS NEW EPISODE, Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation, break down the steps you need to take to survive (and ace) the Code of Conduct investigation review by the SEC.
Major takeaways discussed in the episode:
✔️ Dig deeper and review the Code of Conduct design, implementation, and review process. Show any changes or amendments, what was the process for these actions. Finally, how do you make specific facts on the ground that have not changed and that your Code is still relevant?
✔️ Build a focus group and pull in people from teams in audit, finance, I.T., business folks, and procurement to assess the current Code to identify what works, what doesn’t, and what’s missing.
✔️ Another vital step is benchmarking. Search and see examples of codes, whether a private or public company, big or small, to benchmark against and identify where you think you should be and where others are in your industry.
✔️ Develop a code that you’re proud of and that you want to display to the world. It should reflect and be tailored to fit your organization and not any other.
✔️ Approval and buy-in from the Board and top management are necessary to lend credibility and authenticity to the Code’s core message. This serves as the organization’s Bible for how to operate. 
✔️ Identify your Code of Conduct training protocol and require annual attestation that the Code of Conduct is read and understood by all employees and directors.
✔️ Checklist of evidence to present to the SEC
■ Creation/Design
● Focus group minutes
● Drafts and updates to prior code language
● Benchmarking data and session information
● Translations
● Code launch plan – detailing Communications, emails, mgr meetings, printouts, CEO video
■ Training
● Training records & attestations
● Transcript of Code of Conduct training
■  Operationalization
● Culture and compliance surveys
● The open rate on emails/click rate on Code on the intranet
● How often employees reach out with questions
● Hotline calls and investigations
● Are people making good choices? Root cause analysis of non-compliance
—————————————————————————-
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. Hosted by the Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Counsel & Chief Compliance Officer, Deluxe Corporation. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear and give you some lessons learned going forward.
Do you have a podcast (or do you want to)? Join the only network dedicated to compliance, risk management, and business ethics, the Compliance Podcast Network. For more information, contact Tom Fox at tfox@tfoxlaw.com.