Code Redux Part One: Tips For Writing and Updating Your Corporate Code of Conduct

(This article was contributed to Corporate Compliance Insights by Ms. Joan Dubinsky, the Chief Ethics Officer for the International Monetary Fund. Ms. Dubinsky can be contact by email at at It originally appeared on CCI March 3, 2009.)


Code Redux Part One: Updating your Corporate Code of Conduct


This is a two-part article that explores the why and how of updating your organization’s Code of Conduct. Code Redux Part One poses several questions to consider before you begin. Once you have tackled those questions, proceed to Code Redux Part Two. There, you will find a set of recommended steps—from vision to publication. A longer version of this article was previously published in CCH’s Federal Ethics Reports, Volume 15, Issue 10 (October 2008). Permission to reprint has been graciously granted.


Many organizations have a document that they call their Code of Conduct. Along the way, it may have acquired several other names or titles.

Though the titles may not be standardized, one aspect universally holds true. Once a Code of Conduct is finally written, approved, published, and distributed, no one wants to revise it. This article examines why the revision process is so dauntingly difficult, and suggests ways to simplify your approach.


code-of-conductA Code of Conduct is the single most important element of your ethics and compliance program. It sets the tone and direction for the entire function. Often, the Code is a standalone document, ideally only a few pages in length. It introduces the concept of ethics and compliance and provides an overview of what you mean when you talk about ethical business conduct.

A Code of Conduct communicates your organization’s values and principles, and summarizes the most significant rules and policies that impact your organization’s culture. A Code can promote ethical behavior, reinforce legal compliance, and enhance corporate reputation. This small document captures “Tone from the Top” more effectively than any other type of communication.

A Code of Conduct should be linked to your organization’s ethics and reputational risk profile. When you know the most serious and frequent kinds of ethical risks, you can begin to mitigate by discussing them in your Code.


The Code should be the first resource that employees turn to when they have questions about ethics and compliance. From experience, we have a good idea of the kinds of questions that employees are likely to ask:

  • Procedural questions: Who do I talk to when I want to make a report? Who can give me ethics advice that I can rely upon?
  • Substantive questions: What are our rules on outside employment? What is our policy on retaliation? How complete must our books and records actually be?
  • Organizational questions: What does our CEO say about ethics? Do our rules on ethics apply to everyone, including board members?

The Code should also be the first resource for managers and supervisors when they have concerns about ethics and compliance. Managers and supervisors ask different questions than employees:

  • Who is accountable under our Code? What is my role as a member of management? What is expected of me and my team?
  • Is the Code enforceable? What are the consequences if someone follows—or fails to follow—the Code? Will I be informed?
  • What are my resources? Who can help me figure out a difficult ethical question? If one of my employees acts unethically, what should I do next?

Over my last twenty-five years as a business ethicist, I have seen quite an evolution among Codes of conduct. Some of the earliest were indistinguishable from corporate policies. The formatting was different, but the text was nearly identical. Some of the next generation attempted to summarize the major laws that applied to business operations, and then catalogued these legal summaries alphabetically. Then, we saw Codes of conduct that attempted to group laws and policies by stakeholder group or by major topic. The next—and some would argue that this is the current stage—tried to differentiate between “rules based” and “values based” Codes of conduct.


Regardless of how you think about the messages of your Code, there are three looming philosophical questions that you must consider. You can’t not consider these three questions if you are to succeed at updating your Code.

Is your Code normative or instrumental? Simply put, do you want a Code of Conduct that is enforceable upon its face, or do you want a Code that is a summary of other rules and policies? A normative Code can be the basis for disciplinary action, should an employee fail to comply. It will tell you what not to do. An instrumental Code generally promotes your organization’s culture, and inspires employees to behave consistently with your values. But you probably can’t discipline an employee for violating a set of suggested guidelines for appropriate business conduct.

How many Codes should you have? There is great appeal to adopting a single, universal Code of Conduct that applies to:

  • all employees, across the globe, who work for your organization
  • all executives, officers, and managers
  • all board members
  • all partners, joint venturers, and sister organizations
  • all third parties with whom your organization does business

Yet, the expectations for conduct for each of these groups are different. If you create a Code that applies universally, will it have sufficient clarity and specificity to provide the kind of guidance that individuals need? By writing a Code that applies to nearly everyone, you might reduce its content to platitudes. If you adopt multiple Codes, the level of detail can vary. Yet, multiple Codes will be difficult to enforce. And, if the task is daunting to revise just one Code, your efforts grow exponentially with each successive Code requiring revision.

Can there be a universal Code for a global company? As much as we would like to find common ground among the legal systems of our globe’s 193 nations, each sovereign nation’s laws are unique. For global companies, inconsistencies among legal systems are a significant challenge. For example, many organizations are struggling with the differences in privacy laws between E.U. countries and non-E.U. countries. Most organizations describe in their Codes how their hotlines or helplines operate. If, for example, your organization operates in North America, Eastern Europe, and Southeast Asia, what should you say about the placing of anonymous calls to your hotline or helpline? Do you encourage employees, discourage employees, or limit anonymity to only certain types of complaints? Or, as some companies have decided, do you issue differently worded Codes of conduct for different regions of the globe?


The simple answer, of course, is whenever necessary.

In reality, many organizations strive to update their Codes every five years. Since Codes of Conduct are linked to legal compliance, organizational policies, and rules, it is important to keep everything synchronized. There is nothing worse than a Code that was issued fifteen years earlier, which is no longer relevant because the business itself has changed radically in the interim.

Why is the revision process so daunting? Why do we postpone and procrastinate? Frankly, writing a Code of Conduct is hard work. It is time consuming. The potential for internal political battles looms large. Egos get engaged. Some of us even begin to draw lines in the sand.

What makes the process so hard? Several good reasons come to mind.

Simplicity: The rules and policies that control a business are complex. The number of laws and regulations continues to grow. The number of jurisdictions whose laws apply to business operations continues to grow. We do not see many multilateral efforts to harmonize the laws and regulations that control trade, finance, commerce, competition, employment and labor, monetary policy, privacy, transparency, marketing, manufacturing, or safety. And these are the very laws that matter critically to how we run our businesses.

A strong Code of Conduct communicates with simplicity about complexity. Writing simply takes more effort than almost anything else that we do. A good Code follows Einstein’s adage: “First thing, make everything as simple as possible. But no simpler.”

Clear Messages: Most business people are not attorneys. This is probably a good thing. Most laws and regulations are written by attorneys. That is also—probably—a good thing. Legal writing is an art form, not a business imperative. Lawyers write in ways that cover all contingencies and risks—or as many as can be foreseen. Business people communicate in order to make decisions, and to make those decisions quickly despite the risks of the unknown.

Great Codes of conduct are written with the business in mind. They cannot cover all contingencies. They need to help your employees recognize which rules apply and when. They must help your employees make great decisions, quickly and effectively. They need to get to the point. Remember: a great Code is not a synopsis of all of the laws that might impact your company’s operations. Lawyers can read a legalistic Code. But, will the people who help your company succeed day in and day out read it?

Consensus: Companies with active labor unions know how to negotiate terms and conditions of employment. Companies with Works Councils are attuned to the need to consult. Even in companies with very simple labor relations, input from employees generally results in better policies and rules. Especially when a company considers adopting new rules—such as a new policy on overtime or workplace romances, a consensus approach will lead to stronger voluntary compliance.

Great Codes of conduct are the product of consensus. Anything that you draft will benefit if you make the effort to circulate it for comment. More eyes are better. The ultimate decisions on what to include in the Code may not be open to debate and comment. But, how a topic is discussed and how an ethical example is expressed can and should be part of your deliberations.

As many of us have experienced, consensus is not perfect and it is not swift. Each iteration multiplies the potential that some topic will require additional research and negotiation. There is always at least one major risk topic that draws debate if not outright dissent. Consensus takes time—the one commodity that most successful businesses lack.


Now that you have tackled some of the hardest questions, you are ready to revise your Code. Part Two of this series will give you the guidance and encouragement you need to get started.


>>>Read Code Redux Part Two: Corporate Code of Conduct Update and Revision Process


© Joan Elise Dubinsky and the Rosentreter Group 2008. All rights reserved.

*** Ms. Dubinsky wishes to acknowledge the assistance of Joseph Kroupa, Ethics Office Associate at the International Monetary Fund, in the preparation of this article.


Joan Dubinsky is the Chief Ethics Officer for the International Monetary Fund. In this role, she has institution-wide accountability for advising, guiding, communicating, and enforcing the Fund’s values and standards. Ms. Dubinsky also leads the Rosentreter Group, a management consulting practice providing expertise in business ethics, organizational development, and corporate compliance.

You can reach Ms. Dubinsky at

No related content found.

About the Author

Joan Dubinsky

Ms. Dubinsky serves as the independent Director of Ethics/Chief Ethics Officer for the United Nations. Reporting to the Secretary-General, Ms. Dubinsky is accountable for ensuring that UN staff worldwide uphold the organization’s ethical values of integrity, accountability, and transparency. Ms. Dubinsky chairs the UN’s Ethics Committee, which promotes harmonization and collaboration among all UN funds and programs, and serves as the Co-Chairman of the UN Ethics Network. From 2009 through 2010, Ms. Dubinsky served as Director of Ethics for BAE Systems, Inc., based in Arlington, Virginia, meeting the global needs of the world’s largest defense, security and aerospace contractor. Ms. Dubinsky was responsible for daily operations of the BAE Systems, Inc. ethics and business conduct program. She was charged with developing a world-class values-based ethics program, consistent with the recommendations of the Woolf Commission and BAE Systems’ business strategy. From 2004 through 2009, Ms. Dubinsky served as the Chief Ethics Officer for the International Monetary Fund, where she had institution-wide accountability for advising, guiding, communicating, and enforcing the Fund’s values and standards. Reporting to the Managing Director, Ms. Dubinsky provided independent ethics advice and counsel to all levels of the Fund and conducted sensitive internal investigations. Ms. Dubinsky is the founder/owner of the Rosentreter Group, a management consulting practice providing expertise in business ethics, organizational development, and corporate compliance.  Public and private sector organizations have retained her to implement values- and rules-based initiatives, conduct program assessments, measure the effectiveness of compliance systems, develop executive level interventions, and design high-impact training programs. With over twenty-five years of experience in the field, Ms. Dubinsky has served as the Ethics Officer, Associate General Counsel and Corporate Secretary for the American Red Cross (1985 – 1993) Senior Legal Counsel and Compliance Officer for The MITRE Corporation (1993 – 1996); founding member of the Arthur Andersen consulting practice in business ethics (1996 – 1997); and Associate Director, Employee Development for the Howard Hughes Medical Institute (1997 – 2004).  Ms. Dubinsky leads the Conference Board’s Research Working Group on Working at the Intersection of Human Resources, Ethics & Compliance. She is an Executive Fellow with the Center for Business Ethics. She is a contributing author for the ECOA’s Ethics and Compliance Handbook, documenting best practices in the field of corporate compliance. She has published articles in such journals as Law Governance Review, Ethikos, Federal Ethics Reporter, IOMA’s Report on Preventing Business Fraud, CPA Consultant, and the Center for Business Ethics News.  Her work in ethics training was prominently featured in Ethics Matters: How to Implement Values-Driven Management, by Dawn-Marie Driscoll and W. Michael Hoffman (2000).  Her work on investigations is highlighted in Blackwell’s Companion to Business Ethics, ed. by Robert Fredericks (1999). A Phi Beta Kappa, Ms. Dubinsky received her Juris Doctorate from the University of Texas at Austin and her undergraduate degree in Religious Philosophy from the Residential College, University of Michigan. Ms. Dubinsky is active in the cultural arts, folk music, and dance communities of Washington, D.C., and serves on the Board of Directors of the Olney Theatre Center. Joan Dubsinky has contributed the following articles to Corporate Compliance Insights:

You can reach Ms. Dubinsky at

One Comment