Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A Code of Ethics is a formal, binding policy document that defines the ethical principles and conduct standards an organization expects from every person acting on its behalf β employees, officers, directors, and contractors alike. It addresses the situations where legal compliance alone is insufficient: conflicts of interest that erode trust, gifts that blur into bribery, financial records that obscure the truth, and workplace conduct that undermines dignity. Unlike a general values statement posted in a lobby, a Code of Ethics creates enforceable obligations, requires a signed acknowledgment, and forms part of the documented employment relationship. This free Word download gives you a professionally structured, attorney-reviewed starting point you can customize to your company's size, industry, and jurisdiction in a matter of hours.
Without a written Code of Ethics, your organization has no documented standard to enforce, no consistent basis for disciplinary action, and no evidence of a compliance program when regulators, auditors, or plaintiffs come looking. In the United States, public companies face mandatory disclosure obligations under Sarbanes-Oxley; government contractors above $5 million in federal contracts must have a written ethics program under FAR requirements; and companies operating internationally carry FCPA exposure for the conduct of every agent and partner, whether or not those parties were ever told the rules. For private companies, the cost of skipping the document is just as real: an employee terminated for undisclosed conflicts of interest can contest the dismissal if no written policy existed; a vendor who accepted improper gifts can claim the company had no standard against it. A signed, distributed, and actively enforced Code of Ethics closes these gaps β and this template gives you the structure to do it without starting from a blank page.
| If your situation is⦠| Use this template |
|---|---|
| Setting general conduct standards for all employees | Code of Ethics |
| Detailing day-to-day workplace behavior rules and procedures | Employee Code of Conduct |
| Establishing ethics standards specific to board members and executives | Director Code of Ethics |
| Covering supplier and vendor ethical sourcing obligations | Supplier Code of Conduct |
| Formalizing a standalone anti-bribery and anti-corruption policy | Anti-Bribery Policy |
| Protecting confidential business information separately | Non-Disclosure Agreement |
| Addressing conflicts of interest for investment or advisory roles | Conflict of Interest Policy |
Why it matters: Regulatory investigations and civil litigation frequently trace misconduct to agents and directors rather than rank-and-file employees. A Code that only covers employees leaves the highest-risk parties unbound.
Fix: Explicitly list every covered category in the scope clause and require acknowledgment signatures from contractors and directors at onboarding and annually.
Why it matters: Employees who fear retaliation β or who are reporting on a supervisor β will not use a channel that requires them to identify themselves. Misconduct goes unreported, and the company loses the early warning the Code is designed to provide.
Fix: Add at least one third-party anonymous hotline or web portal and publicize it in the Code, new-hire orientation, and annual re-certification communications.
Why it matters: An undated or years-old acknowledgment is weak evidence of a functioning compliance program. Regulators and plaintiffs' attorneys treat it as a sign the Code exists on paper but not in practice.
Fix: Schedule an annual recertification process β typically Q1 β in which every covered person reads the current Code and signs a fresh acknowledgment confirming compliance.
Why it matters: A $50 threshold without a gift log creates a clean path for incremental gifting: four $49 gifts to the same official in a year are individually below threshold but collectively improper.
Fix: Require a gift log entry for all gifts above a lower threshold (e.g., $25) and manager approval for gifts near the per-occasion limit, regardless of cumulative value.
Why it matters: Permissive enforcement language signals to employees that violations are unlikely to have real consequences, significantly reducing deterrence β especially for lower-level misconduct.
Fix: Replace 'may' with 'will' and specify that all reported violations are investigated. Reserve discretion only for determining the severity of the sanction, not whether an investigation occurs.
Why it matters: A Code that references outdated laws, no-longer-used reporting channels, or a former compliance officer's name creates confusion and signals that ethics oversight is not actively managed.
Fix: Assign a named owner β typically the General Counsel or Chief Compliance Officer β who reviews and updates the Code annually and documents the version date on the cover page.
In plain language: States why the code exists, which individuals and entities it covers, and when it takes effect.
This Code of Ethics ('Code') applies to all employees, officers, directors, and contractors of [COMPANY NAME] ('Company') effective [DATE]. It establishes the ethical standards all covered persons must follow in conducting Company business.
Common mistake: Limiting scope to full-time employees only and forgetting contractors, board members, and agents β who can expose the company to the same liability and are frequently the source of violations.
In plain language: Requires covered persons to disclose and avoid situations where personal interests could compromise their decisions on behalf of the company.
No covered person shall hold a financial interest in, or accept employment with, any entity that competes with or does business with the Company without prior written disclosure to and approval by [DESIGNATED OFFICER / COMPLIANCE COMMITTEE].
Common mistake: Requiring disclosure only at onboarding and never again. Conflicts arise over time; annual re-certification catches newly acquired interests, side businesses, or relationships that didn't exist at hire.
In plain language: Prohibits unauthorized disclosure or misuse of proprietary business information, trade secrets, and personal data.
Covered persons shall not disclose or use for personal benefit any Confidential Information of the Company, including trade secrets, customer data, financial projections, or business strategies, during or after their relationship with the Company.
Common mistake: Failing to define what qualifies as confidential. Without a definition, employees argue in good faith that certain information was public, and enforcement becomes inconsistent.
In plain language: Prohibits offering, giving, receiving, or soliciting anything of value to influence a business decision or government action, and aligns with applicable anti-corruption laws.
No covered person shall offer, promise, or give anything of value β including gifts, entertainment, charitable donations, or political contributions β to any government official or private-sector counterpart to obtain or retain business or a regulatory advantage.
Common mistake: Setting a gift threshold (e.g., $50) without also requiring documentation and manager approval for gifts above the threshold. A threshold alone creates a loophole for incremental gifting below the limit.
In plain language: Requires honest dealings with customers, suppliers, and competitors, and prohibits anticompetitive conduct such as price-fixing or market allocation.
Covered persons shall deal fairly with the Company's customers, suppliers, and competitors. No covered person shall engage in price-fixing, bid-rigging, market allocation, or any other conduct that violates applicable competition or antitrust laws.
Common mistake: Omitting competition law entirely and treating this clause as a soft 'be honest' statement. Without an explicit antitrust reference, employees who attend industry events or trade associations have no guidance on what conversations are prohibited.
In plain language: Affirms a commitment to a respectful, harassment-free workplace and prohibits discrimination on protected grounds.
The Company is committed to a workplace free from harassment, discrimination, and retaliation. No covered person shall engage in conduct β verbal, physical, or digital β that creates a hostile, intimidating, or offensive work environment based on race, gender, religion, age, disability, or any other protected characteristic.
Common mistake: Cross-referencing a separate anti-harassment policy without including at least a summary in the Code. Employees often receive the Code as their primary onboarding document; if the harassment standard isn't in it, they may not know a standalone policy exists.
In plain language: Requires accurate, complete, and honest financial records and prohibits falsification of any company document, expense report, or account entry.
All Company books, records, accounts, and financial statements shall accurately and fairly reflect transactions in reasonable detail. No covered person shall make, authorize, or conceal any false, misleading, or artificial entry in any Company record or report.
Common mistake: Not addressing expense reports specifically. Inflated expense submissions are one of the most common ethics violations and go undetected when the record-keeping clause is limited to formal financial statements.
In plain language: Establishes the channels through which violations must be reported and guarantees protection from retaliation for good-faith reporters.
Any covered person who suspects a violation of this Code shall report it to [ETHICS HOTLINE / COMPLIANCE OFFICER / ANONYMOUS PORTAL]. The Company strictly prohibits retaliation against any person who reports a concern in good faith, and any such retaliation is itself a violation of this Code.
Common mistake: Providing only a single reporting channel β typically a direct manager β with no anonymous alternative. Employees who suspect their manager is the violator will not use that channel, and the misconduct goes unreported.
In plain language: States that violations will be investigated and that confirmed violations result in discipline up to and including termination, with no exemption for seniority.
Violations of this Code shall result in disciplinary action commensurate with the severity of the violation, up to and including immediate termination of employment or contract. Seniority, tenure, or prior performance shall not exempt any covered person from investigation or discipline.
Common mistake: Listing 'possible consequences' without committing to an investigation process. Employees interpret vague enforcement language as low risk, which undermines deterrence.
In plain language: Requires all covered persons to sign an acknowledgment confirming they have received, read, and will comply with the Code, and to re-certify annually.
By signing below, I acknowledge that I have received and read the Company's Code of Ethics, understand its contents, and agree to comply with its requirements. I understand that failure to comply may result in disciplinary action up to and including termination. [SIGNATURE / DATE / PRINTED NAME]
Common mistake: Collecting signatures at onboarding and never recertifying. Courts and regulators treat an outdated signed Code as evidence of a compliance program that exists on paper but not in practice.
Replace all placeholder references to 'covered persons' with the specific categories your company intends to bind β full-time employees, part-time employees, officers, board directors, independent contractors, and agents. Be explicit so no category can argue it falls outside the policy.
π‘ Add a definition section at the front of the document that defines 'Covered Person' with a list β it removes ambiguity and makes enforcement easier.
Insert the name or role of the person responsible for receiving conflict disclosures β typically the General Counsel, Chief Compliance Officer, or HR Director. Specify whether approval is required before the relationship proceeds or only disclosure.
π‘ Include a standalone Conflict of Interest Disclosure Form as an exhibit so employees can complete it without having to draft their own disclosure.
Replace the placeholder threshold amounts in the anti-bribery clause with your company's actual limits β typically $25β$100 per person per occasion in the US. Include a documentation requirement for gifts above a lower threshold (e.g., log all gifts over $25).
π‘ Check applicable laws before setting thresholds: UK Bribery Act and FCPA have no fixed safe-harbor amount, so thresholds should be accompanied by a materiality and intent test.
Add the specific contact details β hotline number, anonymous portal URL, or compliance officer email β for each reporting channel. If your company uses a third-party ethics hotline, include its name and access instructions.
π‘ Offer at least two channels: one named (direct to HR or compliance) and one anonymous. The anonymous channel is what makes employees with sensitive reports feel safe.
Cross-reference your employment contracts to confirm the termination-for-cause definition in the Code is consistent. Conflicting definitions create disputes about whether a specific Code violation qualifies as 'cause' under the employment contract.
π‘ Have HR review the disciplinary consequences section against your employee handbook to ensure the Code doesn't contradict existing progressive-discipline policies.
If your company operates in the UK, EU, or Canada, add jurisdiction-specific references: UK Bribery Act for the UK, GDPR for EU data handling, and provincial employment standards for Canada. Generic language may fail to satisfy local regulatory requirements.
π‘ For US public companies, add a specific reference to Sarbanes-Oxley Section 406 and NYSE/Nasdaq listing rule requirements in the financial integrity and record-keeping clause.
Send the Code and acknowledgment form to all covered persons. Collect signed copies before or on the first day of work for new hires. File originals in personnel records and set a calendar reminder for annual re-certification.
π‘ Use an e-signature platform to timestamp each acknowledgment and generate an audit trail β paper signature logs are frequently incomplete and hard to retrieve during investigations.
A Code of Ethics is a formal policy document that sets the binding ethical standards an organization expects from its employees, officers, directors, and contractors. It covers conflicts of interest, confidentiality, anti-bribery, fair dealing, workplace conduct, financial integrity, and enforcement procedures. Unlike a general values statement, a Code of Ethics creates enforceable obligations and forms part of the employment relationship.
For US public companies, the Sarbanes-Oxley Act (Section 406) requires a written code of ethics for senior financial officers, and NYSE and Nasdaq listing rules require one for all directors and employees. For private companies, there is generally no federal mandate, but many industries β healthcare, financial services, and government contracting β require one through sector-specific regulations. In the UK and EU, anti-bribery and data-protection laws effectively require equivalent written policies even if a unified Code is not explicitly mandated.
A Code of Ethics articulates the values and high-level ethical principles that guide decision-making β conflicts of interest, honesty, fairness, and integrity. A Code of Conduct translates those principles into specific behavioral rules for day-to-day situations β dress code, internet use, attendance, and workplace communication. In practice, many organizations combine both into a single document; the distinction matters primarily when legal requirements reference one term specifically.
Yes β an unsigned Code of Ethics is generally unenforceable as a contractual obligation. Requiring a signed acknowledgment at onboarding and annually thereafter creates a documented record that the employee received, read, and agreed to comply with the policy. This acknowledgment is essential evidence in disciplinary proceedings, regulatory investigations, and litigation.
At minimum, a Code of Ethics should cover all employees, officers, and directors. Best practice extends coverage to independent contractors, agents, consultants, and business partners who act on the company's behalf β these parties frequently represent the highest corruption and reputational risk. The scope clause should list covered categories explicitly so no group can argue it falls outside the policy.
The Code should specify that all reported violations are investigated and that confirmed violations result in discipline commensurate with severity β ranging from a written warning to immediate termination. For violations involving fraud, bribery, or criminal conduct, the company may also be obligated to report to regulators or law enforcement. Having a written disciplinary matrix that applies regardless of seniority is critical to consistent and legally defensible enforcement.
At minimum, a Code of Ethics should be reviewed annually and updated whenever applicable laws change, reporting channels change, or the company enters a new market or regulatory environment. The version date should appear on the cover page, and all covered persons should re-sign acknowledgments whenever a material update is made. A Code that has not been reviewed in more than two years is a compliance liability, not an asset.
The structure and key clauses are the same regardless of company size β conflicts of interest, confidentiality, anti-bribery, and reporting obligations apply to every business. Small businesses can simplify the document by removing provisions that are irrelevant to their scale, such as insider trading rules for non-public companies or multi-jurisdiction anti-corruption analysis. A well-completed template is sufficient for most small and mid-size businesses without custom legal drafting.
A properly implemented Code of Ethics β one that is distributed, signed, enforced, and regularly updated β is meaningful evidence of a good-faith compliance program in regulatory investigations, criminal prosecutions, and civil litigation. Under the US Federal Sentencing Guidelines, for example, an effective compliance program can reduce organizational fines significantly. However, a Code that exists only on paper with no enforcement history provides little protection and may be used against the company as evidence of deliberate indifference.
A Code of Conduct focuses on specific behavioral rules for day-to-day workplace situations β attendance, internet use, and communication standards. A Code of Ethics articulates the underlying principles and values β integrity, fairness, and legal compliance β that drive those rules. Most organizations need both; the Code of Ethics sets the framework and the Code of Conduct operationalizes it.
A Conflict of Interest Policy is a standalone document dedicated entirely to identifying, disclosing, and managing situations where personal interests could interfere with duties to the organization. A Code of Ethics addresses conflicts of interest as one of several covered topics alongside confidentiality, anti-bribery, and enforcement. Organizations in regulated industries often need both β the Code for breadth, the standalone policy for depth.
An NDA is a bilateral or unilateral contract between named parties that creates a specific, enforceable confidentiality obligation for a defined purpose and term. A Code of Ethics includes confidentiality obligations as one clause among many and applies broadly to all covered persons. NDAs are used for specific transactions and relationships; a Code of Ethics governs ongoing employment conduct. Both are often needed simultaneously.
An Employee Handbook is a comprehensive operational reference covering HR policies, benefits, leave, performance management, and workplace rules β it is primarily informational. A Code of Ethics is a focused compliance document that creates binding obligations and requires a signed acknowledgment. The Code is typically embedded as a chapter within the Handbook but should exist as a standalone signed document for enforcement purposes.
Insider trading prohibitions, personal trading pre-clearance requirements, client-asset handling standards, and FINRA/FCA-specific conduct obligations embedded directly in the Code.
HIPAA confidentiality obligations, anti-kickback statute compliance for referral relationships, and pharmaceutical gift restrictions under the Physician Payments Sunshine Act.
Client confidentiality, independence and objectivity standards for advisory roles, and fee-splitting restrictions for lawyers, accountants, and consultants.
Data privacy and security obligations integrated with the confidentiality clause, IP assignment reminders, and open-source usage restrictions for engineering teams.
FAR/DFARS compliance requirements, mandatory ethics reporting obligations for contracts above $5M, and specific prohibitions on gifts to federal officials under 5 CFR Part 2635.
IRS Form 990 disclosure requirements for conflicts of interest, board member duty-of-loyalty standards, and donor gift acceptance policy integration.
Sarbanes-Oxley Section 406 requires public companies to disclose whether they have a code of ethics for senior financial officers. NYSE and Nasdaq listing standards require a code covering all directors, officers, and employees. The Foreign Corrupt Practices Act (FCPA) makes an anti-bribery clause legally significant for any US company with international operations, regardless of size. California, New York, and Illinois have additional whistleblower protections that should be reflected in the reporting clause.
The Corruption of Foreign Public Officials Act (CFPOA) mirrors FCPA obligations for Canadian companies operating internationally. Public companies listed on the TSX are subject to National Policy 58-201, which recommends a written code of ethics and requires annual disclosure of compliance. Quebec's Act Respecting the Protection of Personal Information in the Private Sector imposes confidentiality obligations that should be referenced in the data-handling clause for companies with Quebec employees.
The UK Bribery Act 2010 imposes strict liability on companies for bribery by associated persons β employees, contractors, and agents β unless the company can demonstrate 'adequate procedures' to prevent bribery. A properly drafted and enforced Code of Ethics is central to establishing adequate procedures. The Public Interest Disclosure Act 1998 provides statutory whistleblower protections that the Code's anti-retaliation clause should expressly reflect.
The EU Whistleblowing Directive (2019/1937), transposed into member state law, requires companies with 50 or more employees to establish formal internal reporting channels β which must be described in the Code. GDPR obligations apply directly to any personal data handling referenced in the confidentiality clause, and explicit GDPR cross-references are standard in EU-compliant Codes. France's Sapin II law and Germany's Supply Chain Act impose additional ethics and due-diligence obligations for companies operating in those jurisdictions.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Private companies, small businesses, and nonprofits establishing an ethics policy for the first time | Free | 2β4 hours to customize and distribute |
| Template + legal review | Companies in regulated industries, government contractors, or those operating in multiple jurisdictions | $500β$1,500 for a compliance attorney review | 3β7 business days |
| Custom drafted | Public companies with SOX obligations, multinational corporations, or firms under active regulatory scrutiny | $3,000β$10,000+ | 2β6 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
