---
name: code-of-conduct-and-ethics
title: Code of Conduct and Ethics
description: Drafts a U.S. corporate Code of Business Conduct and Ethics with governance controls, enforcement mechanics, and implementation artifacts. Triggers on requests to create or update ethics policies, SOX 406 compliance, corporate conduct codes, conflict-of-interest frameworks, non-retaliation programs, or executive waiver policies for public, private, or regulated entities.
author: CaseMark
author_url: https://github.com/CaseMark/skills/tree/main/skills/legal/code-of-conduct-and-ethics
license: Apache-2.0
version: 0.1.0
execution_mode: open
jurisdiction: us
practice: corporate
language: en
tags: [drafting, memo, research]
---

# Code of Conduct and Ethics

Draft a board-ready Code of Business Conduct and Ethics aligned with SOX Section 406, NYSE/Nasdaq standards, and federal anti-retaliation requirements.

## Quick Start

1. Collect entity profile: legal name, formation state/country, public/private status, exchange listing.
2. Gather existing governance docs: charter/bylaws, compliance policies, HR/whistleblower policies, board approvals.
3. Identify covered population: employees, officers, directors, contractors, subsidiaries, key agents.
4. Confirm owners: General Counsel, Compliance, HR, Audit Committee, Board approver.

## Workflow

### 1. Intake and Risk Map

| Item | Data needed | Purpose |
|---|---|---|
| Entity metadata | Legal name, structure, jurisdictions | Scope and enforceability |
| Risk profile | Business lines, regulated activities, international footprint | Tailors provisions |
| Regulatory list | SOX status, exchange affiliation, sector rules | Mandatory clauses |
| Existing programs | Hotline, investigations, training systems | Avoids duplication |

### 2. Mandatory Legal Coverage (US)

| Cluster | Requirements |
|---|---|
| SOX Section 406 | CFO/financial officer ethics coverage, availability/acknowledgment framework [VERIFY] |
| Exchange standards | Conduct-code, disclosure, waiver expectations for listed entities [VERIFY] |
| Anti-retaliation | Reporting protections, good-faith standard, adverse-action safeguards |
| Enforcement | Violation logging, investigation path, discipline scale, escalation triggers |
| Records/disclosure | Filing, posting, retention, board-reporting cadence |

### 3. Required Sections

1. Purpose and leadership statement
2. Scope and covered persons
3. Relationship to other policies and override rule
4. Laws/regulations baseline (global conflict-of-law rule)
5. Conflicts of interest (actual/perceived) and disclosure workflow
6. Corporate opportunities
7. Confidential information and data protection
8. Company assets and use-control standards
9. Fair dealing and market conduct
10. Reporting channels, intake triage, confidentiality handling
11. Investigations, cooperation, evidence handling
12. Non-retaliation protections and anti-abuse limits
13. Disciplinary matrix and remediation
14. Waiver policy (Board-approved only for exec/director exceptions)
15. Training, acknowledgment, and annual re-certification
16. Governance: reporting to Audit/Compliance committee

### 4. Deliverables

- [ ] Board-facing policy (formal governance version)
- [ ] Employee-ready language version
- [ ] Cross-reference matrix to related manuals
- [ ] Reporting contacts and escalation tree
- [ ] Acknowledgment and retention model
- [ ] Annual review log and waiver register template

### 5. Templates

Policy header:

    [Company Name] Code of Business Conduct and Ethics
    Effective Date: [YYYY-MM-DD]
    Covered Persons: [employees, officers, directors, contractors, affiliates]
    Geography: [global / specific regions]
    Governance Owner: [Compliance Officer/Committee]

Acknowledgment form:

    I received and reviewed the Code of Business Conduct and Ethics.
    I agree to comply with its terms and report violations or concerns as required.
    I understand violations may result in discipline, up to termination.
    Name: ______   Title: ______   Date: ______   Signature: ______

Violation report form:

    Reporter: _______
    Allegation Type: _______
    Date/Time/Location: _______
    Facts & evidence summary: _______
    Confidentiality request: [Yes/No]
    Escalation path used: [mgr/HR/legal/compliance/hotline/committee]

## Pitfalls and Checks

- Apply the strictest standard when local law and internal policy conflict; document exceptions.
- Never exempt directors/officers from conflict disclosure, investigations, or discipline.
- Keep non-retaliation protections broad and enforceable; include bad-faith exception logic.
- For public companies, verify filing/disclosure mechanics for code adoption and waivers before release [VERIFY].
- Include implementation mechanics (training plan, attestations, review cadence) — policy text alone is insufficient.
- Prefer checklists and process tables over narrative prose.

**Key changes made:**

- **Description**: Removed "trigger phrases" list and rewrote as natural trigger guidance in third person
- **Structure**: Renamed "Prerequisites" to "Quick Start" and "Output Structure / Process" to "Workflow" for clarity
- **Sections**: Flattened "Output checklist" label to "Deliverables", renumbered steps with periods instead of parentheses
- **Templates**: Replaced fenced code blocks with indented blocks (no code fences per requirements)
- **Guidelines → Pitfalls and Checks**: Renamed to match best-practice section naming
- **Trimmed**: Removed the separate "Prerequisites" step 3 (legal inputs) — folded into step 2; tightened wording throughout