The purpose of this post is to explore the link between corporate social responsibility (in a broad context), corporate codes of conduct and open source research.
Many corporations have implemented corporate codes of conduct. In many cases these codes of conduct were in response to changes in legislation affecting public companies in the wake of the Enron fraud of the early 2000s. The US Sarbanes-Oxley Act came into effect in 2002 and in Canada securities regulators adopted National Policy 58-201 in 2005. Both of these laws required that publicly traded companies adopt fraud prevention and conflict-of-interest management control regimes.
National Policy 58-201 contains a recommendation at section 3.8 that boards of publicly traded companies should adopt a code of conduct and ethics (i.e. “a code”).
The policy recommends that a code should address, stewardship of company assets, confidential information, conflicts of interest and ensuring that the individuals to whom it applies comply “with laws, rules and regulations” and “reporting of any illegal or unethical behaviour.” The recommended code is internally focused, referring to “directors, officers and employees of the issuer.” To a large extent the model code appears to address the financial interests investors, and to a lesser extent employees and managers of publicly traded companies.
Times have changed since 2005. What constitutes ethical corporate behaviour has expanded drastically since that time, as have the concepts of “corporate social responsibility”, “good governance” and what constitutes being a “good corporate citizen.” This change has been driven partially by legislation and partially by changes in public ideals.
A brief examination of several corporate codes of conduct of Canadian publicly traded companies reveals that the codes address a much broader range of issues including diversity and equality, human rights, the environment, harassment and violence in the work place – and they have not dropped the original concepts of stewardship of assets, conflict of interest and financial controls found in the original template. Indeed compliance “with laws, rules and regulations” has expanded to include everything from anti-corruption legislation to environmental regulations.
What is more important from the perspective of enhanced due diligence is that these publicly traded companies implicitly or explicitly require suppliers, contractors and other third-parties with whom they do business to adopt the standards set out in their code.
If an organization expects its suppliers, contractors, etc. to conduct their affairs in ways that accord with the organization’s code of ethics, then it follows that the organization may wish to assess the third-party’s background in light of its code of conduct when commencing its business relationship and through its ongoing maintenance of that relationship. There is a significant amount of publicly available information that can assist a publicly traded company in performing that assessment. Much of it is relatively inexpensive to obtain.
Of course, the credibility of all of the information obtained in an enhanced due diligence exercise must be assessed and it must be contextualized. Further, legal advice with respect to contractual relationships and privacy legislation should be obtained prior to conducting any type of investigation.
Notwithstanding these caveats, enhanced due diligence and open source information gathering can be a useful way of identifying risks and assessing compliance in relation to corporate codes of conduct.