Kusserow on Compliance: Tips on developing and revising the ‘Code of Conduct’

All compliance guidance from the U.S. Sentencing Commission to the HHS Office of Inspector General (OIG) and DOJ has called for having a Code of Conduct as a foundation document for any effective compliance program. However, many such codes are far out of date and fail to provide the needed guidance for employees on their obligations towards compliance. The initiation of compliance program guidance by the OIG was a major stimulant for having Codes of Conduct. In the early days of responding to such guidance, many organizations quickly developed a “Compliance Plan” that included all seven elements of the program, including a Code. Unfortunately, plans are statements of intent, not an operating program and converting them into fully functioning and effective programs has years. This has included reviewing, revising and updating their Code of Conduct and compliance-related policies.

Daniel Peake of the Compliance Resource Center (CRC) (dpeake@compliancereource.com (703)-236-9854) works with compliance officers to provide a variety of compliance related services that includes the Policy Resource Center (PRC) which provides templates for compliance-related documents, including Codes, charters, policies, audit guides, etc. He notes that the PRC offers Code templates, but it is important that the Code should reflect the organization’s spirit, tone, and culture. If it doesn’t ring true to staff, securing their participation and cooperation in the compliance program will be much more difficult. The Code should be tailored to be an extension the mission and vision of the organization. It needs to be part of an ongoing monitoring effort subject to periodic reviews to ensure it remains up to date with the ever-changing regulatory environment.  He offered the following tips:

11 tips for developing or revising the Code of Conduct


  1. Determine whether it is time to review and possibly update the Code. Answering the following will help in making that determination: (a) When the Code was last reviewed/revised? (b) Any significant changes in law, regulation, or guidance since last revision? (c) Any changes/updates to compliance policies since last revision?
  1. Review Code templates and examples of other similar organizations. It is useful to review the codes of other organization to help focus on what is needed; and this can save a lot of time and effort. However, copying a Code from another source may prove to be problematic, if it runs counter to the culture of the organization.
  1. Gain buy-in from executive leadership. This is critical and needs to include personal involvement of the Compliance Officer, as well as HRM and Legal Counsel.
  1. Introductory letter from the CEO. It is a best practice to have the CEO introduce and endorse the Code, along with stating that (a) everyone is equally obligated to adhere to it, (b) everyone has a duty to report potential violations without fear of retaliation, (c) a confidential hotline is available to report confidentially or anonymously, etc.
  1. Reference the Code against compliance-related policies. The Code must not conflict with policies and procedures, as it would risk potential liabilities.
  1. Consider using experts to facilitate process. No need to “reinvent the wheel.”  Code development/revision can be simplified, facilitated, and guided by compliance experts in this field; and can ensure inclusion of key concepts, including those called for by the HHS OIG.
  1. Determine Core Code Content. Key to developing a successful Code is to ensure that it addresses the needs of all stakeholders (i.e. management, employees, Board, regulatory agencies, etc.).
  1. Code must detail procedures for addressing compliance issues. Employees should feel comfortable in approaching his or her supervisor, other members of management, HR or the Compliance Office. In addition there must be an option to report to a confidential hotline.
  2. Dissemination of the Code. The Code must be made available to all covered persons through an Intranet, in hard copy with signature receipt, through compliance training, or a combination of all. If the Code is not new, but one that has been revised, then steps need to be made to stop dissemination of the old version.
  3. Translating Code into other languages. A decision is needed as to whether the Code is to be provided only in English, or with versions in other languages. If it will be disseminated in multiple languages, the challenge will be to ensure the Code is written in simple terms, avoiding slang or jargon that will create problems in translating to be equivalent in meaning.
  4. Ensure all out of date Codes are removed from the website and hard copies collected. Having more than one version of the Code in circulation at the same time is a formula for creating problems.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.