Whitepaper supplier code of conduct benchmarking study

Supplier codes of conduct:

A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape

Whitepaper

29 September 2013

Contents1. Introduction

2. Industry supplier code scores

3. Averages by industry

3.1 Top three

3.2 Bottom three

3.3 Top ten codes

3.4 Commentary on the top five codes

4. Employee code versus supplier code

5. Naming the code

6. Evolution of supplier codes

7. Underlying guidelines

8. The hallmarks of supplier code of conduct best practices

8.1 Accessibility

8.2 Leadership visibility and values

8.3 Understanding the code

8.4 Risk topics

8.5 Reporting violations

8.6 Look and feel

8.7 Implementation and enforcement

8.8 Innovation and CSR

9. Importance of supplier codes

Appendix

Company codes used in this study

4

5

7

7

7

8

9

11

12

13

14

15

15

15

16

17

20

21

21

22

23

25

25

Page 4

1. Introduction

Today’s supplier codes of conduct are better and more plentiful than those of a few years ago. Many

companies are starting to recognise the importance of having a written code of conduct for their suppliers

and other third parties, and the value that such a code can create for their company’s business. The code

sets a consistent standard for vendor organisations, is a vital part of corporate social responsibility (CSR)

and compliance and ethics programmes, and helps to advance integrity, responsible business practices and

human rights.

Most companies have a uniform set of standards for the products and services they purchase, and similar

standards should be in place for the ethical business principles that suppliers are expected to maintain.

The consequences for a fault in the ethics of the supply chain can be just as catastrophic as a fault in the

products being supplied, if not more catastrophic. The supplier code is also becoming a document that

is of importance to the public (including consumers and investors). Many companies are beginning to

significantly improve their existing supplier codes, or draft a supplier code for the first time. The driving

forces behind the increased focus on supplier codes can be attributed to more global and sophisticated

supply chains, increased public scrutiny on corporate responsibility, human rights and environmental

compliance, new legislation enforcement developments, as well as the pioneering work of some leading

organisations that set the trends and raise the bar. These factors are driving supplier codes into a new era

of quality and best practices.

When looking at the 150 supplier codes that were a part of this study, one of the major conclusions is that

the majority were in need of improvements in terms of both content and presentation. The average score

for the population of supplier codes examined was 57.16 on a zero-to-100 scale – the equivalent of a C+

grade. While there are some companies that put a great deal of effort, time, money and resources into

creating a best-practice code, many companies’ codes were too brief and difficult to understand.

Hundreds of companies’ websites were examined in an effort to locate a population of codes for the

purposes of the study, but most companies either did not have a supplier code or did not make it available to

the public. So while the content of some of the codes that were located could be improved on various levels,

commendation must be given to the companies that had publicly-available supplier codes in the first place.

The companies that scored well in this study did a number of things consistently, and provided:

• a clear explanation of rules and expectations for suppliers

• adequate risk topic coverage

• unambiguous reporting avenues

• clear language about enforcement and monitoring which clearly stated the right of the company to

audit and explicitly mentioned the consequences for non-compliance

• well-thought-out design and presentation.

The most robust codes also included a personalised letter of introduction from a senior executive, setting

strong tone from the top.

The Red Flag Group

Page 5

2. Industry supplier code scores

In August 2013 The Red Flag Group examined over 500 randomly-selected corporate websites and from

this information we compiled a list of 150 supplier codes of conduct. (For the full list of codes examined

please refer to the Appendix.)

With each industry examined there was a wide range of scores (from A to D) and codes that were above

and below average. No industry was found to be fully comprised of either substandard or stellar codes – all

industries had a mix of good codes and codes that needed significant improvement. Nevertheless, there were

three clear standout industries: energy and extractive, engineering and construction, and healthcare products

and services. These three industries had an average score at least seven points above other industries. Their

codes tended to address all key risk topics, were easier to understand, provided a clear process for making

reports, and were not shy to stress enforcement and monitoring. They also tended to set expectations or

provide guidance on how their codes should be implemented by their supplier organisations.

While the industry average scores could be in part explained by the choice of codes that made up a

particular industry and the presence of several particularly strong or weak codes in the industry mix, there

could also be some industry-specific factors and trends that may help explain the score.

IndustryAverage

scoreDistance from

averageGrade (A–F)

Aerospace and defence 55.24 -1.92 C+

Automotive 61.92 4.76 B-

Chemicals 61.04 3.88 B-

Consumer 54.49 -2.67 C+

Electronics, technology and telecommunications 61.99 4.83 B-

Energy and extractive 69.08 11.92 B

Engineering and construction 67.48 10.32 B

Forestry, paper and packaging 48.88 -8.28 C

Healthcare products and services 65.49 8.33 B-

Industrial manufacturing 60.00 2.84 B-

Leisure and hospitality 48.78 -8.38 C

Retail 52.21 -4.95 C+

Transportation 50.35 -6.81 C+

Overall average 57.16 C+


Page 6

In our opinion, the main factors that contributed to these industries being the top performers are the

regulatory environment (pharmaceutical and healthcare laws, conflict minerals laws), greater resource

availability, prominence of the supply chain in the business model and increasing public scrutiny.

Often the type of work done in the industry dictates the amount of scrutiny placed on the supply chain

and the supplier code of conduct. Conversely, there were laggard industries that for a variety of possible

reasons had codes that were at least seven points lower on average.

Some of the key factors that contributed to the low scores for these industries were:

• the failure to address important risk topics

• lack of tone from the top

• scant references to company values

• weak or vague enforcement and monitoring language

• bland presentation

• “legalese” writing style.

The Red Flag Group

Page 7

3. Averages by industry

3.1 Top three

3.2 Bottom three

A number of factors could account for the above industries being the leaders. With more importance

placed on environmental, anti-corruption and other legal and regulatory compliance there is much more

scrutiny by the regulators and general public to create greater transparency and accountability in the

supply chain. Conflict minerals laws put a significant pressure on the extractive industry, including smelters

and refiners. Companies aim to reassure investors and consumers that potential conflict minerals concerns

have been addressed.

Other plausible explanations for the above-average codes in these industries are that they have better-quality

compliance programmes in general and a higher allocation of budget for creating supplier codes of conduct.

All three of the above industries are known for having a relatively-high degree of regulation and/or

litigation, and are therefore inclined to have superior compliance programmes. Internal buy-in from

executives regarding supply-chain compliance could equate to more focus on the creation of a supplier

code of conduct, resulting in a better code.

Lastly, it could be contended that the companies in these industries rely on the supply chain more than

many other industries do. These companies often rely on suppliers for quality products in large volumes.

More dealings with suppliers can result in more exposure to risk and therefore more possible violations. A

robust supplier monitoring and auditing programme with a premium code could prove a worthwhile return

on investment for companies in these industries.

When looking at the three industries with the lowest averages, a number of factors could be contributing to the

lower-than-average scores. One factor is the general lack of publicly-available supplier codes; locating codes for

these three industries was more difficult than locating codes for other industries.

Perhaps one of the most puzzling underperformances was from the forestry, paper and packaging

industry, despite the presence of some solid codes such as those of Kimberly-Clark and SCA. The industry

is subject to significant public scrutiny and risk due to the high environmental and human impact. We

would therefore expect this sensitivity to be adequately translated into strong supplier codes. There are a

number of other programmes in place for sustainability in ethical sourcing and responsible forestry, but the

increased focus on CSR has not yet been apparent in supplier codes.

Industry Average score

Energy and extractive 69.08

Engineering and construction 67.48

Healthcare products and services 65.49

Industry Average score

Transportation 50.35

Forestry, paper and packaging 48.88

Leisure and hospitality 48.78


Page 8

3.3 Top ten codes

Transportation companies, by their nature, are some of the most global organisations. This could account

for their placement in the bottom three, as the confusion surrounding the multitude of applicable global

laws and standards can cause codes to be ill-defined. While these concerns may be legitimate for the

transportation industry, many other global-oriented industries deal with these issues and have adequate

supplier codes.

One of the industries that heavily relies on directly appealing to consumers is the leisure and hospitality

industry, primarily made up of restaurant and hotel companies. These companies should have a major

focus on the supply chain to ensure quality of products. Another less-apparent key audience of supplier

codes is consumers. These consumers want to know where their meal or bath soap is coming from, and

many companies advertise their quality, “farm fresh” ingredients. Despite this, many of the companies in

the leisure and hospitality industry appear to have weak or unavailable codes, with the exception of a few

top performers, such as McDonald’s.

Company IndustryAverage

scoreGrade (A-F)

Balfour Beatty Engineering and construction 98.04 A

CH2M Hill Engineering and construction 97.10 A

McDonald’s Leisure and hospitality 95.06 A

ArcelorMittal Energy and extractive 90.20 A-

Merck Healthcare products and services 87.93 A-

Siemens Industrial manufacturing 87.85 A-

Horizon Blue Cross Blue Shield of New Jersey

Healthcare products and services 86.51 A-

Pacific Gas and Electric Company (PG&E)

Energy and extractive 83.61 A-

Fluor Engineering and construction 82.99 B+

Daimler AG Automotive 80.49 B+

The Red Flag Group

Page 9

3.4 Commentary on the top five codes

5 – Merck

Merck did what many companies forgot to do with their supplier codes: translate it. Merck’s code is

available in 27 different languages. A comprehensive table of contents makes sections easy to find and the

pages are not overcrowded with too many words. Most of the codes we reviewed look like contracts or

bland Microsoft Word documents, but Merck’s supplier code uses colours and photographs.

Another major highlight of Merck’s code is the multiple avenues available for readers to make reports

or speak up. Included on the last page of the code is a web address, email address and phone and fax

numbers for anonymous reporting.

Merck was also one of the few companies that included industry-specific risk topics, such as ethical animal

testing and pharmaceutical marketing.

4 – ArcelorMittal

Even in the strong energy and extractive industry, ArcelorMittal’ this supplier code of conduct stands out

as a top performer. One of the major highlights is the opening letter from the senior vice presidents who

are involved in procurement. It is strongly recommended, but unfortunately not a universal practice, that

a supplier code contains a statement from an executive. Adding this opening statement sets proper tone

from the top and shows readers that the supplier code is a document of significance.

Another standout characteristic of the code is the discussion of the systems behind it such as how suppliers

should train their employees on the code, the right to audit suppliers and the need to maintain relevant

documents evidencing compliance.

The presentation of ArcelorMittal’s code is also far above average.

3 – McDonald’s

The McDonald’s supplier code of conduct has probably the best branding of all of the codes that were

reviewed. The golden arches appeared multiple times throughout, along with pictures of McDonald’s

products, trucks, packaging and workers.

The code contained quotes from senior executives throughout, stating the importance of the supply chain,

standards of excellence and corporate values. This earned McDonald’s maximum scores in values and

leadership visibility.

A great innovation in the McDonald’s code is a new way for readers to make reports: text messaging via

cell phone. Given the popularity of text messaging it is truly pioneering to include this as a method of

raising concerns.

McDonald’s code is very easy to understand and straightforward, which makes translating it to a global

audience much easier. Too many long words and complex sentences increase the likelihood that the

employees of suppliers won’t be able to understand the code. A compact, simple, direct code should be

the goal for code writers.


Page 10

2 – CH2M Hill

Risk topics are arguably the most important part of a code of conduct. CH2M Hill’s code scored the

highest in the category of risk topics. The clear and comprehensive guidance provided in the code on all

key topics lets readers know what is expected of supplier employees. The code is skillfully written at a level

that can be understood by a wide audience.

Listing reporting avenues should be standard for all supplier codes but CH2M Hill takes this further,

reassuring potential reporters by highlighting and purposefully discussing whistleblower protection. It is

one thing for employees to know about a violation and know where a report could be made, but getting

them to actually make the report is something different. Language about non-retaliation is essential and

should be present in all codes.

1 – Balfour Beatty

Balfour Beatty owns the top supplier code overall. It was recently updated (in March 2013), and is

innovative, comprehensive, stylish and practical. The code is structured around four main values: integrity,

teamwork, excellence and respect. There is a sincere introduction from the CEO that sets the stage for the

truly great code that follows.

Balfour Beatty’s code is also one of the very few that utilises realistic examples. The practical examples

deal with topics of inappropriate gifts and entertainment, health and safety, and subcontracting. The code

looks more like a webpage or a polished marketing brochure than an inert PDF document. It is certainly

one of the most cutting-edge, innovative and complete codes out there today.

The Red Flag Group

Page 11

4. Employee code versus supplier code

It is standard practice and a legal requirement for publicly-traded companies in many jurisdictions to have a

corporate code of conduct. When drafting a supplier code, a company may naturally turn to its employee code

of conduct as a starting point. While the two documents are similar in nature, a number of things must be

considered to create a quality supplier code of conduct that is distinct from the employee code of conduct but

similar in calibre.

The main differences between supplier and employee codes are audience, function and length.

The most obvious difference is the intended audience. The readers of employee codes are company employees,

where supplier codes are directed at employees of an entirely different company. Since supplier codes generally

apply to an entire global supply chain, the many cultures and varying laws around the globe must be taken

into account. With these varying audiences, the content of codes in terms of topics and breadth is a great

divergence. The functions of the two codes are much different.

The supplier code’s function is to mitigate unethical behaviours, alert the company of supplier malfeasance,

and give the company a means by which to control supplier relations, promote human rights and decrease

possible negative publicity in case of supplier impropriety.

Lastly, supplier codes are much shorter than employee codes, in both pages and word count. The typical

supplier code will be around half to one-third of the size of a typical employee code.


Page 12

5. Naming the code

Terminology of supplier codes

The titles for supplier codes of conduct varied to some extent between each code that was examined. The

codes typically included “supplier”, “vendor”, “third parties” or “business partners” in their titles. By far

the most common nomenclature was simply “supplier”. This seems to be the most straightforward title for

the code and the generic title when referring to or discussing a code intended for a companies’ suppliers,

contractors, vendors etc.

66.10%“Supplier”

18.40%“Business partner”

“Vendor” 6.90%

Others 6.10%

“Third party” 2.00%

The Red Flag Group

Page 13

6. Evolution of supplier codes

Today, employee codes are by and large far more advanced than supplier codes. As there are legal

requirements to have a code of conduct directed at employees and officers, they are more commonplace and

are a standard benchmark for a company’s ethics and compliance principles. Since the genesis of employee

codes with the Sarbanes-Oxley Act in 2002, the popularity and standards of codes have been raised year after

year. Employee codes are generally thought of as being more important than supplier codes; accordingly,

more time, effort and resources are devoted to making a suitable employee code than for a supplier code.

Also, as a company’s employee code is under more internal scrutiny, it typically receives approval from the

chief executives and board of directors. Increased scrutiny from senior leaders could be a driving force for

improving the quality of supplier codes in all industries.

Just a few years ago, a vast majority of Fortune 1000 companies did not have a supplier code. Any language

regarding ethical standards was relegated to supplier contracts or other purchasing agreements. For many

organisations, if a supplier code was in place, it was typically a black-and-white document with no pictures

which only touched on very basic risk topics, such as human rights and confidential information. It would

be rare to find language about making reports or to see a letter of introduction from a senior executive.

With the creation of standards such as the United Nations Global Compact or the California Transparency in

Supply Chains Act of 2010, along with some leading industry initiatives, many companies began to give more

credence to existing supplier codes or created a supplier code for the first time.

In the current supplier code landscape only a handful of organisations’ codes are in line with best practices,

but this is the highest standard that supplier codes of conduct have been. Many companies are starting to

introduce the user-friendly aspects of their employee codes into their supplier codes, and overall supplier

codes are trending upward.


Page 14

7. Underlying guidelines

In the United States, the prevailing guidelines for employee codes are The Sarbanes-Oxley Act of 2002 and

the stock exchange listing requirements for publicly-traded companies. The guidelines set forth in these laws

are broad. Notably, they list a handful of topics that ought to be covered and the general requirement that a

code must be an “effective” document. From these very general standards laid out by the government and

regulators, robust best practices for employee codes have been established.

With supplier codes, the mostly widely referenced and internationally recognised standards are the ten

principles set forth by the United Nations Global Compact. These are segmented into four main categories:

Human Rights, Labour, Environment and Anti-Corruption. Similar to the standards for employee codes set

forth under the Sarbanes-Oxley Act, these principles are very broad and universal in nature and intent. It

is the job of code writers to expand upon these basic principles and form them into practical guidance for

suppliers.

Another key driving initiative behind supplier codes and their development has been the California

Transparency in Supply Chains Act of 2010. This law, which came into effect on 1 January 2012, requires

retail sellers and manufacturers doing business in California to “disclose their efforts to eradicate slavery

and human trafficking from their direct supply chains for tangible goods offered for sale”. Many of the

companies whose supplier codes were examined as a part of this study also had a public webpage devoted

to compliance with the Act. Other companies did not have a supplier code but did, at least, have some public

language about compliance with the Act.

Industry-specific standards are another main influence for guidelines in supplier codes. Some industry trade

groups have established high-level principles similar to the United Nations Global Compact for their specific

industry risks and laws. These include the Extractive Industries Transparency Initiative principles and – probably

the most popular of all the industry group standards – the Electronic Industry Citizenship Coalition Code.

These types of self-regulating standards are of great importance and similar standards should be adopted by

other industry groups and companies alike.

The Red Flag Group

Page 15

8. The hallmarks of supplier code of conduct best practices

8.1 Accessibility

Perhaps the most straightforward of all the hallmarks for supplier codes is that of accessibility. Best-practice

supplier codes should be in a downloadable format (preferably PDF), linked on an easy-to-find page of a

public website. Nearly 90 percent of the supplier codes found were in PDF format.

The code should also be translated into a number of languages, when appropriate, for suppliers’

employees. The translated versions of the code should be made available alongside the English version to

show that the company operates in a global environment and makes its code accessible to non-English

readers. Slightly more than a quarter of companies made their codes available in multiple languages,

even though most of the codes reviewed belonged to companies with international supply chains and/or

international business presence.

Supplier codes should be placed on public websites where they can be easily found by employees of suppliers

and those unfamiliar with supplier codes, such as consumers and investors. Several companies made their

codes very visible on their public websites, including Alcoa, the Dow Chemical Company and BNSF. These

companies placed their codes in logical and noticeable areas of their websites, such as on “Sustainability”,

“About Us” or “Values and Ethics” pages. Alcoa placed its code in a section about bringing sustainability

to the supply chain. Dow and BNSF both had valuable sections on the expectations of suppliers where their

supplier codes and other documents were made available.

8.2 Leadership visibility and values

A supplier code of conduct should contain at least an introduction or similar communication from a senior

executive, such as the CEO, president, head of procurement or chairman of the board. Ideally, supplier codes

should have quotes from senior executives throughout which discuss why the code is important and what the

expectations of suppliers are. The language should be sincere and tailored to the work that the company is

doing, trying to avoid generic statements that say little about the company’s specific work and reliance on the

supply chain. Unfortunately, most supplier codes appeared to miss an opportunity to communicate tone from

the top, as less than 20 percent of codes reviewed had any language from a senior executive.

Is there a statement from a senior-level executive in the code?

None81.63%

Yes, throughout the code4.76%

Yes, in an introduction

10.88%

Only an occasional quote

2.72%


Page 16

CA Technologies’ supplier code had a fine introduction from its Executive Vice President of Risk and Chief

Administration Officer and its Chief Ethics & Compliance Officer. Becton, Dickinson and Company (BD)

also employed the best practice of having multiple quotes from executives throughout the code in callout

boxes. Teledyne’s supplier code had a personalised opening letter from their Chairman, President and CEO

to introduce the document and call attention to the relationship between the company and its suppliers.

8.3 Understanding the code

The supplier code should be easy to understand and concise. A best-practice supplier code would

typically be 2000 to 4000 words long, averaging towards the lower edge. Some companies operate in

more-regulated industries, which can result in a lengthier code but still a document that lives up to the

top code standards.

The majority of codes examined were shorter or significantly shorter than the recommended

best-practice range.

Word count of supplier codes

25.17%2001–4000

5.44%4001–6000

>6000 4.08%

1000–2000 42.18%

<1000 23.13%

The Red Flag Group

Page 17

A supplier code doesn’t have to cover as much ground as an employee code. There are fewer topics in a

supplier code and the depth of coverage is typically not as deep as with an employee code. Oftentimes with

an employee code stand-alone policies are repurposed, shortened and inserted into the code, making it too

complex and hard to understand. The same mistake can happen with supplier codes if supplier agreements

or purchase contracts are changed only slightly and refashioned as supplier code.

Given the varied nature of the supplier-code audience, where there are more unknowns (regions, language

barriers, cultural differences, varying laws etc.), it makes sense to keep some sections of a code intentionally

generalised. However, many of the codes that were assessed took being ambiguous to extremes, resulting in

codes that provided almost no practical information or value. It requires a fine balance to create a code that is

general in nature but still provides practical guidance.

8.4 Risk topics

The most important goal of a supplier code of conduct is to set consistent standards and expectations

for supplier behaviours and provide guidance to those suppliers. Companies sometimes work with

hundreds of vendors and contractors. The nature of today’s global supply chain has a great impact on

these standards, as widely-accepted labour practice in one country could be illegal in another. As there is

a uniformity of standards for product quality, there should also be a uniform set of standards for ethical

behaviours in supplier dealings.

The topics addressed in a global supplier code must be consistent and relevant for all suppliers, wherever

they are located. Most companies will not create region- or country-specific versions of their supplier

code, content-wise, so the challenge is in how to write a code that encompasses such a diverse supplier

audience.

A supplier code should be written in a tone and grade level that is easily understood. The recommended

reading level for a supplier code of conduct is around the tenth-grade to twelfth-grade level. Some code

writers might aim to have a reading level lower than a tenth-grade level, but due to the vocabulary and

concepts in supplier codes it can be very difficult to write the code in simpler language. The majority of

codes reviewed were too complex and at a grade level way above the recommended range.

Grade level of supplier codes

19.05%10–12

31.97%12–14

14–16 38.78%

16–18 10.20%

18+ 0%


Page 18

Many of the codes studied attempted to appeal to this varied audience by covering risk topics generally

rather than specifically. Some codes that were reviewed had only one sentence for crucial topics such

as harassment, confidential information or conflicts of interest. Statements such as “Laws concerning

harassment must be followed” will be far too general to be of much use for suppliers who need to

understand the code and put it into practical terms.

Best-practice supplier codes will address about a dozen of the core risk topics listed on page 19. As

mentioned before, there should be a balance when covering risk topics so enough information is given

to readers to know how to act in an ethical and compliant manner without going too far into specifics.

This balance is one of the most difficult things to achieve when writing a supplier code, and it was

obvious that many of the companies whose codes were examined struggled with this challenge.

Supplier codes cover topics which are often only briefly covered in employee codes (if they are covered

at all), such as human rights, forced labour, child labour, human trafficking, corporal punishment,

corporate dormitory living conditions and various aspects of supply chain and CSR. If a company is

found to have been dealing with a supplier that violates human rights there is often an outcry from the

public and a considerable scrutiny and backlash.

Ethical standards are best communicated in supplier codes of conduct by having clear and sufficiently

detailed coverage of the following risk topics.

Are risk topics addressed in appropriate depth?

No33.33%

Yes21.77%

Somewhat44.90%

The Red Flag Group

Page 19

When it came to covering risk topics, two of the very best supplier codes of conduct were those of

Microsoft and Baxter International. Both companies comprehensively covered risk topics while still

maintaining a concise code. Microsoft, in particular, had a fantastic blend of covering risk topics in

appropriate depth but not overburdening the readers with too many fine details.

It is also best practice to have a number of real-world examples (question-and-answer examples are best)

placed in the supplier code. These scenarios put the rules of the code into practical application and help

to make the code relevant for situations that readers could find themselves in. Unfortunately, only 13

percent of codes had any sort of learning aids, and most were only very basic lists or bullet points.

Risk topics addressed in supplier codes

89.80%Human rights/workplace conditions/

wages and hours

86.39%Environmental compliance

86.39%Workplace safety and health

78.23%Discrimination

72.79%Bribery and corruption

(including use of agents)

56.46%Data privacy and confidential

information of customer companies

43.54%Conflicts of interest

43.54%Gifts and entertainment

40.82%Harassment

33.33%Product/service quality/integrity

31.97%Accuracy of records

20.41%Export compliance

15.65%Other industry-specific and country-specific risk topics


Page 20

8.5 Reporting violations

Information about how to raise concerns is one of the most critical (and often one of the most overlooked)

parts of a supplier code. Providing phone numbers, websites, addresses and other alternative avenues for

people to voice any concerns makes a supplier code of conduct an actionable document by alerting the

company to possible misconduct. Employees of supplying companies can be fearful of reporting concerns

internally, so these external avenues can be invaluable for preventing larger problems.

It is recommended that supplier codes list at least three different avenues for making reports. Generally these

are a phone number, a website and a postal address, with at least one method being anonymous. These

avenues should be easy to find and clearly mentioned more than once throughout a code.

Supplier codes should also encourage speaking up by including language about non-retaliation to reassure

would-be whistleblowers. Over 70 percent of the examined codes had no language about non-retaliation,

decreasing the likelihood of employees speaking up about unethical or illegal practices or unsafe working

conditions.

As mentioned earlier, McDonald’s code included an avenue for employees to text in their concerns via

mobile phone – the only code examined that had such an avenue. Eastman Chemical also demonstrated

exceptional reporting options within its supplier code, displaying five clear avenues to make reports in its

document along with language about anonymous reporting.

Reporting avenues listed in supplier codes

31.29%Email

31.29%Phone hotline

Company’s phone number 19.05%

Web hotline 17.69%

Postal address 15.65%

Company’s website 13.61%

The Red Flag Group

Page 21

8.6 Look and feel

The saying goes “Don’t judge a book by its cover”, but people are often quick to render judgement

on a first impression. It is for this reason that the aesthetics and look of the code need to be taken

into account. To be in line with best practices a code should be professionally designed, complete

with branding, colours and photographs that reflect the brand and the nature of the company. Only

12 percent of the codes examined had any sort of company branding, while over 70 percent had no

images or photographs whatsoever.

Oshkosh Corporation and McDonald’s offer great examples of branding in a supplier code of conduct –

both include photographs of their products, facilities and workers and consistently use company colours

and logos. Without reading any of the text it would be fairly easy to tell the exact company that authored

the code by looking at the many photographs. A code that looks visually appealing is more likely to be

read as it is less intimidating than a code that resembles a contract or legal memo.

Codes should also be easy to navigate and readers should be able to quickly find specific topics. This can

be achieved with a logical structuring of the code or by adding a table of contents.

8.7 Implementation and enforcement

In many ways a supplier code needs to be a self-contained document. With an employee code there is a

common understanding within the company that there will be related training, awareness campaigns and

on-going communications, so these don’t need to be discussed in the code document itself. With supplier

codes, however, it is not known how much effort each supplier will put into communicating the code within

their organisation. Most of the codes examined in the study made no mention of what actions the suppliers

were expected to take to implement the code within their organisations. Only 17 percent noted the need for

suppliers to train their employees about the codes.

A supplier code must contain information about how that code should be implemented, enforced and

communicated. While 51 percent of codes mentioned that they should be followed by suppliers, only

30 percent had explicit language stating that following them was mandatory and a condition of doing

business with those companies.

A supplier code of conduct is a written document that sets a company’s standards. Proper supply chain

oversight goes beyond the written code with the ability of the company to monitor, audit and inspect

supplier facilities, including making unannounced site visits, conducting unsupervised interviews with

employee groups and gaining access to documents concerning working conditions and compliance with

their code. Only slightly more than half of the codes mentioned the right of the company to audit or monitor

supplier compliance. Most codes (92 percent) had some mention about the repercussions of not following;

however only 30 percent noted the specific consequences (termination of contract etc.), with 31 percent

including only ambiguous language about corrective actions and another 31 percent vaguely inferring that

there may be consequences for not following.

Including a section in a supplier code about the company’s right to conduct audits and inspections informs

readers that that code is a serious document with real implications. If the code is not followed, the company

should have the right to require improvements or other corrective actions, or, in severe cases, to terminate

business relationships.

To exercise effective audit rights, a company needs to have access to relevant documentation. Therefore,

it must ensure that its suppliers retain such documentation. Forty-two percent of codes mentioned that

suppliers needed to maintain relevant documentation to prove that they were complying with the code.


Page 22

Vendors often have to certify that they are in compliance with a supplier code of conduct. When this

certification is agreed to, the company can demonstrate that its suppliers have formally declared they are

complying with the code. This can put part of the onus back on the supplier if they are found to be in

violation of the code. Only six percent of codes noted that suppliers were required to self-monitor compliance

with the code, while nearly a third of supplier codes stated that they expected suppliers to self-monitor.

Promoting responsible business practices upstream is another best practice that is quickly becoming

a common practice. Many companies encourage, expect or require their suppliers to work with the

next-tier suppliers to adopt similar standards. Forty two percent of codes noted the need for next-tier

suppliers (suppliers’ suppliers) to comply with the code.

8.8 Innovation and CSR

As supplier codes are still somewhat in the adolescent stage, credit should be given to those companies that

demonstrate thought leadership with innovative supplier codes. These companies (which are those listed in

the “Top ten codes” on page 8) are raising the standard for what should be expected from supplier codes.

CSR is a key reason that supplier codes are important. Companies should include additional language in

their supplier codes of conduct which is aimed at broader stakeholder audiences as well as suppliers.

Many of the codes examined appeared to have been written without much consideration for the wider

audience of the code.

Best-practice supplier codes should mention key elements of the CSR programme, such as sustainable

activities, environmental preservation, human rights and respecting local communities. A few codes

mentioned CSR only briefly, but still effectively. Kimberly-Clark’s code had an excellent section discussing

environmental commitments and social sustainability, which related the code back to the larger CSR

global effort.

Apart from supplier standards, codes often contain language about the company’s larger commitments to

the environment, communities and corporate values. It is this blending of CSR and supplier expectations

which demonstrates that the supplier code should be written with a broad audience in mind. Of the 150

codes examined, over 63 percent had some mention of CSR initiatives. The supplier code is certainly a vital

component in a CSR strategy. As codes are beginning to come under more scrutiny from outside sources, it

was surprising to see that only ten percent had referenced sustainability and accountability.

The Red Flag Group

Page 23

9. Importance of supplier codes

To understand the importance of supplier codes of conduct, imagine the possibility of supply-chain

oversight without a code of conduct. Supplier codes set the standards and expectations against which

the suppliers can be measured and held accountable. Suppliers should be made to certify that they and

their employees will follow the principles set forth in the code and will communicate them throughout

their organisations. This gives the customer something to rely on if there is a serious breach by a supplier.

Without a supplier code the company could be accused of not doing enough to prevent, turning a blind

eye to or even condoning unsafe or substandard working conditions, bribery and corruption, human rights

violations or environmental pollution. The absence of a supplier code could mean that employees of the

supplying company could have no way to raise concerns or report unethical or illegal behaviours.

There is also an intrinsic good in promoting integrity and responsible practices, human rights and

environmental sustainability. Whether a company creates their own set of standards for suppliers or

adopts an existing industry supplier code, these standards play an important role in improving the

working conditions and wellbeing of supplier employees. Of the 150 codes that were examined, nearly

90 percent had some remark on human rights, including child or forced labour and working conditions.

Some companies were very detailed in their explanation of the type of working environment employees

could expect, while other codes were brief and only stated that human rights should not be violated. In

any case, the topic of human rights ought to be in every supplier code and thought of as one of the most

important topics to be addressed.

The supplier’s working conditions and the buying company’s role are often scrutinised when there is a tragic

event. No company can risk the reputational damage that would almost certainly result from accusations of

condoning or not doing enough to prevent sweatshops or other substandard workplace conditions.

A deadly and horrific tragedy occurred in Bangladesh in May 2013, when the Rana Plaza, an eight-story

garment factory, collapsed. The death toll was 1129 and over 2500 others were injured. Major global retailers

were purchasing garments made at the building and there was an outcry from the public and government

officials that put a lot of pressure on both retailers and the garment manufacturing industry.

Many companies have reacted to events such as this by improving the due diligence, monitoring and auditing

of their prospective and existing suppliers by creating clear written standards and greater transparency.

Conclusion

The importance of supplier codes of conduct is growing. A supplier code that is well-made and

thoughtfully written is beneficial to the company, the supplier, consumers and communities. As many

companies have requisite standards for the goods and services received from suppliers the same high

standards should be in place for ethical behaviours of the employees of supplying companies. The

increased availability of supplier codes can further the cause of integrity and human rights and reduce the

risk exposure for buying companies.

The best practices for supplier codes are evolving. Companies that have never had supplier codes are

drafting them for the first time. Likewise, companies that have not examined their supplier code in a

decade or more are beginning to make changes to bring them in line with current laws and best practices.

The trend is for companies to improve their supplier codes in three distinct areas: user-friendliness, making

the rules clear and concise, and better implementing the code at the supplier company.


Page 24

Supplier codes should continue to become more user-friendly in terms of ease of understanding as well as

the presentation of the document. The information contained in the code should not be burdensome to

understand for readers; it should be simply stated. Many of the top codes today achieve this by having the

final readers in mind when they are created.

Real-world examples in codes via question-and-answer sections are essential to take them from a set

of rules on paper into real-world actions. Presenting the information in a document that contains

pictures, colours and company branding can also increase the likelihood that the code will be read and

remembered.

Another key area for future supplier code improvement is covering topics in a concise and comprehensive

manner. The chief goal of the supplier code is to communicate the expectations for ethical behaviors and this

should be done by covering all the essential risk topics, including topics that are relevant to the company’s

specific industry. Far too many codes today leave out necessary information on serious topics.

The final area in which supplier codes must continue to evolve is the area of implementation. Some of

the improvements for this section are simple fixes, such as listing a phone number, website or postal

address for readers to make reports or ask questions. Other areas require a more holistic approach where

companies must commit to enforce the code, audit suppliers and administer consequences to suppliers

that are not in compliance with the code. Every code should also mention that persons who make

good-faith reports will be protected from retaliation.

So while some codes are in line with best practice, most are not. Today, the typical supplier code is

four-pages long, contains no pictures, no colour, does not cover most of the important risk topics, is

difficult to understand and is too soft with no “teeth”. However, supplier codes should see noticeable

improvement in the coming years as consumers, investors, regulators, the media and the business

community are starting to increase their focus on ethical sourcing, supplier transparency and oversight.

Best practices will continue to evolve and companies must regularly advance their codes in accordance

with these trends to make sure they are in line with legal standards.

The Red Flag Group

Page 25

Appendix

Company codes used in this study

3M – Industrial manufacturing

ABB – Electronics, technology and telecommunications

Adobe – Electronics, technology and telecommunications

Air Berlin – Transportation

Alabama Aerospace – Aerospace and defence

Alcoa – Energy and extractive

Amazon – Retail

American Eagle – Retail

Anglo American – Energy and extractive

Apple – Electronics, technology and telecommunications

Aramark – Leisure and hospitality

ArcelorMittal – Energy and extractive

Atlas Copco – Industrial manufacturing

Balfour Beatty – Engineering and construction

Barnes & Noble – Retail

BASF – Chemicals

Baxter – Healthcare products and services

Bayer – Chemicals

Becton, Dickinson and Company – Healthcare products and services

BJ’s Wholesale Club – Retail

Bombardier – Aerospace and defence

BorgWarner – Automotive

Boston Market – Leisure and hospitality

Burlington Northern Santa Fe – Transportation

CA Technologies – Electronics, technology and telecommunications

Carquest Auto Parts – Automotive

Cemex – Engineering and construction

CH2M Hill – Engineering and construction

Chevron – Energy and extractive

The Clorox Company – Consumer products

Colgate-Palmolive – Consumer products

Continental AG – Automotive

The Co-operative Group – Retail

Corning – Electronics, technology and telecommunications

Costco – Retail

Covidien – Healthcare products and services


Page 26

Cracker Barrel – Leisure and hospitality

Crane Aerospace & Electronics – Aerospace and defence

Cummins – Automotive

Daimler AG – Automotive

Danaher – Industrial manufacturing

Deere & Company – Industrial manufacturing

Delphi – Automotive

Deutsche Bahn AG – Transportation

DHL – Transportation

Disney – Leisure and hospitality

Dow Chemical – Chemicals

Dr Reddy’s Laboratories – Healthcare products and services

EADS – Aerospace and defence

Eastman Chemical Company – Chemicals

Eaton – Industrial Manufacturing

ExOfficio – Consumer products

Family Dollar – Retail

Fiat Industrial – Automotive

Fluor – Engineering and construction

FMC Corporation – Chemicals

Foot Locker – Retail

Fraport AG – Engineering and construction

Gap – Consumer products

General Electric – Industrial manufacturing

General Mills – Consumer products

GKN Aerospace, St. Louis – Aerospace and defence

H&M – Consumer products

Herman Miller – Consumer products

Hitachi – Electronics, technology and telecommunications

HOCHTIEF – Engineering and construction

Horizon Blue Cross Blue Shield of New Jersey – Healthcare products and services

Hewlett-Packard – Electronics, technology and telecommunications

Hyatt – Leisure & hospitality

IBM – Electronics, technology and telecommunications

Ingersoll Rand – Industrial Manufacturing

Intel – Electronics, technology and telecommunications

International Paper – Forestry, paper and packaging

Invensys – Industrial manufacturing

Irish Rail – Transportation

JDS Uniphase Corporation – Electronics, technology and telecommunications

The Red Flag Group

Page 27

KCOM Group – Electronics, technology and telecommunications

Kellogg Company – Consumer products

Kimberly-Clark – Forestry, paper and packaging

Kone – Engineering and construction

Lowe’s – Retail

Macy’s – Retail

Maersk – Transportation

Marks & Spencer – Retail

Marriott – Leisure and hospitality

McDonald’s – Leisure and hospitality

Merck – Healthcare Products and Services

Metsä Group – Forestry, paper and packaging

Microsoft – Electronics, technology and telecommunications

Momentive – Chemicals

Mondi – Forestry, paper and packaging

MTR Corporation – Transportation

NACCO Industries – Industrial manufacturing

Neenah Paper – Forestry, paper and packaging

Nestlé – Consumer products

Nike – Consumer products

Nokia – Electronics, technology and telecommunications

Nucor – Energy and extractive

Office Depot – Retail

OfficeMax – Retail

Ohaus – Electronics, technology and telecommunications

Oracle – Electronics, technology and telecommunications

Oshkosh Corporation – Transportation

Pacific Gas and Electric Company – Energy and extractive

PepsiCo – Consumer products

Qantas – Transportation

Quiznos – Leisure and hospitality

Renault–Nissan Alliance – Automotive

Resolute Forest Products – Forestry, paper and packaging

Ricoh – Consumer products

Rio Tinto – Energy and extractive

Roche – Healthcare products and services

Rockwell Collins – Aerospace and defence

Rolls-Royce Holdings – Aerospace and defence

Royal Dutch Shell – Energy and extractive

Sadara – Chemicals


Page 28

Safeway – Retail

Sanofi – Healthcare products and services

SCA – Forestry, paper and packaging

Sealy – Consumer products

Sears – Retail

Shangri-La Hotels and Resorts – Leisure and hospitality

Shiseido – Consumer products

Siemens – Industrial manufacturing

SigmaQ – Forestry, paper and packaging

Singapore Airlines – Transportation

SMA Railway – Transportation

Sony – Electronics, technology and telecommunications

Sprint – Electronics, technology and telecommunications

Starbucks – Leisure and hospitality

Stora Enso – Forestry, paper and packaging

Stratas Foods – Consumer products

Subway – Leisure and hospitality

SunOpta – Consumer products

Target – Retail

Tata Steel – Energy and extractive

Teledyne – Aerospace and defence

Tim Hortons – Leisure and hospitality

Toshiba – Electronics, technology and telecommunications

Trinity Health – Healthcare products and services

Tyson Foods – Consumer products

Unilever – Consumer products

Union Pacific – Transportation

UPM – Forestry, paper and packaging

VSE Corporation – Aerospace and defence

Walmart – Retail

Weyerhaeuser – Forestry, paper and packaging

Wilsons Leather – Consumer products

Yum! Brands – Leisure and hospitality

Zale Corporation – Retail

The above referenced companies may request a complimentary scorecard for their supplier code of

conduct by sending an email to [email protected].

The Red Flag Group

Page 29

About The Red Flag GroupThe Red Flag Group is The Compliance Firm™ that helps companies turn compliance into a competitive advantage. We create customised and

integrated compliance solutions that add value to your business.

For more information go to www.redflaggroup.com.

About the authorRobert Leffel, Director of Advisory at The Red Flag Group, is an expert in corporate compliance. He has extensive experience consulting

hundreds of corporations across all major industry sectors on building effective, “best practice” compliance and ethics programmes.


Page 30 The Red Flag Group

The Red Flag Group is a truly global company with offices and research centres in the United States, Europe, Asia, Africa and Latin

America. For more information visit www.redflaggroup.com.