Whitepaper supplier code of conduct benchmarking study
-
Upload
the-red-flag-group -
Category
Business
-
view
337 -
download
0
Transcript of Whitepaper supplier code of conduct benchmarking study
Supplier codes of conduct:
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Whitepaper
29 September 2013
Contents1. Introduction
2. Industry supplier code scores
3. Averages by industry
3.1 Top three
3.2 Bottom three
3.3 Top ten codes
3.4 Commentary on the top five codes
4. Employee code versus supplier code
5. Naming the code
6. Evolution of supplier codes
7. Underlying guidelines
8. The hallmarks of supplier code of conduct best practices
8.1 Accessibility
8.2 Leadership visibility and values
8.3 Understanding the code
8.4 Risk topics
8.5 Reporting violations
8.6 Look and feel
8.7 Implementation and enforcement
8.8 Innovation and CSR
9. Importance of supplier codes
Appendix
Company codes used in this study
4
5
7
7
7
8
9
11
12
13
14
15
15
15
16
17
20
21
21
22
23
25
25
Page 4
1. Introduction
Today’s supplier codes of conduct are better and more plentiful than those of a few years ago. Many
companies are starting to recognise the importance of having a written code of conduct for their suppliers
and other third parties, and the value that such a code can create for their company’s business. The code
sets a consistent standard for vendor organisations, is a vital part of corporate social responsibility (CSR)
and compliance and ethics programmes, and helps to advance integrity, responsible business practices and
human rights.
Most companies have a uniform set of standards for the products and services they purchase, and similar
standards should be in place for the ethical business principles that suppliers are expected to maintain.
The consequences for a fault in the ethics of the supply chain can be just as catastrophic as a fault in the
products being supplied, if not more catastrophic. The supplier code is also becoming a document that
is of importance to the public (including consumers and investors). Many companies are beginning to
significantly improve their existing supplier codes, or draft a supplier code for the first time. The driving
forces behind the increased focus on supplier codes can be attributed to more global and sophisticated
supply chains, increased public scrutiny on corporate responsibility, human rights and environmental
compliance, new legislation enforcement developments, as well as the pioneering work of some leading
organisations that set the trends and raise the bar. These factors are driving supplier codes into a new era
of quality and best practices.
When looking at the 150 supplier codes that were a part of this study, one of the major conclusions is that
the majority were in need of improvements in terms of both content and presentation. The average score
for the population of supplier codes examined was 57.16 on a zero-to-100 scale – the equivalent of a C+
grade. While there are some companies that put a great deal of effort, time, money and resources into
creating a best-practice code, many companies’ codes were too brief and difficult to understand.
Hundreds of companies’ websites were examined in an effort to locate a population of codes for the
purposes of the study, but most companies either did not have a supplier code or did not make it available to
the public. So while the content of some of the codes that were located could be improved on various levels,
commendation must be given to the companies that had publicly-available supplier codes in the first place.
The companies that scored well in this study did a number of things consistently, and provided:
• a clear explanation of rules and expectations for suppliers
• adequate risk topic coverage
• unambiguous reporting avenues
• clear language about enforcement and monitoring which clearly stated the right of the company to
audit and explicitly mentioned the consequences for non-compliance
• well-thought-out design and presentation.
The most robust codes also included a personalised letter of introduction from a senior executive, setting
strong tone from the top.
The Red Flag Group
Page 5
2. Industry supplier code scores
In August 2013 The Red Flag Group examined over 500 randomly-selected corporate websites and from
this information we compiled a list of 150 supplier codes of conduct. (For the full list of codes examined
please refer to the Appendix.)
With each industry examined there was a wide range of scores (from A to D) and codes that were above
and below average. No industry was found to be fully comprised of either substandard or stellar codes – all
industries had a mix of good codes and codes that needed significant improvement. Nevertheless, there were
three clear standout industries: energy and extractive, engineering and construction, and healthcare products
and services. These three industries had an average score at least seven points above other industries. Their
codes tended to address all key risk topics, were easier to understand, provided a clear process for making
reports, and were not shy to stress enforcement and monitoring. They also tended to set expectations or
provide guidance on how their codes should be implemented by their supplier organisations.
While the industry average scores could be in part explained by the choice of codes that made up a
particular industry and the presence of several particularly strong or weak codes in the industry mix, there
could also be some industry-specific factors and trends that may help explain the score.
IndustryAverage
scoreDistance from
averageGrade (A–F)
Aerospace and defence 55.24 -1.92 C+
Automotive 61.92 4.76 B-
Chemicals 61.04 3.88 B-
Consumer 54.49 -2.67 C+
Electronics, technology and telecommunications 61.99 4.83 B-
Energy and extractive 69.08 11.92 B
Engineering and construction 67.48 10.32 B
Forestry, paper and packaging 48.88 -8.28 C
Healthcare products and services 65.49 8.33 B-
Industrial manufacturing 60.00 2.84 B-
Leisure and hospitality 48.78 -8.38 C
Retail 52.21 -4.95 C+
Transportation 50.35 -6.81 C+
Overall average 57.16 C+
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 6
In our opinion, the main factors that contributed to these industries being the top performers are the
regulatory environment (pharmaceutical and healthcare laws, conflict minerals laws), greater resource
availability, prominence of the supply chain in the business model and increasing public scrutiny.
Often the type of work done in the industry dictates the amount of scrutiny placed on the supply chain
and the supplier code of conduct. Conversely, there were laggard industries that for a variety of possible
reasons had codes that were at least seven points lower on average.
Some of the key factors that contributed to the low scores for these industries were:
• the failure to address important risk topics
• lack of tone from the top
• scant references to company values
• weak or vague enforcement and monitoring language
• bland presentation
• “legalese” writing style.
The Red Flag Group
Page 7
3. Averages by industry
3.1 Top three
3.2 Bottom three
A number of factors could account for the above industries being the leaders. With more importance
placed on environmental, anti-corruption and other legal and regulatory compliance there is much more
scrutiny by the regulators and general public to create greater transparency and accountability in the
supply chain. Conflict minerals laws put a significant pressure on the extractive industry, including smelters
and refiners. Companies aim to reassure investors and consumers that potential conflict minerals concerns
have been addressed.
Other plausible explanations for the above-average codes in these industries are that they have better-quality
compliance programmes in general and a higher allocation of budget for creating supplier codes of conduct.
All three of the above industries are known for having a relatively-high degree of regulation and/or
litigation, and are therefore inclined to have superior compliance programmes. Internal buy-in from
executives regarding supply-chain compliance could equate to more focus on the creation of a supplier
code of conduct, resulting in a better code.
Lastly, it could be contended that the companies in these industries rely on the supply chain more than
many other industries do. These companies often rely on suppliers for quality products in large volumes.
More dealings with suppliers can result in more exposure to risk and therefore more possible violations. A
robust supplier monitoring and auditing programme with a premium code could prove a worthwhile return
on investment for companies in these industries.
When looking at the three industries with the lowest averages, a number of factors could be contributing to the
lower-than-average scores. One factor is the general lack of publicly-available supplier codes; locating codes for
these three industries was more difficult than locating codes for other industries.
Perhaps one of the most puzzling underperformances was from the forestry, paper and packaging
industry, despite the presence of some solid codes such as those of Kimberly-Clark and SCA. The industry
is subject to significant public scrutiny and risk due to the high environmental and human impact. We
would therefore expect this sensitivity to be adequately translated into strong supplier codes. There are a
number of other programmes in place for sustainability in ethical sourcing and responsible forestry, but the
increased focus on CSR has not yet been apparent in supplier codes.
Industry Average score
Energy and extractive 69.08
Engineering and construction 67.48
Healthcare products and services 65.49
Industry Average score
Transportation 50.35
Forestry, paper and packaging 48.88
Leisure and hospitality 48.78
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 8
3.3 Top ten codes
Transportation companies, by their nature, are some of the most global organisations. This could account
for their placement in the bottom three, as the confusion surrounding the multitude of applicable global
laws and standards can cause codes to be ill-defined. While these concerns may be legitimate for the
transportation industry, many other global-oriented industries deal with these issues and have adequate
supplier codes.
One of the industries that heavily relies on directly appealing to consumers is the leisure and hospitality
industry, primarily made up of restaurant and hotel companies. These companies should have a major
focus on the supply chain to ensure quality of products. Another less-apparent key audience of supplier
codes is consumers. These consumers want to know where their meal or bath soap is coming from, and
many companies advertise their quality, “farm fresh” ingredients. Despite this, many of the companies in
the leisure and hospitality industry appear to have weak or unavailable codes, with the exception of a few
top performers, such as McDonald’s.
Company IndustryAverage
scoreGrade (A-F)
Balfour Beatty Engineering and construction 98.04 A
CH2M Hill Engineering and construction 97.10 A
McDonald’s Leisure and hospitality 95.06 A
ArcelorMittal Energy and extractive 90.20 A-
Merck Healthcare products and services 87.93 A-
Siemens Industrial manufacturing 87.85 A-
Horizon Blue Cross Blue Shield of New Jersey
Healthcare products and services 86.51 A-
Pacific Gas and Electric Company (PG&E)
Energy and extractive 83.61 A-
Fluor Engineering and construction 82.99 B+
Daimler AG Automotive 80.49 B+
The Red Flag Group
Page 9
3.4 Commentary on the top five codes
5 – Merck
Merck did what many companies forgot to do with their supplier codes: translate it. Merck’s code is
available in 27 different languages. A comprehensive table of contents makes sections easy to find and the
pages are not overcrowded with too many words. Most of the codes we reviewed look like contracts or
bland Microsoft Word documents, but Merck’s supplier code uses colours and photographs.
Another major highlight of Merck’s code is the multiple avenues available for readers to make reports
or speak up. Included on the last page of the code is a web address, email address and phone and fax
numbers for anonymous reporting.
Merck was also one of the few companies that included industry-specific risk topics, such as ethical animal
testing and pharmaceutical marketing.
4 – ArcelorMittal
Even in the strong energy and extractive industry, ArcelorMittal’ this supplier code of conduct stands out
as a top performer. One of the major highlights is the opening letter from the senior vice presidents who
are involved in procurement. It is strongly recommended, but unfortunately not a universal practice, that
a supplier code contains a statement from an executive. Adding this opening statement sets proper tone
from the top and shows readers that the supplier code is a document of significance.
Another standout characteristic of the code is the discussion of the systems behind it such as how suppliers
should train their employees on the code, the right to audit suppliers and the need to maintain relevant
documents evidencing compliance.
The presentation of ArcelorMittal’s code is also far above average.
3 – McDonald’s
The McDonald’s supplier code of conduct has probably the best branding of all of the codes that were
reviewed. The golden arches appeared multiple times throughout, along with pictures of McDonald’s
products, trucks, packaging and workers.
The code contained quotes from senior executives throughout, stating the importance of the supply chain,
standards of excellence and corporate values. This earned McDonald’s maximum scores in values and
leadership visibility.
A great innovation in the McDonald’s code is a new way for readers to make reports: text messaging via
cell phone. Given the popularity of text messaging it is truly pioneering to include this as a method of
raising concerns.
McDonald’s code is very easy to understand and straightforward, which makes translating it to a global
audience much easier. Too many long words and complex sentences increase the likelihood that the
employees of suppliers won’t be able to understand the code. A compact, simple, direct code should be
the goal for code writers.
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 10
2 – CH2M Hill
Risk topics are arguably the most important part of a code of conduct. CH2M Hill’s code scored the
highest in the category of risk topics. The clear and comprehensive guidance provided in the code on all
key topics lets readers know what is expected of supplier employees. The code is skillfully written at a level
that can be understood by a wide audience.
Listing reporting avenues should be standard for all supplier codes but CH2M Hill takes this further,
reassuring potential reporters by highlighting and purposefully discussing whistleblower protection. It is
one thing for employees to know about a violation and know where a report could be made, but getting
them to actually make the report is something different. Language about non-retaliation is essential and
should be present in all codes.
1 – Balfour Beatty
Balfour Beatty owns the top supplier code overall. It was recently updated (in March 2013), and is
innovative, comprehensive, stylish and practical. The code is structured around four main values: integrity,
teamwork, excellence and respect. There is a sincere introduction from the CEO that sets the stage for the
truly great code that follows.
Balfour Beatty’s code is also one of the very few that utilises realistic examples. The practical examples
deal with topics of inappropriate gifts and entertainment, health and safety, and subcontracting. The code
looks more like a webpage or a polished marketing brochure than an inert PDF document. It is certainly
one of the most cutting-edge, innovative and complete codes out there today.
The Red Flag Group
Page 11
4. Employee code versus supplier code
It is standard practice and a legal requirement for publicly-traded companies in many jurisdictions to have a
corporate code of conduct. When drafting a supplier code, a company may naturally turn to its employee code
of conduct as a starting point. While the two documents are similar in nature, a number of things must be
considered to create a quality supplier code of conduct that is distinct from the employee code of conduct but
similar in calibre.
The main differences between supplier and employee codes are audience, function and length.
The most obvious difference is the intended audience. The readers of employee codes are company employees,
where supplier codes are directed at employees of an entirely different company. Since supplier codes generally
apply to an entire global supply chain, the many cultures and varying laws around the globe must be taken
into account. With these varying audiences, the content of codes in terms of topics and breadth is a great
divergence. The functions of the two codes are much different.
The supplier code’s function is to mitigate unethical behaviours, alert the company of supplier malfeasance,
and give the company a means by which to control supplier relations, promote human rights and decrease
possible negative publicity in case of supplier impropriety.
Lastly, supplier codes are much shorter than employee codes, in both pages and word count. The typical
supplier code will be around half to one-third of the size of a typical employee code.
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 12
5. Naming the code
Terminology of supplier codes
The titles for supplier codes of conduct varied to some extent between each code that was examined. The
codes typically included “supplier”, “vendor”, “third parties” or “business partners” in their titles. By far
the most common nomenclature was simply “supplier”. This seems to be the most straightforward title for
the code and the generic title when referring to or discussing a code intended for a companies’ suppliers,
contractors, vendors etc.
66.10%“Supplier”
18.40%“Business partner”
“Vendor” 6.90%
Others 6.10%
“Third party” 2.00%
The Red Flag Group
Page 13
6. Evolution of supplier codes
Today, employee codes are by and large far more advanced than supplier codes. As there are legal
requirements to have a code of conduct directed at employees and officers, they are more commonplace and
are a standard benchmark for a company’s ethics and compliance principles. Since the genesis of employee
codes with the Sarbanes-Oxley Act in 2002, the popularity and standards of codes have been raised year after
year. Employee codes are generally thought of as being more important than supplier codes; accordingly,
more time, effort and resources are devoted to making a suitable employee code than for a supplier code.
Also, as a company’s employee code is under more internal scrutiny, it typically receives approval from the
chief executives and board of directors. Increased scrutiny from senior leaders could be a driving force for
improving the quality of supplier codes in all industries.
Just a few years ago, a vast majority of Fortune 1000 companies did not have a supplier code. Any language
regarding ethical standards was relegated to supplier contracts or other purchasing agreements. For many
organisations, if a supplier code was in place, it was typically a black-and-white document with no pictures
which only touched on very basic risk topics, such as human rights and confidential information. It would
be rare to find language about making reports or to see a letter of introduction from a senior executive.
With the creation of standards such as the United Nations Global Compact or the California Transparency in
Supply Chains Act of 2010, along with some leading industry initiatives, many companies began to give more
credence to existing supplier codes or created a supplier code for the first time.
In the current supplier code landscape only a handful of organisations’ codes are in line with best practices,
but this is the highest standard that supplier codes of conduct have been. Many companies are starting to
introduce the user-friendly aspects of their employee codes into their supplier codes, and overall supplier
codes are trending upward.
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 14
7. Underlying guidelines
In the United States, the prevailing guidelines for employee codes are The Sarbanes-Oxley Act of 2002 and
the stock exchange listing requirements for publicly-traded companies. The guidelines set forth in these laws
are broad. Notably, they list a handful of topics that ought to be covered and the general requirement that a
code must be an “effective” document. From these very general standards laid out by the government and
regulators, robust best practices for employee codes have been established.
With supplier codes, the mostly widely referenced and internationally recognised standards are the ten
principles set forth by the United Nations Global Compact. These are segmented into four main categories:
Human Rights, Labour, Environment and Anti-Corruption. Similar to the standards for employee codes set
forth under the Sarbanes-Oxley Act, these principles are very broad and universal in nature and intent. It
is the job of code writers to expand upon these basic principles and form them into practical guidance for
suppliers.
Another key driving initiative behind supplier codes and their development has been the California
Transparency in Supply Chains Act of 2010. This law, which came into effect on 1 January 2012, requires
retail sellers and manufacturers doing business in California to “disclose their efforts to eradicate slavery
and human trafficking from their direct supply chains for tangible goods offered for sale”. Many of the
companies whose supplier codes were examined as a part of this study also had a public webpage devoted
to compliance with the Act. Other companies did not have a supplier code but did, at least, have some public
language about compliance with the Act.
Industry-specific standards are another main influence for guidelines in supplier codes. Some industry trade
groups have established high-level principles similar to the United Nations Global Compact for their specific
industry risks and laws. These include the Extractive Industries Transparency Initiative principles and – probably
the most popular of all the industry group standards – the Electronic Industry Citizenship Coalition Code.
These types of self-regulating standards are of great importance and similar standards should be adopted by
other industry groups and companies alike.
The Red Flag Group
Page 15
8. The hallmarks of supplier code of conduct best practices
8.1 Accessibility
Perhaps the most straightforward of all the hallmarks for supplier codes is that of accessibility. Best-practice
supplier codes should be in a downloadable format (preferably PDF), linked on an easy-to-find page of a
public website. Nearly 90 percent of the supplier codes found were in PDF format.
The code should also be translated into a number of languages, when appropriate, for suppliers’
employees. The translated versions of the code should be made available alongside the English version to
show that the company operates in a global environment and makes its code accessible to non-English
readers. Slightly more than a quarter of companies made their codes available in multiple languages,
even though most of the codes reviewed belonged to companies with international supply chains and/or
international business presence.
Supplier codes should be placed on public websites where they can be easily found by employees of suppliers
and those unfamiliar with supplier codes, such as consumers and investors. Several companies made their
codes very visible on their public websites, including Alcoa, the Dow Chemical Company and BNSF. These
companies placed their codes in logical and noticeable areas of their websites, such as on “Sustainability”,
“About Us” or “Values and Ethics” pages. Alcoa placed its code in a section about bringing sustainability
to the supply chain. Dow and BNSF both had valuable sections on the expectations of suppliers where their
supplier codes and other documents were made available.
8.2 Leadership visibility and values
A supplier code of conduct should contain at least an introduction or similar communication from a senior
executive, such as the CEO, president, head of procurement or chairman of the board. Ideally, supplier codes
should have quotes from senior executives throughout which discuss why the code is important and what the
expectations of suppliers are. The language should be sincere and tailored to the work that the company is
doing, trying to avoid generic statements that say little about the company’s specific work and reliance on the
supply chain. Unfortunately, most supplier codes appeared to miss an opportunity to communicate tone from
the top, as less than 20 percent of codes reviewed had any language from a senior executive.
Is there a statement from a senior-level executive in the code?
None81.63%
Yes, throughout the code4.76%
Yes, in an introduction
10.88%
Only an occasional quote
2.72%
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 16
CA Technologies’ supplier code had a fine introduction from its Executive Vice President of Risk and Chief
Administration Officer and its Chief Ethics & Compliance Officer. Becton, Dickinson and Company (BD)
also employed the best practice of having multiple quotes from executives throughout the code in callout
boxes. Teledyne’s supplier code had a personalised opening letter from their Chairman, President and CEO
to introduce the document and call attention to the relationship between the company and its suppliers.
8.3 Understanding the code
The supplier code should be easy to understand and concise. A best-practice supplier code would
typically be 2000 to 4000 words long, averaging towards the lower edge. Some companies operate in
more-regulated industries, which can result in a lengthier code but still a document that lives up to the
top code standards.
The majority of codes examined were shorter or significantly shorter than the recommended
best-practice range.
Word count of supplier codes
25.17%2001–4000
5.44%4001–6000
>6000 4.08%
1000–2000 42.18%
<1000 23.13%
The Red Flag Group
Page 17
A supplier code doesn’t have to cover as much ground as an employee code. There are fewer topics in a
supplier code and the depth of coverage is typically not as deep as with an employee code. Oftentimes with
an employee code stand-alone policies are repurposed, shortened and inserted into the code, making it too
complex and hard to understand. The same mistake can happen with supplier codes if supplier agreements
or purchase contracts are changed only slightly and refashioned as supplier code.
Given the varied nature of the supplier-code audience, where there are more unknowns (regions, language
barriers, cultural differences, varying laws etc.), it makes sense to keep some sections of a code intentionally
generalised. However, many of the codes that were assessed took being ambiguous to extremes, resulting in
codes that provided almost no practical information or value. It requires a fine balance to create a code that is
general in nature but still provides practical guidance.
8.4 Risk topics
The most important goal of a supplier code of conduct is to set consistent standards and expectations
for supplier behaviours and provide guidance to those suppliers. Companies sometimes work with
hundreds of vendors and contractors. The nature of today’s global supply chain has a great impact on
these standards, as widely-accepted labour practice in one country could be illegal in another. As there is
a uniformity of standards for product quality, there should also be a uniform set of standards for ethical
behaviours in supplier dealings.
The topics addressed in a global supplier code must be consistent and relevant for all suppliers, wherever
they are located. Most companies will not create region- or country-specific versions of their supplier
code, content-wise, so the challenge is in how to write a code that encompasses such a diverse supplier
audience.
A supplier code should be written in a tone and grade level that is easily understood. The recommended
reading level for a supplier code of conduct is around the tenth-grade to twelfth-grade level. Some code
writers might aim to have a reading level lower than a tenth-grade level, but due to the vocabulary and
concepts in supplier codes it can be very difficult to write the code in simpler language. The majority of
codes reviewed were too complex and at a grade level way above the recommended range.
Grade level of supplier codes
19.05%10–12
31.97%12–14
14–16 38.78%
16–18 10.20%
18+ 0%
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 18
Many of the codes studied attempted to appeal to this varied audience by covering risk topics generally
rather than specifically. Some codes that were reviewed had only one sentence for crucial topics such
as harassment, confidential information or conflicts of interest. Statements such as “Laws concerning
harassment must be followed” will be far too general to be of much use for suppliers who need to
understand the code and put it into practical terms.
Best-practice supplier codes will address about a dozen of the core risk topics listed on page 19. As
mentioned before, there should be a balance when covering risk topics so enough information is given
to readers to know how to act in an ethical and compliant manner without going too far into specifics.
This balance is one of the most difficult things to achieve when writing a supplier code, and it was
obvious that many of the companies whose codes were examined struggled with this challenge.
Supplier codes cover topics which are often only briefly covered in employee codes (if they are covered
at all), such as human rights, forced labour, child labour, human trafficking, corporal punishment,
corporate dormitory living conditions and various aspects of supply chain and CSR. If a company is
found to have been dealing with a supplier that violates human rights there is often an outcry from the
public and a considerable scrutiny and backlash.
Ethical standards are best communicated in supplier codes of conduct by having clear and sufficiently
detailed coverage of the following risk topics.
Are risk topics addressed in appropriate depth?
No33.33%
Yes21.77%
Somewhat44.90%
The Red Flag Group
Page 19
When it came to covering risk topics, two of the very best supplier codes of conduct were those of
Microsoft and Baxter International. Both companies comprehensively covered risk topics while still
maintaining a concise code. Microsoft, in particular, had a fantastic blend of covering risk topics in
appropriate depth but not overburdening the readers with too many fine details.
It is also best practice to have a number of real-world examples (question-and-answer examples are best)
placed in the supplier code. These scenarios put the rules of the code into practical application and help
to make the code relevant for situations that readers could find themselves in. Unfortunately, only 13
percent of codes had any sort of learning aids, and most were only very basic lists or bullet points.
Risk topics addressed in supplier codes
89.80%Human rights/workplace conditions/
wages and hours
86.39%Environmental compliance
86.39%Workplace safety and health
78.23%Discrimination
72.79%Bribery and corruption
(including use of agents)
56.46%Data privacy and confidential
information of customer companies
43.54%Conflicts of interest
43.54%Gifts and entertainment
40.82%Harassment
33.33%Product/service quality/integrity
31.97%Accuracy of records
20.41%Export compliance
15.65%Other industry-specific and country-specific risk topics
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 20
8.5 Reporting violations
Information about how to raise concerns is one of the most critical (and often one of the most overlooked)
parts of a supplier code. Providing phone numbers, websites, addresses and other alternative avenues for
people to voice any concerns makes a supplier code of conduct an actionable document by alerting the
company to possible misconduct. Employees of supplying companies can be fearful of reporting concerns
internally, so these external avenues can be invaluable for preventing larger problems.
It is recommended that supplier codes list at least three different avenues for making reports. Generally these
are a phone number, a website and a postal address, with at least one method being anonymous. These
avenues should be easy to find and clearly mentioned more than once throughout a code.
Supplier codes should also encourage speaking up by including language about non-retaliation to reassure
would-be whistleblowers. Over 70 percent of the examined codes had no language about non-retaliation,
decreasing the likelihood of employees speaking up about unethical or illegal practices or unsafe working
conditions.
As mentioned earlier, McDonald’s code included an avenue for employees to text in their concerns via
mobile phone – the only code examined that had such an avenue. Eastman Chemical also demonstrated
exceptional reporting options within its supplier code, displaying five clear avenues to make reports in its
document along with language about anonymous reporting.
Reporting avenues listed in supplier codes
31.29%Email
31.29%Phone hotline
Company’s phone number 19.05%
Web hotline 17.69%
Postal address 15.65%
Company’s website 13.61%
The Red Flag Group
Page 21
8.6 Look and feel
The saying goes “Don’t judge a book by its cover”, but people are often quick to render judgement
on a first impression. It is for this reason that the aesthetics and look of the code need to be taken
into account. To be in line with best practices a code should be professionally designed, complete
with branding, colours and photographs that reflect the brand and the nature of the company. Only
12 percent of the codes examined had any sort of company branding, while over 70 percent had no
images or photographs whatsoever.
Oshkosh Corporation and McDonald’s offer great examples of branding in a supplier code of conduct –
both include photographs of their products, facilities and workers and consistently use company colours
and logos. Without reading any of the text it would be fairly easy to tell the exact company that authored
the code by looking at the many photographs. A code that looks visually appealing is more likely to be
read as it is less intimidating than a code that resembles a contract or legal memo.
Codes should also be easy to navigate and readers should be able to quickly find specific topics. This can
be achieved with a logical structuring of the code or by adding a table of contents.
8.7 Implementation and enforcement
In many ways a supplier code needs to be a self-contained document. With an employee code there is a
common understanding within the company that there will be related training, awareness campaigns and
on-going communications, so these don’t need to be discussed in the code document itself. With supplier
codes, however, it is not known how much effort each supplier will put into communicating the code within
their organisation. Most of the codes examined in the study made no mention of what actions the suppliers
were expected to take to implement the code within their organisations. Only 17 percent noted the need for
suppliers to train their employees about the codes.
A supplier code must contain information about how that code should be implemented, enforced and
communicated. While 51 percent of codes mentioned that they should be followed by suppliers, only
30 percent had explicit language stating that following them was mandatory and a condition of doing
business with those companies.
A supplier code of conduct is a written document that sets a company’s standards. Proper supply chain
oversight goes beyond the written code with the ability of the company to monitor, audit and inspect
supplier facilities, including making unannounced site visits, conducting unsupervised interviews with
employee groups and gaining access to documents concerning working conditions and compliance with
their code. Only slightly more than half of the codes mentioned the right of the company to audit or monitor
supplier compliance. Most codes (92 percent) had some mention about the repercussions of not following;
however only 30 percent noted the specific consequences (termination of contract etc.), with 31 percent
including only ambiguous language about corrective actions and another 31 percent vaguely inferring that
there may be consequences for not following.
Including a section in a supplier code about the company’s right to conduct audits and inspections informs
readers that that code is a serious document with real implications. If the code is not followed, the company
should have the right to require improvements or other corrective actions, or, in severe cases, to terminate
business relationships.
To exercise effective audit rights, a company needs to have access to relevant documentation. Therefore,
it must ensure that its suppliers retain such documentation. Forty-two percent of codes mentioned that
suppliers needed to maintain relevant documentation to prove that they were complying with the code.
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 22
Vendors often have to certify that they are in compliance with a supplier code of conduct. When this
certification is agreed to, the company can demonstrate that its suppliers have formally declared they are
complying with the code. This can put part of the onus back on the supplier if they are found to be in
violation of the code. Only six percent of codes noted that suppliers were required to self-monitor compliance
with the code, while nearly a third of supplier codes stated that they expected suppliers to self-monitor.
Promoting responsible business practices upstream is another best practice that is quickly becoming
a common practice. Many companies encourage, expect or require their suppliers to work with the
next-tier suppliers to adopt similar standards. Forty two percent of codes noted the need for next-tier
suppliers (suppliers’ suppliers) to comply with the code.
8.8 Innovation and CSR
As supplier codes are still somewhat in the adolescent stage, credit should be given to those companies that
demonstrate thought leadership with innovative supplier codes. These companies (which are those listed in
the “Top ten codes” on page 8) are raising the standard for what should be expected from supplier codes.
CSR is a key reason that supplier codes are important. Companies should include additional language in
their supplier codes of conduct which is aimed at broader stakeholder audiences as well as suppliers.
Many of the codes examined appeared to have been written without much consideration for the wider
audience of the code.
Best-practice supplier codes should mention key elements of the CSR programme, such as sustainable
activities, environmental preservation, human rights and respecting local communities. A few codes
mentioned CSR only briefly, but still effectively. Kimberly-Clark’s code had an excellent section discussing
environmental commitments and social sustainability, which related the code back to the larger CSR
global effort.
Apart from supplier standards, codes often contain language about the company’s larger commitments to
the environment, communities and corporate values. It is this blending of CSR and supplier expectations
which demonstrates that the supplier code should be written with a broad audience in mind. Of the 150
codes examined, over 63 percent had some mention of CSR initiatives. The supplier code is certainly a vital
component in a CSR strategy. As codes are beginning to come under more scrutiny from outside sources, it
was surprising to see that only ten percent had referenced sustainability and accountability.
The Red Flag Group
Page 23
9. Importance of supplier codes
To understand the importance of supplier codes of conduct, imagine the possibility of supply-chain
oversight without a code of conduct. Supplier codes set the standards and expectations against which
the suppliers can be measured and held accountable. Suppliers should be made to certify that they and
their employees will follow the principles set forth in the code and will communicate them throughout
their organisations. This gives the customer something to rely on if there is a serious breach by a supplier.
Without a supplier code the company could be accused of not doing enough to prevent, turning a blind
eye to or even condoning unsafe or substandard working conditions, bribery and corruption, human rights
violations or environmental pollution. The absence of a supplier code could mean that employees of the
supplying company could have no way to raise concerns or report unethical or illegal behaviours.
There is also an intrinsic good in promoting integrity and responsible practices, human rights and
environmental sustainability. Whether a company creates their own set of standards for suppliers or
adopts an existing industry supplier code, these standards play an important role in improving the
working conditions and wellbeing of supplier employees. Of the 150 codes that were examined, nearly
90 percent had some remark on human rights, including child or forced labour and working conditions.
Some companies were very detailed in their explanation of the type of working environment employees
could expect, while other codes were brief and only stated that human rights should not be violated. In
any case, the topic of human rights ought to be in every supplier code and thought of as one of the most
important topics to be addressed.
The supplier’s working conditions and the buying company’s role are often scrutinised when there is a tragic
event. No company can risk the reputational damage that would almost certainly result from accusations of
condoning or not doing enough to prevent sweatshops or other substandard workplace conditions.
A deadly and horrific tragedy occurred in Bangladesh in May 2013, when the Rana Plaza, an eight-story
garment factory, collapsed. The death toll was 1129 and over 2500 others were injured. Major global retailers
were purchasing garments made at the building and there was an outcry from the public and government
officials that put a lot of pressure on both retailers and the garment manufacturing industry.
Many companies have reacted to events such as this by improving the due diligence, monitoring and auditing
of their prospective and existing suppliers by creating clear written standards and greater transparency.
Conclusion
The importance of supplier codes of conduct is growing. A supplier code that is well-made and
thoughtfully written is beneficial to the company, the supplier, consumers and communities. As many
companies have requisite standards for the goods and services received from suppliers the same high
standards should be in place for ethical behaviours of the employees of supplying companies. The
increased availability of supplier codes can further the cause of integrity and human rights and reduce the
risk exposure for buying companies.
The best practices for supplier codes are evolving. Companies that have never had supplier codes are
drafting them for the first time. Likewise, companies that have not examined their supplier code in a
decade or more are beginning to make changes to bring them in line with current laws and best practices.
The trend is for companies to improve their supplier codes in three distinct areas: user-friendliness, making
the rules clear and concise, and better implementing the code at the supplier company.
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 24
Supplier codes should continue to become more user-friendly in terms of ease of understanding as well as
the presentation of the document. The information contained in the code should not be burdensome to
understand for readers; it should be simply stated. Many of the top codes today achieve this by having the
final readers in mind when they are created.
Real-world examples in codes via question-and-answer sections are essential to take them from a set
of rules on paper into real-world actions. Presenting the information in a document that contains
pictures, colours and company branding can also increase the likelihood that the code will be read and
remembered.
Another key area for future supplier code improvement is covering topics in a concise and comprehensive
manner. The chief goal of the supplier code is to communicate the expectations for ethical behaviors and this
should be done by covering all the essential risk topics, including topics that are relevant to the company’s
specific industry. Far too many codes today leave out necessary information on serious topics.
The final area in which supplier codes must continue to evolve is the area of implementation. Some of
the improvements for this section are simple fixes, such as listing a phone number, website or postal
address for readers to make reports or ask questions. Other areas require a more holistic approach where
companies must commit to enforce the code, audit suppliers and administer consequences to suppliers
that are not in compliance with the code. Every code should also mention that persons who make
good-faith reports will be protected from retaliation.
So while some codes are in line with best practice, most are not. Today, the typical supplier code is
four-pages long, contains no pictures, no colour, does not cover most of the important risk topics, is
difficult to understand and is too soft with no “teeth”. However, supplier codes should see noticeable
improvement in the coming years as consumers, investors, regulators, the media and the business
community are starting to increase their focus on ethical sourcing, supplier transparency and oversight.
Best practices will continue to evolve and companies must regularly advance their codes in accordance
with these trends to make sure they are in line with legal standards.
The Red Flag Group
Page 25
Appendix
Company codes used in this study
3M – Industrial manufacturing
ABB – Electronics, technology and telecommunications
Adobe – Electronics, technology and telecommunications
Air Berlin – Transportation
Alabama Aerospace – Aerospace and defence
Alcoa – Energy and extractive
Amazon – Retail
American Eagle – Retail
Anglo American – Energy and extractive
Apple – Electronics, technology and telecommunications
Aramark – Leisure and hospitality
ArcelorMittal – Energy and extractive
Atlas Copco – Industrial manufacturing
Balfour Beatty – Engineering and construction
Barnes & Noble – Retail
BASF – Chemicals
Baxter – Healthcare products and services
Bayer – Chemicals
Becton, Dickinson and Company – Healthcare products and services
BJ’s Wholesale Club – Retail
Bombardier – Aerospace and defence
BorgWarner – Automotive
Boston Market – Leisure and hospitality
Burlington Northern Santa Fe – Transportation
CA Technologies – Electronics, technology and telecommunications
Carquest Auto Parts – Automotive
Cemex – Engineering and construction
CH2M Hill – Engineering and construction
Chevron – Energy and extractive
The Clorox Company – Consumer products
Colgate-Palmolive – Consumer products
Continental AG – Automotive
The Co-operative Group – Retail
Corning – Electronics, technology and telecommunications
Costco – Retail
Covidien – Healthcare products and services
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 26
Cracker Barrel – Leisure and hospitality
Crane Aerospace & Electronics – Aerospace and defence
Cummins – Automotive
Daimler AG – Automotive
Danaher – Industrial manufacturing
Deere & Company – Industrial manufacturing
Delphi – Automotive
Deutsche Bahn AG – Transportation
DHL – Transportation
Disney – Leisure and hospitality
Dow Chemical – Chemicals
Dr Reddy’s Laboratories – Healthcare products and services
EADS – Aerospace and defence
Eastman Chemical Company – Chemicals
Eaton – Industrial Manufacturing
ExOfficio – Consumer products
Family Dollar – Retail
Fiat Industrial – Automotive
Fluor – Engineering and construction
FMC Corporation – Chemicals
Foot Locker – Retail
Fraport AG – Engineering and construction
Gap – Consumer products
General Electric – Industrial manufacturing
General Mills – Consumer products
GKN Aerospace, St. Louis – Aerospace and defence
H&M – Consumer products
Herman Miller – Consumer products
Hitachi – Electronics, technology and telecommunications
HOCHTIEF – Engineering and construction
Horizon Blue Cross Blue Shield of New Jersey – Healthcare products and services
Hewlett-Packard – Electronics, technology and telecommunications
Hyatt – Leisure & hospitality
IBM – Electronics, technology and telecommunications
Ingersoll Rand – Industrial Manufacturing
Intel – Electronics, technology and telecommunications
International Paper – Forestry, paper and packaging
Invensys – Industrial manufacturing
Irish Rail – Transportation
JDS Uniphase Corporation – Electronics, technology and telecommunications
The Red Flag Group
Page 27
KCOM Group – Electronics, technology and telecommunications
Kellogg Company – Consumer products
Kimberly-Clark – Forestry, paper and packaging
Kone – Engineering and construction
Lowe’s – Retail
Macy’s – Retail
Maersk – Transportation
Marks & Spencer – Retail
Marriott – Leisure and hospitality
McDonald’s – Leisure and hospitality
Merck – Healthcare Products and Services
Metsä Group – Forestry, paper and packaging
Microsoft – Electronics, technology and telecommunications
Momentive – Chemicals
Mondi – Forestry, paper and packaging
MTR Corporation – Transportation
NACCO Industries – Industrial manufacturing
Neenah Paper – Forestry, paper and packaging
Nestlé – Consumer products
Nike – Consumer products
Nokia – Electronics, technology and telecommunications
Nucor – Energy and extractive
Office Depot – Retail
OfficeMax – Retail
Ohaus – Electronics, technology and telecommunications
Oracle – Electronics, technology and telecommunications
Oshkosh Corporation – Transportation
Pacific Gas and Electric Company – Energy and extractive
PepsiCo – Consumer products
Qantas – Transportation
Quiznos – Leisure and hospitality
Renault–Nissan Alliance – Automotive
Resolute Forest Products – Forestry, paper and packaging
Ricoh – Consumer products
Rio Tinto – Energy and extractive
Roche – Healthcare products and services
Rockwell Collins – Aerospace and defence
Rolls-Royce Holdings – Aerospace and defence
Royal Dutch Shell – Energy and extractive
Sadara – Chemicals
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 28
Safeway – Retail
Sanofi – Healthcare products and services
SCA – Forestry, paper and packaging
Sealy – Consumer products
Sears – Retail
Shangri-La Hotels and Resorts – Leisure and hospitality
Shiseido – Consumer products
Siemens – Industrial manufacturing
SigmaQ – Forestry, paper and packaging
Singapore Airlines – Transportation
SMA Railway – Transportation
Sony – Electronics, technology and telecommunications
Sprint – Electronics, technology and telecommunications
Starbucks – Leisure and hospitality
Stora Enso – Forestry, paper and packaging
Stratas Foods – Consumer products
Subway – Leisure and hospitality
SunOpta – Consumer products
Target – Retail
Tata Steel – Energy and extractive
Teledyne – Aerospace and defence
Tim Hortons – Leisure and hospitality
Toshiba – Electronics, technology and telecommunications
Trinity Health – Healthcare products and services
Tyson Foods – Consumer products
Unilever – Consumer products
Union Pacific – Transportation
UPM – Forestry, paper and packaging
VSE Corporation – Aerospace and defence
Walmart – Retail
Weyerhaeuser – Forestry, paper and packaging
Wilsons Leather – Consumer products
Yum! Brands – Leisure and hospitality
Zale Corporation – Retail
The above referenced companies may request a complimentary scorecard for their supplier code of
conduct by sending an email to [email protected].
The Red Flag Group
Page 29
About The Red Flag GroupThe Red Flag Group is The Compliance Firm™ that helps companies turn compliance into a competitive advantage. We create customised and
integrated compliance solutions that add value to your business.
For more information go to www.redflaggroup.com.
About the authorRobert Leffel, Director of Advisory at The Red Flag Group, is an expert in corporate compliance. He has extensive experience consulting
hundreds of corporations across all major industry sectors on building effective, “best practice” compliance and ethics programmes.
A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
Page 30 The Red Flag Group
The Red Flag Group is a truly global company with offices and research centres in the United States, Europe, Asia, Africa and Latin
America. For more information visit www.redflaggroup.com.