casemark/code-of-conduct

Code of Business Conduct and Ethics

Drafts a governance-grade Code of Business Conduct and Ethics that satisfies SEC, SOX §406, NYSE §303A.10, and NASDAQ Rule 5610 requirements while providing actionable ethical guidance organization-wide.

Prerequisites

1. Company identification — legal name, jurisdiction, public/private status, exchange listing
2. Existing governance documents — current codes, ethics policies, board resolutions, mission/values
3. Operational scope — geographic footprint, industry sectors, subsidiaries, regulated activities
4. Regulatory profile — industry-specific requirements (healthcare, financial services, government contracting, defense)

Quick Start

1. Gather company identification, existing governance documents, and regulatory profile
2. Search uploaded documents for existing codes, mission statements, compliance commitments, and org structure
3. Draft the Code following the required sections below, tailoring to the company's industry and listing requirements
4. Validate against the SOX §406 and exchange listing checklists
5. Include reporting channels, acknowledgment form, and waiver procedures

Required Sections

| # | Section | Key Content | |---|---------|-------------| | 1 | Leadership Statement | CEO/Board Chair message; tone from the top; shared responsibility | | 2 | Scope & Applicability | Covered persons (employees, officers, directors, contractors); enhanced SOX §406 provisions for senior financial officers | | 3 | Relationship to Other Policies | Policy hierarchy; most-stringent-standard conflict resolution | | 4 | Legal Compliance | Baseline obligation; multi-jurisdiction compliance; conflicts of law | | 5 | Conflicts of Interest | Definition, examples, disclosure obligations, approval process; actual AND apparent conflicts | | 6 | Corporate Opportunities | Delaware law framework; no personal exploitation without board approval | | 7 | Confidentiality | Protected information scope; third-party obligations; post-employment survival; whistleblower carve-outs | | 8 | Protection of Company Assets | Physical, IP, informational, financial assets; personal use policy | | 9 | Fair Dealing | No unfair advantage via manipulation, concealment, or misrepresentation | | 10 | Reporting Procedures | Multiple channels: supervisor, HR, Legal, Compliance Officer, Ethics Hotline (anonymous if applicable), Audit Committee | | 11 | Non-Retaliation | Broad retaliation definition; good-faith standard; consequences for retaliators | | 12 | Enforcement & Discipline | Proportionate sanctions (counseling → termination → criminal referral); secondary liability for failure to report | | 13 | Waivers | Extraordinary circumstances only; Board/committee approval for officers and directors; SEC/exchange public disclosure | | 14 | Acknowledgment | Receipt, understanding, compliance commitment; annual re-certification option |

SOX §406 Checklist (Public Companies — Senior Financial Officers)

• [ ] Honest and ethical conduct, including handling actual/apparent conflicts
• [ ] Full, fair, accurate, timely, understandable disclosure in SEC filings
• [ ] Compliance with applicable governmental laws, rules, and regulations
• [ ] Prompt internal reporting of Code violations
• [ ] Accountability for adherence

Exchange Listing Requirements

| Requirement | NYSE §303A.10 | NASDAQ Rule 5610 | |-------------|---------------|-------------------| | Covered persons | Directors, officers, employees | All employees | | Conflicts of interest | Required | Required | | Corporate opportunities | Required | Required | | Confidentiality | Required | Required | | Fair dealing | Required | Not explicitly required | | Asset protection | Required | Not explicitly required | | Compliance with law | Required | Required | | Reporting mechanism | Required | Required | | Waiver disclosure | Required (Form 8-K or website) | Required (Form 8-K or website) | | Public availability | Website posting required | Website posting required |

Industry-Specific Additions

| Industry | Additional Provisions | |----------|----------------------| | Healthcare | Anti-Kickback Statute; Stark Law; HIPAA; research integrity | | Financial Services | Insider trading; fiduciary duties; customer privacy; BSA/AML | | Government Contracting | Procurement integrity; cost accounting standards; security clearances | | Defense | ITAR/EAR export controls; classified information; DFARS compliance | | Technology | Data ethics; AI governance; open source compliance |

Common Pitfalls

• Missing SOX §406 enhanced provisions — public company codes must include specific provisions for senior financial officers; omitting these creates a disclosure gap
• Single reporting channel — regulators expect multiple independent channels including anonymous options; provide at minimum supervisor, Legal, Compliance Officer, and Ethics Hotline
• No waiver disclosure process — SEC and exchange rules require public disclosure of officer/director waivers via Form 8-K or website posting
• Overly legalistic tone — the Code must be comprehensible from entry-level employees to board members; avoid unnecessary jargon while maintaining precision
• Ignoring cross-border issues — for international operations, address conflicts of law, translation requirements, and local works council consultation
• Missing employment disclaimer — include jurisdiction-appropriate language that the Code does not create an employment contract
• No version control — include effective date, version number, and annual review cadence

Drafting Guidelines

• Professional but accessible tone; aspirational yet practical
• Include concrete scenarios illustrating real business application
• Address ESG/emerging issues (AI ethics, data governance, sustainability) where relevant
• Establish Board reporting expectations to Audit Committee or Ethics & Compliance Committee