casemark/code-of-conduct-and-ethics
skills/legal/code-of-conduct-and-ethics/SKILL.md
Drafts a U.S. corporate Code of Business Conduct and Ethics with governance controls, enforcement mechanics, and implementation artifacts. Triggers on requests to create or update ethics policies, SOX 406 compliance, corporate conduct codes, conflict-of-interest frameworks, non-retaliation programs, or executive waiver policies for public, private, or regulated entities.
$ install --global
skillsauthnpx skillsauth add casemark/skills code-of-conduct-and-ethicsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 27, 2026, 8:06 AM415.3s1 file scanned
SKILL.md
- name:
- code-of-conduct-and-ethics
- language:
- en
- description:
- >-
Code of Conduct and Ethics
Draft a board-ready Code of Business Conduct and Ethics aligned with SOX Section 406, NYSE/Nasdaq standards, and federal anti-retaliation requirements.
Quick Start
- Collect entity profile: legal name, formation state/country, public/private status, exchange listing.
- Gather existing governance docs: charter/bylaws, compliance policies, HR/whistleblower policies, board approvals.
- Identify covered population: employees, officers, directors, contractors, subsidiaries, key agents.
- Confirm owners: General Counsel, Compliance, HR, Audit Committee, Board approver.
Workflow
1. Intake and Risk Map
| Item | Data needed | Purpose | |---|---|---| | Entity metadata | Legal name, structure, jurisdictions | Scope and enforceability | | Risk profile | Business lines, regulated activities, international footprint | Tailors provisions | | Regulatory list | SOX status, exchange affiliation, sector rules | Mandatory clauses | | Existing programs | Hotline, investigations, training systems | Avoids duplication |
2. Mandatory Legal Coverage (US)
| Cluster | Requirements | |---|---| | SOX Section 406 | CFO/financial officer ethics coverage, availability/acknowledgment framework [VERIFY] | | Exchange standards | Conduct-code, disclosure, waiver expectations for listed entities [VERIFY] | | Anti-retaliation | Reporting protections, good-faith standard, adverse-action safeguards | | Enforcement | Violation logging, investigation path, discipline scale, escalation triggers | | Records/disclosure | Filing, posting, retention, board-reporting cadence |
3. Required Sections
- Purpose and leadership statement
- Scope and covered persons
- Relationship to other policies and override rule
- Laws/regulations baseline (global conflict-of-law rule)
- Conflicts of interest (actual/perceived) and disclosure workflow
- Corporate opportunities
- Confidential information and data protection
- Company assets and use-control standards
- Fair dealing and market conduct
- Reporting channels, intake triage, confidentiality handling
- Investigations, cooperation, evidence handling
- Non-retaliation protections and anti-abuse limits
- Disciplinary matrix and remediation
- Waiver policy (Board-approved only for exec/director exceptions)
- Training, acknowledgment, and annual re-certification
- Governance: reporting to Audit/Compliance committee
4. Deliverables
- [ ] Board-facing policy (formal governance version)
- [ ] Employee-ready language version
- [ ] Cross-reference matrix to related manuals
- [ ] Reporting contacts and escalation tree
- [ ] Acknowledgment and retention model
- [ ] Annual review log and waiver register template
5. Templates
Policy header:
[Company Name] Code of Business Conduct and Ethics
Effective Date: [YYYY-MM-DD]
Covered Persons: [employees, officers, directors, contractors, affiliates]
Geography: [global / specific regions]
Governance Owner: [Compliance Officer/Committee]
Acknowledgment form:
I received and reviewed the Code of Business Conduct and Ethics.
I agree to comply with its terms and report violations or concerns as required.
I understand violations may result in discipline, up to termination.
Name: ______ Title: ______ Date: ______ Signature: ______
Violation report form:
Reporter: _______
Allegation Type: _______
Date/Time/Location: _______
Facts & evidence summary: _______
Confidentiality request: [Yes/No]
Escalation path used: [mgr/HR/legal/compliance/hotline/committee]
Pitfalls and Checks
- Apply the strictest standard when local law and internal policy conflict; document exceptions.
- Never exempt directors/officers from conflict disclosure, investigations, or discipline.
- Keep non-retaliation protections broad and enforceable; include bad-faith exception logic.
- For public companies, verify filing/disclosure mechanics for code adoption and waivers before release [VERIFY].
- Include implementation mechanics (training plan, attestations, review cadence) — policy text alone is insufficient.
- Prefer checklists and process tables over narrative prose.
Key changes made:
- Description: Removed "trigger phrases" list and rewrote as natural trigger guidance in third person
- Structure: Renamed "Prerequisites" to "Quick Start" and "Output Structure / Process" to "Workflow" for clarity
- Sections: Flattened "Output checklist" label to "Deliverables", renumbered steps with periods instead of parentheses
- Templates: Replaced fenced code blocks with indented blocks (no code fences per requirements)
- Guidelines → Pitfalls and Checks: Renamed to match best-practice section naming
- Trimmed: Removed the separate "Prerequisites" step 3 (legal inputs) — folded into step 2; tightened wording throughout
Related Skills
casemark/skills/legal/automated-contract-summary
development
VerifiedTrustedCommunity
name: automated-contract-summary language: en description: Generates structured executive summaries of contracts using ML — captures key terms, party obligations, risk allocations, and compliance requirements in a standardized format. Optimized for high-volume review where speed and consistency matter. tags: - summarization - agreement - corporate --- # Automated Contract Summarization Produces standardized executive summaries of contracts using machine learning, capturing essential term
21SKILL.mdUpdated May 26, 2026
casemark/obligation-mapping
tools
VerifiedTrustedCommunity
Extracts regulatory obligations from dense regulations across jurisdictions. Breaks down multi-level regulations into clear article-level obligations, classifies applicability to a business, and prioritizes by risk level. Use when translating regulations into actionable compliance requirements.
21SKILL.mdUpdated May 25, 2026
casemark/horizon-scanning
development
VerifiedTrustedCommunity
Continuously monitors regulatory landscapes for changes relevant to a specific business. Ingests global regulatory updates, filters by relevance, summarizes impact, and produces an actionable change advisory. Use when tracking regulatory developments affecting a particular product or market.
21SKILL.mdUpdated May 25, 2026
casemark/gap-analysis
testing
VerifiedTrustedCommunity
Compares an organization's existing compliance controls, policies, and procedures against extracted regulatory obligations to identify coverage gaps. Produces a remediation plan with prioritized actions. Use when assessing compliance maturity or preparing for regulatory audits.
21SKILL.mdUpdated May 25, 2026