Comment Letter of the
Ethics Resource Center and
Thelen Reid & Priest, LLP

December 17, 2002

Mr. Jonathan G. Katz
Office of the Secretary
Mail Stop 0609
United States Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549

Re: Securities Exchange Act Release No. 33-8138; 34-46701; IC-25775 ("Release")
File No. S7-40-02

Dear Mr. Katz:

This letter is submitted jointly on behalf of the Ethics Resource Center ("ERC") and Thelen Reid & Priest LLP ("Thelen"). We appreciate this opportunity to comment on the Commission's efforts. Our joint comments relate solely to those provisions of the Release concerning code of ethics disclosure.

Thelen Reid & Priest LLP is a national law firm that represents public companies in a variety of capacities.1 The ERC is a nonprofit, nonpartisan, educational organization.2 The mission of the ERC is to be a leader and a catalyst in fostering ethical practices in individuals and institutions. The ERC has supported hundreds of business leaders, ethics officers, and nonprofit executives worldwide in designing, assessing, and improving their ethics initiatives. The ERC's clients range from leading Fortune 100 companies, to nationally known nonprofit organizations and leading trade associations.3


The ERC and Thelen appreciate the opportunity to comment on a very limited portion of the Sarbanes-Oxley Legislation ("Act") that is reflected in the Commission's proposed Rules relating to Section 406 and codes of ethics ("Proposed Rules"). We note that similar provisions requiring public companies to adopt codes of ethics for senior management and directors have been submitted to the Commission by the New York Stock Exchange and the NASDAQ Stock Market in connection with proposed changes in their listing standards. Each of these initiatives is driven by public outrage regarding the series of revelations over the past few years involving misconduct by senior management of public companies.

These well-publicized scandals have diminished investor confidence in our securities markets and have raised concerns about the erosion of corporate responsibility among our public companies. Moreover, similar concerns have been voiced regarding other gatekeepers in the financial services industry, particularly some securities analysts, who appear to have placed personal interests ahead of their duty to investors.

While widely-publicized events in the past year often have focused on small groups of individuals in positions of trust, in our experience, the central issues are frequently cultural and systemic problems - those which the Act and Proposed Rules attempt to address, in part, implicitly through requirements for public companies to have codes of ethics. In this comment letter, we have provided a general discussion of the role of ethical codes in organizations, and both a general and specific response to the questions raised by the Commission in the Release.


Section 406(a) of the Act requires the Commission to adopt rules requiring public companies to disclose whether they have a written code of ethics that applies to their "principal financial officer and controller or principal accounting officer, or persons performing similar functions." The Act and the Release identify the essential characteristics of a code of ethics in the specific context of public companies. For purposes of the Release, the Commission has defined a code of ethics in Item 406 to mean standards reasonably designed to deter wrongdoing and to promote:

  • Honest and ethical conduct, including the ethical handling4 of actual or apparent conflicts of interest between personal and professional relationships;

  • Avoidance of conflicts of interest, including disclosure to an appropriate person or persons identified in the code of any material transaction or relationship that reasonably could be expected to give rise to such a conflict;

  • Full, fair, accurate, timely, and understandable disclosure in reports and documents that a company files with, or submits to, the Commission and in other public communications made by the company;

  • Compliance with applicable governmental laws, rules and regulations;

  • The prompt internal reporting to an appropriate person or persons identified in the code of violations of the code; and,

  • Accountability for adherence to the code.

As the Commission indicated in the Release, the second, fifth and sixth prongs of the proposed definition supplement the requirements specified by Section 406 of the Act. The Commission also states that an effective code of ethics should describe the company's system for internal reporting of code violations and the consequences for non-adherence to code provisions. The proposed item disclosure also would extend the required coverage of the code of ethics to principal executive officers of public companies, and the Commission has inquired whether other persons, including the board of directors and general counsel, should be required to comply with the provisions of the code.

In addition, the Commission's definition of a code of ethics expands on the Act by adding provisions requiring "avoidance of conflicts of interest" and "disclosure to an appropriate person of any material transactions or relationships that may give rise to a conflict." The proposed definition also requires internal reporting of violations and the Release suggests that accountability means "clearly stated consequences for non-compliance."

The Act contains some, but not all, of the recommendations regarding a code of ethics that ultimately were made by the NYSE Corporate Standards and Listing Standards Committee. These recommendations are reflected in recently proposed rule changes to the listing standards of the NYSE and are similar to proposed rule changes affecting the listing standards for NASDAQ as well (collectively, the "Market Center Proposals").


We have detailed our comments more fully below. However, in summary, we recommend the following:

  • That the Commission define a "code of ethics" in a way that is consistent with a current understanding of the term by industry, and that it distinguish a "code of ethics" from a compliance manual or procedures, and that the Commission not require disclosure of procedures to assure compliance;

  • That the Commission allow companies to develop unique codes that express the required content in language relevant to their organizations;

  • That the Commission more fully define the meaning of the term "waiver" and that waivers granted only to executive officers and directors be publicly disclosed;

  • That the Commission consider the importance of the Federal Sentencing Guidelines in evaluating an ethical compliance program; and,

  • That the Commission not suggest that specific consequences for violations of codes of ethics be required - as opposed to consistent discipline for violations of codes of ethics.


    A. What Is a Code of Ethics?

Before proceeding into our specific comments relating to the Proposed Rules, we believe that it is important to place in context the use of "codes of ethics" and their creation. A code of ethics outlines a set of fundamental principles, whether or not they are the basis for operational or legal requirements or prohibitions. A code of ethics is a value-laden document, not one designed for expedience.

The essential aspects of creating a code generally involve creating a list of the guiding values and principles most important for the organization; creating behavioral standards to illustrate the application of those values to the roles and responsibilities of the persons affected; reviewing the existing procedures for guidance and direction of how those values and standards are typically applied; and creating the systems and processes to ensure that the code is implemented and effective.5

Typically codes of ethics are divided into five sections:

  1. The introductory section in which the organization introduces the code and explains why is it is being promulgated, to whom it applies, how it is to be used. The introduction also typically contains a personal statement by the CEO of commitment to the principles and values contained in the code and a promise to act congruently with those values.

  2. Statement of core values and principles with each value/principle defined in simple business language (principles may be "moral" principles such as honesty, respect, fairness, and (or) "pragmatic/business" principles such as excellence, profitability, quality, or customer satisfaction).6

  3. Behavioral examples illustrating each value/principle, with a clear statement that such illustrations are just that - illustrations - and are not intended to be inclusive or limiting. Often these examples involve the very types of dilemmas and ambiguities that an individual might encounter in the course of exercising his or her responsibilities and are supplemented with references to specific company policies.

  4. Discussion of the organization's supporting systems - the infrastructure that supports the code. Typically, this includes such items as where to go for interpretation, how to report suspected misconduct, where to find answers to frequently asked questions, and whether there are provisions to facilitate anonymity in using these systems. In addition, an organization will state its commitment to confidentiality and non-retaliation for the use of any of the supporting systems.

  5. A statement regarding personal responsibility, indicating that it is the individual's responsibility to know and understand the expectations and requirements set forth in the code and to meet those standards. This can, and often does, include the further requirement that employees report suspected misconduct and that failure to do so is in itself a code violation. It will also typically affirm the potential for disciplinary consequences up to and including dismissal for code violations.

    B. Why Companies Develop a Code of Ethics.

Apart from any listing requirements, rules of the Commission, or direct legal incentives, most public companies have determined to develop codes of ethics for the benefit of the company and its employees. A code of ethics serves a number of purposes. A code of ethics addresses the values of an organization and helps the company define what is right, fair, just, and good in those cases where it may be less than obvious which path constitutes the high road.7 It defines operational ideals and expectations that the organization has regarding its board, leaders, and employees. And, by describing the underlying principles and values of a company, its employees and directors can better understand and meet the expectations and requirements of the organization, even in situations not articulated in any document.

Ultimately a code will serve the company in several ways and moves employees, senior management, and the board forward towards multiple goals:

  • It is an ethical document defining what the organization means when it claims it is committed to upholding the highest ethical standards - it details the fundamental maxim - do the right thing, by defining right and wrong in some detail.

  • It creates a common vocabulary, and a sense of the ethical requirements. It facilitates dialogue about ethical issues and goes a long way towards ensuring that well-intentioned people will not mistakenly choose the wrong path when confronting situations not adequately addressed in policy, procedure, law, or regulation.

  • It has legal standing, in that the standards articulated become concrete evidence of the organization's expectations and intentions with respect to behavior.

  • It serves the organization in times of change and uncertainty, where the law and policy may be vague, or an issue is so new that law has not yet spoken.

  • It brings society at large to the cafeteria, executive dining room, and boardroom by reminding everyone that they represent the values of the company and that investors, stakeholders and society (and all of the interests it represents) also has a vested interest in the actions of individuals in the company and depends on them to do the right thing.

Apart from their general salutary purposes, the development and implementation of codes of ethics has been considered a "best practices" requirement for public corporations by the Ethics Officers Association and others (including government agencies) for many years, and as a necessary element of good internal controls. In addition to encouraging an appropriate corporate culture, companies have been motivated by public laws and judicial decisions to establish codes of ethics to supplement other procedures. As we discuss below, the Federal Sentencing Guidelines for Organizations of the U.S. Sentencing Commission ("Guidelines")8 establishes standards for an effective program that has been recognized by the Supreme Court as limiting liability of corporations.9 Moreover, in a widely-cited decision, the Delaware Chancery Court has suggested that directors who fail to assure that their companies have effective compliance programs may have violated their fiduciary duties.10


    A. The Commission Should Clearly Define What It Means by a "Code of Ethics."

Our perception is that many US-based public companies currently have codes of ethics that would meet the requirements set forth by the Commission and the Market Centers in most respects (although perhaps without director involvement and disclosure of waivers). However, these codes may vary from the "code of ethics" as defined in Item 406 in several ways. First, we note that the Release uses both the terms "code(s) of ethics" and "code(s) of conduct" without a clear differentiation, as though the terms were interchangeable.11 It is our belief that there is a significant difference and that the difference is worth noting. Our concern with this issue is generated by the Commission's inquiry about what must be filed with annual reports, and what revisions and waivers must be publicly reported.

A code of conduct is usually viewed as a listing of required behaviors, the violation of which would result in disciplinary action. The behaviors are specified and violation of the code of conduct is clearly determined by the presence or absence of the prescribed behavior.

Typically, a code of ethics is understood as a document founded on a set of core principles or values, as we discuss above. These principles are illustrated with behavioral examples and are expected to be understood, internalized, and applied in situations not specifically addressed within the code of ethics. It is the organization's expectation that the principles, once communicated and illustrated, will apply in every case and that failure to apply the principle can be a cause for disciplinary action, even in cases not specified within the code.

Further, codes of ethics are often both aspirational and operational. Codes of ethics are aspirational in that they set out ideals for ethical conduct that may reach higher than is practical at the moment (e.g. standards for openness, integrity, trust, teamwork, customer service which go far beyond that attainable in the current organizational culture/climate). They are operational in such matters as are within reach (e.g. total honesty in reporting of time and expenses, finite limits on gifts and gratuities and other ethical conduct that can be specified in policy and or procedure). In addition, within codes of ethics there is a realization that different individuals may apply the same principle differently, and therefore it is a matter of judgment regarding the appropriate application of a value or principle, rather than a black or white, "yes" or "no," interpretation of whether a code provision was applied.

To assure that there is a common language relating to the Commission's disclosure initiatives, particularly as it relates to filings, disclosure, and waivers, we believe that it is important for the Commission to define more fully what it means by a "code of ethics." In our view, a code of ethics should not be viewed as a compliance or procedures manual for purposes of providing detailed information through the public reporting system or for preventing violations of "all applicable governmental laws, rules and regulations."

    B. The Commission Should Not Suggest that Specific Language be Required.

We also applaud the Commission for emphasizing in the Release that codes of ethics do not lend themselves to being created from "boilerplate." The process may be common. The elements may be well understood. But, the actual document should be the outcome of active participation by boards and senior management - a vital process in which core values, roles, responsibilities, expectations, and behavioral standards are debated and decided.

The concept of "avoidance of conflicts of interest" may be expressed as the value of "loyalty."12 In the description of how individuals are expected to be loyal, a code of ethics would typically detail how loyalty plays out in conflicts of interest, and the need to separate personal needs from those of the organization. Additional reference points may offer direction to the employees, the board, or senior management. For example, the NYSE proposal references and discusses corporate opportunities; conflicts of interest; insider trading; confidentiality; fair dealing and the protection and proper use of company assets.

We also note that many companies operate in multiple jurisdictions, and will have significant affiliates and subsidiaries that may have their own codes. This may mean that some executive officers of a company are guided by an entirely different code from the public parent, designed to meet the cultural and legal concerns of his or her company. Thus, we urge the Commission to recognize that no single code or codes are required to satisfy the definition in Item 406.

    C. At Least All Executive Officers and Directors Should be Covered by the Code of Ethics.

If a company has a code of ethics, it should apply to all employees, including the principal executive officer and all senior financial officers.13 In addition, we believe, that boards of directors should be covered by the codes and actively involved in their oversight including, as we discuss below, reviewing their code periodically in light of the Federal Sentencing Guidelines.

By creating an artificial situation where there is a separate code for employees, another for senior financial officers or principle executive officers, and potentially one more for board members and committees of the board, the waters are muddied and too complex. The complexity can create confusion and lead to complications and perceived double standards within an organization that may undermine the integrity of the code. Pragmatic differences between board and employee activities can be addressed by policy statements.

    D. The Commission Should Consider the Operation of the Federal Sentencing Guidelines.

In addition to a code of ethics, there typically are numerous written and unwritten support mechanisms that will determine the effectiveness of the company's ethical compliance. Central among these is a formal program to communicate the company's core values to all persons within the company. These formal programs, as well as the implicit message communicated by the senior management of the organization, are far more important than the words of the actual code. The conduct and involvement of senior management of a company in communicating the values of the company is paramount. As one commenter noted:

Rarely do character flaws of a lone actor fully explain corporate misconduct. More typically, unethical business practice involves the tacit, if not explicit, cooperation of others and reflects the values, attitudes, beliefs, language, and behavioral patterns that define an organizational operating culture. . . . Managers who fail to provide leadership and to institute systems that facilitate ethical conduct share responsibility with those who conceive, execute, and knowingly benefit from corporate misdeeds.14

In order to be effective, the values defined in the codes of ethics must be regularly communicated. Ethics awareness programs often may take the form of comprehensive yearly professional conduct and compliance training for all employees, a periodic evaluation, and a mechanism for enhancing and strengthening the system.15 These mechanisms are important in assuring the effectiveness of any code of ethics.

Noticeably absent from the Release is any reference to the Federal Sentencing Guidelines. The Guidelines, which define an effective ethics and compliance program, include:

  1. Establishing ethics and compliance standards and procedures;

  2. Assigning specific, high level person(s) to oversee ethics and compliance;

  3. Taking due care in delegation of substantial discretionary authority to individuals;

  4. Effectively communicating standards and procedures to all employees and agents through training and also through printed and electronic materials;

  5. Monitoring and auditing the operation of the ethics and compliance program and establishing a retribution-free means (e.g., a helpline) for employees to obtain information about standards and procedures and to report possible wrongdoing;

  6. Consistently enforcing discipline of employee violations; and

  7. Responding promptly to any wrongdoing and remedy any program deficiencies.

The Guidelines enhance the Act's definition of a code of ethics, and benefit from being a well-recognized yardstick. A company that meets the standards set forth in the Guidelines should satisfy the criteria in Item 406 relating to accountability and internal reporting of violations. By referencing the Guidelines, the Commission would parallel requirements already being followed by many companies and increase the possibility of having a system in place that is consistent across branches of the federal government, and therefore helps ensure compliance. Moreover, we believe that many boards of directors will evaluate their codes, and the implementation of the ethics program, in light of the Guidelines as well as the Commission and Market Center Proposals.

By setting standards for companies to follow, similar to Guidelines, the Commission creates an audit trail for regulators and investigators to follow when trying to determine whether the company has made a meaningful attempt to ensure that employees are following the spirit of the ethics disclosure requirement. Thus, rather than inquire whether a company has a code of ethics, when revisions have been made, how violations are reported, and what specific sanctions are levied, a far more important inquiry is whether there is an effective program for implementing the code that meets the requirements of the Guidelines, the Commission, and Market Centers.

    E. Only Waivers Related to Directors and Executive Officers Should be Disclosed.

The Commission has specifically inquired whether a company should be required to disclose waivers of its code of ethics on the company's web site or in filings on Form 8-K. As we discuss above, the implementation of a code of ethics requires senior management to be knowledgeable of shared company values and reinforce them in both their words and actions. If a company has a procedure for granting waivers, the process should be described in detail and any waivers should be documented and, in some cases, disclosed. It is preferable that a company avoid waiving the provisions of its code, in all circumstances, and thus we recommend that any statements by the Commission not be construed to imply that it is suggested that companies have procedures in place to waive their provisions.

If, however, companies do have procedures in place, fairness dictates that employees be treated equally, although management and directors may hold themselves to higher standards. However, consistent with NYSE proposals for listing standards, waivers only should be reported as they pertain to directors or executive officers. Non-financial waivers granted to lower level employees would not be generally significant and should not be reported.

We caution the Commission that the application of values may not always be clear, and in many cases the exercise of judgment is required. For example, companies may have a legitimate business purpose in selecting a vendor in which an officer or director, or a relative, has an ownership interest. In addition, as the Commission notes, codes of ethics and compliance provisions may contemplate delegated approvals and decision-making for different types of actions. Where approval of transactions is required by a code, we are uncertain whether a "waiver" would have occurred. We would urge the Commission to carefully define what it means by "waivers," so that unnecessary and ambiguous disclosure is not provided, and so that a company may exercise judgment in applying its code.

    F. The Commission Should Not Suggest That Specific Consequences for Violations of the Code of Ethics Are Required.

Item 406 states a code of ethics must contain provisions requiring accountability for adherence to the code. In the Release, the Commission states that a code should have "clearly stated consequences for non-compliance." As we noted above, the Guidelines require that companies "consistently enforce discipline of violations." We think that it is important for the Commission not to suggest that the standards it is articulating require that a predetermined system of penalties be created in companies associated with their codes of ethics.

Generally, companies state that violations of the code may result in disciplinary action, up to and including dismissal. In our view, predetermined consequences would undermine the ability of the company to make decisions based on the unique circumstances in each case and should not be required by Item 406. Thus, we would recommend that the Commission use the concept of "consistently enforced discipline" as an alternative to suggesting specific consequences are required.

    G. Companies Should Consider Regular Reviews of Their Codes.

Finally, the Commission inquires whether a company should be required to disclose the date of adoption of its code of ethics and the date of the most recent update, or the company's frequency of review of the code. A code of ethics, much like strategic plans, once created will not stand forever. We believe companies regularly should review their codes to determine their utility given the changing demands of the organization. Certainly, the events in recent years will compel organizations to reexamine at least the clarity of their communication of corporate values.

It is our experience, however, that some organizations review their codes annually, while others have not reviewed their codes in many years. The disclosure of the date of revision will hopefully create pressure for an organization to regularly revisit its code, and to ensure that the code reflects the culture and priorities of the company.16 However, a more profound consideration is whether the company has in place a program to regularly assess and monitor the effectiveness of its code.17

It is important for the company to determine the degree to which the code is "integrated" into the formal and informal processes. Whether by surveys, interviews, factor analysis of decisions and discussions captured in minutes, or some combination of these and other techniques, senior management and the board should hold the code to a standard of relevance and utility to ensure that the agreed-upon core principles and values are not being perverted. We believe that boards should review information regarding the effectiveness of the company's ethics program on a periodic basis, whether or not any specific revisions are required. And, as we have suggested above, it may be appropriate for a board to make a more specific inquiry into whether the entire ethics program meets the requirements of the Guidelines.


We appreciate the opportunity to comment on the Release. Having a code of ethics is not a guarantee against corporate misconduct. As recent events illustrate, people are capable of seeking and finding ways to pervert the code's intentions, in ways as subtle as subconscious rationalization, or as blatant as fraud or other criminal conduct. An effective ethical program requires continual reinforcement of strong values. A code of ethics or detailed procedures designed to encourage full disclosure alone are not a substitute for good and honorable management, employees, and directors working to the best of their ability for the benefit of shareholders and others who have entrusted them with responsibility.

We would be pleased to discuss our views further with the Staff or the Commission. Please do not hesitate to call us.


Stuart C. Gilman, Ph.D.
Ethics Resource Center



Edward L. Pittman, Esq.
Thelen Reid & Priest, LLP

cc: The Securities and Exchange Commission
The Honorable Harvey L. Pitt, Chairman
The Honorable Paul S. Atkins, Commissioner
The Honorable Cynthia A. Glassman, Commissioner
The Honorable Harvey J. Goldschmid, Commissioner
The Honorable Raul C. Campos, Commissioner

Giovanni P. Prezioso
General Counsel

Jackson M. Day
Acting Chief Accountant

Alan L. Beller
Director, Division of Corporation Finance

Paul F. Roye
Director, Division of Investment Management

Annette L. Nazareth
Director, Division of Market Regulation

1 Thelen also has prepared corporate guidance related to other provisions of the Sarbanes-Oxley Act that is available at
2 The ERC seeks to: inspire individuals to act ethically towards one another; inspire institutions to act ethically, recognizing their role as transmitters of values; and inspire individuals and institutions to join together in fostering ethical communities. The ERC has been active in the debate regarding the role of corporate officers and directors in the wake of recent scandals. For further information regarding the ERC, see
3 Among the ERC's clients have been the World Bank, International Finance Corporation, Lockheed Martin, BellSouth, Merck Pharmaceuticals, United Way of America, the Department of Defense, and the International Brotherhood of Teamsters.
4 We understand the phrase "ethical handling" to mean that actual or apparent conflicts of interest are to be resolved in a manner that is consistent with both the letter and spirit of all applicable laws, regulations, policies, procedures, and the principles/values laid out in the code of ethics.
5 Most successful codes have been developed with the assistance of an experienced facilitator, schooled in the roles and responsibilities of senior management and boards, but more importantly, familiar with the subtleties of guiding a group of sophisticated and successful leaders through a process that causes them to confront their own sense of what is right, fair, just, and good.
6 Clearly articulated values are important because they provide a touchstone that reduces the likelihood that any individual employee's or executive's personal values would exist in conflict with those of the company. Some believe that more than a handful of values dilute their significance. Others believe that every applicable value deserves attention. Typically, however, codes list no more than seven to ten core values, choosing to "subordinate" others under the broader umbrellas. Among the values frequently used to define ethical standards are: accountability, courage, excellence, fairness, honesty, honor, integrity, leadership, quality, responsibility, respect, social responsibility/community, sustainable development (a recent addition to many lists), and trust (not a value in and of itself - more the consequence of ethical conduct). Several of these values might be characterized as "ethical values" (e.g. honesty and fairness) while others are more aptly described as "organizational values" (e.g. excellence and sustainable development).
7 See generally, Michael G. Daigneault, "Why Ethics?", Association Management (September 1997).
8 The guidelines are available on the U.S. Sentencing Commission's website at
9 See, e.g., Burlington Industries, Inc. v. Ellerth, 524 U.S. 742, 141 L.Ed 2d 633, 118 S.Ct. 2257 (1998).
10 See, In re: Caremark International Inc. Derivative Litigation, Civil Action No. 13670, Delaware Chancery Court (September 25, 1996).
11 The issue is further confused by the Market Center Proposals that refer to "code of conduct" (NASDAQ) and "code of business conduct and ethics" (NYSE). We would encourage the Commission to take consideration of the Item 406 definition in light of the two Market Center Proposals, and also to minimize the potential that other, potentially conflicting, standards may exist between the Commission's proposals and the Market Center listing requirements.
12 Avoidance of conflicts of interest also often is expressed in terms of "fairness" and "trustworthiness". The concept of "assuring full disclosure" also may be referenced in the context of "honesty." Honesty, for example, includes being candid, open, truthful, and free from deception and deceit in all actions - telling the truth, even when doing so may be difficult, and being forthcoming with all relevant facts and information in reports filed with the Commission and in communications with the investing public.
13 It would be consistent with the purpose of the Act in preventing conflicts of interest to specifically require that any code of ethics at least apply to all executive officers as defined in Rule 3b-7 under the Securities Exchange Act of 1934. As we suggest above, however, because the term may include certain executive officers of subsidiaries, the Commission should recognize that these officers may be subject to different codes, possibly reflecting the values and laws of other countries.
14 Lynne Sharpe Paine, Managing for Organizational Integrity, Harvard Business Review (March - April 1994).
15 See, Trevino, Weaver, Gibson, and Toffler, "Managing Corporate Ethics and Corporate Compliance: What Works and What Hurts," 41 California Management Review (Winter 1999) ("a firm's approach to ethics and compliance management has an enormous impact on employee's attitudes and behaviors ... we found that specific characteristics of the formal ethics or compliance programs matter less than the broader perception of the program's orientation toward values and ethical considerations.")
16 Some companies, for example, set annual expiration dates for their codes, which require the board to reapprove the code annually. This process has the benefit of focusing attention on changes that may have occurred in the organization and its values or laws affecting the code and has the additional benefit of reinforcing the values underlying the code.
17 The ERC believes that companies should disclose whether they have a process for annually reviewing their code of ethics, and ethics compliance program.