The Red Flag Group®
Code of Conduct written on a wooden cube in a office desk

In-depth study: Supplier Codes of Conduct

In-depth study: Supplier Codes of Conduct

Today’s supplier codes of conduct are better and more plentiful than those of a few years ago. Many companies are starting to recognise the importance of having a written code of conduct for their suppliers and other third parties, and the value that such a code can create for their business. The code sets a consistent standard for vendor organisations, is a vital part of corporate social responsibility and compliance and ethics programmes, and helps to advance integrity, responsible business practices and human rights.

Most companies have a uniform set of standards for the products and services they purchase, and similar standards should be in place for the ethical business principles that suppliers are expected to maintain. The supplier code is also becoming a document that is of importance to the public (including consumers and investors). The driving forces behind the increased focus on supplier codes can be attributed to more global and sophisticated supply chains, increased public scrutiny of corporate responsibility, human rights and environmental performance, new legislation and enforcement trends, as well as the work of leading organisations that set the trends and raise the bar.

The companies that scored well in this study did a number of things consistently well, and provided:

  • A clear explanation of rules and expectations for suppliers.
  • Adequate risk topic coverage.
  • Well-thought-out design and presentation.
  • Language about enforcement and implementation which clearly stated the right to audit and the consequences for non-compliance.
  • Unambiguous reporting channels.
  • A personalised letter of introduction from a senior executive which set a strong tone from the top.

Industry Supplier Code Scores

In August 2013, we examined over 500 companies’ websites and from this information we compiled a list of 150 random supplier codes of conduct.

All industries examined had a mix of good and not-so-good codes. Nevertheless, there were three clear standout industries and three laggard industries. While the industry average scores could be in part explained by the choice of codes that made up a particular industry and the presence of several particularly strong or weak codes in the industry mix, there could also be some industry-specific factors and trends that may help explain the score.

Averages by industry

Top 3

Energy and extractive69.08
Engineering and construction67.48
Healthcare products and services65.49

A number of factors could account for the above industries being the leaders. The top two in particular have a large proportion of robust codes. With more importance placed on environmental, anti-corruption and other legal and regulatory compliance there is much more scrutiny by the regulators and general public to create greater transparency and accountability in the supply chain. Conflict mineral laws put significant pressure on the extractive industry, including smelters and refiners. Companies aim to reassure investors and consumers that potential conflict minerals concerns have been addressed.

Other plausible explanations for the above-average codes in these industries are that they have better quality of compliance programmes in general or a higher allocation of budget for creating supplier codes of conduct.

All three of the above industries are known for having a relatively high degree of regulation and/or litigation, and are therefore inclined to have more robust compliance programmes. Internal buy-in from executives regarding supply-chain compliance could equate to more focus on the creation of a supplier code of conduct, resulting in a better code. Lastly, it could be contended that these companies rely on the supply chain more than many other industries and a premium code could prove a worthwhile return on investment.

Bottom 3

Forestry, paper and packaging48.88
Leisure & hospitality48.78

When looking at the three industries with the lowest averages, a number of factors could be contributing to the lower-than-average scores. One factor is the general lack of publicly-available supplier codes for these industries. Locating codes for these three industries was more difficult than locating codes for other industries.

Perhaps one of the most puzzling underperformances was from the forestry, paper and packaging industry, despite the presence of some solid codes such as those of Kimberly-Clark and SCA. The industry is subject to significant public scrutiny and risk due to the high environmental and human impact. We would therefore expect this sensitivity to be adequately translated into robust supplier codes. There are a number of other programmes in place for sustainability in ethical sourcing and responsible forestry, but the increased focus on corporate social responsibility (CSR) has not yet been apparent in supplier codes.

One of the industries that heavily relies on directly appealing to consumers is the leisure and hospitality industry, primarily made up of restaurant and hotel companies. These companies should have a major focus on the supply chain to ensure quality of products, yet many of the companies in this industry appear to have weak or unavailable codes, with the exception of a few top performers, such as McDonald’s.

Top ten codes 

Commentary on the top five codes

5 – Merck

Merck’s supplier code of conduct is available in 27 different languages. The code also has multiple avenues for readers to make reports or speak up. Merck was also on the shortlist of companies which included industry-specific risk topics, such as pharmaceutical marketing.

4 – ArcelorMittal

ArcelorMittal’s code includes a great opening letter from the senior vice presidents involved in procurement. The code discusses the systems behind the document, such as supplier training, audits and evidencing compliance with the code. The presentation of the code is also far above average.

3 – McDonald’s

The McDonald’s supplier code of conduct has the best branding of all of the codes reviewed. The golden arches appeared multiple times throughout, along with pictures of products and workers. A great innovation in the McDonald’s code is a new way for readers to make reports: text messaging via cell phone. Given the popularity of text messaging it is truly pioneering to include this as a method of raising concerns.

2 – CH2M Hill

CH2M Hill’s code scored maximum points in the category of risk topics. The code is skilfully written and can be understood by a wide audience. Listing reporting avenues is a best practice but CH2M Hill takes this further, reassuring potential reporters by highlighting whistleblower protection.

1 – Balfour Beatty

Balfour Beatty owns the top supplier code. There is a sincere introduction from the CEO that sets the stage for the truly great code that follows. The code contains practical examples of inappropriate gifts and entertainment, health and safety and subcontracting. Balfour Beatty’s supplier code is certainly one of the newest, most innovative and most complete codes out there today.

Employee code versus supplier code

When drafting a supplier code a company may naturally turn to its employee code of conduct as a starting point. While the two documents are similar in nature, a number of things must be considered to create a quality supplier code of conduct that is distinct from the employee code of conduct but similar in calibre. The most obvious difference is the intended audience: since supplier codes generally apply to an entire global supply chain, the many cultures and varying laws around the globe must be taken into account. With these varying audiences, the topics covered and depth of coverage is a great divergence. The length of a supplier code is also very different to that of an employee code. Supplier codes are much shorter than employee codes –generally around half to one-third of the size.

Naming the code

The code will typically have “supplier”, “business partner”, “vendor” or “third party” included in the title. By far the most common nomenclature in the title of supplier codes is simply “supplier”.

Evolution of supplier codes

Years ago, many companies did not have a supplier code at all. Any language regarding ethical standards was relegated to supplier contracts or other purchasing agreements. With the creation of standards such as the United Nations Global Compact or the California Transparency in Supply Chains Act of 2010, along with some leading industry initiatives such as the Electronic Industry Citizenship Coalition Code of Conduct, many companies began to give more credence to existing supplier codes or created a supplier code for the first time. In the current supplier code landscape only a handful of organisations’ codes are in line with best practices, but this is the highest standard that supplier codes of conduct have been.

Underlying guidelines

The mostly widely referenced and internationally recognised standards are the ten principles set forth by the United Nations Global Compact. Similar to the standards for employee codes under the Sarbanes-Oxley Act, these principles are very broad. It is the task of code writers to expand upon these basic principles and form them into practical guidance for suppliers.

Another key driving initiative behind supplier codes and their development has been the California Transparency in Supply Chains Act of 2010. This law, which came into effect on 1 January 2012, requires retail sellers and manufacturers doing business in California to “disclose their efforts to eradicate slavery and human trafficking from their direct supply chains for tangible goods offered for sale”.

Industry-specific standards are another main influence for guidelines in supplier codes. These include the Extractive Industries Transparency Initiative principles and the well-known standards of the Electronic Industry Citizenship Coalition Code of Conduct. These types of self-regulating standards are of great importance and similar standards should be adopted by other industry groups.

The hallmarks of supplier code of conduct best practice


Best practice supplier codes are in a downloadable format (preferably PDF) on a page of a public website and can easily be found by employees of suppliers, consumers and investors. Nearly 90 percent of the supplier codes we studied were in PDF format.

The code should also be translated into a number of languages, when appropriate, for suppliers’ employees. Slightly more than a quarter of companies made the code available in multiple languages, even though most of the codes reviewed belonged to companies with international supply chains and/or international business presence.

Leadership visibility and values

A supplier code of conduct should contain at least an introduction or similar communication from a senior executive, such as the CEO, president, head of procurement or chairman of the board. Less than 20 percent of the codes we reviewed had any language from a senior executive.

Becton, Dickinson and Company (BD) performed the best in this area, with multiple quotes from executives in callout boxes throughout their code. Teledyne’s supplier code had a personalised opening letter from their chairman, president and CEO to introduce the document and call attention to the relationship between the company and its suppliers.

Understanding the code

A best-practice supplier code will typically be 2000 to 4000 words long. The majority of codes examined were shorter than this.

A supplier code should be written in a tone and grade level that is easily understood and can be translated into multiple languages. The recommended reading level for a supplier code of conduct is a tenth-grade to twelfth-grade level, which makes translating the code easier. The majority of existing codes were above this grade level range and employed language that was too complex and legalistic, and thus difficult to understand.

Risk topics

Best-practice supplier codes will address about a dozen of the core risk topics. There should be a balanced when covering risk topics so enough information is given to readers to know how to act in an ethical and compliant manner without going into too much detail.

Many of the codes studied attempted to appeal to a wide audience by covering risk topics generally rather than specifically. Some codes had only one sentence for crucial topics such as harassment, confidential information or conflicts of interest. 

Ethical standards are best communicated in supplier codes of conduct by having clear and sufficiently detailed coverage of the following risk topics:

When it came to covering risk topics, two of the very best codes of conduct were those of Microsoft and Baxter International. Both companies comprehensively covered risk topics while still maintaining a concise code. It is also best practice to have a number of real-world examples (question-and-answer examples are best) placed in the supplier code. Unfortunately, only 13 percent of codes had any sort of learning aids, and ten percent were only very basic lists or bullet points.

Reporting violations

Information about how to raise concerns is one of the most critical (and often overlooked) parts of a supplier code. It is recommended that supplier codes list at least three different avenues for making reports. 

Supplier codes should also encourage speaking up by including language about non-retaliation to reassure would-be whistleblowers. Over 70 percert of the examined codes had no language about non-retaliation.

Look and feel

To be in line with best practices, a code should be professionally designed, complete with branding, colours and photographs that reflect the brand and the nature of the company. Only 12 percent of the codes examined had any sort of company branding, while over 70 percent had no images or photographs whatsoever.

Oshkosh Corporation and McDonald’s offer great examples of branding in a supplier code of conduct – both include photographs of their products, facilities and workers and consistently use company colours and logos. A code that looks visually appealing is more likely to be read as it is less intimidating than a code that resembles a contract or legal memo.

Implementation and enforcement

Most of the codes examined in our study were silent on what actions the suppliers were expected to take to implement the code within their organisations. Only 17 percent noted the need for suppliers to train their employees on the code. While 51 percent of codes mentioned that the code should to be followed by suppliers, only 30 percent had explicit language stating that following the code was mandatory and a condition of doing business with the company.

Only slightly more than half of the codes mentioned the right of the company to audit or monitor supplier compliance. Most codes (92 percent) had some mention about the repercussions of not following; however only 30 percent noted the specific consequences (termination of contract, etc.), with 31 percent including only ambiguous language about corrective actions and another 31 percent vaguely inferring that there may be consequences for not following.

Forty-two percent of codes mentioned that suppliers needed to maintain relevant documentation to prove that they were complying.

Only six percent of codes noted that suppliers were required to self-monitor compliance with the code, while nearly a third of supplier codes stated that they expected suppliers to self-monitor.

Innovation and CSR

Companies often include additional language in their supplier codes of conduct which is aimed at broader stakeholder audiences as well as suppliers. Best-practice supplier codes mentioned key elements of the CSR programme, such as sustainable activities, environmental preservation and human rights. Often CSR was mentioned only briefly, but still effectively. Kimberly-Clark’s code had an excellent section discussing environmental commitments and social sustainability, which related the code back to the larger CSR global effort. Of the 150 codes examined, over 63 percent had some mention of CSR initiatives.

Importance of supplier codes

Supplying companies should certify that they have made the relevant supplier codes of conduct available to their employees as well as certifying that those employees have followed the codes. This gives buying companies something to rely on if there is a serious or public violation of a supplier code or other law. There is also an intrinsic good in promoting integrity and good practices.

Supplier codes play a role in improving the working conditions and wellbeing of supplier employees. Of the 150 codes that were examined, nearly 90 percent had some remark on human rights, including child or forced labour and working conditions.

The supplier’s working conditions and the buying company’s role are often scrutinised when there is a tragic event. No company can risk the reputational damage that would almost certainly result from accusations of condoning or not doing enough to prevent sweatshops or other substandard workplace conditions.

A deadly and horrific tragedy occurred in Bangladesh in May 2013, when the Rana Plaza, an eight-storey garment factory, collapsed. The death toll was 1129, and over 2500 others were injured. Major global retailers were purchasing garments made at the building and there was an outcry from the public and government officials that put a lot of pressure on both retailers and the garment manufacturing industry.

Many companies have reacted to events such as this by improving the due diligence, monitoring and auditing of their prospective and existing suppliers, by creating clear written standards and greater transparency.


The importance of supplier codes of conduct is growing. A supplier code that is well made and thoughtfully written is beneficial to the company, the supplier, consumers and communities. The increased availability of supplier codes can further the cause of integrity and reduce the risk exposure for buying companies.

The best practices for supplier codes are evolving. Companies that have never had supplier codes are drafting them for the first time. Likewise, companies that have not examined their supplier code in a decade or more are beginning to make changes to bring them in line with current laws and best practices. The trend is for companies to improve their supplier codes in three distinct areas: user friendliness, clarity and rules.

Best practices will continue to advance and companies must regularly develop their code in accordance with these evolving trends to make sure their supplier code of conduct is in line with legal standards and best practices.