How-to guide: How to create a supplier code of conduct (UK)

Introduction

This how-to guide will assist in-house counsel, procurement teams, sustainability and ethical managers, and risk and compliance teams to create a supplier code of conduct (SCC). A SCC is important to improve supply chain sustainability and transparency and to reduce the risk of human rights breaches and environmental harm in your organisation’s supply chains.

While many organisations have policies and procedures in place to govern their own operations, activities in their supply chains can lead to negative environmental and human rights consequences. A SCC is an important tool for organisations to have to demonstrate that they take issues such as human rights, labour, the environment and corruption seriously. It is a way for an organisation to show that it expects suppliers to reduce their negative impacts to ensure that ethical standards are upheld throughout its supply chains.

The guide covers the following:

Overview: the purpose of a SCC
Preparing to draft a SCC
Drafting a SCC
Governance and implementation of the SCC

Section 1 – Overview: the purpose of a SCC

A SCC is created to ensure that a company’s suppliers put policies, procedures and systems of work in place to uphold human rights and environmental standards set by the organisation that drafts the SCC. Under the UN Guiding Principles (UNGPs), companies should seek to prevent or mitigate any adverse impact that is directly linked to their operations, products or services through their business relationships. These are not legally binding, instead, they clarify the corporate responsibility to respect human rights. They also provide guidance on how to put this responsibility into operation. A SCC is a means of communicating to suppliers the need to prevent or mitigate any adverse impact and can serve as a starting point to monitor any impacts that may be directly linked to the organisation that drafted the SCC.

Furthermore, the OECD Due Diligence Guidance for Responsible Business Conduct states that organisations can prevent and address adverse impacts by seeking to ‘build leverage into new and existing business relationships, eg, through policies or codes of conduct, contracts, written agreements or use of market power’.

Also, the recently adopted EU Corporate Sustainability Due Diligence Directive (CSDDD) requires companies to adopt a due diligence policy containing, amongst others, a code of conduct describing the rules and principles to be followed throughout the company and, where relevant, its direct or indirect business partners and a description of the measures taken to verify compliance with the code of conduct and to extend its application to business partners. While the European Commission has proposed several changes to the CS3D through the Omnibus package, which was introduced by the European Commission in February 2025, this requirement stays the same. For further information about the EU CSDDD, see Quick View series: Understanding the Corporate Sustainability Due Diligence Directive (CSDDD) – 1. Introduction to the CSDDD; 2. Compliance timelines and scope (EU); 3. Complex terminology and key principles; and 4. Implementation challenges and practical tips.

Other internationally recognised standards may also drive the purpose and contents of an SCC. For example, the Universal Declaration of Human Rights defines the basic human rights that everyone is entitled to, regardless of race, gender, beliefs, etc. The ILO Declaration on Fundamental Principles and Rights at Work defines workers’ rights in greater detail, no matter the economic context in which a supplier operates. These principles do not have to be included in a SCC, but they can be used as an example of the internationally recognised standards that suppliers must adhere to. In addition, the Ethical Trade Initiative’s Base Code contains key labour standards that organisations can incorporate into their SCC.

Establishing a SCC within your organisation not only defines the ramifications of non-compliance with the law and sets rules (eg, anti-bribery practices), it communicates your organisation’s ethical values, such as inclusiveness, gender equality, decent work or other cultural cornerstones. A SCC can enhance supply chain transparency and provide accountability to an organisation’s stakeholders and customers. It is also a tool for the business to build leverage with its suppliers by building expectations in the SCC around human rights and ethical labour standards.

To be effective, an organisation’s SCC must be well implemented and monitored. This can be challenging. Thorough planning and internal and external engagement are essential to ensuring the SCC is effective.

Organisations must allocate sufficient time and resources to monitoring their SCC to ensure that issues are identified and responded to, so that the document is not seen as a ‘tick-box’ exercise by suppliers. If this is done well, a SCC can become part of an organisation’s overall supply chain due diligence framework. In line with their responsibility under the UNGPs, it can enable suppliers to remedy behaviour that falls below minimum ethical standards that is caused by, or directly linked to, their operations.

Organisations must also consider how best to respond to breaches of the SCC. Relying on the threat of terminating the relationship with the supplier will not build trust and can cause suppliers to be less transparent. Therefore, organisations need to make suppliers aware of the organisation’s willingness to cooperate to help improve their performance and ensure they promote a culture of shared responsibility. A good example of a ‘shared responsibility’ approach is the Dutch clothing brand Zeeman. In 2022, Zeeman introduced a Two-Way Code of Conduct, which outlined expectations for suppliers but also established Zeeman’s own commitments as a responsible buyer.

Finally, to successfully implement a SCC across the supply chain, it is key that organisations set standards that are attainable and relevant to the organisation’s suppliers. To ensure this, organisations must engage meaningfully with their suppliers to understand their concerns and challenges and provide the necessary support and capacity-building to enable them to comply with the SCC. Organisations must also be prepared to demonstrate their own adherence to the same standards.

Section 2 – Preparing to draft a SCC

2.1 Identify the key risks in the organisation’s supply chain

While a SCC should be comprehensive in its coverage, it is worth considering your organisation’s salient supply chain risks so the SCC is drafted in a way that addresses and prioritises the most relevant issues. For example, an organisation may place additional emphasis on clauses relating to child labour if this is a particular risk associated with the sector in which it operates.

As well as these general considerations, companies should consult their prior risk mapping to establish any sectoral and geographical risks that apply to specific suppliers. If this has not been carried out already, consider a high-level desk audit of geographic risks and consult sector-specific guidance for business practice such as the OECD Guidelines for Multinational Enterprises, which outlines the issues to be considered when drafting the SCC.

Having considered the geographical context suppliers operate in, it is also essential to consider whether any requirements set out in the SCC are incompatible with national legislation. For example, suppliers may operate in a jurisdiction where trade unions are outlawed, in which case an SCC should state an alternative means of collective bargaining.

2.2 Assign operational responsibility for the SCC and build a team of cross-functional personnel

Ideally, senior leadership should be responsible for the SCC, including the company values, awareness of current problems, and intentions to address them. Although any staff member or team can be appointed to draft the code of conduct, it will usually fall to the sustainability and procurement departments. However, the SCC should be reviewed and signed off by legal counsel and senior leadership.

2.3 Consult internal and external stakeholders to identify their expectations

To ensure effective implementation of a SCC consider the dynamics within your supply chain. Your organisation should understand the number of suppliers the SCC will cover and whether you already have an established relationship and good communication with them.

Through discussions with key suppliers, an organisation can establish how realistic the requirements set out in its SCC are and whether suppliers will need additional support to meet them. For example, in the absence of such a relationship, suppliers who experience impossible demands from buyers are more likely to outsource labour without the buyer’s knowledge. When this happens, the lower-tier suppliers may not uphold the ethical values outlined by the buyer’s code of conduct.

It is also imperative to establish your organisation’s internal capacity to monitor and enforce the requirements of the SCC. You must establish how much oversight your procurement or management staff can commit to monitoring the effectiveness of the SCC. Gather information about the number of suppliers, and particularly the high-risk suppliers.

2.4 Map existing company policies and procedures and integrate them into the SCC

Assess your organisation’s capacity to establish an SCC and whether there are any existing procedures in place that can support it. For example, some organisations include the details of any internal or third-party whistle-blowing procedures in their SCC with the expectation that suppliers’ employees will use them to report any breaches of the SCC.

Public disclosures such as an annual report or modern slavery statement can feed into the drafting of the SCC. Specific goals outlined in these disclosures can be replicated in the SCC where relevant, to maximise the SCC’s contribution to the organisation’s overall strategy to address human rights and environmental risks. In the SCC, use language that is consistent with your other policies and statements to assist in communicating your organisation’s values and culture.

Assess your organisation’s current auditing and monitoring procedures to establish whether compliance with the terms of the SCC can be integrated into these assessments. For example, some organisations include their SCC as a reference document for third-party auditors to audit suppliers against.

Establish whether current contracts with suppliers can accommodate the terms of the SCC. The SCC can be a stand-alone document or can be incorporated into a ‘terms and conditions’ contract with a supplier.

2.5 Consult external guidance

Ensure industry standards and initiatives to which your organisation is a signatory or member are reflected in the SCC. If there are initiatives that suppliers are expected to sign up to, make sure these are not overly onerous or expensive for suppliers.

Section 3 – Drafting a SCC

This section sets out an overarching framework for the contents of a SCC. There are no mandatory requirements for a SCC and organisations should ensure the categories and information included are relevant to the supply chain.

3.1 Policy statement

The policy statement should include company values, an acknowledgement of any risk areas and a commitment to taking preventative as well as remedial action. The policy statement can also include an endorsement of the principles behind the SCC by your organisation’s leadership.

Company values should refer to any external guidelines that influence the principles behind the SCC. By including a summary of their purpose throughout the SCC, your organisation can provide the justification and context for the requirements expected of suppliers. They also act as a reference tool for the supplier in understanding key terms (e.g., referring to the ILO Worst Forms of Child Labour Convention, 1999 (No. 182) leaves no room for doubt as to what constitutes child labour).

As well as external resources, the policy statement can reference resources that suppliers have access to or that are publicly available. For example, your organisation’s modern slavery statement, sustainability report, human rights policy or annual report.

When drafting a policy statement, organisations must consider a supplier’s cultural and socio-economic environment and their ability to carry out contract requirements. It is important that the policy statement is broadly applicable to the supplier and not an unattainable goal as the supplier is likely to supply goods for multiple organisations, each with their own values written into their respective SCCs. As a result, organisations should ensure that their requirements around supplier culture and ethics are not so specific or demanding that they are unachievable. Meaningful engagement with the suppliers is key to achieving this.

3.2 Compliance with the law

Establish whether suppliers are expected to comply with the law of the jurisdiction in which they operate, or whether there are any other requirements. It is important to establish whether the organisation’s requirements are the ‘minimum’ or whether suppliers are expected to go beyond compliance with the standards set out in the SCC. A common clause to include in a SCC is one setting out that the minimum standard is compliance with local laws, unless these fall below the International Labour Organisation’s standards, in which case the latter will be the default minimum standard.

3.3 Set out how the organisation will monitor its suppliers’ compliance with the SCC

An organisation should outline how often it will assess its suppliers’ compliance with the SCC and how that assessment will be carried out. It is a good idea to be transparent with suppliers about whether they will have to:

carry out internal audits;
complete questionnaires;
expect site visits; or
whether any additional expectations will be put in place for high-risk suppliers.

Ongoing improvement should be your organisation’s clear goal throughout the SCC, and this section of the SCC is a good opportunity to emphasise this.

In some cases, organisations place the onus on suppliers to self-assess their compliance with the SCC and simply encourage them to raise concerns or seek clarification on any issues as they arise. In these situations, the more sophisticated suppliers may have monitoring procedures which are integrated into existing supplier audits. Audits can help to keep track of the implementation of the SCC and of how well suppliers are following it. These audits can be carried out by the supplier, for example, through a self-assessment questionnaire that is then shared with the organisation. Alternatively, some organisations have internal teams, or engage external auditors, to assess suppliers. For smaller-sized suppliers, organisations should consider providing financial and other support to build the suppliers’ capacity to assess and achieve compliance with the organisation’s SCC.

A strong SCC will provide the contact details of the person or department within the organisation responsible for overseeing the implementation of the SCC. These details should be given with an emphasis on transparent communication and cooperation. An organisation may also set out in its SCC a requirement for some form of sign-off and acknowledgement to be returned by the person responsible for the SCC at the supplier’s end.

Organisations can also use their Terms and Conditions (T&Cs) with suppliers to monitor compliance. This can be through contract clauses, short-form terms, or rewards incentives where suppliers are recognised as “preferred suppliers” if they comply.

3.4 Define the scope

Another key aspect of the purpose of a SCC is establishing its scope. Some SCCs include business partners, subcontractors, and suppliers lower down the supply chain, while others only cover direct ‘first-tier’ suppliers. Further definitions of other service-providing stakeholders should be provided to ensure that those who are bound by the SCC are clear as to its scope of application.

Establish whether it is appropriate or realistic to request that suppliers ‘cascade’ the principles of the code using a perpetuity clause that requires them to bind their own suppliers and subcontractors to the standards of the SCC. This is more likely to be appropriate in the case of larger suppliers with greater resources to exert leverage over their own suppliers.

3.5 Key issues to cover in the SCC

SCCs vary in terms of the level of detail that they include for each element. There is no one-size-fits-all approach to the information that can be included.

Address the four categories included in the United Nations Global Compact as set out below.

3.5.1 Human rights

As a minimum, the SCC must promote adherence to internationally recognised human rights, understood, at a minimum, as those expressed in the International Bill of Human Rights and the principles concerning fundamental rights set out in the ILO Declaration on Fundamental Principles and Rights at Work. It is more common for an organisation to draw on ILO standards as they are more applicable in the workplace.

For further information about human rights, see How-to guide: Understanding the legal framework for human rights and the importance of human rights due diligence (UK).

3.5.2 Labour rights

This section should include the organisation’s approach towards forced labour, child labour, discrimination, freedom of association, wages and hours, recruitment practices, health and safety as well as any other labour rights issues.

Labour rights should be detailed with reference to the ILO Declaration on Fundamental Principles and Rights at Work, taking into account the context where the organisation’s suppliers operate.

Any relevant guidance on health and safety at work should also be communicated within this section. This may include International Labour Standards on Occupational Safety and Health. For example, if the supplier provides hazardous materials such as chemicals, specific guidance such as the ILO Chemicals Convention should be referenced.

3.5.3 Environment

Environmental requirements will vary widely depending on the role of each supplier within the supply chain. As a result, different standards can be set and tailored for groups of suppliers. A more straightforward approach is to include general principles (eg, waste management, pollution minimisation or careful water use).

3.5.4 Anti-corruption

This section can reference any anti-bribery and corruption policies that the supplier is expected to adhere to and any corresponding applicable laws. The SCC should be comprehensive in its explanation of the issues covered under anti-bribery and corruption, explaining that advantages could relate to giving or receiving anything of value, including cash, gifts, services, job offers, loans, travel expenses, entertainment or hospitality.

See How-to guide: How to identify bribery and corruption risk (UK) and Checklist: Anti-bribery and corruption risk assessment.

3.6 Additional requirements

It is a good idea to refer to your organisation’s approach to whistleblowing, including whether supply chain workers have access to your organisation’s grievance mechanism.

If it is not included, the SCC should set out a requirement that suppliers ensure an accessible grievance mechanism is in place. Depending on the scale and structure of the supplier, a SCC may require suppliers to take corrective actions to address grievances and violations of labour standards reported via the whistleblowing channels and report on the outcomes.

Many organisations choose to include general principles which augment the categories of human rights, labour, environmental or bribery issues.

For example, the International Olympic Committee (IOC) chooses to emphasise to suppliers the principles of ‘transparency’ and ‘accurate claims and declarations’. By including these, the IOC highlights key issues that are distinct from the rest of the SCC and require additional emphasis as priority issues. Other, more specific requirements can also be included, such as a prohibition on subcontracting or a requirement to notify your organisation before engaging subcontractors. This particular example may be included where an organisation has identified a link between subcontracting and heightened forced labour risk in the supply chain.

3.7 Penalties for breaches

The SCC should state how your organisation will respond to any breaches, and what penalties or sanctions it will impose on suppliers. Any action must be proportionate to the severity of the breach. Suppliers must be given a reasonable timeframe to address breaches of the SCC and organisations should consider providing capacity building. Termination of the relationship with the supplier should be reserved as a last resort, to be exercised in response to the most grievous breaches or continuous failure to take corrective action. Organisations that are too quick to terminate relationships with suppliers risk causing further human rights violations. Note that the UN SCC sets out that only the most egregious breaches of the SCC will result in the termination of the agreement with the supplier.

It is useful to provide an outline of how corrective actions will be requested and monitored, as well as any examples of good practice to help suppliers implement the SCC.

It is important to maintain an appropriate tone in the SCC, encouraging transparency and cooperation, as opposed to threatening drastic action against suppliers. If actual or suspected issues arise, the SCC should encourage proactive communication with suppliers.

Section 4 – Governance and implementation of the SCC

4.1 Communication

Your organisation must assign responsibility to someone for the communication of the code to suppliers. This includes dealing with any supplier queries about implementation and monitoring. Who takes on this role will depend on the structure of the organisation but it is recommended that it is someone with direct oversight of the supply chain such as the head of procurement.

Communication of the SCC must be replicated internally to ensure that all staff who are involved in procurement or have regular contact with suppliers are aware of the principles and standards within it.

4.2 Training

Employees involved in procurement and supply chain management must be trained on the SCC’s provisions, its implementation and how compliance will be monitored.

Training for suppliers must also be offered as required. For example, if the SCC mandates specific reporting requirements or other standards, offer guidance to help suppliers meet them.

4.3 Incorporation into contract terms and conditions

It is common practice for organisations to contractually bind their suppliers to the SCC, making it easier to enforce their obligations and remediate breaches. It is essential that this is done with sufficient clarity. Suppliers may be uncomfortable with being contractually bound by general principles such as supporting the UNGPs, but specific requirements such as auditing and reporting expectations can be integrated into contractual terms and conditions.

4.4 Monitoring

Establish an internal procedure for the organisation to review compliance on a continuous basis. Assign responsibility for internal reporting on compliance and any breaches of the SCC, as well as the results of any corrective or remedial actions.

Outline a procedure for internally reporting on non-compliance and the outcomes of any remedial action. It is important that this information is reported to a senior manager or board member with oversight of supply chain standards.

Effective monitoring of the SCC provides an opportunity to run reward or incentive programmes, such as ‘approved’ or ‘preferred’ supplier status programmes, to encourage active participation in monitoring and implementation.

Organisations should consider how the SCC can be utilised to meet social and environmental reporting requirements. For example, section 54 of the UK Modern Slavery Act 2015 requires organisations to produce a slavery and human trafficking statement, including steps that it is taking to manage the risks of slavery and human trafficking in its business and supply chains. See Checklist: Checklist: UK Modern Slavery Act reporting requirements: Section 54 (UK) for further information.

The SCC provides an opportunity to measure engagement with suppliers with key performance indicators. For example, the number of suppliers provided with an SCC could be measured, or the percentage of suppliers to have signed and returned an acknowledgement of the SCC.

4.5 Reviewing the SCC

It is a good idea to assign responsibility to a director for ensuring the SCC is periodically reviewed and updated by legal counsel and signed off by senior leadership. This often-overlooked element is a crucial aspect in terms of operationalising an SCC, particularly within large organisations. This may involve checking that references to laws or initiatives are not outdated as well as addressing any changes in suppliers, personnel, or identified risks.

Schedule regular reviews of the SCC. At a minimum, carry out an annual review and a review whenever there is a significant change in the risk profile of the supply chain. Afterwards, update the SCC and any supporting documents to incorporate any improvements suggested during the review. Send the updated SCC out for sign-off from suppliers following a review to demonstrate that it is a living document that remains a priority for your organisation.

4.6 Responding to breaches of the SCC

Develop a separate SCC breach response procedure for your organisation that is suitable for its organisational structure and fits its processes. The key elements of this procedure should also be included in the SCC to ensure suppliers understand how responses to any actual or potential breaches will be managed.

The procedure should establish who will be involved in responding to breaches of the SCC, how and where key information about the breach will be documented, and the process for dealing with the breach. This process should involve communicating with the supplier, guiding them to take appropriate corrective action and remediation, and conducting a follow-up review to verify what action has been taken. Finally, the breach must be reported internally and reviewed to assess the need for any further measures to prevent the incident from reoccurring.

This practical resource was produced in partnership with Ardea International.

Additional resources

UN SCC
OECD Guidelines for Multinational Enterprises
UNGPS
UN Global Compact
Universal Declaration on Human Rights
ILO Standards
Ardea International, ‘The value of supplier codes of conduct: supporting transparency and improving performance’
Ethical Trading Initiative Base Code

Filed under

Topics

Laws

Modern Slavery Act 2015 (UK)