With the Post Office Horizon scandal ringing in public’s ears, the Institute of Directors is using the summer holiday period to consult until 16 August on a new voluntary Code of Conduct for Directors, which would not serve to add additional legal obligations on directors under the Companies Act 2006 but instead “sets a bar for director conduct beyond the legal baseline”. The purpose of the proposed Code is stated to be intended to “win back” public trust by “embedding the values that are already adopted as a matter of course by most responsible business leaders”.  

The Code would establish a framework of six principles of director conduct, inspired by the Nolan Principles of Public Life, each underpinned by specific undertakings and intended to secure the outcomes of respect, reputation, confidence, trust, relationships, legitimacy and resilience:

Principle 1: Leading by example: Demonstrating exemplary standards of behaviour in personal conduct and decision-making

Principle 2: Integrity: Acting with honesty, adhering to strong ethical values, and doing the right thing

Principle 3: Transparency: Communicating, acting and making decisions openly, honestly and clearly

Principle 4: Accountability: Taking personal responsibility for actions and their consequences

Principle 5: Fairness: Treating people equitably, without discrimination or bias

Principle 6: Responsible business: Integrating ethical and sustainable practices into business decisions, taking into account societal and environmental impacts

One of the undertakings associated with Principle 6 is to “Promote high business standards across the supply chain, particularly with regard to employment conditions and environmental impact”.

This undertaking aligns with and would expand upon the duty imposed on directors under section 172(1) Companies Act 2006 to promote the success of the company including by having regard to “the impact of the company’s operations on the community and the environment”, “the desirability of the company maintaining a reputation for high standards of business conduct”, “the interests of the company’s employees” and “the need to foster the company's business relationships with suppliers, customers and others”.

How might directors go about influencing their supply chains? Building requirements into procurement exercises and the development of standard terms and conditions of business which incorporate responsible and sustainable business practices are one method by which this might be achieved, with consideration given to, for example, requiring suppliers to:

• commit to paying a living wage;

• report on compliance with modern slavery, anti-bribery and anti-money laundering obligations;

• appoint their own suppliers prioritising the reduction of emissions; commit to use renewable energy; comply with and report upon environmental sustainability standards and transparency requirements;

• attain and maintain relevant accreditations;

• deliver increased sustainability in each year of the contract with a view to ultimately achieving net zero;

• offer apprenticeships, internships or other work-related opportunities to individuals from an area of relatively high deprivation having regard to the indices of deprivation;

• minimise gender pay gaps; commit to participating in diversity initiatives; and/or,

• provide training or mentorship opportunities.

Suppliers could be required to pass through those obligations to new or renewed contracts with their own supply chains.

In addition to imposing contractual obligations on suppliers, larger organisations can use their resources to support their supply chain, particularly micro businesses and SMEs, by offering education and training.

The voluntary Code contrasts with the EU’s approach, with the Corporate Sustainability Due Diligence Directive (EU) 2024/1760 having been published in the Official Journal on 05 July 2024 and thereby taking effect on 25 July 2024, which established a corporate due diligence duty which extends to business partners and will require the largest companies to  adopt and apply their best efforts to implement a transition plan for climate change mitigation aligned with the 2050 climate neutrality objective of the Paris Agreement, as well as intermediate targets under the European Climate Law.

As to the IoD’s consultation on the draft Code of Conduct for Directors, while voluntary codes and commitments such as these are laudable, too often they merely become a PR tool that bears no resemblance to the reality of an individual’s or organisation’s conduct. Nevertheless, and while we welcome the draft Code, we would also seek to expand upon it.

Having regard to the intended outcomes of confidence, trust and resilience, we would like to see the concept of responsible business under Principle 6 expanded, including to address the threat posed by cyber crime.

The Department for Science, Innovation and Technology’s Cyber Breaches Survey 2024 revealed that half of businesses (50%) and around a third of charities (32%) had reported having experienced some form of cyber security breach or attack in the previous 12 months, with the figures increasing significantly for larger organisations. This aligned with the Information Commissioner’s Office revealing that it had seen increased data breach reporting.

Despite this, the DSIT survey reporting that overall just 11% of businesses and 9% of charities reviewed the risks posed by their immediate suppliers and that even in relation to large businesses, less than half reported conducting supply chain risk assessments.

We have therefore responded to the IoD’s consultation, calling for Principle 6 to be amended to integrate risk management and for the underlying undertaking to reflect that the promotion of high business standards across supply chains includes resilience.

You can download our consultation response here:

Should your organisation require assistance in understanding and implementing its corporate social responsibility / ESG programme, or improving its cyber resilience and that of its supply chain, please contact us.

Find out more about our ESG and human rights services.