some.im
开始使用

prompt-pack-code-of-conduct

Category: Coding Risk: Unknown ★ 3.9 · Rating 3.9/5 (8) sboghossian/mini-claude-for-legal MIT

Rating is derived from the repo's GitHub stars and shown for reference.

Download zip View source

name: prompt-pack-code-of-conduct
description: Use when a company needs to draft or update a Code of Conduct (or Business Ethics Policy) covering ethical principles, conflicts of interest, gifts and entertainment, anti-bribery and corruption, confidentiality, fair dealing, compliance with laws, and reporting and enforcement mechanisms. Relevant across MENA (UAE, KSA, LB, EG), DIFC/ADGM, and internationally; must address both local anti-corruption law and applicable extraterritorial regimes (UK Bribery Act, US FCPA) for companies with international exposure.
license: MIT
metadata:
id: prompt-pack.code-of-conduct
category: prompt-pack
practice_area: corporate-governance
priority: P2
intent: [drafting, code-of-conduct, anti-bribery, ethics, corporate-governance, compliance]
related: [prompt-pack-corporate-governance-policy, prompt-pack-delegation-of-authority-matrix, prompt-pack-director-indemnification-agreement, prompt-pack-whistleblowing-policy]
source: Louis — HAQQ Legal AI (github.com/sboghossian/mini-claude-for-legal)
version: "1.0"

Code of Conduct

A Code of Conduct is one of the most visible governance documents a company produces — it signals values to employees, regulators, and counterparties. It must be aspirational enough to set a cultural standard and specific enough to guide decisions in the gray areas where employees face real choices.

When to use this

  • A company is incorporating or scaling and needs a foundational governance document.
  • An existing Code needs to be updated following a regulatory change, a compliance incident, or an international listing requirement.
  • A MENA company operating internationally needs to address extraterritorial anti-corruption laws (UK Bribery Act 2010, US FCPA) alongside local law.
  • An investor or counterparty due diligence process has identified the absence of a Code as a red flag.
  • The company is seeking a listing on a regulated exchange (DFM, ADX, Tadawul, LSE, NYSE) with mandatory governance disclosure requirements.

Required inputs

Input Why it matters Sensible default
Company name and jurisdiction(s) of operation Determines applicable law and cultural calibration Ask the user
Company size and sector A financial institution or government contractor needs more specificity than a small tech firm Ask the user
Applicable anti-corruption regimes UK Bribery Act applies to UK-nexus companies; US FCPA applies to any company with US listing or operations Ask the user; include both if in doubt
Whether the company interacts with government officials Determines depth of public official / procurement section Ask the user
Whether a whistleblowing / speak-up channel already exists Allows cross-reference to existing mechanism Ask the user

Optional inputs

  • Existing policies the Code should cross-reference (Anti-Bribery Policy, Gifts & Entertainment Policy, Conflict of Interest Policy).
  • Whether the Code applies to third parties (suppliers, agents, JV partners) — increasingly required under supply-chain due diligence frameworks.
  • Languages in which the Code will be published (Arabic version required for UAE/KSA onshore enforcement).
  • Acknowledgment and training requirements.

Document structure

1. Introduction and CEO / Leadership message

A personal statement from the CEO or Chair establishing tone from the top. Not just a formality — regulators and juries have treated the presence or absence of a credible leadership message as evidence of culture.

2. Scope and applicability

  • Applies to all employees, directors, officers, and (if stated) agents, contractors, and JV partners.
  • State governing law for interpretation disputes.
  • Note that the Code supplements, and does not replace, applicable law.

3. Our values and ethical principles

  • Integrity, transparency, accountability, respect, and fairness (or the company's stated values).
  • State that the company competes on merit, not connections.

4. Conflicts of interest

  • Definition: a situation where personal interests conflict with the company's interests.
  • Disclosure obligation: all potential conflicts must be disclosed to the line manager and/or compliance function immediately.
  • Common examples: outside employment, investments in competitors or suppliers, personal relationships with counterparties, family members in relevant roles.
  • Process: written disclosure → review by compliance / legal → management approval or recusal.
  • Board members: address separately if applicable (often governed by the Articles / MoA and applicable companies law).

5. Gifts, hospitality, and entertainment

  • Policy: gifts and hospitality may only be given or received if they are modest in value, not in cash, not given to or from a public official without compliance pre-approval, and would not embarrass the company if disclosed publicly.
  • Thresholds: set a monetary cap (e.g., USD 100 / AED 400 per occasion; USD 250 / AED 1,000 per year per counterparty) — below the de minimis under UK Bribery Act guidance.
  • Prohibition: no gifts to or from government officials without prior written approval, even if permitted by local custom.
  • Log: maintain a gifts and hospitality register.

6. Anti-bribery and anti-corruption

This is the highest-stakes section. Key elements:

  • Absolute prohibition on bribing any person, public official or private, directly or through an intermediary.
  • Prohibition on "facilitation payments" (UK Bribery Act and US FCPA do not recognise a facilitation payment exception for most scenarios; local MENA laws are not uniform on this).
  • Due diligence on agents, intermediaries, and JV partners who interact with government.
  • Prohibition on making political contributions on behalf of the company without board approval.
  • Prohibition on charitable donations that are, in substance, bribes.

MENA legal framework note:

  • UAE: Federal Decree-Law No. 31 of 2021 (Penal Code) prohibits bribery of public officials; the Anti-Money Laundering Law (Federal Decree-Law No. 20 of 2018) covers corruption proceeds.
  • KSA: Anti-Bribery Law (Royal Decree M/36, 2017); applies to public and private sector; Nazaha (Oversight and Anti-Corruption Authority) is the enforcement body.
  • Lebanon: Penal Code Articles 351–366 cover bribery; Law No. 175 of 2020 established the National Anti-Corruption Commission (NACC).
  • Egypt: Penal Code and Law No. 58 of 1937; Administrative Prosecution Authority and Central Auditing Organization have investigative roles.
  • UK Bribery Act 2010: Applies to any company carrying on a business in the UK; corporate offence of failure to prevent bribery has no intent requirement — the defence requires adequate procedures.
  • US FCPA: Applies to issuers listed on US exchanges, US companies, and any person acting in the US territory; anti-bribery and accounting provisions.

7. Confidentiality and information security

  • Obligation to protect confidential information of the company and of third parties.
  • Prohibition on insider trading using material non-public information (especially relevant for listed companies or companies with listed group members).
  • Data privacy obligations (UAE PDPL, DIFC/ADGM data protection law, GDPR if applicable).
  • Social media and public communications policy cross-reference.

8. Fair dealing and competition

  • Compete on merit; do not engage in anti-competitive practices (price-fixing, market allocation, bid rigging).
  • Do not obtain competitive intelligence through improper means.
  • Treat all suppliers, customers, and counterparties honestly and fairly.
  • GCC competition law note: UAE Federal Competition Law (Federal Decree-Law No. 36 of 2023); KSA Competition Law (Royal Decree No. M/75, 2019).

9. Compliance with laws and regulations

  • Comply with all applicable laws in every jurisdiction in which the company operates.
  • Employees in regulated sectors (financial services, healthcare, telecoms) must comply with sector-specific regulatory requirements.
  • Report actual or suspected violations of law to the compliance function.

10. Reporting violations and whistleblower protections

  • Obligation to report known or suspected violations via the company's speak-up channel.
  • Multiple reporting channels: compliance function, legal, anonymous hotline, escalation to the Audit Committee.
  • Non-retaliation commitment: any retaliation against a good-faith reporter is itself a serious violation.
  • MENA note: Whistleblower protections in MENA are less developed than in the UK or EU; the Code should commit to protection regardless of whether local law requires it. UAE does not have a general whistleblower protection law as of 2026; DIFC has limited employment protections.

11. Consequences for violations

  • Violations may result in disciplinary action up to and including termination and referral to law enforcement.
  • Personal liability: employees are personally liable for their own misconduct; the company does not indemnify employees for criminal conduct.

12. Training, acknowledgment, and certification

  • Annual training on the Code.
  • Annual written certification by all employees.
  • Third-party certifications (agents, major suppliers) as required by the risk-based anti-bribery program.

Drafting standards

  • Written in plain language; avoid dense legal text in the body (put detailed legal analysis in a separate policy or FAQ annex).
  • Use real examples in the gray-area sections (gifts, conflicts) — "a dinner worth AED 500 paid for by a supplier" is more useful than abstract rules.
  • Arabic translation required for entities incorporated and operating in UAE onshore, KSA, LB, and EG. The Arabic version should be the operative version in those jurisdictions.
  • The Code should be reviewed by local counsel in each jurisdiction of operation before final publication.

Common mistakes

  • A Code that is aspirational but unenforceable — no thresholds, no process, no consequences.
  • Failing to address the UK Bribery Act "failure to prevent" offence for internationally-active MENA companies.
  • No whistleblower protection commitment — this undermines the reporting obligation.
  • Using a US-centric template that references US laws inapplicable to MENA operations without adaptation.
  • No process for updating the Code after a regulatory change or compliance incident.
  • [[prompt-pack-corporate-governance-policy]]
  • [[prompt-pack-delegation-of-authority-matrix]]
  • [[prompt-pack-director-indemnification-agreement]]
  • [[prompt-pack-whistleblowing-policy]]
  • [[prompt-pack-anti-bribery-policy]]