CODE OF CONDUCT

[COMPANY NAME]

TABLE OF CONTENTS

1. Message from Leadership
2. Purpose, Scope, and Applicability
3. Our Core Values and Ethical Principles
4. Compliance with Laws, Rules, and Regulations
5. Honest and Ethical Conduct
6. Conflicts of Interest
7. Gifts, Entertainment, and Hospitality
8. Anti-Corruption and Anti-Bribery
9. International Trade Compliance — Sanctions and Export Controls
10. Antitrust and Fair Competition
11. Data Privacy and Information Security
12. Confidential Information and Intellectual Property
13. Accurate Books, Records, and Financial Reporting
14. Insider Trading and Securities Compliance
15. Workplace Conduct, Equal Opportunity, and Anti-Harassment
16. Health, Safety, and Environmental Responsibility
17. Company Assets and Resources
18. Political Activities, Lobbying, and Charitable Contributions
19. Social Media and External Communications
20. Reporting Concerns — Speak Up Without Fear
21. Non-Retaliation Policy
22. Investigations and Cooperation
23. Discipline and Accountability
24. Training, Certification, and Acknowledgment
25. Governance, Waivers, and Amendments
26. Practice Tips for Practitioners
27. Sources and References

1. MESSAGE FROM LEADERSHIP

Dear Colleagues,

Our Code of Conduct reflects our commitment to conducting business with the highest standards of integrity, transparency, and respect. It applies to every person who represents our company — from the boardroom to the front line.

This Code is not just a set of rules. It is a guide for making the right decisions, even when the right choice is not the easiest one. When in doubt, ask. When you see something wrong, speak up. We are committed to creating a culture where doing the right thing is expected, supported, and rewarded.

Every one of us is personally responsible for upholding these standards. No business objective — no matter how important — justifies compromising our values or violating the law.

Thank you for your commitment to our shared standards.

[________________________________]
[Chief Executive Officer / Board Chair]
[__/__/____]

2. PURPOSE, SCOPE, AND APPLICABILITY

2.1 Purpose

This Code of Conduct establishes the standards of ethical behavior and legal compliance expected of all individuals associated with [COMPANY NAME] (the "Company"). It is designed to:

• Promote honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest
• Promote full, fair, accurate, timely, and understandable disclosure in reports and documents filed with or submitted to the Securities and Exchange Commission and in other public communications
• Promote compliance with applicable governmental laws, rules, and regulations
• Promote the prompt internal reporting of violations of this Code
• Promote accountability for adherence to this Code

Regulatory Note (SOX Section 406): Section 406(c) of the Sarbanes-Oxley Act defines a "code of ethics" as written standards reasonably designed to deter wrongdoing and to promote these five elements. SEC-reporting companies must disclose whether they have adopted such a code, file it as an exhibit to the annual report, and post it on the company's website. If the company has not adopted a code of ethics, it must explain why.

2.2 Scope and Applicability

This Code applies to:

☐ All employees (full-time, part-time, temporary)
☐ All officers and executives
☐ All members of the Board of Directors
☐ All contractors, consultants, and freelancers acting on behalf of the Company
☐ All agents, intermediaries, and representatives
☐ All subsidiaries, affiliates, and joint ventures controlled by the Company

Regulatory Note (NYSE/NASDAQ): NYSE Listed Company Manual Section 303A.10 requires listed companies to adopt and disclose a code of business conduct and ethics applicable to all directors, officers, and employees. NASDAQ Listing Rule 5610 similarly requires a code of conduct applicable to all directors, officers, and employees that is publicly available. Both standards are broader than SOX Section 406, which focuses on senior financial officers.

2.3 Relationship to Other Policies

This Code is the Company's foundational ethics document. It is supplemented by more detailed policies on specific topics, including but not limited to:

• Anti-Corruption Policy
• Sanctions and Export Controls Policy
• Data Privacy and Information Security Policy
• Insider Trading Policy
• Conflicts of Interest Policy
• Gifts and Entertainment Policy
• Social Media Policy
• Record Retention Policy
• Whistleblower / Speak-Up Policy

Where a specific policy provides greater detail or more restrictive requirements than this Code, the specific policy controls.

3. OUR CORE VALUES AND ETHICAL PRINCIPLES

The Company's business practices are guided by the following core values:

☐ Integrity — We are honest and transparent in all dealings. We do what we say we will do.
☐ Accountability — We take responsibility for our actions and their consequences.
☐ Respect — We treat every person with dignity, fairness, and professionalism.
☐ Compliance — We follow the law and our internal policies, without exception.
☐ Excellence — We pursue the highest standards in our work and in how we conduct ourselves.
☐ [Additional Company-Specific Value] — [________________________________]

4. COMPLIANCE WITH LAWS, RULES, AND REGULATIONS

All Company Personnel must comply with all applicable laws, rules, and regulations in every jurisdiction where the Company operates. Ignorance of the law is not a defense.

Key compliance obligations include, but are not limited to:

• Federal and state securities laws
• Anti-corruption and anti-bribery laws (FCPA, UK Bribery Act, local equivalents)
• International trade and sanctions laws (OFAC, EAR, ITAR)
• Antitrust and competition laws
• Data privacy and cybersecurity laws
• Employment and labor laws
• Environmental, health, and safety laws
• Tax laws
• Anti-money laundering (AML) and Bank Secrecy Act (BSA) requirements

When laws of different jurisdictions conflict, consult the Legal Department before taking action.

5. HONEST AND ETHICAL CONDUCT

5.1 General Standard

All Company Personnel are expected to act honestly, ethically, and in the best interest of the Company. This includes:

• Making decisions based on merit, not personal benefit
• Avoiding deception, manipulation, or concealment
• Dealing fairly with customers, suppliers, competitors, regulators, and colleagues
• Honoring commitments and contractual obligations

5.2 Fraud and Misrepresentation

Fraud, embezzlement, theft, and misrepresentation in any form are strictly prohibited. This includes:

☐ Falsification of records, reports, or financial statements
☐ Unauthorized use or diversion of Company funds or assets
☐ Submission of false expense reports or invoices
☐ Misrepresentation to regulators, auditors, or counterparties
☐ Creation of undisclosed or unrecorded funds or assets for any purpose

6. CONFLICTS OF INTEREST

6.1 Definition

A conflict of interest exists when a person's private interests interfere — or appear to interfere — with the interests of the Company. All actual, potential, and apparent conflicts of interest must be disclosed.

6.2 Common Conflicts

The following situations may create conflicts of interest and require disclosure and approval:

☐ Outside employment, board memberships, or advisory roles (including with competitors, suppliers, or customers)
☐ Financial interests in a competitor, supplier, customer, or business partner
☐ Business transactions with family members or close personal relationships
☐ Corporate opportunities — using Company property, information, or position for personal gain
☐ Relationships between supervisors and subordinates that could affect professional judgment
☐ Receiving compensation, loans, or personal benefits from third parties in connection with Company business

6.3 Disclosure and Approval Process

Regulatory Note (SOX 406): For public companies, the code of ethics must specifically address the ethical handling of actual or apparent conflicts of interest between personal and professional relationships. Waivers of conflict-of-interest provisions for directors or executive officers require Board or Board committee approval and public disclosure.

7. GIFTS, ENTERTAINMENT, AND HOSPITALITY

7.1 General Principles

Business gifts, meals, and entertainment can be appropriate ways to build relationships, provided they are:

☐ Reasonable in value and frequency
☐ Not intended to influence a business decision or secure an improper advantage
☐ Consistent with applicable law and customary business practice
☐ Properly documented and reported

7.2 Thresholds and Approval Requirements

7.3 Prohibited Gifts and Entertainment

The following are prohibited regardless of value:

☐ Cash or cash equivalents (gift cards, vouchers, cryptocurrency)
☐ Gifts or entertainment intended to influence a business decision
☐ Gifts during active procurement, bidding, or contract negotiation periods
☐ Lavish, extravagant, or indecent entertainment
☐ Gifts to government officials without prior Legal/Compliance approval
☐ Any gift that violates the recipient's own policies or applicable law

8. ANTI-CORRUPTION AND ANTI-BRIBERY

8.1 Zero Tolerance

The Company has zero tolerance for bribery and corruption in any form. All Company Personnel must comply with anti-corruption laws, including the U.S. Foreign Corrupt Practices Act (FCPA, 15 U.S.C. 78dd-1 et seq.), the UK Bribery Act 2010, and all applicable local anti-corruption laws.

8.2 Prohibited Conduct

No Company Personnel may, directly or through a third party:

☐ Offer, promise, authorize, or provide anything of value to a government official, political party, or candidate to obtain or retain business or secure an improper advantage
☐ Offer, promise, authorize, or provide anything of value to any person (public or private sector) as a bribe, kickback, or corrupt inducement
☐ Make facilitation payments (unless legally required for personal safety, with contemporaneous documentation and prompt reporting to Compliance and Legal)
☐ Create or maintain undisclosed or unrecorded funds or assets

8.3 Third-Party Due Diligence

All third-party intermediaries, agents, consultants, distributors, and joint venture partners who interact with government officials on the Company's behalf must be:

☐ Subject to risk-based due diligence before engagement
☐ Contractually obligated to comply with anti-corruption laws
☐ Subject to ongoing monitoring
☐ Paid only reasonable and documented fees for legitimate services

8.4 Government Official Interactions

All interactions with government officials require:

☐ Pre-approval from [Legal / Compliance]
☐ Documentation and logging of the interaction
☐ Compliance with applicable gift and entertainment restrictions for public officials

Practice Tip (FCPA): The FCPA's definition of "foreign official" is broad and includes employees of state-owned or state-controlled enterprises, international organizations (e.g., UN, World Bank), and political parties. In many countries, hospitals, universities, and utilities are government-owned. When in doubt, treat the counterparty as a government official.

9. INTERNATIONAL TRADE COMPLIANCE — SANCTIONS AND EXPORT CONTROLS

9.1 Sanctions

The Company complies with all applicable economic sanctions programs, including those administered by the U.S. Office of Foreign Assets Control (OFAC), the European Union, the United Kingdom, and the United Nations. Company Personnel must:

☐ Screen all counterparties, customers, vendors, and partners against applicable sanctions lists (including the OFAC SDN List, Sectoral Sanctions, and Consolidated Lists)
☐ Not engage in any transaction involving sanctioned countries, regions, entities, or individuals unless authorized by applicable license
☐ Report any potential sanctions matches to Compliance immediately

9.2 Export Controls

The Company complies with applicable export control regulations, including the U.S. Export Administration Regulations (EAR, 15 CFR 730-774) and the International Traffic in Arms Regulations (ITAR, 22 CFR 120-130). Company Personnel must:

☐ Classify products, technology, and software under applicable export control schedules
☐ Obtain required export licenses before transferring controlled items
☐ Conduct end-user and end-use screening
☐ Not provide controlled items or technology to prohibited end-users or for prohibited end-uses

10. ANTITRUST AND FAIR COMPETITION

The Company competes fairly and in compliance with all applicable antitrust and competition laws.

10.1 Prohibited Conduct

Company Personnel must never:

☐ Agree with competitors on prices, bids, output levels, market allocation, or customer allocation
☐ Engage in bid rigging or market division
☐ Exchange competitively sensitive information with competitors (pricing, costs, capacity, strategy)
☐ Abuse a dominant market position (where applicable)
☐ Engage in tying, exclusive dealing, or other anticompetitive arrangements without legal review

10.2 Trade Association and Industry Group Participation

☐ Participation in trade associations must be pre-approved by Legal
☐ No competitively sensitive information may be exchanged during trade association meetings
☐ Meeting agendas and minutes should be reviewed for antitrust risk

11. DATA PRIVACY AND INFORMATION SECURITY

11.1 Privacy Obligations

The Company is committed to protecting the privacy of personal data in compliance with all applicable laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other state, federal, and international privacy laws.

All Company Personnel must:

☐ Collect, use, and disclose personal data only for specified, legitimate purposes and in accordance with applicable privacy notices and consents
☐ Limit data collection to what is necessary (data minimization)
☐ Respect data subject rights (access, deletion, correction, opt-out) where applicable
☐ Report data incidents or suspected breaches to [IT Security / Privacy Office] immediately

11.2 Information Security

☐ Follow all information security policies, including acceptable use, access controls, and password requirements
☐ Use encryption for sensitive data in transit and at rest
☐ Do not use unauthorized devices, software, or cloud services for Company data
☐ Complete required security awareness training
☐ Report suspected phishing, malware, or other security threats immediately

12. CONFIDENTIAL INFORMATION AND INTELLECTUAL PROPERTY

12.1 Confidential Information

Company Personnel must protect confidential and proprietary information, including:

☐ Trade secrets, business plans, strategies, and financial information
☐ Customer and supplier lists, pricing, and contract terms
☐ Product development, research, and technical data
☐ Personnel records and compensation information
☐ Merger, acquisition, and investment activity
☐ Legal matters, investigations, and privileged communications

Confidential information must not be disclosed to any person outside the Company (or to unauthorized persons inside the Company) without proper authorization and, where applicable, a nondisclosure agreement.

12.2 Obligations Upon Departure

Upon separation from the Company, all Company Personnel must:

☐ Return all Company property, devices, documents, and information
☐ Continue to honor confidentiality obligations
☐ Comply with any post-employment restrictive covenants (subject to applicable law)

13. ACCURATE BOOKS, RECORDS, AND FINANCIAL REPORTING

13.1 Accurate Recordkeeping

The Company is committed to maintaining books and records that accurately and fairly reflect all transactions and dispositions of assets, in compliance with applicable accounting standards and the FCPA's accounting provisions (15 U.S.C. 78m).

All Company Personnel must:

☐ Record transactions accurately, completely, and in accordance with Company accounting policies
☐ Not create or participate in creating any false, misleading, or artificial entries
☐ Not maintain any undisclosed or unrecorded fund or asset
☐ Retain records in accordance with the Company's record retention policy and all applicable legal holds

13.2 Financial Reporting (Public Companies)

Officers responsible for financial reporting must ensure that all reports filed with the SEC and all public communications are full, fair, accurate, timely, and understandable, in compliance with SOX Sections 302 and 906.

Regulatory Note (SOX 302): The CEO and CFO must personally certify each periodic report filed with the SEC, attesting to the accuracy of financial statements, the effectiveness of internal controls, and the disclosure of all significant deficiencies and fraud involving management.

13.3 Cooperation with Auditors

All Company Personnel must cooperate fully with internal and external auditors. It is a violation of this Code and potentially a criminal offense to:

☐ Mislead, manipulate, or attempt to influence an auditor
☐ Destroy, alter, or conceal documents or records relevant to an audit or investigation
☐ Retaliate against any person who provides information to auditors

14. INSIDER TRADING AND SECURITIES COMPLIANCE

Company Personnel who possess material, nonpublic information about the Company (or about other companies obtained through their work) must not:

☐ Buy or sell securities (or derivatives) based on material, nonpublic information
☐ Disclose material, nonpublic information to others who may trade on it ("tipping")
☐ Recommend or suggest that others buy or sell securities based on material, nonpublic information

Material information is information that a reasonable investor would consider important in making an investment decision. All Company Personnel must comply with the Company's Insider Trading Policy, including any applicable trading windows and pre-clearance requirements.

15. WORKPLACE CONDUCT, EQUAL OPPORTUNITY, AND ANTI-HARASSMENT

15.1 Equal Employment Opportunity

The Company is committed to equal employment opportunity and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, genetic information, or any other characteristic protected by applicable law.

15.2 Anti-Harassment and Anti-Discrimination

The Company maintains zero tolerance for harassment, bullying, intimidation, and discrimination of any kind, including:

☐ Sexual harassment (verbal, physical, visual, or electronic)
☐ Racial, ethnic, or religious harassment
☐ Harassment based on disability, age, or other protected characteristic
☐ Bullying, threats, or intimidation

All complaints of harassment or discrimination will be investigated promptly and thoroughly.

15.3 Respectful Workplace

All Company Personnel are expected to:

☐ Treat colleagues, customers, and business partners with professionalism and respect
☐ Foster an inclusive environment where diverse perspectives are valued
☐ Report harassment, discrimination, or other misconduct through available reporting channels

16. HEALTH, SAFETY, AND ENVIRONMENTAL RESPONSIBILITY

16.1 Workplace Health and Safety

The Company is committed to providing a safe and healthy work environment. All Company Personnel must:

☐ Follow all safety protocols, procedures, and training requirements
☐ Report workplace injuries, illnesses, and hazards promptly
☐ Not work under the influence of alcohol or illegal substances
☐ Comply with all applicable OSHA and workplace safety regulations

16.2 Environmental Compliance

The Company complies with all applicable environmental laws and regulations. Company Personnel must:

☐ Follow procedures for handling, storing, and disposing of hazardous materials
☐ Report environmental incidents, spills, or releases immediately
☐ Support the Company's sustainability and environmental stewardship commitments

17. COMPANY ASSETS AND RESOURCES

17.1 Proper Use of Assets

Company assets — including physical property, electronic systems, intellectual property, and financial resources — must be used for legitimate business purposes.

☐ Do not use Company assets for unauthorized personal benefit
☐ Protect Company assets from loss, theft, damage, or misuse
☐ Use electronic systems (email, internet, messaging) in accordance with the Company's Acceptable Use Policy
☐ The Company reserves the right to monitor use of its electronic systems to the extent permitted by law

17.2 Record Retention

☐ Retain records in accordance with the Company's Record Retention Schedule
☐ Do not destroy, alter, or conceal any document or record subject to a legal hold, regulatory investigation, or pending litigation
☐ Contact Legal immediately if you receive a legal hold notice or become aware of threatened or pending litigation

18. POLITICAL ACTIVITIES, LOBBYING, AND CHARITABLE CONTRIBUTIONS

18.1 Political Activities

☐ Company Personnel are free to participate in the political process on their own time and at their own expense
☐ Company resources (funds, time, property, email, brand) must not be used for personal political activities without approval
☐ All political contributions made on behalf of the Company require pre-approval from [Legal / Compliance]
☐ Lobbying activities must comply with applicable registration and disclosure requirements

18.2 Charitable Contributions and Sponsorships

☐ Charitable contributions and sponsorships made on behalf of the Company must be pre-approved in accordance with Company policy
☐ Contributions must not be used as a conduit for corrupt payments or to circumvent anti-bribery laws
☐ Contributions to organizations affiliated with government officials require enhanced review

19. SOCIAL MEDIA AND EXTERNAL COMMUNICATIONS

19.1 Social Media

☐ Company Personnel must use good judgment when using social media, whether personal or professional
☐ Do not disclose confidential, proprietary, or material nonpublic information on social media
☐ Clearly distinguish personal views from Company positions
☐ Follow the Company's Social Media Policy

19.2 External Communications

☐ Only authorized spokespersons may speak on behalf of the Company to media, analysts, investors, or regulators
☐ All press releases, public statements, and regulatory filings must be approved through designated channels

20. REPORTING CONCERNS — SPEAK UP WITHOUT FEAR

20.1 Reporting Channels

The Company encourages all Company Personnel to report any suspected violation of this Code, Company policy, or applicable law through the following channels:

☐ Direct supervisor or manager
☐ Human Resources Department
☐ Legal Department / General Counsel
☐ Chief Compliance Officer
☐ Ethics Hotline: [________________________________]
☐ Ethics Email: [________________________________]
☐ Ethics Web Portal: [________________________________]
☐ Anonymous reporting is available where permitted by applicable law

20.2 Obligation to Report

All Company Personnel have an obligation to report actual or suspected violations of this Code. Failure to report known violations may itself be a violation of this Code and subject to disciplinary action.

20.3 Confidentiality

Reports of suspected violations will be treated confidentially to the extent possible, consistent with the need to conduct a thorough investigation and comply with legal obligations.

Regulatory Note (SOX Section 301): Section 301 of the Sarbanes-Oxley Act requires the audit committee of public companies to establish procedures for (i) the receipt, retention, and treatment of complaints regarding accounting, internal accounting controls, or auditing matters, and (ii) the confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters. These requirements are typically satisfied through an ethics hotline or web-based reporting portal.

21. NON-RETALIATION POLICY

21.1 Prohibition on Retaliation

The Company strictly prohibits retaliation against any person who, in good faith:

☐ Reports a suspected violation of this Code, Company policy, or applicable law
☐ Participates in or cooperates with an investigation
☐ Refuses to participate in conduct that violates this Code or applicable law
☐ Exercises rights under applicable whistleblower protection laws

Retaliation includes termination, demotion, suspension, harassment, intimidation, threats, reduction in compensation, unfavorable reassignment, or any other adverse employment action taken because of a good-faith report or cooperation.

21.2 Statutory Whistleblower Protections

Company Personnel are protected by the following statutory whistleblower protections, among others:

Sarbanes-Oxley Act, Section 806 (18 U.S.C. 1514A): Protects employees of publicly traded companies (and their subsidiaries, contractors, and subcontractors) who report conduct they reasonably believe constitutes mail fraud, wire fraud, bank fraud, securities fraud, or a violation of any SEC rule or regulation. Protected employees include present and former workers, supervisors, managers, officers, and independent contractors.

Dodd-Frank Act, Section 922 (15 U.S.C. 78u-6): Prohibits employers from retaliating against whistleblowers who report securities violations to the SEC. Whistleblowers who voluntarily provide original information leading to a successful SEC enforcement action resulting in monetary sanctions exceeding $1 million are eligible for an award of 10% to 30% of the sanctions collected.

Dodd-Frank Anti-Retaliation (15 U.S.C. 78u-6(h)): Employers may not discharge, demote, suspend, threaten, harass, or discriminate against a whistleblower in the terms and conditions of employment.

Practice Tip (Anti-Retaliation): The DOJ's September 2024 update to the Evaluation of Corporate Compliance Programs specifically instructs prosecutors to review companies' anti-retaliation policies, training, and treatment of employees who report misconduct. An effective non-retaliation program is a hallmark of a well-designed compliance program.

21.3 Consequences of Retaliation

Any person found to have engaged in retaliation will be subject to disciplinary action, up to and including termination. Retaliation may also expose the Company and the individual to civil and criminal liability.

22. INVESTIGATIONS AND COOPERATION

22.1 Investigation Process

Reported concerns will be investigated fairly, promptly, and as confidentially as possible. Investigations will be conducted by qualified personnel, which may include the Legal Department, Compliance, Human Resources, Internal Audit, or outside counsel.

22.2 Cooperation Obligation

All Company Personnel must cooperate fully with investigations, including:

☐ Responding truthfully to questions
☐ Providing requested documents and information
☐ Not destroying, altering, or concealing evidence
☐ Not attempting to influence, intimidate, or retaliate against witnesses
☐ Maintaining confidentiality about the investigation as directed

Obstruction of an investigation or misrepresentation during an investigation is a serious violation of this Code and may result in termination and potential legal consequences.

23. DISCIPLINE AND ACCOUNTABILITY

23.1 Disciplinary Actions

Violations of this Code, Company policies, or applicable law may result in disciplinary action, up to and including:

☐ Verbal or written warning
☐ Mandatory retraining
☐ Suspension (with or without pay)
☐ Reduction in compensation or bonus forfeiture
☐ Demotion
☐ Termination of employment or engagement
☐ Referral to law enforcement where appropriate

Disciplinary decisions will be made consistently and proportionally, considering the nature and severity of the violation, the individual's position, and any mitigating or aggravating factors.

23.2 Manager and Supervisor Accountability

Managers and supervisors are held to a higher standard. In addition to their own compliance, they are responsible for:

☐ Modeling ethical behavior
☐ Creating an environment where employees feel safe reporting concerns
☐ Ensuring their teams understand and comply with this Code
☐ Escalating reports of misconduct to appropriate channels
☐ Not ignoring, dismissing, or discouraging complaints

Practice Tip (DOJ Guidance): The DOJ evaluates whether a company's compliance program includes incentives for compliance and ethical behavior (not just penalties for violations). Consider incorporating compliance-related objectives into performance evaluations and compensation decisions for managers.

24. TRAINING, CERTIFICATION, AND ACKNOWLEDGMENT

24.1 Training Requirements

24.2 Annual Acknowledgment

All Company Personnel are required to certify annually that they have:

☐ Read and understood this Code of Conduct
☐ Completed all required training
☐ Disclosed any actual or potential conflicts of interest
☐ Reported any known or suspected violations
☐ Committed to complying with this Code

Annual Acknowledgment Form:

I, [________________________________], acknowledge that I have received, read, and understood the [COMPANY NAME] Code of Conduct. I agree to comply with its provisions. I have disclosed all conflicts of interest known to me. I understand that violations may result in disciplinary action, up to and including termination.

Name: [________________________________]
Title / Position: [________________________________]
Department: [________________________________]
Signature: [________________________________]
Date: [__/__/____]

25. GOVERNANCE, WAIVERS, AND AMENDMENTS

25.1 Code Ownership

This Code is owned by [________________________________] and administered by the [Legal Department / Compliance Department]. The Board of Directors (or its designated committee) has approved this Code.

25.2 Waivers

For Directors and Executive Officers:
Any waiver of this Code for a director or executive officer requires approval by the Board of Directors or a designated Board committee (typically the Audit Committee or Governance Committee).

Public Disclosure of Waivers (Public Companies):

Regulatory Note (NASDAQ 2024 Amendment): NASDAQ amended its waiver rules to require that (i) all waivers be approved by the board or a board committee; (ii) domestic filers disclose waivers via Form 8-K or press release within four business days; and (iii) the code contain an enforcement mechanism ensuring prompt and consistent enforcement, protection for reporters, clear compliance standards, and a fair process for determining violations.

For All Other Personnel:
Waivers for non-executive personnel require approval by [General Counsel / Chief Compliance Officer] and must be documented.

25.3 Amendments

Material amendments to this Code require Board approval. The Code will be reviewed at least annually, or more frequently upon:

☐ Material change in applicable law or regulation
☐ Significant enforcement action or regulatory development
☐ Organizational restructuring, M&A, or geographic expansion
☐ Recommendation from Compliance, Internal Audit, or outside counsel

26. PRACTICE TIPS FOR PRACTITIONERS

For Attorneys Advising Companies on Code of Conduct Development:

1. Check all applicable listing standards. SOX Section 406 requires a code of ethics for senior financial officers, but NYSE 303A.10 and NASDAQ 5610 require a broader code of conduct applicable to all directors, officers, and employees. Ensure the company's code satisfies all applicable requirements.

2. Enforce the code consistently. The DOJ's Evaluation of Corporate Compliance Programs (September 2024) evaluates whether discipline is applied consistently across the organization, including against senior executives. Selective enforcement undermines the program's credibility.

3. Build a speak-up culture, not just a hotline. The DOJ specifically looks at whether companies foster a culture where employees are comfortable reporting concerns without fear of retaliation. Training, leadership communications, and visible consequences for retaliation are more important than the existence of a phone number.

4. Integrate compliance incentives. The Federal Sentencing Guidelines (USSG 8B2.1) and DOJ guidance both look for positive incentives — not just punishments. Incorporate compliance metrics into performance reviews and compensation decisions.

5. Address AI and emerging technology. The DOJ's September 2024 update added questions about AI risk management. If the company uses AI in operations, hiring, compliance, or customer-facing processes, the code should address responsible AI use.

6. Avoid boilerplate. A code of conduct that reads like every other company's code is less useful than one tailored to the company's specific risks, industry, and culture. Customize examples, thresholds, and risk areas.

7. Track acknowledgments. Maintain records of code training completion and annual acknowledgments. This is basic evidence the DOJ and regulators expect to see.

8. Plan for waivers and amendments. Establish a clear process for Board-approved waivers for directors and executives, and ensure SEC and exchange disclosure requirements are met.

27. SOURCES AND REFERENCES

• Sarbanes-Oxley Act Section 406: 15 U.S.C. 7264
• Sarbanes-Oxley Act Section 301: 15 U.S.C. 7241
• Sarbanes-Oxley Act Section 806: 18 U.S.C. 1514A
• Dodd-Frank Section 922: 15 U.S.C. 78u-6
• NYSE Listed Company Manual 303A.10: NYSE Listing Standards
• NASDAQ Listing Rule 5610: NASDAQ Rules
• DOJ Evaluation of Corporate Compliance Programs (Sept. 2024): DOJ.gov
• Federal Sentencing Guidelines, USSG 8B2.1: USSC.gov
• FCPA: 15 U.S.C. 78dd-1
• SEC Whistleblower Protections: SEC.gov

This Code of Conduct template is designed for use by attorneys advising companies on corporate governance and compliance program development. It should be customized to reflect the company's specific industry, size, regulatory environment, and risk profile. Public companies should ensure the adopted code satisfies all applicable SEC, NYSE, and/or NASDAQ requirements.