Code of Conduct - California

CODE OF CONDUCT -- CALIFORNIA

Company Name: [________________________________]
Policy Number: [____]-COC-CA
Effective Date: [__/__/____]
Last Revised: [__/__/____]
Policy Owner: [________________________________] (Chief Compliance Officer / General Counsel)
Approved By: [________________________________] (Board of Directors / Chief Executive Officer)

TABLE OF CONTENTS

1. Message from Leadership
2. Purpose and Applicability
3. Foundational Legal Framework
4. Core Standards of Ethical Conduct
5. Compliance with Laws and Regulations
6. Conflicts of Interest and Outside Activities
7. Gifts, Entertainment, and Anti-Corruption
8. Books, Records, and Financial Integrity
9. Confidential Information and Intellectual Property
10. Data Privacy and Information Security
11. Workplace Conduct and Equal Employment Opportunity
12. Health, Safety, and Environment
13. Company Assets and Resources
14. Fair Competition and Antitrust
15. Government Relations and Political Activities
16. Third-Party and Vendor Conduct
17. California-Specific Legal Requirements
18. Reporting Concerns and Non-Retaliation
19. Investigations and Disciplinary Action
20. Training and Acknowledgment
21. Governance, Waivers, and Amendments
22. Employee Acknowledgment Form
23. Sources and References

1. MESSAGE FROM LEADERSHIP

To All Employees, Officers, Directors, and Business Partners:

Integrity is the cornerstone of our Company. This Code of Conduct ("Code") sets forth the ethical standards and legal obligations that govern our business activities, with particular attention to California's extensive regulatory environment.

California imposes some of the most comprehensive employee protections, consumer privacy rights, and business regulation in the nation. Every person who represents our Company must understand and comply with these requirements.

We encourage you to read this Code, complete required training, and report concerns through the channels in Section 18. We will not tolerate retaliation against anyone who raises a concern in good faith.

[________________________________]
Chief Executive Officer
[__/__/____]

2. PURPOSE AND APPLICABILITY

2.1 Purpose

This Code establishes minimum ethical and legal standards for all persons acting on behalf of the Company. It satisfies USSG 8B2.1 requirements for an effective compliance and ethics program and addresses California's specific regulatory requirements.

2.2 Applicability

☐ All employees (full-time, part-time, temporary)
☐ Officers and directors
☐ Contractors, consultants, and agents
☐ Controlled subsidiaries and affiliates
☐ Joint venture partners under Company management control

3. FOUNDATIONAL LEGAL FRAMEWORK

3.1 Federal Requirements

• USSG 8B2.1: Seven elements of effective compliance: standards, oversight, due diligence, training, monitoring, enforcement, and risk assessment.
• DOJ Evaluation of Corporate Compliance Programs (September 2024): Updated guidance including AI governance.
• SOX: Internal controls, audit committee independence, whistleblower protections.

3.2 California State Requirements

• CCPA/CPRA (Cal. Civ. Code 1798.100 et seq.): Consumer privacy rights (access, deletion, correction, opt-out, limit sensitive PI use). CPPA enforcement. Penalties up to $7,500 per intentional violation.
• FEHA (Cal. Gov. Code 12940 et seq.): Prohibits discrimination, harassment, and retaliation based on numerous protected categories. Administered by the California Civil Rights Department (CRD).
• Cal. Gov. Code 12950.1: Mandatory sexual harassment prevention training -- two hours for supervisors, one hour for nonsupervisors -- within six months of hire and every two years.
• Cal. Bus. & Prof. Code 17200 (UCL): Unfair, unlawful, or fraudulent business acts. Broad standing; restitution and injunctive relief.
• Cal. Lab. Code 1102.5: Broad whistleblower protections for employees reporting suspected violations of state or federal law.
• Cal. Civ. Code 1798.82: Data breach notification to affected individuals and, if 500+ California residents affected, to the CA Attorney General.
• Cal. Penal Code 67-68, 85-86: Criminal bribery statutes.

4. CORE STANDARDS OF ETHICAL CONDUCT

☐ Act lawfully, honestly, and in the Company's best interest
☐ Exercise sound judgment; avoid conduct harming the Company's reputation
☐ Treat all persons fairly and with respect
☐ Never engage in fraud, bribery, kickbacks, or corruption
☐ Maintain accurate books, records, and financial reports
☐ Protect confidential and proprietary information
☐ Report suspected violations promptly
☐ Cooperate with investigations
☐ Complete required compliance training

5. COMPLIANCE WITH LAWS AND REGULATIONS

☐ Understand and comply with all applicable laws
☐ Seek guidance from Compliance or Legal when uncertain
☐ Never knowingly violate any law or Company policy
☐ Promptly report known or suspected violations

6. CONFLICTS OF INTEREST AND OUTSIDE ACTIVITIES

☐ Disclose all actual or potential conflicts in writing to supervisor and Compliance Officer
☐ Common conflicts: outside employment, financial interests in business partners, family relationships affecting business decisions, diversion of corporate opportunities
☐ Undisclosed conflicts may result in disciplinary action

7. GIFTS, ENTERTAINMENT, AND ANTI-CORRUPTION

7.1 General Standards

☐ Gifts must be modest, infrequent, and tied to legitimate business purpose
☐ Cash and cash equivalents always prohibited
☐ Gifts above $50 must be logged
☐ Pre-approval from CCO for any gift to a government official

7.2 California Public Officials

☐ FPPC gift limit for 2025-2026: $630 per source per calendar year (Cal. Gov. Code 89503)
☐ Company policy: maximum $250 per California public official per year
☐ Cal. Penal Code 67-68: Criminal bribery prohibitions
☐ Pre-approval required for all gifts to California public officials

7.3 FCPA and Anti-Kickback

☐ Comply with FCPA (15 U.S.C. 78dd-1 et seq.)
☐ Comply with Anti-Kickback Statute (42 U.S.C. 1320a-7b) for healthcare operations

8. BOOKS, RECORDS, AND FINANCIAL INTEGRITY

☐ Record all transactions accurately, completely, and timely
☐ No undisclosed funds, accounts, or assets
☐ Never falsify any record
☐ Cooperate with internal and external auditors
☐ Comply with SOX requirements (public companies)

9. CONFIDENTIAL INFORMATION AND INTELLECTUAL PROPERTY

☐ Protect all confidential and proprietary information
☐ No unauthorized disclosure
☐ Respect third-party IP rights
☐ Return all materials upon termination
☐ California Uniform Trade Secrets Act (Cal. Civ. Code 3426 et seq.) provides remedies for misappropriation
☐ Note: California law severely restricts non-compete agreements (Cal. Bus. & Prof. Code 16600); consult Legal before implementing any restrictive covenant

10. DATA PRIVACY AND INFORMATION SECURITY

10.1 General Requirements

☐ Collect, use, and disclose personal data only as authorized
☐ Maintain appropriate safeguards
☐ Limit access on a need-to-know basis
☐ Report suspected breaches immediately

10.2 California-Specific Requirements

CCPA/CPRA (Cal. Civ. Code 1798.100 et seq.):

• Consumer rights: know, access, delete, correct, opt-out of sale/sharing, limit use of sensitive PI
• Notice at collection required (Cal. Civ. Code 1798.100(a))
• 45-day response period for consumer requests
• Service provider and contractor contract requirements (Cal. Civ. Code 1798.100(d))
• Data minimization: collect only PI reasonably necessary for disclosed purposes
• Risk assessments for high-risk processing (as required by CPPA rulemaking)
• CPPA enforcement; civil penalties up to $2,500 per violation, $7,500 per intentional violation or violation involving a minor
• Private right of action (Cal. Civ. Code 1798.150) for data breaches resulting from failure to maintain reasonable security

Data Breach Notification (Cal. Civ. Code 1798.82):

• Notify affected California residents in the most expedient time possible
• Notify CA Attorney General if 500+ California residents affected
• Notice must include: description of incident, types of information affected, steps taken, contact information, and information about identity theft prevention

11. WORKPLACE CONDUCT AND EQUAL EMPLOYMENT OPPORTUNITY

11.1 Equal Employment Opportunity

The Company is an equal opportunity employer. Discrimination, harassment, and retaliation are prohibited.

Protected characteristics under FEHA (Cal. Gov. Code 12940): race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth, breastfeeding), gender, gender identity, gender expression, age (40+), sexual orientation, military and veteran status, and any other legally protected characteristic.

11.2 Harassment Prevention

☐ Zero tolerance for all forms of harassment including sexual harassment
☐ All employees must treat colleagues with dignity and respect
☐ Report harassment immediately through designated channels

11.3 California-Specific Employment Requirements

• Mandatory Training (Cal. Gov. Code 12950.1): Employers with 5+ employees must provide sexual harassment prevention training: two hours for supervisors, one hour for nonsupervisory employees, within six months of hire/assumption of supervisory role and every two years thereafter. Training must be conducted by qualified trainers and include information about practical examples, prevention, and remedies.
• California Civil Rights Department (CRD): Administers FEHA complaints. Right to sue letter issued after investigation.
• Wage and Hour (Cal. Lab. Code): Overtime after 8 hours/day or 40 hours/week (Cal. Lab. Code 510); meal periods (Cal. Lab. Code 512); rest periods (Cal. Lab. Code 226.7); pay transparency (Cal. Lab. Code 432.3, SB 1162).
• Worker Classification (Cal. Lab. Code 2775): ABC test per Dynamex/AB 5; strict standards for independent contractor classification.
• At-Will Employment: California is an at-will state, subject to numerous statutory and common-law exceptions.
• WARN Act (Cal. Lab. Code 1400 et seq.): 60-day notice requirement for mass layoffs, relocations, or plant closures (employers with 75+ employees).
• California Family Rights Act (CFRA) (Cal. Gov. Code 12945.2): Up to 12 weeks unpaid leave for qualifying reasons; employers with 5+ employees.

12. HEALTH, SAFETY, AND ENVIRONMENT

☐ Follow all safety protocols and regulations
☐ Report hazards, injuries, and unsafe conditions promptly
☐ Cal/OSHA (Cal. Lab. Code 6300 et seq.): California operates its own OSHA plan; Cal/OSHA standards may be more stringent than federal OSHA
☐ Injury and Illness Prevention Program (IIPP): Required under Cal. Lab. Code 6401.7; all California employers must establish and maintain a written IIPP
☐ Workers' compensation insurance is mandatory (Cal. Lab. Code 3700)
☐ Comply with CalEPA, CARB, and other environmental regulations as applicable

13. COMPANY ASSETS AND RESOURCES

☐ Use Company assets for authorized business purposes only
☐ Protect property from loss, theft, and unauthorized use
☐ No expectation of privacy in Company systems
☐ Report losses or theft immediately

14. FAIR COMPETITION AND ANTITRUST

☐ Compete vigorously but fairly
☐ No price-fixing, bid-rigging, or market allocation
☐ Comply with Sherman Act, Clayton Act, FTC Act
☐ Cal. Bus. & Prof. Code 17200 (UCL) prohibits unfair, unlawful, and fraudulent business acts
☐ Cartwright Act (Cal. Bus. & Prof. Code 16700 et seq.) -- California antitrust statute

15. GOVERNMENT RELATIONS AND POLITICAL ACTIVITIES

☐ Lobbying must comply with Cal. Gov. Code 86100 et seq. (Lobbying Act)
☐ Personal political activities must not use Company time or resources
☐ Political contributions subject to FPPC limits (Cal. Gov. Code 85301 et seq.)
☐ No Company political contributions without Board approval

16. THIRD-PARTY AND VENDOR CONDUCT

☐ Third parties must adhere to standards consistent with this Code
☐ Due diligence before engagement
☐ CCPA/CPRA contractual requirements for service providers and contractors
☐ Contracts must include compliance and audit provisions

17. CALIFORNIA-SPECIFIC LEGAL REQUIREMENTS

17.1 Unfair Competition Law (Cal. Bus. & Prof. Code 17200)

• Prohibits "any unlawful, unfair or fraudulent business act or practice"
• Broad standing provisions; any person acting for the interests of the general public may bring suit
• Remedies: restitution and injunctive relief
• Company obligation: All business practices must withstand scrutiny under the UCL's three independent prongs

17.2 CCPA/CPRA Compliance

• See Section 10.2 above
• Applies to businesses meeting revenue, data volume, or data sale thresholds
• Company must maintain comprehensive privacy program including data inventory, privacy notices, consumer rights workflows, and vendor contracts

17.3 California Transparency in Supply Chains Act (Cal. Civ. Code 1714.43)

• Retail sellers and manufacturers with $100M+ in annual worldwide gross receipts must disclose efforts to eradicate slavery and human trafficking from supply chains

17.4 Proposition 65 (Cal. Health & Safety Code 25249.5 et seq.)

• Requires warnings for exposure to chemicals known to cause cancer or reproductive toxicity
• Applicable if Company products or operations involve listed chemicals

17.5 California Consumer Legal Remedies Act (Cal. Civ. Code 1750 et seq.)

• Prohibits specific unfair methods of competition and deceptive acts in consumer transactions
• Private right of action; actual damages, injunctive relief, and attorney fees

18. REPORTING CONCERNS AND NON-RETALIATION

18.1 Reporting Channels

☐ Direct supervisor or manager
☐ Human Resources: [________________________________]
☐ Chief Compliance Officer: [________________________________]
☐ General Counsel: [________________________________]
☐ Anonymous Ethics Hotline: [________________________________]
☐ Ethics Email: [________________________________]

18.2 Non-Retaliation

The Company strictly prohibits retaliation against any person who, in good faith, reports a violation or participates in an investigation.

California Labor Code Section 1102.5 provides broad whistleblower protections:

• Prohibits retaliation against employees who disclose information to a government or law enforcement agency, or to a person with authority over the employee, where the employee has reasonable cause to believe the information discloses a violation of state or federal statute, or a violation of or noncompliance with a local, state, or federal rule or regulation
• Prohibits retaliation for refusing to participate in activity that would result in a violation of law
• Creates a rebuttable presumption of retaliation if adverse action occurs within 90 days of protected activity
• Remedies include reinstatement, back pay, and civil penalties

Federal protections: SOX Section 806; Dodd-Frank Section 922.

19. INVESTIGATIONS AND DISCIPLINARY ACTION

19.1 Investigations

☐ Prompt, thorough, and fair
☐ Confidential to the extent practicable
☐ Cooperation required; obstruction is a separate violation

19.2 Disciplinary Action

☐ Verbal or written warning
☐ Mandatory training
☐ Forfeiture of bonus/incentive compensation
☐ Demotion, reassignment, or suspension
☐ Termination
☐ Referral to law enforcement

20. TRAINING AND ACKNOWLEDGMENT

☐ New employees: Code training within 30 days of hire
☐ Annual refresher for all employees
☐ FEHA harassment prevention training: Two hours (supervisors) / one hour (nonsupervisors) within six months of hire, every two years (Cal. Gov. Code 12950.1)
☐ Enhanced training for high-risk roles
☐ Training records maintained five (5) years
☐ Annual written acknowledgment required

21. GOVERNANCE, WAIVERS, AND AMENDMENTS

• Policy Owner: Chief Compliance Officer
• Review: Annually or upon material legal changes
• Waivers for officers/directors: Board approval; SEC/listing disclosure if applicable
• Waivers for others: CCO and General Counsel approval; documented

22. EMPLOYEE ACKNOWLEDGMENT FORM

I acknowledge that I have received, read, and understand this Code of Conduct. I agree to comply with its terms and report any known or suspected violations.

I understand this Code does not create an employment contract and my employment remains at-will unless I have a separate written agreement.

Employee Name: [________________________________]
Signature: [________________________________]
Title / Department: [________________________________]
Date: [__/__/____]

Conflict of Interest Disclosure:
☐ No conflicts to disclose
☐ I wish to disclose: [________________________________]

23. SOURCES AND REFERENCES

• U.S. Sentencing Guidelines 8B2.1 -- https://guidelines.ussc.gov/
• DOJ Evaluation of Corporate Compliance Programs (Sept. 2024) -- https://www.justice.gov/criminal/criminal-fraud/page/file/937501
• CCPA/CPRA (Cal. Civ. Code 1798.100 et seq.) -- https://cppa.ca.gov/
• FEHA (Cal. Gov. Code 12940 et seq.)
• Cal. Gov. Code 12950.1 (Harassment Prevention Training)
• Cal. Lab. Code 1102.5 (Whistleblower Protections)
• Cal. Bus. & Prof. Code 17200 (UCL)
• Cal. Bus. & Prof. Code 16600 (Non-Compete Restrictions)
• Cal. Civ. Code 1798.82 (Breach Notification)
• Cal. Penal Code 67-68 (Bribery)
• FPPC -- https://www.fppc.ca.gov/
• Cal/OSHA (Cal. Lab. Code 6300 et seq.)
• California Civil Rights Department -- https://calcivilrights.ca.gov/

This document is a template provided for informational purposes only and does not constitute legal advice. It must be reviewed and customized by a qualified attorney licensed in California before implementation.