Code of Conduct - New York

CODE OF CONDUCT -- NEW YORK

Company Name: [________________________________]
Policy Number: [____]-COC-NY
Effective Date: [__/__/____]
Last Revised: [__/__/____]
Policy Owner: [________________________________] (Chief Compliance Officer / General Counsel)
Approved By: [________________________________] (Board of Directors / Chief Executive Officer)

TABLE OF CONTENTS

1. Message from Leadership
2. Purpose and Applicability
3. Foundational Legal Framework
4. Core Standards of Ethical Conduct
5. Compliance with Laws and Regulations
6. Conflicts of Interest and Outside Activities
7. Gifts, Entertainment, and Anti-Corruption
8. Books, Records, and Financial Integrity
9. Confidential Information and Intellectual Property
10. Data Privacy and Information Security
11. Workplace Conduct and Equal Employment Opportunity
12. Health, Safety, and Environment
13. Company Assets and Resources
14. Fair Competition and Antitrust
15. Government Relations and Political Activities
16. Third-Party and Vendor Conduct
17. New York-Specific Legal Requirements
18. Reporting Concerns and Non-Retaliation
19. Investigations and Disciplinary Action
20. Training and Acknowledgment
21. Governance, Waivers, and Amendments
22. Employee Acknowledgment Form
23. Sources and References

1. MESSAGE FROM LEADERSHIP

To All Employees, Officers, Directors, and Business Partners:

Our Company operates with unwavering commitment to ethical conduct and legal compliance. This Code of Conduct ("Code") reflects the standards we expect of every person who represents our Company, with particular attention to the laws of New York State and, where applicable, New York City.

New York maintains one of the most active regulatory and enforcement environments in the nation. Understanding and complying with New York's laws is essential to our success and reputation.

We encourage you to read this Code, complete required training, and report any concerns through the channels in Section 18. Retaliation against good-faith reporters will not be tolerated.

[________________________________]
Chief Executive Officer
[__/__/____]

2. PURPOSE AND APPLICABILITY

2.1 Purpose

This Code establishes minimum ethical and legal standards, satisfies USSG 8B2.1, and addresses New York's specific regulatory requirements.

2.2 Applicability

☐ All employees (full-time, part-time, temporary)
☐ Officers and directors
☐ Contractors, consultants, and agents
☐ Controlled subsidiaries and affiliates

3. FOUNDATIONAL LEGAL FRAMEWORK

3.1 Federal Requirements

• USSG 8B2.1: Seven elements of effective compliance.
• DOJ Evaluation of Corporate Compliance Programs (September 2024): Design, resourcing, and effectiveness.
• SOX: Internal controls, audit committee, whistleblower protections.

3.2 New York State Requirements

• N.Y. Gen. Bus. Law 349: Prohibits deceptive acts or practices in business. Private right of action; $50 minimum statutory damages; treble damages up to $1,000.
• NY SHIELD Act (N.Y. Gen. Bus. Law 899-aa, 899-bb): Reasonable administrative, technical, and physical safeguards for private information of NY residents. Breach notification required. Civil penalties up to $5,000 per violation (no cap). See Section 10.2.
• 23 NYCRR Part 500 (DFS Cybersecurity): Applies to DFS-regulated entities. Written cybersecurity policy, CISO, risk assessment, penetration testing, MFA, encryption, incident response, third-party security, annual Board certification. Amended 2023 with phased requirements through 2025.
• N.Y. Exec. Law 296 (Human Rights Law): Prohibits discrimination based on age, race, creed, color, national origin, sexual orientation, gender identity/expression, military status, sex, disability, predisposing genetic characteristics, familial status, marital status, domestic violence victim status. No damages cap. DHR enforcement.
• N.Y. Lab. Law 201-g: Annual sexual harassment prevention training; compliant policy required.
• N.Y. Lab. Law 740: Whistleblower protection for reporting law violations creating substantial danger to public health/safety or constituting healthcare fraud. Expanded in 2022 to cover a broader range of violations.
• N.Y. Penal Law 200.00-200.56: Criminal bribery. Second-degree bribery (public servant) is Class C felony (up to 15 years). Civil penalties up to $40,000 plus value of benefit.

3.3 New York City Law (if applicable)

• NYC Human Rights Law (NYC Admin. Code 8-101 et seq.): One of the broadest anti-discrimination laws in the nation. Additional protected categories; lower burden of proof.
• NYC Local Law 144 (AEDT): Bias audits for automated employment decision tools used in NYC hiring/promotion.
• NYC Paid Safe and Sick Leave (NYC Admin. Code 20-911 et seq.): Up to 56 hours paid leave for employers with 100+ employees.

4. CORE STANDARDS OF ETHICAL CONDUCT

☐ Act lawfully, honestly, and in the Company's best interest
☐ Exercise sound judgment; avoid reputational harm
☐ Treat all persons fairly and respectfully
☐ Never engage in fraud, bribery, kickbacks, or corruption
☐ Maintain accurate books and records
☐ Protect confidential information
☐ Report suspected violations promptly
☐ Cooperate with investigations
☐ Complete required training

5. COMPLIANCE WITH LAWS AND REGULATIONS

☐ Understand and comply with all applicable laws
☐ Seek guidance when uncertain
☐ Never knowingly violate any law or policy
☐ Report known or suspected violations promptly

6. CONFLICTS OF INTEREST AND OUTSIDE ACTIVITIES

☐ Disclose all actual or potential conflicts in writing
☐ Common conflicts: outside employment, financial interests, family relationships, corporate opportunities
☐ Undisclosed conflicts may result in disciplinary action

7. GIFTS, ENTERTAINMENT, AND ANTI-CORRUPTION

7.1 General Standards

☐ Gifts must be modest, infrequent, and tied to legitimate business purpose
☐ Cash and cash equivalents always prohibited
☐ Gifts above $50 must be logged
☐ Pre-approval from CCO for gifts to any government official

7.2 New York State Officials

☐ N.Y. Public Officers Law 73(5): No gifts to state officials where influence could be inferred; $15+ is a "gift"; $75+ triggers reporting
☐ N.Y. Public Officers Law 74: Code of Ethics applies regardless of value
☐ Company policy: maximum $50 per NY State official per year
☐ N.Y. Penal Law 200.00-200.56: Criminal bribery prohibitions

7.3 NYC Public Servants

☐ NYC Charter Chapter 68: No gifts of $50+ from persons doing business with the City
☐ COIB enforcement: fines up to $25,000 per violation

7.4 FCPA and Anti-Kickback

☐ Comply with FCPA (15 U.S.C. 78dd-1 et seq.)
☐ Comply with Anti-Kickback Statute (42 U.S.C. 1320a-7b) for healthcare operations

8. BOOKS, RECORDS, AND FINANCIAL INTEGRITY

☐ Record all transactions accurately and timely
☐ No undisclosed funds or assets
☐ Never falsify records
☐ Cooperate with auditors
☐ SOX compliance (public companies)

9. CONFIDENTIAL INFORMATION AND INTELLECTUAL PROPERTY

☐ Protect confidential and proprietary information
☐ No unauthorized disclosure
☐ Respect third-party IP rights
☐ Return materials upon termination
☐ New York recognizes trade secret protection under common law and the Defend Trade Secrets Act (18 U.S.C. 1836)

10. DATA PRIVACY AND INFORMATION SECURITY

10.1 General Requirements

☐ Collect, use, disclose personal data only as authorized
☐ Maintain appropriate safeguards
☐ Limit access on need-to-know basis
☐ Report suspected breaches immediately

10.2 New York-Specific Requirements

NY SHIELD Act (N.Y. Gen. Bus. Law 899-aa, 899-bb):

• Applies to any person or business that owns or licenses computerized data including private information of a NY resident
• Administrative safeguards: Designated security coordinator; risk identification; employee training; vendor management; program adjustment for business changes
• Technical safeguards: Network/software risk assessment; intrusion detection/prevention; key controls testing
• Physical safeguards: Information storage/disposal security; unauthorized access prevention
• Breach notification: Most expedient time reasonable; notify NY AG, DFS, and Division of State Police if 500+ NY residents affected
• Penalties: Up to $5,000 per violation (no cap); AG enforcement

23 NYCRR Part 500 (DFS-Regulated Entities):

• Written cybersecurity policy approved by Board or senior officer
• Designation of a Chief Information Security Officer (CISO)
• Annual penetration testing and bi-annual vulnerability assessments
• Cybersecurity risk assessment (at least annually)
• Multi-factor authentication for all remote access and privileged accounts
• Encryption of nonpublic information in transit and at rest
• Incident response plan
• Third-party service provider security policy and due diligence
• Annual Board certification of compliance to DFS Superintendent (23 NYCRR 500.17)
• 72-hour notification to DFS of cybersecurity events that have a reasonable likelihood of materially harming normal operations

11. WORKPLACE CONDUCT AND EQUAL EMPLOYMENT OPPORTUNITY

11.1 Equal Employment Opportunity

The Company prohibits discrimination, harassment, and retaliation.

Protected characteristics under NY Human Rights Law (N.Y. Exec. Law 296): age, race, creed, color, national origin, sexual orientation, gender identity/expression, military status, sex (including pregnancy), disability, predisposing genetic characteristics, familial status, marital status, domestic violence victim status.

NYC Human Rights Law (if applicable): Extends protections to additional categories including caregiver status, height/weight, credit history, and unemployment status (for hiring). Lower burden of proof than state law.

11.2 Harassment Prevention

☐ Zero tolerance for all harassment
☐ Report immediately through designated channels

11.3 New York-Specific Employment Requirements

• Annual Sexual Harassment Training (N.Y. Lab. Law 201-g): All employers must maintain a compliant sexual harassment prevention policy and conduct annual interactive training for all employees. Training must meet minimum standards set by the NY Department of Labor and Division of Human Rights.
• NYC Training (NYC Stop Sexual Harassment Act): Additional training requirements for NYC employers with 15+ employees.
• Pay Transparency (NY Lab. Law 194-b): Employers with 4+ employees must include compensation range in job postings (effective September 2023).
• NYC AEDT (Local Law 144): Bias audits for AI tools used in hiring/promotion for NYC positions; notice to candidates required.
• NY WARN Act (N.Y. Lab. Law 860 et seq.): 90-day notice for mass layoffs (stricter than federal WARN's 60-day requirement); employers with 50+ employees.
• NY Paid Family Leave (N.Y. Workers' Comp. Law Art. 9): Up to 12 weeks paid leave at 67% of average weekly wage (capped at state average).
• At-Will Employment: New York is an at-will state, subject to statutory and common-law exceptions.

12. HEALTH, SAFETY, AND ENVIRONMENT

☐ Follow all safety protocols
☐ Report hazards and injuries promptly
☐ NY OSHA (N.Y. Lab. Law Art. 18): New York operates its own state OSHA plan for public employees; federal OSHA covers private employers
☐ Workers' compensation insurance mandatory (N.Y. Workers' Comp. Law 10)
☐ Comply with NY DEC environmental regulations as applicable

13. COMPANY ASSETS AND RESOURCES

☐ Use assets for authorized purposes only
☐ Protect from loss, theft, and unauthorized use
☐ No expectation of privacy in Company systems
☐ Report losses immediately

14. FAIR COMPETITION AND ANTITRUST

☐ Compete vigorously but fairly
☐ No anticompetitive agreements
☐ Comply with Sherman Act, Clayton Act, FTC Act
☐ N.Y. Gen. Bus. Law 340 (Donnelly Act) -- New York's antitrust statute; prohibits monopolies and restraints of trade
☐ N.Y. Gen. Bus. Law 349 prohibits deceptive business practices

15. GOVERNMENT RELATIONS AND POLITICAL ACTIVITIES

☐ Lobbying must comply with NY Legislative Law Article 1-A (Lobbying Act)
☐ Personal political activities must not use Company resources
☐ Political contributions subject to NY Election Law Article 14 and NYC Campaign Finance Board rules
☐ No Company political contributions without Board approval

16. THIRD-PARTY AND VENDOR CONDUCT

☐ Third parties must adhere to standards consistent with this Code
☐ Due diligence before engagement
☐ SHIELD Act and 23 NYCRR 500 third-party security requirements
☐ Contracts must include compliance and audit provisions

17. NEW YORK-SPECIFIC LEGAL REQUIREMENTS

17.1 N.Y. Gen. Bus. Law 349 (Deceptive Practices)

• Prohibits deceptive acts or practices in the conduct of any business, trade, or commerce
• Private right of action: minimum $50 statutory damages; treble damages up to $1,000 for willful/knowing violations
• AG enforcement with broad investigative powers
• Company obligation: All business practices, marketing, and customer communications must be truthful and not misleading

17.2 N.Y. Gen. Bus. Law 350 (False Advertising)

• Prohibits materially false or misleading advertising
• Private right of action with treble damages possible

17.3 NY SHIELD Act Compliance

• See Section 10.2 above

17.4 23 NYCRR Part 500 (DFS-Regulated Entities)

• See Section 10.2 above

17.5 NYC-Specific Requirements

• NYC Human Rights Law: Broadest anti-discrimination protections
• NYC Local Law 144: AEDT bias audits
• NYC Paid Safe and Sick Leave
• NYC Salary Transparency Law (NYC Int. 1208-A)

18. REPORTING CONCERNS AND NON-RETALIATION

18.1 Reporting Channels

☐ Direct supervisor or manager
☐ Human Resources: [________________________________]
☐ Chief Compliance Officer: [________________________________]
☐ General Counsel: [________________________________]
☐ Anonymous Ethics Hotline: [________________________________]
☐ Ethics Email: [________________________________]

18.2 Non-Retaliation

The Company strictly prohibits retaliation.

New York Labor Law Section 740 (as amended 2022):

• Protects employees who disclose or threaten to disclose an activity, policy, or practice of the employer that the employee reasonably believes is in violation of law, rule, or regulation and that creates and presents a substantial and specific danger to the public health or safety, or which constitutes health care fraud
• Expanded in 2022 to protect disclosures to supervisors (not just public bodies); covers former employees and independent contractors
• Remedies: reinstatement, back pay, front pay, compensatory damages, injunctive relief, attorney fees, civil penalties
• 2-year statute of limitations

Federal protections: SOX Section 806; Dodd-Frank Section 922.

19. INVESTIGATIONS AND DISCIPLINARY ACTION

☐ Prompt, thorough, and fair investigations
☐ Confidential to the extent practicable
☐ Cooperation required

Disciplinary measures include:
☐ Warning, training, forfeiture of compensation, demotion, suspension, termination, law enforcement referral

20. TRAINING AND ACKNOWLEDGMENT

☐ New employees: training within 30 days of hire
☐ Annual refresher for all employees
☐ Annual sexual harassment prevention training per N.Y. Lab. Law 201-g
☐ Enhanced training for high-risk roles
☐ Training records maintained five (5) years
☐ Annual written acknowledgment required

21. GOVERNANCE, WAIVERS, AND AMENDMENTS

• Policy Owner: Chief Compliance Officer
• Review: Annually or upon material legal changes
• Waivers for officers/directors: Board approval; disclosure if applicable
• Waivers for others: CCO and General Counsel approval; documented

22. EMPLOYEE ACKNOWLEDGMENT FORM

I acknowledge that I have received, read, and understand this Code of Conduct. I agree to comply with its terms.

I understand this Code does not create an employment contract and my employment remains at-will unless I have a separate written agreement.

Employee Name: [________________________________]
Signature: [________________________________]
Title / Department: [________________________________]
Date: [__/__/____]

Conflict of Interest Disclosure:
☐ No conflicts to disclose
☐ I wish to disclose: [________________________________]

23. SOURCES AND REFERENCES

• U.S. Sentencing Guidelines 8B2.1 -- https://guidelines.ussc.gov/
• DOJ Evaluation of Corporate Compliance Programs (Sept. 2024) -- https://www.justice.gov/criminal/criminal-fraud/page/file/937501
• N.Y. Gen. Bus. Law 349, 350
• NY SHIELD Act (N.Y. Gen. Bus. Law 899-aa, 899-bb) -- https://www.nysenate.gov/legislation/laws/GBS/899-BB
• 23 NYCRR Part 500 -- https://www.dfs.ny.gov/industry_guidance/cybersecurity
• N.Y. Exec. Law 296 (Human Rights Law)
• N.Y. Lab. Law 201-g, 740
• N.Y. Penal Law 200.00-200.56
• N.Y. Gen. Bus. Law 340 (Donnelly Act)
• NYC Human Rights Law (NYC Admin. Code Ch. 8)
• NYC Local Law 144 (AEDT)
• NY Commission on Ethics -- https://ethics.ny.gov/

This document is a template provided for informational purposes only and does not constitute legal advice. It must be reviewed and customized by a qualified attorney licensed in New York before implementation.