Docaro

Code Of Conduct Responsibilities By Role In The United Kingdom

Created:
This guide explains role-based conduct responsibilities in a clear structured format, helping employers and staff understand expectations, accountability, and ethical standards. It supports the broader AI Generated Code of Conduct and Ethics for use in the United Kingdom.
Typical responsibilities
Responsibility type
Evidence of compliance
Responsibility frequency
Escalation notes
Board of directors
Set ethical culture, values and expectations for conduct across the organisation.
Oversight
Board minutes, culture reports, approved code, annual governance statements.
Periodic
Escalate material cultural or conduct failings to the chair and full board.
Oversee internal controls for ethics, compliance, fraud, bribery and misconduct risks.
Oversight
Risk register, audit committee papers, control testing, remediation plans.
Periodic
Audit committee should escalate significant control weaknesses to the board.
Ensure effective whistleblowing arrangements and oversight of serious disclosures.
Oversight
Whistleblowing policy, hotline reports, board summaries, action tracking.
Periodic
Serious or executive-level concerns should go to the chair or designated non-executive director.
Approve proportionate anti-bribery procedures and require senior commitment.
Oversight
Anti-bribery policy approval, risk assessments, board briefings, compliance reports.
Annual
Escalate suspected bribery involving senior staff or high-risk markets to the board.
Approve the annual modern slavery statement if the statutory threshold applies.
Oversight
Board approval, signed statement, website publication, supply chain risk review.
Annual
Escalate credible forced labour concerns to legal, compliance and the board sponsor.
Senior leadership
Model ethical behaviour and communicate expectations consistently to teams.
Training and communication
Leadership messages, town halls, intranet posts, team briefings.
Day-to-day
Escalate repeated policy disregard to the executive committee or board sponsor.
Allocate resources for training, reporting channels, monitoring and remediation.
Implementation
Budgets, implementation plans, accountable owners, KPI dashboards.
Periodic
Resource gaps should be raised to the CEO, CFO or relevant executive sponsor.
Declare and manage conflicts of interest, outside roles and related-party issues.
Compliance
Conflict declarations, approvals, recusals, register entries.
Event-triggered
Escalate unresolved senior conflicts to the company secretary, legal team or board chair.
Support proportionate action after serious misconduct findings.
Implementation
Disciplinary decisions, remediation logs, lessons-learned reports.
Event-triggered
Executive misconduct should be handled independently through HR, legal and the board.
Lead health and safety culture and require compliance with safe working rules.
Oversight
Safety reports, management reviews, incident trends, improvement plans.
Periodic
Serious risks or incidents should be escalated to the safety lead and directors.
Line managers
Apply the code fairly in daily supervision and team decisions.
Implementation
Team records, performance notes, approvals, management actions.
Day-to-day
Escalate uncertainty to HR, legal or the policy owner before acting.
Encourage staff to raise concerns and protect them from retaliation.
Reporting
Concern logs, referrals, follow-up notes, anti-retaliation actions.
Event-triggered
Whistleblowing concerns should go to the designated officer or confidential channel.
Address bullying, harassment, discrimination and inappropriate workplace behaviour promptly.
Compliance
Meeting notes, HR referrals, adjustments, investigation requests, action plans.
Event-triggered
Escalate complaints or protected characteristic issues to HR immediately.
Review gifts, hospitality and entertainment requests under approval thresholds.
Compliance
Gift register entries, approvals, refusals, expense records.
Event-triggered
Escalate high-value or public official hospitality to compliance or legal.
Ensure team members complete mandatory ethics and compliance training.
Training and communication
Training completion reports, reminders, induction checklists.
Periodic
Persistent non-completion should be escalated to HR and senior management.
Employees
Read, understand and follow the code and related workplace policies.
Compliance
Policy acknowledgement, training completion, compliant conduct records.
Day-to-day
Ask a manager, HR or compliance if any requirement is unclear.
Report suspected misconduct, illegal activity, safety risks or unethical behaviour.
Reporting
Reports, emails, hotline references, witness notes.
Event-triggered
Use manager, HR, compliance, whistleblowing channel or prescribed person where appropriate.
Declare personal interests, relationships or outside work that may affect judgement.
Compliance
Conflict forms, register updates, manager approvals, mitigation steps.
Event-triggered
Escalate unresolved or sensitive conflicts to HR, legal or compliance.
Avoid bribery, facilitation payments and improper inducements.
Compliance
Refusal records, gift declarations, due diligence checks, training logs.
Day-to-day
Report suspected bribery immediately to compliance, legal or the whistleblowing channel.
Handle personal data securely, lawfully and only for authorised purposes.
Compliance
Training records, access logs, privacy checks, secure disposal records.
Day-to-day
Report suspected personal data breaches promptly to the data protection lead.
Treat colleagues, customers and third parties fairly and without discrimination.
Compliance
Training completion, complaint outcomes, inclusive practice records.
Day-to-day
Report harassment or discrimination to a manager, HR or reporting channel.
Take reasonable care for own and othersu0027 health and safety.
Compliance
Safety training, incident reports, PPE records, risk assessment acknowledgements.
Day-to-day
Escalate hazards, near misses or unsafe practices to the manager or safety lead.
Protect confidential information, trade secrets and company records.
Compliance
Access permissions, NDA acknowledgements, secure storage, audit logs.
Day-to-day
Report unauthorised disclosure to the manager, IT security or legal team.
Act honestly and avoid fraud, false accounting and dishonest expense claims.
Compliance
Accurate records, expense receipts, approvals, audit trails.
Day-to-day
Report suspected fraud to finance, compliance, legal or whistleblowing channels.
Contractors and consultants
Comply with applicable conduct, confidentiality, safety and security requirements.
Compliance
Contract clauses, onboarding records, signed policy acknowledgements.
Day-to-day
Concerns should be raised with the contract manager or compliance contact.
Disclose conflicts, competing engagements or independence issues before work starts.
Reporting
Conflict declarations, engagement letters, contract manager approvals.
Event-triggered
Material conflicts should be escalated to procurement, legal or the project sponsor.
Process personal data only under authorised instructions and security controls.
Compliance
Data processing terms, access logs, security attestations, breach reports.
Day-to-day
Suspected data breaches should be reported immediately to the client contact and DPO.
Avoid bribery and improper payments when acting for the organisation.
Compliance
Contract warranties, due diligence, payment records, training attestations.
Day-to-day
Suspected bribery should be escalated to the contract manager and compliance team.
Human resources
Include the code in induction and obtain staff acknowledgements.
Training and communication
Induction checklists, signed acknowledgements, LMS records.
Event-triggered
Missing acknowledgements should be escalated to line managers and HR business partners.
Manage disciplinary and grievance processes fairly and consistently.
Implementation
Case files, meeting notes, outcome letters, appeal records.
Event-triggered
Complex or high-risk cases should be escalated to legal and senior HR.
Provide training on equality, harassment, bullying and respectful workplace standards.
Training and communication
Training materials, attendance logs, refresher schedules, evaluation results.
Periodic
Training gaps in high-risk teams should be escalated to senior leadership.
Support impartial investigations into employee misconduct and workplace complaints.
Investigation support
Terms of reference, interview notes, evidence logs, investigation reports.
Event-triggered
Allegations involving senior leaders should use an independent investigator or legal oversight.
Monitor for retaliation after complaints, grievances or whistleblowing disclosures.
Compliance
Follow-up check-ins, case notes, transfer records, retaliation reviews.
Event-triggered
Suspected retaliation should be escalated to senior HR and legal immediately.
Advise on reasonable adjustments and fair treatment in employment decisions.
Implementation
Adjustment records, occupational health referrals, decision rationale, review dates.
Event-triggered
Escalate contested or high-risk decisions to legal and senior HR.
Compliance or legal team
Draft, update and interpret the code and related compliance policies.
Implementation
Version history, legal reviews, approval records, policy change logs.
Periodic
Material legal changes should be escalated to senior leadership and the board.
Maintain anti-bribery risk assessments, procedures, monitoring and advice.
Implementation
Risk assessments, due diligence files, approvals, monitoring reports.
Periodic
High-risk bribery issues should be escalated to general counsel and the board sponsor.
Operate confidential reporting routes and triage whistleblowing disclosures.
Reporting
Case log, triage notes, confidentiality controls, board reporting.
Event-triggered
Serious disclosures should be escalated to independent senior oversight.
Advise on investigations involving fraud, bribery, sanctions, data or legal risk.
Investigation support
Legal hold notices, evidence logs, advice notes, investigation reports.
Event-triggered
Matters involving criminal risk or regulators should be escalated to general counsel.
Advise on sanctions, fraud, money laundering and restricted-party risks.
Compliance
Screening records, risk assessments, approvals, escalation decisions.
Event-triggered
Potential sanctions matches should be escalated immediately and transactions paused.
Assess data incidents and advise on ICO notification requirements.
Reporting
Incident assessments, breach register, ICO notifications, remedial actions.
Event-triggered
High-risk data incidents should be escalated to the DPO and senior management urgently.
Suppliers and business partners
Follow contractual conduct standards on ethics, labour, safety and integrity.
Compliance
Supplier code acceptance, contract clauses, audit responses, certifications.
Day-to-day
Supplier breaches should be escalated to procurement, legal and the contract owner.
Avoid forced labour and support modern slavery supply chain due diligence.
Compliance
SAQs, audit reports, corrective actions, worker records, termination rights.
Periodic
Credible exploitation risks should be escalated to compliance, legal and senior procurement.
Avoid bribery, kickbacks and improper advantages in business dealings.
Compliance
Due diligence, anti-bribery clauses, payment controls, audit rights.
Day-to-day
Suspicious requests or payments should be escalated before payment or engagement continues.
Meet contractual data protection and security obligations when processing personal data.
Compliance
Data processing agreement, security audits, subprocessors list, breach notices.
Day-to-day
Supplier data incidents should be reported immediately to the contract owner and DPO.
Notify the organisation of suspected code, legal or contract breaches.
Reporting
Breach notices, meeting minutes, remediation updates, audit findings.
Event-triggered
Use the contract manager, procurement contact or confidential reporting channel.
Avoid bid rigging, price fixing, market sharing and anti-competitive coordination.
Compliance
Tender records, competition clauses, training attestations, audit trails.
Event-triggered
Competition concerns should be escalated to legal before discussions or tenders continue.
Board of directors
Review code effectiveness, incident trends and material policy changes annually.
Oversight
Annual review paper, incident metrics, approved revisions, action plan.
Annual
Unresolved systemic weaknesses should be assigned to an executive owner.
Compliance or legal team
Coordinate annual code attestations and exception reporting.
Training and communication
Attestation dashboard, exception list, reminders, escalation records.
Annual
Non-attestation by senior staff should be escalated to leadership and HR.
Senior leadership
Communicate lessons learned after material ethics or conduct incidents.
Training and communication
Lessons-learned briefings, updated guidance, team action trackers.
Event-triggered
Communications on legal or sensitive matters should be cleared by legal and HR.
Line managers
Preserve evidence and cooperate with investigations without prejudging outcomes.
Investigation support
Evidence preservation notes, witness availability, handover records.
Event-triggered
Potential interference or retaliation should be escalated to HR or legal.
Employees
Cooperate honestly with authorised investigations and preserve relevant information.
Investigation support
Witness statements, document preservation, interview attendance.
Event-triggered
Concerns about the process should be raised with HR, legal or the investigator.
Human resources
Keep conduct, grievance and disciplinary records securely and lawfully.
Compliance
Retention schedule, restricted access, deletion logs, case files.
Day-to-day
Subject access or deletion issues should be escalated to the DPO or legal team.
Compliance or legal team
Advise whether misconduct requires notification to regulators or authorities.
Reporting
Notification assessments, regulator correspondence, decision logs.
Event-triggered
Potential external reporting should be escalated to general counsel and senior leadership.
Employees
Use company assets, systems and funds responsibly and for authorised purposes.
Compliance
Asset registers, access logs, expense approvals, acceptable use acknowledgements.
Day-to-day
Suspected misuse should be reported to the manager, IT, finance or HR.
Suppliers and business partners
Submit accurate invoices, records and representations under commercial arrangements.
Compliance
Invoices, delivery records, audit trails, contract reports.
Day-to-day
Suspected false billing should be escalated to procurement, finance and legal.

Who Should Be Responsible For A UK Code Of Conduct And Ethics Policy?

A robust UK code of conduct should allocate duties across the organisation rather than treating ethics as an HR-only matter. The board should own oversight of culture, risk appetite and whistleblowing arrangements, while senior leadership should translate those expectations into business decisions, resources and communications.

What Should Managers And Employees Do Day To Day?

Line managers and employees carry most day-to-day responsibilities: applying standards on conflicts of interest, gifts and hospitality, anti-bribery, data protection, equality, health and safety, and respectful workplace behaviour. Evidence should be practical and contemporaneous, such as conflict declarations, training records, approvals, incident reports and documented management actions.

When Should Issues Be Escalated?

Escalation routes should be clear for misconduct, suspected bribery, fraud, harassment, discrimination, data breaches, health and safety concerns, modern slavery risks and whistleblowing disclosures. Serious matters should move quickly to HR, legal, compliance, senior leadership or the board, depending on the risk and whether independence is required.

Why Do Suppliers And Contractors Need Specific Duties?

UK organisations often rely on contractors, consultants, suppliers and business partners, so the policy should extend core expectations to third parties through contract clauses, onboarding, due diligence and reporting obligations. This is particularly important for anti-bribery controls, modern slavery due diligence, data protection, sanctions, confidentiality and workplace conduct.

What Records Help Demonstrate Compliance?

Useful evidence includes board minutes, risk registers, policy acknowledgements, training logs, investigation files, supplier due diligence, audit findings, declarations of interest, whistleblowing case logs and remediation actions. These records support defensible decision-making if an issue is reviewed by regulators, courts, auditors or business partners.

Code of conduct responsibilities by role
Want to Generate Your own Code of Conduct and Ethics?
Docaro AI can help you write your own Code of Conduct and Ethics for use in the United Kingdom in minutes.
Generate Your Document Now

FAQs

In the UK, responsibility for a code of conduct is usually shared: the board sets the tone, senior management implements it, HR embeds it into policies and training, line managers supervise day-to-day compliance, and employees are expected to follow it.
Show All FAQs

You Might Also Be Interested In

Code of conduct and ethics clause catalogue
Explore United Kingdom code of conduct and ethics clauses for clearer workplace policies and compliance-focused drafting.
Corporate values and conduct expectations
Corporate values and conduct expectations in the United Kingdom for ethical, accountable workplace behaviour.
UK compliance topics for codes of conduct
Explore UK compliance topics for codes of conduct, including ethics, workplace rules, reporting, and governance essentials.
Code of conduct implementation checklist
Implement a code of conduct in the United Kingdom with this practical checklist for ethics, compliance, and workplace standards.
Reporting and enforcement provisions
Understand United Kingdom reporting and enforcement provisions, including compliance duties, oversight, and practical governance expectations.
United Kingdom Code of Conduct and Ethics Content Checklist Flowchart
United Kingdom code of conduct checklist flowchart for ethics, compliance, workplace standards, and policy planning.
United Kingdom Code of Conduct and Ethics Policy Structure Flowchart
United Kingdom code of conduct and ethics policy flowchart showing key sections, structure, and practical guidance.
Policy customisation factors
Explore policy customisation factors in the United Kingdom to create clearer, more relevant workplace governance documents.
Training and communication topics
Explore training and communication topics for ethics and conduct programmes in the United Kingdom.
Ethical decision-making prompts
Ethical decision-making prompts for the United Kingdom to support responsible choices, policy alignment, and ethical workplace conduct.
Code of conduct review and audit indicators
Review United Kingdom code of conduct audit indicators to assess compliance, ethics risks, and governance effectiveness.
United Kingdom Code of Conduct and Ethics Implementation Flowchart
United Kingdom code of conduct and ethics flowchart for implementing workplace policy steps clearly and consistently.

References and Information Sources