UK Compliance Topics For Codes Of Conduct
Compliance topic | Relevance summary | Relevance type | Policy coverage notes | Governance priority |
|---|---|---|---|---|
Corporate governance, Financial integrity, Supply chain and third parties | ||||
Anti-bribery and corruption | UK companies need controls to prevent bribery by employees, agents and associated persons. | General UK business relevance High-risk activity relevance | Ban bribes, facilitation payments and improper advantages require approval for gifts, hospitality and intermediaries. | High |
Corporate governance, Financial integrity | ||||
Gifts and hospitality | Benefits offered or received can create bribery, conflict and procurement integrity risks. | General UK business relevance Role-dependent relevance | Set value thresholds, approval rules, registers, public-sector cautions and refusal requirements. | High |
Conflicts of interest | Employees and directors must avoid personal interests compromising business judgement. | General UK business relevance Role-dependent relevance | Require disclosure, recusal, registers, approval of outside roles and related-party dealings. | High |
Corporate governance | ||||
Directors' duties | Directors must act within powers, promote company success and exercise reasonable care. | Role-dependent relevance | Reference statutory duties, board integrity, proper authority, records and stakeholder considerations. | High |
Financial integrity, Corporate governance | ||||
Fraud prevention | Fraud harms financial integrity and may create criminal, civil and reporting consequences. | General UK business relevance High-risk activity relevance | Prohibit dishonesty, false claims, expense fraud, asset misuse, deception and concealment. | High |
Corporate governance, Financial integrity | ||||
Failure to prevent fraud | Large organisations may be liable if associated persons commit fraud for their benefit. | Sector-dependent relevance High-risk activity relevance | Include fraud risk assessment, associated-person controls, reporting, training and reasonable procedures. | High |
Financial integrity, Corporate governance | ||||
Financial records and accounting integrity | Companies must maintain accurate records and avoid misleading accounting entries. | General UK business relevance | Require accurate books, honest expenses, supporting evidence, approvals and no off-book accounts. | High |
Financial integrity, Corporate governance, Supply chain and third parties | ||||
Anti-money laundering | Regulated sectors must prevent laundering and many businesses face proceeds-of-crime risks. | Sector-dependent relevance High-risk activity relevance | Cover customer due diligence, suspicious activity escalation, beneficial ownership and record keeping. | High |
Financial integrity, Supply chain and third parties | ||||
Terrorist financing | Businesses must avoid funds, services or assets being used to support terrorism. | Sector-dependent relevance High-risk activity relevance | Require screening, escalation of red flags, payment controls and no dealings with prohibited parties. | High |
Financial integrity, Competition and trading, Supply chain and third parties | ||||
Sanctions compliance | UK persons and businesses must comply with financial, trade and immigration sanctions. | General UK business relevance High-risk activity relevance | Require screening, asset-freeze escalation, licence checks, blocked payments and third-party due diligence. | High |
Financial integrity, Corporate governance, Supply chain and third parties | ||||
Criminal facilitation of tax evasion | Relevant bodies can be liable if associated persons facilitate tax evasion. | General UK business relevance High-risk activity relevance | Ban tax evasion facilitation require risk assessment, due diligence, training and reporting. | High |
Employment and workplace, Corporate governance | ||||
Whistleblowing and protected disclosures | Workers who report certain wrongdoing may have legal protection from detriment or dismissal. | General UK business relevance | Provide reporting channels, confidentiality, non-retaliation, investigation steps and escalation options. | High |
Employment and workplace | ||||
Equality and non-discrimination | UK employers must avoid discrimination linked to protected characteristics. | General UK business relevance | Set expectations on fair treatment, recruitment, promotion, reasonable adjustments and inclusive conduct. | High |
Harassment and bullying | Employers should prevent unlawful harassment and maintain a respectful working environment. | General UK business relevance | Prohibit harassment, bullying, victimisation and sexual harassment include reporting and bystander duties. | High |
Sexual harassment prevention | UK employers must take reasonable steps to prevent workplace sexual harassment. | General UK business relevance | Define prohibited conduct, third-party risks, reporting, investigations, sanctions and anti-retaliation. | High |
Employment and workplace, Supply chain and third parties | ||||
Modern slavery and human trafficking | Larger organisations may need transparency statements and supply chains can carry labour exploitation risk. | General UK business relevance Sector-dependent relevance High-risk activity relevance | Commit to no forced labour require supplier due diligence, audits, reporting and remediation. | High |
Employment and workplace | ||||
Right to work compliance | Employers must check that employees have permission to work in the UK. | General UK business relevance Role-dependent relevance | Require compliant checks, record retention, no discriminatory checks and escalation of concerns. | Medium |
Working time and rest breaks | Working hours, rest breaks and holiday rules affect employee wellbeing and legal compliance. | General UK business relevance | Address hours, rest, holiday, fatigue, opt-outs, records and manager responsibilities. | Medium |
Employment and workplace, Financial integrity | ||||
National Minimum Wage and pay fairness | Employers must pay at least the applicable minimum wage and manage deductions carefully. | General UK business relevance | Commit to lawful pay, accurate time records, correct deductions and payroll escalation. | High |
Health, safety and environment, Employment and workplace | ||||
Workplace health and safety | Employers must protect workers and others from workplace health and safety risks. | General UK business relevance | Require risk assessments, safe systems, training, incident reporting and manager accountability. | High |
Health, safety and environment | ||||
Accident and incident reporting | Certain workplace injuries, diseases and dangerous occurrences must be reported to regulators. | General UK business relevance Sector-dependent relevance | Require prompt reporting, no concealment, preservation of evidence and manager escalation. | High |
Health, safety and environment, Employment and workplace | ||||
Drugs and alcohol at work | Substance misuse can create safety, conduct and performance risks, especially in safety-critical roles. | General UK business relevance Role-dependent relevance | Set impairment rules, support routes, testing conditions, reporting duties and safety-critical controls. | Medium |
Health, safety and environment, Corporate governance | ||||
Environmental compliance | Businesses may need permits, waste controls and pollution prevention measures. | General UK business relevance Sector-dependent relevance | Commit to legal compliance, waste management, pollution prevention, permits and incident reporting. | Medium |
Competition and trading, Corporate governance, Health, safety and environment | ||||
Green claims and sustainability communications | Environmental claims must be truthful, clear, substantiated and not misleading. | Sector-dependent relevance High-risk activity relevance | Require evidence, legal review, fair comparisons, full lifecycle context and no exaggeration. | Medium |
Data and confidentiality, Corporate governance | ||||
Data protection and UK GDPR | Organisations handling personal data must comply with UK GDPR and Data Protection Act 2018. | General UK business relevance | Cover lawful use, minimisation, security, rights requests, retention, DPIAs and breach reporting. | High |
Data and confidentiality | ||||
Personal data breach reporting | Certain personal data breaches must be reported to the ICO within strict timescales. | General UK business relevance High-risk activity relevance | Require immediate escalation, containment, assessment, notification decisions and evidence records. | High |
Data and confidentiality, Corporate governance | ||||
Confidential information and trade secrets | Codes should protect business, customer, employee and supplier confidential information. | General UK business relevance | Set need-to-know rules, secure storage, no unauthorised disclosure and post-employment duties. | High |
Cyber security and acceptable IT use | Employee conduct affects cyber risk, data security and operational resilience. | General UK business relevance | Cover passwords, phishing, devices, access rights, remote working and incident reporting. | High |
Employment and workplace, Data and confidentiality, Corporate governance | ||||
Social media and public communications | Online conduct can expose employers to confidentiality, harassment and reputation risks. | General UK business relevance | Set rules on authorised statements, confidentiality, respectful posting and personal account disclaimers. | Medium |
Competition and trading, Corporate governance | ||||
Competition law and anti-competitive conduct | UK competition law prohibits cartels, bid-rigging, market sharing and abusive conduct. | General UK business relevance Role-dependent relevance High-risk activity relevance | Ban price fixing, market sharing, bid rigging and improper competitor information exchange. | High |
Competition and trading, Financial integrity, Supply chain and third parties | ||||
Procurement integrity and fair tendering | Tendering creates bribery, fraud, conflict, collusion and transparency risks. | Role-dependent relevance High-risk activity relevance | Require fair tender processes, conflict declarations, no bid-rigging and proper supplier selection. | High |
Competition and trading | ||||
Consumer protection and fair trading | Businesses dealing with consumers must avoid misleading, aggressive or unfair practices. | Sector-dependent relevance | Require honest marketing, clear pricing, fair terms, complaint handling and no pressure selling. | Medium |
Competition and trading, Corporate governance | ||||
Advertising and marketing standards | Marketing should be legal, decent, honest, truthful and socially responsible. | Sector-dependent relevance Role-dependent relevance | Require substantiation, approvals, clear claims, influencer disclosure and no misleading promotions. | Medium |
Competition and trading, Health, safety and environment, Supply chain and third parties | ||||
Product safety and quality | Businesses placing products on the UK market must manage safety and quality obligations. | Sector-dependent relevance | Cover safety checks, conformity, recalls, customer complaints, traceability and supplier quality controls. | High |
Competition and trading, Supply chain and third parties, Financial integrity | ||||
Import and export controls | International trade may require licences, classification checks, customs compliance and sanctions screening. | Sector-dependent relevance High-risk activity relevance | Require classification, licensing, end-use checks, customs accuracy and restricted-party screening. | High |
Supply chain and third parties, Corporate governance, Financial integrity | ||||
Supplier and third-party due diligence | Third parties can create bribery, sanctions, slavery, fraud, cyber and reputational risks. | General UK business relevance High-risk activity relevance | Require risk-based checks, approvals, contracts, monitoring, audit rights and termination triggers. | High |
Supply chain and third parties, Financial integrity, Corporate governance | ||||
Agents, introducers and intermediaries | Intermediaries may expose businesses to bribery, fraud, sanctions and hidden commission risks. | High-risk activity relevance Role-dependent relevance | Require due diligence, written terms, legitimate services, payment controls and commission approvals. | High |
Corporate governance, Financial integrity | ||||
Charitable and political donations | Donations can create bribery, influence, transparency and corporate approval risks. | General UK business relevance High-risk activity relevance | Require approvals, legality checks, no improper influence, records and political donation controls. | Medium |
Financial integrity, Corporate governance, Data and confidentiality | ||||
Insider dealing and market abuse | Listed, financial and capital markets businesses must prevent misuse of inside information. | Sector-dependent relevance Role-dependent relevance High-risk activity relevance | Cover inside information, dealing restrictions, insider lists, disclosure controls and confidentiality. | High |
Financial integrity, Corporate governance, Employment and workplace | ||||
Financial services conduct rules | FCA-regulated firms must ensure relevant staff observe individual conduct standards. | Sector-dependent relevance Role-dependent relevance | Reference integrity, due skill and care, openness with regulators and treating customers fairly. | High |
Corporate governance, Financial integrity | ||||
Cooperation with regulators and authorities | Businesses may need to provide accurate information and cooperate with regulators and enforcement bodies. | General UK business relevance Sector-dependent relevance | Require truthful responses, document preservation, legal review and no obstruction or retaliation. | Medium |
Data and confidentiality, Corporate governance, Financial integrity | ||||
Records management and document retention | Records support legal compliance, audits, disputes, data protection and financial reporting. | General UK business relevance | Set retention periods, legal holds, secure deletion, ownership and record accuracy standards. | Medium |
Data and confidentiality, Corporate governance, Competition and trading | ||||
Intellectual property protection and use | Businesses must protect their IP and avoid unauthorised use of others' IP. | General UK business relevance Role-dependent relevance | Address ownership, licensing, copyright use, brand protection, inventions and open-source software. | Medium |
Corporate governance, Financial integrity, Data and confidentiality | ||||
Use of company assets | Company property, systems, funds and information should be used for authorised business purposes. | General UK business relevance | Prohibit misuse, theft, unauthorised access, excessive personal use and unauthorised disposal. | Medium |
Financial integrity, Corporate governance | ||||
Expenses and reimbursement integrity | Expense claims can create fraud, tax, bribery and accounting risks. | General UK business relevance Role-dependent relevance | Require genuine business purpose, receipts, approvals, accurate claims and no duplicate reimbursement. | Medium |
Employment and workplace, Data and confidentiality, Health, safety and environment | ||||
Remote and hybrid working conduct | Remote work affects confidentiality, cyber security, health and safety and working time controls. | General UK business relevance | Cover secure working, home safety, availability, equipment, data handling and incident reporting. | Medium |
Employment and workplace, Corporate governance | ||||
Non-retaliation for raising concerns | Retaliation undermines speak-up culture and may breach whistleblowing and employment protections. | General UK business relevance | Prohibit victimisation, protect reporters and witnesses, and require escalation of retaliation concerns. | High |
Disciplinary consequences for misconduct | Ethics policies should explain that breaches may lead to fair disciplinary action. | General UK business relevance | State examples of misconduct, investigation rights, fairness, proportionality and possible sanctions. | Medium |
Grievance and complaints handling | Clear complaint handling supports fair treatment and early resolution of workplace issues. | General UK business relevance | Set reporting routes, investigation standards, confidentiality, appeals and protection from victimisation. | Medium |
Data and confidentiality, Corporate governance, Employment and workplace | ||||
Responsible AI and automated tools | AI use can affect data protection, confidentiality, discrimination, transparency and intellectual property risks. | General UK business relevance Role-dependent relevance High-risk activity relevance | Require approved tools, human oversight, no confidential prompts, bias checks and output verification. | Medium |
Employment and workplace, Corporate governance | ||||
Diversity, equity and inclusion | DEI commitments support equality compliance, culture, recruitment and fair workplace decisions. | General UK business relevance | Promote inclusion, fair opportunities, respectful language, accessibility and evidence-based initiatives. | Medium |
Employment and workplace, Health, safety and environment, Supply chain and third parties | ||||
Safeguarding children and vulnerable adults | Organisations working with children or vulnerable adults need clear safeguarding standards. | Sector-dependent relevance Role-dependent relevance High-risk activity relevance | Cover DBS checks, boundaries, reporting concerns, referrals, training and safer recruitment. | High |
Competition and trading, Corporate governance | ||||
Fair treatment of vulnerable customers | Customer-facing sectors should ensure vulnerable customers are treated fairly and appropriately. | Sector-dependent relevance Role-dependent relevance | Require recognition of vulnerability, appropriate support, fair communications and escalation routes. | Medium |
Corporate governance, Financial integrity, Competition and trading | ||||
Dealing with public officials and lobbying | Interactions with public officials create heightened bribery, transparency and reputational risks. | High-risk activity relevance Role-dependent relevance | Require approvals, accurate records, no improper influence, lobbying compliance and hospitality controls. | High |
Employment and workplace, Financial integrity, Health, safety and environment | ||||
Business travel conduct | Travel can create safety, bribery, sanctions, expenses, security and reputational risks. | Role-dependent relevance High-risk activity relevance | Cover travel approvals, local law, safety advice, expenses, gifts and incident escalation. | Medium |
Corporate governance, Employment and workplace, Supply chain and third parties | ||||
Human rights in business operations | Businesses may need to manage human rights impacts across operations and supply chains. | General UK business relevance Sector-dependent relevance High-risk activity relevance | Commit to respect rights, conduct due diligence, provide grievance routes and remediate impacts. | Medium |
Supply chain and third parties, Employment and workplace | ||||
Supply chain labour standards | Supplier labour practices can create modern slavery, wage, safety and reputational risks. | Sector-dependent relevance High-risk activity relevance | Set supplier standards for lawful pay, safe work, no forced labour and audit cooperation. | High |
Financial integrity, Corporate governance | ||||
Tax compliance and transparency | Businesses should comply with tax laws and avoid dishonest or abusive tax conduct. | General UK business relevance | Require accurate tax records, truthful filings, no evasion, escalation and professional advice. | High |
Proceeds of crime and suspicious activity | Businesses should avoid handling criminal property and escalate suspicious transactions. | Sector-dependent relevance High-risk activity relevance | Cover red flags, escalation, no tipping off where applicable, payment scrutiny and record keeping. | High |
Corporate governance, Employment and workplace | ||||
Ethics reporting channels | Codes need practical routes for reporting misconduct, legal breaches and ethical concerns. | General UK business relevance | List reporting routes, anonymous options if available, investigation ownership and escalation triggers. | High |
Compliance training and certification | Training helps demonstrate reasonable procedures and embeds expected standards of conduct. | General UK business relevance Role-dependent relevance | Require induction, periodic refreshers, role-based modules, attestations and completion records. | Medium |
Employment and workplace, Data and confidentiality | ||||
Employee monitoring and privacy | Workplace monitoring must respect data protection, transparency and proportionality requirements. | General UK business relevance High-risk activity relevance | Explain monitoring purposes, lawful basis, notice, limits, access controls and DPIA triggers. | Medium |
Corporate governance, Employment and workplace, Financial integrity | ||||
Internal investigations | Investigations help respond fairly to misconduct, fraud, harassment and compliance reports. | General UK business relevance High-risk activity relevance | Cover independence, confidentiality, evidence preservation, fair process, outcomes and escalation. | High |
Corporate governance, Financial integrity | ||||
Related-party transactions | Transactions involving directors or connected persons can create conflict and approval risks. | Role-dependent relevance High-risk activity relevance | Require disclosure, independent review, board approval, fair terms and documented rationale. | High |
Data and confidentiality, Competition and trading | ||||
Customer confidentiality | Customer data and commercial information must be protected from misuse or unauthorised disclosure. | General UK business relevance Sector-dependent relevance | Limit access, prohibit gossip or disclosure, secure communications and report suspected leaks. | High |
Employment and workplace | ||||
Fair recruitment and hiring | Recruitment decisions must avoid discrimination and follow fair, transparent processes. | General UK business relevance Role-dependent relevance | Set merit-based selection, interview standards, reasonable adjustments and lawful background checks. | Medium |
Employment and workplace, Health, safety and environment | ||||
Mental health and wellbeing | Work-related stress and mental health risks are part of workplace health and safety management. | General UK business relevance | Promote respectful workloads, support routes, stress risk assessment and manager escalation. | Medium |
Health, safety and environment | ||||
Fire safety responsibilities | Workplaces must assess and manage fire risks to protect workers and visitors. | General UK business relevance | Require evacuation compliance, no blocked exits, reporting hazards, drills and equipment care. | High |
Health, safety and environment, Employment and workplace | ||||
Lone working and personal safety | Lone workers may face heightened safety risks requiring assessment and controls. | Sector-dependent relevance Role-dependent relevance | Set check-ins, escalation, risk assessment, training, emergency contacts and incident reporting. | Medium |
Driving for work and fleet conduct | Work-related driving creates safety, insurance, fatigue and legal compliance risks. | Role-dependent relevance High-risk activity relevance | Require safe driving, licence checks, vehicle condition, no mobile misuse and incident reporting. | Medium |
What UK Compliance Topics Should A Code Of Conduct And Ethics Cover?
A UK code of conduct should usually cover workplace behaviour, anti-bribery, conflicts of interest, data protection, financial integrity, competition law, health and safety, environmental duties and third-party conduct. These areas map to recurring UK legal risks including the Bribery Act 2010, Equality Act 2010, UK GDPR, Companies Act 2006, Competition Act 1998, Health and Safety at Work etc. Act 1974 and Modern Slavery Act 2015.
Which Topics Need The Most Governance Attention?
High-priority topics are those carrying criminal, regulatory, director or reputational risk, including bribery, fraud, sanctions, tax evasion facilitation, modern slavery, workplace harassment, whistleblowing, health and safety, data protection and competition law. These topics normally require clear escalation routes, board or senior management oversight, training and records.
How Should UK Employers Use This Dataset?
Employers can use these topics as a checklist when drafting or reviewing a Code of Conduct and Ethics. Not every topic needs equal detail: some are generally relevant to most UK businesses, while others are sector-dependent, role-dependent or linked to high-risk activities such as public procurement, international trade, handling personal data, managing suppliers or financial reporting.
Why Should Third Parties Be Included In A UK Ethics Code?
UK compliance risks often arise through agents, suppliers, contractors and intermediaries. Policies should therefore address due diligence, contractual standards, reporting channels, gifts and hospitality, modern slavery, sanctions and anti-bribery controls for third parties, not just employees.

FAQs
You Might Also Be Interested In











