Principle 9: Conduct and compliance

For an organisation to work effectively, there must be clear expectations about how the people involved with it are expected to behave. Boards play an important role in defining acceptable behaviours and in establishing frameworks that enable action when unacceptable behaviours occur.

Although much can be done through policies and practices to shape behaviour, one of the most powerful influences on the behaviour of people involved with an organisation is culture. For this reason, Principle 9: Conduct and Compliance is closely linked with Principle 10: Culture.

Codes of conduct

Codes of conduct are policy documents that describe the behaviours (conduct) expected of the people involved in an organisation. The board will generally approve the code of conduct and it will apply to all people involved in the organisation such as staff, volunteers, members and directors.

These codes will generally include:

Codes of conduct take many forms; some are highly prescriptive, prohibiting certain actions or behaviours, while others are more principles-based. The common goal of codes of conduct is to provide guidance to the people involved with an organisation about how they are expected to behave. For this reason, it is common for codes of conduct to include a discussion of these expectations, relevant examples and links to relevant internal policies.

It is important that a code of conduct is enforced. The consequences for failing to comply with the code of conduct should be clearly set out, as well as the mechanisms for how this will be determined and enforced. Boards should be prepared to make difficult decisions to enforce the code of conduct and to empower management to do the same.

Back to top

Complying with the law

All organisations must comply with the law. It is important that boards understand the legal framework that applies to their organisation and that they are satisfied with the steps taken to comply.

The laws that apply to an NFP will depend on the nature of the organisation. Some laws, such as taxation laws and the criminal code, apply to all organisations. Other laws may only apply based on the type of activity the organisation is undertaking such as the laws around preparing and storing food or fundraising.

It is generally not possible for a board to know every law that applies to their organisation in detail or to evaluate for themselves whether the organisation is complying with every relevant law. However, there are ways that a board can oversee compliance with the law, for example, by:

• Seeking independent review of proposed decisions;
• Establishing a policy framework that requires staff to follow relevant laws;
• Maintaining integrity of internal and external audit processes;
• Promoting a culture of compliance;
• Seeking independent legal advice where necessary; and
• Establishing robust systems for reporting and investigating misconduct.

Boards can and should apply a similar approach to requiring compliance with their governing documents and internal policies. Boards may be interested to inquire into how management maintains compliance with policies such as through providing regular training, internal communications or through requiring compliance through employment contracts.

Back to top

Conflicts of interest

Directors have a duty to act in the best interest of their organisation. At times, a director’s personal interests (such as their investment interests) or their other duties (such as to another organisation of which they are a director) may conflict with this duty. This is called a conflict of interest.

Conflicts of interest can also affect other people involved with the organisation, such as management and staff, and it is important that these conflicts are also identified and managed.

There are three types of conflicts of interest:

Figure 10: Types of conflict of interest

Conflicts of interest can’t always be avoided and do not necessarily represent a problem. However, it is important that they are managed properly so that directors are acting in the best interest of the organisation and to protect the organisation’s reputation.

The first step to managing conflicts of interest is identification. Conflicts of interest should be recorded so that there is transparency about what directors’ interests are. Many organisations maintain a register of directors’ interests, which records any relevant interests that may give rise to a conflict now or in the future. This also assists with appropriate oversight and transparency of these interests. It is good practice for the chair to invite directors to declare any conflicts of interest at the beginning of a meeting.

Once a conflict has been identified, the board must decide how it will be managed. For example, it may be required that the conflicted director:

• Refrain from participating in any discussion about related matters;
• Remove themselves from the room; or
• Abstain from voting on any matter related to the conflict

This is called taking remedial action. The appropriate remedial action will depend on the nature of the conflict and boards will need to determine how best to manage a conflict based on the circumstances of the situation.

If a remedial action is taken to manage a conflict of interest, it should be recorded in the minutes. In certain circumstances, a directors’ interests may be conflicted so regularly or to such an extent that it is not practical for them to continue in their role and it will be in the best interests of the organisation that they resign.

It is a good idea to set out in a policy how conflicts of interest will be managed. This policy should provide guidance on when disclosures are expected, how they are to be made and how failures to identify conflicts will be responded to. It should also reflect any relevant requirements in the organisation’s governing documents and any laws that apply to it.

Importantly, a conflicts of interest policy should emphasise the importance of creating a culture of disclosure. If in doubt about whether something could be a conflict of interest, it is always best to err on the side of caution and to disclose it. This can also assist in promoting accountability, especially if there is visibility of the disclosure by an organisation’s stakeholders.

Back to top

Reporting and responding to misconduct

Even the best policies and procedures will not always prevent wrongdoing within organisations. Where this occurs, it is important that there are systems in place to investigate reports of wrongdoing and to take action to address any misconduct.

The board plays an important role in this, particularly in driving a culture of reporting and not turning a ‘blind eye.’ Bad news should travel quickly and easily through the appropriate parts of organisation so that it can be responded to at the earliest opportunity. Boards should encourage reporting of wrongdoing and satisfy themselves that the organisation has appropriate processes in place to detect and address it. It may be appropriate for certain types of information about wrongdoing to be brought to the attention of the board so that they can provide appropriate oversight of the organisation’s investigation and response.

One way boards can approach this issue is through regularly reviewing information about the organisation’s performance against the standards of behaviour it seeks to meet, whether those standards are set by the organisation (such as through its code of conduct) or by the law (such as through regulation) or another source (such as accreditation standards).

There are several standard indicators that organisations can use to assess their conduct performance:

Figure 11: Examples of conduct performance measures

Other aspects of performance measurement are discussed in greater detail in Principle 6: Performance.

Back to top

Protecting whistleblowers

Boards should also be satisfied that the people who report wrongdoing are protected from any retribution. These people are often referred to as ‘whistleblowers’. Reports of wrongdoing may come from a range of sources including current and former staff, contractors, volunteers, clients and suppliers. These people are an important line of defence against wrongdoing and providing them with adequate protection against retribution can encourage them to come forward with valuable information.

It is a good idea to establish a whistleblower policy that sets out:

• Who can make a disclosure (which should ideally include as broad a range of people as reasonably practical);
• How they can make a disclosure (including to whom, by what method and whether they can do so anonymously);
• The matters about which they can make a disclosure;
• The protections they will receive (including any protections under the law);
• How their disclosure will be investigated;
• How the organisation will communicate with them about the investigation; and
• The consequences for people who take retribution against whistleblowers.

"Whistleblowers are an important line of defence against wrongdoing and providing them with adequate protection against retribution can encourage them to come forward with valuable information.”

Back to top