Why Every SME Must Have a Code of Conduct: A Governance, Compliance, and Risk Management Necessity
One of the most common and dangerous gaps I see when working with small and medium-sized enterprises (SMEs) is the complete absence of a Code of Conduct, or a document so outdated or generic that it is effectively useless. Many SME owners believe a Code of Conduct is something only large corporations, government departments, or highly regulated industries need. That belief is not only incorrect—it is risky.
A Code of Conduct is not a “nice to have” document. It is one of the most important governance, compliance, and risk management tools an organisation can implement. Without it, organisations risk misconduct, workplace disputes, bullying and harassment claims, fraud, conflicts of interest, reputational damage, and sometimes legal liability.
A Code of Conduct defines the expected behaviour within an organisation to ensure compliance and good governance. It tells employees what they can and cannot do, what they must do, what their rights are, and what will happen if the rules are broken. Without clear rules, organisations create situations where bad behaviour can happen because no one has clearly explained the rules.
The Situation in Small and Medium-sized Enterprises: “We’ve Never Had One and We’re Fine”
I often hear this when doing compliance checks or workplace investigations in small and medium-sized businesses. This sentence is often said right before a serious problem happens at work, such as bullying, harassment, theft, fraud, conflicts of interest, or serious wrongdoing by a manager or longtime employee.
Just because there is no Code of Conduct does not mean people are not behaving badly. It usually means the organisation has no framework for dealing with it when it happens.
It means the organisation does not have a plan for handling it when it happens.
If you have never told employees the rules, it is hard to punish someone for breaking them.
This is where many small and medium-sized businesses risk unfair dismissal claims, general protection claims, and workplace disputes that could have been prevented with a clear and well-communicated Code of Conduct.
A Code of Conduct Protects Both the Employer and the Employee
Many people mistakenly believe that a Code of Conduct protects the employer. A Code of Conduct protects both the organisation and its workers.
For employees, a Code of Conduct shows:
- What behaviour is expected in the workplace
- What behaviour is unacceptable
- Their right to a safe workplace
- Their right to report inappropriate behaviour
- How complaints will be handled
- Protection from retaliation or victimisation
- Expectations around confidentiality
- Conflicts of interest requirements
- Use of company property and systems
- Social media behaviour
- Workplace health and safety obligations
For employers, a Code of Conduct means:
- Sets behavioural standards
- Supports disciplinary action when misconduct occurs
- Demonstrates compliance with workplace laws
- Reduces legal risk
- Supports workplace investigations
- Provides a framework for managing complaints
- Demonstrates governance and leadership
- Protects organisational reputation
- Helps create a respectful workplace culture
A Code of Conduct shows that an organisation has told its staff what behaviour is expected. This is especially important if the organisation ever has to explain a decision in a tribunal, court, or regulatory investigation.
Misconduct Thrives in Silence and Uncertainty
A major cause of bad behaviour at work is unclear expectations, not bad people. When employees are not clearly told what counts as bullying, harassment, conflicts of interest, fraud, or misuse of company resources, they often make their own decisions about it. That judgement does not always match legal or organisational expectations.
I have noticed situations where workers:
- Awarded contracts to friends because no conflict of interest policy existed
- Used company vehicles for personal business because no policy said they could not
- Sent inappropriate messages to coworkers, thinking it was “just a joke”
- Accessed confidential information because no one told them it was restricted
- Engaged in secondary employment that directly conflicted with their employer’s interests
In many of these cases, the employee’s initial reaction during an investigation is: “No one ever told me I couldn’t do that.”
Sometimes they are correct.
This is why a Code of Conduct is more than just a document; it helps manage risks.
A Code of Conduct is a Key Part of Compliance and Risk Management Frameworks
If an organisation genuinely wants to follow rules, manage risks, and have good leadership, it needs a Code of Conduct along with other important policies such as:
- Workplace Behaviour Policy
- Bullying and Harassment Policy
- Sexual Harassment Policy
- Conflict of Interest Policy
- Whistleblower Policy
- Fraud and Corruption Control Policy
- Workplace Health and Safety Policy
- Social Media Policy
- Complaint Handling Procedure
- Workplace Investigation Procedure
These documents combine to create rules that keep the organisation and its workers safe.
Small and medium-sized businesses that want to grow, bid for government contracts, get certified, or show good corporate governance often need to have a Code of Conduct. Many government contracts and ISO standards now require organisations to show they have ethical conduct systems and behaviour rules.
In other words, if your organisation wants to grow, having a Code of Conduct is now required.
Culture is Driven by What Leadership Tolerates
A Code of Conduct is also a guide for leaders. It shapes the workplace atmosphere. It tells employees what leadership cares about and what it will not accept.
If a company does not have a Code of Conduct, employees will observe how leaders act and think that is the normal way to behave. If managers bully staff, ignore complaints, swear at employees, or treat some people better than others, that becomes the workplace culture, even if leaders did not mean for it to happen.
A well-constructed Code of Conduct communicates:
- This defines us.
- This is how we act.
- We will not accept this.
- That is a strong tool for managing and leading.
A Code of Conduct is Critical During Workplace Investigations
From an investigation point of view, a Code of Conduct is one of the most important documents for evaluating claims. Investigators determine whether the behaviour broke the rules. Did it breach the
- The Code of Conduct
- Workplace policies
- Employment contracts
- Legislation
- Reasonable and lawful directions
If there is no Code of Conduct, investigators must use more general rules like “reasonable behaviour,” which are harder to support in court.
A clear Code of Conduct helps identify things like:
- Breach of the Code of Conduct
- Failure to follow a lawful and reasonable direction
- Conflict of interest not declared
- Bullying behaviour in breach of workplace policy
- Harassment in breach of workplace policy
- Misuse of company resources
- Breach of confidentiality
This makes disciplinary decisions easier to justify and lowers the risk for the organisation.
Communication is Just as Important as the Document
One of the biggest mistakes organisations make is making a Code of Conduct and then storing it somewhere no one looks at, like a drawer or shared drive.
A Code of Conduct must be:
- Provided to all employees
- Explained during induction
- Reinforced through training
- Signed or acknowledged by the employees
- Reviewed regularly
- Applied consistently
If a Code of Conduct is not shared and followed, it has no value for compliance.
Final Thoughts: Prevention is Always Cheaper Than Investigation
Workplace investigations cost a lot, take a long time, cause stress for employees, and can be risky for companies. Legal expenses, lost work time, harm to reputation, and time spent by managers can be substantial.
A Code of Conduct is an easy and effective way to stop workplace problems before they begin. It sets clear expectations, offers guidance, helps managers, protects employees, and lowers the risk for the organisation.
From the standpoint of following rules, managing governance, and handling risks, the question should not be:
“Do we really need a Code of Conduct?”
The real question should be:
“Can we afford not to have one?”
For small and medium-sized businesses, a Code of Conduct is not just paperwork—it is a useful tool to protect the company, its workers, and its leaders.
In today’s workplaces, where rules, behaviour, and company culture are closely watched, having a clear, easy-to-understand, and well-shared Code of Conduct is essential.
It is essential.
