Codes of conduct have long been a feature of corporate life. Today, they are arguably a legal necessity—at least for public companies with a presence in the United States. As of 2004, both the New York Stock Exchange and the Nasdaq require listed companies to adopt and disclose a code of conduct. And under the Sarbanes-Oxley Act, public issuers of securities must disclose whether they have adopted a code for their senior executives (and if not, why not). Similarly, federal guidelines direct judges to take into account the adoption of a code when determining whether a company convicted of a crime had an effective ethics and compliance program in place—and thus when setting a fine. The legal case for a code is further bolstered by various requirements and enforcement policies in specific areas of the law. The EPA, for example, considers a company’s compliance efforts when it assesses penalties for environmental infractions. Moreover, the courts of Delaware, legal home to more than half of all U.S. publicly traded companies and 58% of the Fortune 500, have held that boards are responsible for ensuring that management implements a compliance and reporting system informed by the federal sentencing guidelines.

A version of this article appeared in the December 2005 issue of Harvard Business Review.