The Ethico-Legal frameworks for Corporate Ethical Behaviour

1. Whistleblowers: Who they are and how management should respond, Ariane
David, PhD Graziado Business Review, 2005 VOLUME 8 ISSUE 4

What type of employee becomes a whistleblower? What type of company culture promotes
whistleblowers? How should the company respond once a whistleblower steps forward?
Can a silent employee be just as damaging as an employee who speaks out? These are
relevant questions with serious consequences in today’s business climate.

 Who are the typical whistleblowers and why do they do it? Contrary to their media
image as disgruntled marginal employees,[4] most whistleblowers are among the
best employees in the organization.[5] Evidence indicates that whistleblowers are
highly altruistic.[6] Many whistleblowers have been on the job for years, are highly
respected, and are considered by their managers to be successful and loyal
employees.[7] It is precisely this loyalty and the whistleblowers’ desire to do what is
altruistically right that motivates them to speak out when they observe a situation
that is illegal, unethical, or potentially damaging to the company, employees, and/or
community.[8] In an effort to prevent further harm they make the decision to
disclose information about wrongdoing.[9] In general, whistleblowers do not arrive
at this decision lightly.
 It is estimated that only 30 percent of employees who discover wrongdoing or
potentially dangerous conditions ever disclose them in the US. The other 70 percent
become silent observers, never revealing what they have learned and thus allowing
the damaging, often costly conditions to persist. Such inaction is possibly due to a
lack of empathy for the victims, to a diminished perception of wrongness, or to a
fear of retaliation.
 In general, whistleblowers have enough trust in management and in the ethics of
their organization to come forward and report their observations internally. Often
this naiveté is promoted by managers who withhold their true feelings about the
disclosure and the whistleblower him/herself. In the end, as in the case of the Time
magazine persons of the year, whistleblowers discover that the organization is
 hostile to them and to their disclosures. As Nick Perry puts it, “Whistleblowing might
well be classified…as a form of occupational suicide ….”What lies in store for
whistleblowers is what is known as whistleblower retaliation, a constellation of
activities by management aimed at neutralizing the whistleblower. “It is what every
organization most fears: that someone inside represents the interests of
outside….”[17] The whistleblower is sacrificed to prevent the contamination of
organizational culture by ethical concerns that might thwart organizational
objectives. Through retaliation, the whistleblower is neutralized, and the stability
and security of the organization and the people in power are assured.
 Amazingly, retaliation against whistleblowers seems fairly standardized across
industries and organizations. Dworkin and Baucus suggest that it most commonly
falls into four categories: nullification, in which managers seek to neutralize
whistleblowers and their information through intimidation; isolation, in which access
to information and resources is taken away from the whistleblower; defamation,
through which whistleblowers’ reputations, qualifications, and even sanity are called
into question, and finally, expulsion, when the employer finally forces the
whistleblower out through firing or forced resignation.[26] In some cases
whistleblowers have been expelled from an entire industry through blacklisting.
 A good whistleblowing plan has two phases: The first, “context,” creates a culture of
ethics, trust, and responsibility that promotes internal employee disclosure. The
second, “what to do,” is the established process that managers can follow when the
disclosures are made to them by employees.
 Know what you want. The very first item on the agenda for organizational policy
makers is to answer the question, “Do we really want employee disclosures?” To
promise employees a fair and safe hearing when they make disclosures and not to
fulfil that promise is far more damaging to employee trust and loyalty in the long-run
than never to have made the promise at all.
 Create official policies that promote integrity and internal whistleblowing. Policy
should make it clear that 1) illegal, unethical, unsafe, or otherwise damaging
practices on the part of the company or company employees are not tolerated; 2)
employees are encouraged to disclose wrongdoing and that there are appropriate
channels available for such disclosures; 3) employees who disclose unwanted
 practices will be protected from retaliation, and 4) allegations will be honestly and
thoroughly investigated.
 Walk the talk. This means that policies be applied consistently every time and
uniformly to all employees regardless of status from line supervisors to the CEO.
 Reward desirable behavior. What’s important is that employees see that their
courage is appreciated, their contribution is valued, and that someone noticed and
cared

2. INFOSYS LIMITED, WHISTLEBLOWER POLICY, Originally

adopted by the Board of Directors on April 9, 2003.
 The Purpose of this Policy: If potential violations of Company policies or
applicable laws are not recognized and addressed promptly, the Company
and those working for or with the Company could face governmental
investigation, prosecution, fines, and other penalties. That can be costly.
Consequentially, and to promote the highest ethical standards, the Company
will maintain a workplace that facilitates the reporting of potential violations
of Company policies and applicable laws. Employees must be able to raise
concerns regarding such potential violations easily and free of any fear of
retaliation.
 Your Duty to Report: Reporting is crucial for early detection, proper
investigation and remediation, and deterrence of violations of Company
policies or applicable laws. You should not fear any negative consequences
for reporting reasonably suspected violations because retaliation for
reporting suspected violations is strictly prohibited by Company policy.
Failure to report any reasonable belief that a violation has occurred or is
occurring is itself a violation of this Policy and such failure will be addressed
with appropriate disciplinary action, including possible termination of
employment.
 How to Report: Report your concerns to your manager, Human Resources
manager, or the Helpline. The helpline numbers are
• U.S. Toll Free #: 1-800-236-6618 • U.K. Toll Free #: 0-808-189-1043 • India
Toll Free #: 000-800-100-4380. You can also report at www.infosysoic.com
 You can also write to [email protected], or to the Chief Compliance
Officer at [email protected]. If you have concerns about
reaching out to the Chief Compliance Officer, your report may be made to the
Audit Committee of Infosys’ Board of Directors (the “Audit Committee”) at:
[email protected]. Because you have several means of
reporting, you need never report to someone you believe may be involved in
the suspected violation or from whom you would fear retaliation. Your report
should include as much information about the suspected violation as you can
provide. Where possible, it should describe the nature of the suspected
violation; the identities of persons involved in the suspected violation; a
description of documents that relate to the suspected violation; and the time
frame during which the suspected violation occurred. Where you have not
reported anonymously, you may be contacted for further information.
 Investigations after You Report: All reports under this Policy will be promptly
and appropriately investigated, and all information disclosed during the
course of the investigation will remain confidential, except as necessary to
conduct the investigation and take any remedial action, in accordance with
applicable law. Everyone working for or with the Company has a duty to
cooperate in the investigation of reports of violations. Failure to cooperate in
an investigation, or deliberately providing false information during an
investigation, can be the basis for disciplinary action, including termination of
employment. If, at the conclusion of its investigation, the Company
determines that a violation has occurred, the Company will take effective
remedial action commensurate with the nature of the offense. This action
may include disciplinary action against the accused party, up to and including
termination. Reasonable and necessary steps will also be taken to prevent
any further violations of Company policy.
 Retaliation is not Tolerated: No one may take any adverse action against any
employee for complaining about, reporting, or participating or assisting in the
investigation of, a reasonably suspected violation of any law, this Policy, or
the Company’s Code of Conduct and Ethics. The Company takes reports of
such retaliation seriously. Incidents of retaliation against any employee
 reporting a violation or participating in the investigation of a reasonably
suspected violation will result in appropriate disciplinary action against
anyone responsible, including possible termination of employment. Those
working for or with the Company who engage in retaliation against reporting
employees may also be subject to civil, criminal and administrative penalties.
 Document Retention
All documents related to reporting, investigation and enforcement pursuant
to this Policy shall be kept in accordance with the Company’s record
retention policy and applicable law.
 Modification
The Audit Committee or the Board of Directors of Infosys can modify this
Policy unilaterally at any time without notice. Modification may be necessary,
among other reasons, to maintain compliance with federal, state or local
regulations and / or accommodate organizational changes within the
Company.
 Please sign the acknowledgment form below and return it to Human
Resources: This will let the Company know that you have received the
Whistleblower Policy and are aware of the Company’s commitment to a
work environment free of retaliation for reporting violations of any Company
policies or any applicable laws.

 ACKNOWLEDGMENT AND AGREEMENT REGARDING THE WHISTLEBLOWER

POLICY: This is to acknowledge that I have received a copy of the Company’s
Whistleblower Policy. I understand that compliance with applicable laws and
the Company’s Code of Conduct and Ethics is important and, as a public
company, the integrity of the financial information of the Company is
paramount. I further understand that the Company is committed to a work
environment free of retaliation for employees who have raised concerns
regarding violations of this Policy, the Company’s Code of Conduct and Ethics
or any applicable laws and that the Company specifically prohibits retaliation
whenever an employee makes a good faith report regarding such concerns.
Accordingly, I specifically agree that to the extent that I reasonably suspect
 there has been a violation of applicable laws or the Company's Code of
Conduct and Ethics, including any retaliation related to the reporting of such
concerns, I will immediately report such conduct in accordance with the
Company’s Whistleblower Policy. I further agree that I will not retaliate
against any employee for reporting a reasonably suspected violation in good
faith. I understand and agree that to the extent I do not use the procedures
outlined in the Whistleblower Policy,
the Company and its officers and directors shall have the right to presume
and rely on the fact that I have no knowledge or concern of any such
information or conduct.
 Employee’s signature
 ____________________________
 Employee’s Name [printed]
 ___________________________
 Date

3. Code of Conduct and Ethics of Infosys

Our Code of Conduct sets forth our core values, shared responsibilities, global
commitments, and promises. It provides general guidance about the Company’s
expectations, highlights situations that may require particular attention, and references

additional resources and channels of communication available to us. It is also the first step
for you to get clarity on any questions relating to ethical conduct. Our Code, however,
cannot possibly address every situation we face at work. Therefore, the Code is by no means
a substitute for our good judgment, upon which Infosys depends. We must remember that
each of us is responsible for our own actions and that the ethical choice is always the best
choice.

Please review the entire Code and refer to it whenever you have a question on ethical
conduct. If requested to, you shall confirm in writing that you have reviewed the Code, and
understand and agree to adhere to our core values, shared responsibilities, global
commitments, and promises.
Our values are the principles we use to run the Company on a daily basis. They are so

important that they are the source of our entire Code — a sort of ethical backbone.

They are clear and simple. Our values are the foundation of everything we do and they are

encapsulated in the acronym C-LIFE—Client Value, Leadership by Example, Integrity and

Transparency, Fairness and Excellence.

The Code of Conduct expresses Infosys’ commitment to conducting business ethically. It

explains what it means to act with integrity and transparency in everything we do and in
accordance with our unique culture and values.

Infosys’ non-retaliation policy is an embodiment of our values and a cornerstone of our

Code. If you observe violations of Infosys values and principles, you are encouraged to
report such incidents to the Helpline. Infosys will protect you and ensure that you are not
retaliated against because of any report that you raise in good faith. Infosys does not
tolerate any form of retaliation (whether by a manager, co-worker or otherwise) against an
individual because he or she made a good faith report of an integrity concern. This
protection also extends to anyone who assists with or cooperates in an investigation or
report of an integrity concern or question. We support those who support our values.

Table of Contents

A. Respecting Each Other . . . . . . . . . . . . . 2 An Equal Opportunity Workplace Free of

Discrimination or Harassment . . . . . . . . . . . . . 2 A Safe Place to Work . . . . . . . . . . . . . . . . . .
2A

B. Ethics in Our Business Activities . . . . . . . . . 4 Preventing Corruption . . . . . . . . . . . . . . . . .

.Gifts and Entertainment . . . . . . . . . . . . . . . . . . 6 Charitable
Contributions . . . . . . . . . . . . . . . . . . 6 Transacting with Third Parties . . . . . . . . . . . . . . . . . 6
Trading in Company Shares . . . . . . 8

Understanding Regulated Trade Restrictions . . . . . . . . . 8 Export Control Regulations . . . . . .8

Anti- Boycott Laws . . . . . . . . . . . . . . . . . . . . . 10 Conflict of Interest . . . . . . . . . . . . . . . . . . . . 10

Political Activities . . . . . . . . . . . . . . . . . . . . . . . 14 Lobbying . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

C. Protecting Company Assets . . . . . . . . . . .16 Company Confidential Information . . . . . . . 16

Improper Opportunities . . . . . . . . . . . . . . . . . . . 16 Company Intellectual Property . . . . . 16

Providing Information to the Media . . . . . . . . . . . . . 16 Physical Access Control . . . . . . . . . 18

Use of Company Technology . . . . . . . . . . . . . . . . 18

D. Committed to Our Customers and Our Suppliers 20 Fair Dealings . . . . . . . . . . . . . . .20

Confidential Information of Clients and Third Parties . . . . 20 Free and Fair Competition . . 20

Industrial Espionage . . . . . . . . . . . . . . . . . . . . . 22 Governmental Relations . . . . . . . . . . . . 22

Selecting Suppliers . . . . . . . . . . . . . . . . . . . . . . 22

E. Records, Disclosures and Audits . . . . . . . . .24 F. Administering Our Code . . . . . . . . . . . . 28

Investigations . . . . . . . . . . . . . . . . . . . . . . . . 28 Amendments / Modifications to Our Code .28

Acknowledgement . . . . . . . . . . . . . . . . . . . . . . 28 Waivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Disciplinary Actions . . . . . . . . . . . . . . . . . . . . . . 30 Form of Acknowledgment of

Receipt of Code of Conduct and Ethics . . . . . . . . 32

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

4. Ethical Audits
 An investigation into how well (or poorly) a company conforms
to the ethical standards of its industry or society generally. An
ethics audit may consider the company's own practices, how it
redresses grievances, how it discloses its finances, whether it
punishes whistleblowers, and even the general cultural
surrounding its business dealings. Some companies may
formally adopt a code of ethics and conduct periodic ethics
audits to see how closely they follow their own rules.
 How to Conduct an Ethics Audit
o HR professionals play a crucial role in shaping corporate
ethical codes, policies and procedures and then
communicating and teaching that information to the
workforce. In many companies, the top HR manager
either serves as the de facto chief ethics and compliance
officer or works with the person in that role to manage
ethics and compliance programs. Apart from the chief
executive officer, there may be no more important ethical
role model in the organization than an HR manager.
o "Employees watch HR like hawks, and they should," says
Phillip Daniels, SPHR, HR manager for Montgomery
College in Rockville, Md. "If HR managers mess up, how
can we expect employees to adhere to the ethical
standards that we’re promoting? As HR managers, we
essentially need to serve as the poster children for ethical
behavior."
o Six Steps to Highly Effective Ethics Audits
 Start with a detailed foundation. An ethics audit is a
comparison between actual employee behavior and
the guidance for employee behavior provided in
policies and procedures. The more descriptive and
specific ethics-related policies and procedures are,
the easier it is to make these comparisons.
 Develop metrics. Ethics audits may not be as black-
and-white as financial or operational audits, but
they run more smoothly when tangible ethics
measures are in place. Consider adding ethics goals
to annual performance reviews and, where possible,
tying compensation to ethical behavior.
 Create a cross-functional team. Include an HR
professional familiar with people in the business
unit being audited. Most ethics audit teams include
an ethics and compliance manager where possible
as well as an internal auditor and legal managers.
 Audit efficiently. Audits frequently disrupt normal
operations in business areas subjected to review.
Before scheduling an audit, find out if internal
auditors or the finance team may be conducting
reviews of the same area. If so, combine these
efforts to limit disruptions. Once the audit has been
scheduled, create a plan that spells out employees
to be interviewed, information that requires review
and any processes that require observation.
 Look for other issues. Keep an eye out for other
improvement opportunities, and share those with
relevant colleagues. For example, ethics issues in a
 sales area may have revenue-recognition
implications from a financial reporting perspective.
 Respond consistently and communicate. Discipline
ethics violations in complete accord with policies
and procedures and the code of conduct every time.
Also, use ethics issues, when possible, as grist for
"lessons learned" in ethics-related communications
and training.
 What are you auditing against? The answer
requires a distinction between two disciplines
frequently lumped together in corporate America:
ethics and compliance. Compliance audits compare
internal behaviors to external regulations. Ethics
audits compare internal behaviors to internal
guidelines on behavior—guidelines that exist in
corporate codes of conduct and ethics-related
policies and procedures. Your code of conduct—
some companies call it a code of ethics—represents
your central document," Snyderman says. "This
document should be generated from the company’s
values."
 An ethics audit resembles a financial or operational
audit. It involves interviews with employees and
managers, reviews of records and other
 information, and, sometimes, observations of
processes and practices.
 The most common ethics audits, Snyderman and
Crane report, examine conflicts of interest, access to
company information, bidding and award practices,
giving and receiving gifts, and employee
discrimination issues. Snyderman describes the
actual audits as time-consuming and based on
checklists. They involve a team that typically consists
of an HR professional, an internal auditor, legal
managers, and an ethics and compliance manager.
The team visits an area of the organization to
conduct research in response to a specific incident
or as part of an ongoing auditing cycle.
5. Corporate Governance

Corporate governance is the system of rules, practices, and

processes by which a firm is directed and controlled. Corporate
governance essentially involves balancing the interests of a
company's many stakeholders, such as shareholders, senior
management executives, customers, suppliers, financiers, the
government, and the community.

Communicating a firm's corporate governance is a key component of

community and investor relations. On Apple Inc.'s investor relations
site, for example, the firm outlines its corporate leadership—its
executive team, its board of directors—and its corporate
governance, including its committee charters and governance
documents, such as bylaws, stock ownership guidelines and articles
of incorporation.

The board of directors is the primary direct stakeholder influencing

corporate governance. The board of directors must ensure that the
company's corporate governance policies incorporate the corporate
strategy, risk management, accountability, transparency, and ethical
business practices.

Further, in the recent past, Congress has abandoned strict adherence

to the fundamental principle of materiality, a central tenet of the
disclosure requirements of the federal securities laws. Instead,
Congress has sought to use the securities laws to address issues that
are immaterial to shareholders’ investment or voting decisions. For
example, Congress has required public companies to disclose
information relating to conflict minerals and payments to foreign
governments for resource extraction and mine safety, information
that may be relevant in a social context but has little relevance to
material information that a shareholder would need to make an
investment decision.

The current environment has also been shaped by fundamental

changes in shareholder engagement, which has become a central
and essential topic for public companies and their boards, managers
and investors in the early 21st century. Public companies have
undertaken unprecedented levels of proactive engagement with
their major shareholders in recent years.

Guiding Principles of Corporate Governance

Business Roundtable supports the following core guiding principles:

The board approves corporate strategies that are intended to build

sustainable long-term value; selects a chief executive officer (CEO);
oversees the CEO and senior management in operating the
company’s business, including allocating capital for long-term growth
and assessing and managing risks; and sets the “tone at the top” for
ethical conduct.

Management develops and implements corporate strategy and

operates the company’s business under the board’s oversight, with
the goal of producing sustainable long-term value creation.

Management, under the oversight of the board and its audit

committee, produces financial statements that fairly present the
company’s financial condition and results of operations and makes
the timely disclosures investors need to assess the financial and
business soundness and risks of the company.
The audit committee of the board retains and manages the
relationship with the outside auditor, oversees the company’s annual
financial statement audit and internal controls over financial
reporting, and oversees the company’s risk management and
compliance programs.

The nominating/corporate governance committee of the board plays

a leadership role in shaping the corporate governance of the
company, strives to build an engaged and diverse board whose
composition is appropriate in light of the company’s needs and
strategy, and actively conducts succession planning for the board.

The compensation committee of the board develops an executive

compensation philosophy, adopts and oversees the implementation
of compensation policies that fit within its philosophy, designs
compensation packages for the CEO and senior management to
incentivize the creation of long-term value, and develops meaningful
goals for performance-based compensation that support the
company’s long-term value creation strategy.

The board and management should engage with long-term

shareholders on issues and concerns that are of widespread interest
to them and that affect the company’s long-term value creation.
Shareholders that engage with the board and management in a
manner that may affect corporate decision making or strategies are
encouraged to disclose appropriate identifying information and to
assume some accountability for the long-term interests of the
company and its shareholders as a whole. As part of this
responsibility, shareholders should recognize that the board must
continually weigh both short-term and long-term uses of capital
when determining how to allocate it in a way that is most beneficial
to shareholders and to building long-term value.

In making decisions, the board may consider the interests of all of

the company’s constituencies, including stakeholders such as
employees, customers, suppliers and the community in which the
company does business, when doing so contributes in a direct and
meaningful way to building long-term value creation.

Board of Directors

A corporation’s business is managed under the board’s oversight.

The board also has direct responsibility for certain key matters,
including the relationship with the outside auditor and executive
compensation. The board’s oversight function encompasses a
number of responsibilities, including:

Selecting the CEO. The board selects and oversees the performance
of the company’s CEO and oversees the CEO succession planning
process.
Setting the “tone at the top.” The board should set a “tone at the
top” that demonstrates the company’s commitment to integrity and
legal compliance. This tone lays the groundwork for a corporate
culture that is communicated to personnel at all levels of the
organization.

Approving corporate strategy and monitoring the implementation of

strategic plans. The board should have meaningful input into the
company’s long-term strategy from development through execution,
should approve the company’s strategic plans and should regularly
evaluate implementation of the plans that are designed to create
long-term value. The board should understand the risks inherent in
the company’s strategic plans and how those risks are being
managed.

Setting the company’s risk appetite, reviewing and understanding the

major risks, and overseeing the risk management processes. The
board oversees the process for identifying and managing the
significant risks facing the company. The board and senior
management should agree on the company’s risk appetite, and the
board should be comfortable that the strategic plans are consistent
with it. The board should establish a structure for overseeing risk,
delegating responsibility to committees and overseeing the
designation of senior management responsible for risk management.
Focusing on the integrity and clarity of the company’s financial
reporting and other disclosures about corporate performance. The
board should be satisfied that the company’s financial statements
accurately present its financial condition and results of operations,
that other disclosures about the company’s performance convey
meaningful information about past results as well as future plans,
and that the company’s internal controls and procedures have been
designed to detect and deter fraudulent activity.

Allocating capital. The board should have meaningful input and

decisionmaking authority over the company’s capital allocation
process and strategy to find the right balance between short-term
and long-term economic returns for its shareholders.

Reviewing, understanding and overseeing annual operating plans

and budgets. The board oversees the annual operating plans and
reviews annual budgets presented by management. The board
monitors implementation of the annual plans and assesses whether
they are responsive to changing conditions.

Reviewing the company’s plans for business resiliency. As part of its

risk oversight function, the board periodically reviews management’s
plans to address business resiliency, including such items as business
continuity, physical security, cybersecurity and crisis management.

Nominating directors and committee members, and overseeing

effective corporate governance. The board, under the leadership of
its nominating/corporate governance committee, nominates
directors and committee members and oversees the structure,
composition (including independence and diversity), succession
planning, practices and evaluation of the board and its committees.

Overseeing the compliance program. The board, under the

leadership of appropriate committees, oversees the company’s
compliance program and remains informed about any significant
compliance issues that may arise.