Procurement teams are no strangers to the growing expectations around ethical sourcing, sustainability, and supplier risk. The business case is well understood in terms of reputational protection, resilience, investor confidence, and compliance with emerging legislation. But amidst the proliferation of policies and commitments, how well is your business doing at putting policy into practice?
A Supplier Code of Conduct essentially sets out the principles and requirements that extend the buyer’s own corporate values and commitments down through their supply chain. Among ASX200 listed companies, most have embraced the language of responsible sourcing through Supplier Codes of Conduct. However, a closer look reveals question marks as to whether these codes have the mechanisms necessary to give them meaning. To ensure that supply chains truly reflect the values organisations stand for, we have analysed the current state of things and provided insight into the way forward.
The Status Quo
Recent research suggests that between 70% and 80% of ASX200 companies publish a Supplier Code of Conduct. These codes typically set out expectations across human rights, anti-bribery, environmental compliance, and broader ESG themes. This is an encouraging start.
This is where challenges begin to emerge:
- Only around 30–40% of companies with a Supplier Code of Conduct reference how they enforce it whether that be through audits, supplier self-assessments, contract clauses, or monitoring frameworks.
- Only 10–15% offer meaningful insights into enforcement activity in their annual or sustainability reports.
These statistics align to the Australian Securities and Investments Commission’s (ASIC) ‘Compliance Without Ambition’ report which highlights “Reporting on modern slavery risks in companies’ operations also remained weak, with only 13% of statements providing granular detail about modern slavery risks in this area.” This insight represents a significant risk. Not just in terms of compliance, but to the credibility of the procurement function and decreases support for procurement to have a stronger seat at the table.
Why It Matters: Risk, Regulation, and Reputation
In the eyes of the market, a Supplier Code of Conduct without enforcement is increasingly seen as little more than a PR exercise and could be viewed as what is fast becoming known as “Social-washing”. Stakeholders, from regulators to customers, increasingly expect there to be substance (and action) backing up web site policy statements.
Here’s what’s at stake:
1. Regulatory Compliance
Australia’s Modern Slavery Act 2018 mandates that companies assess and address risks within their supply chains. The Act’s expectation is clear: policies must be backed by action. Further afield, the European Union’s Corporate Sustainability Due Diligence Directive and similar laws in the UK, US, and Canada all point to a tightening global compliance net.
Procurement teams are on the front line of this due diligence. If enforcement mechanisms aren’t in place, tracked and documented, the business is exposed.
2. Reputation Management
Public sentiment is shifting fast. Investors, customers, and employees are increasingly demanding transparency in how businesses source goods and services. One high-profile failure, especially one involving forced labour or corruption, can have long-lasting reputational consequences.
3. Operational Resilience
A weak enforcement strategy increases the likelihood of disruption. Whether it’s non-compliant suppliers, unvetted subcontractors, or ESG-related risks buried deep in the chain, the lack of a robust verification process can impact day to day operations.
OECD Expectations: From Policy to Practice
The OECD Guidelines for Multinational Enterprises and its Due Diligence Guidance for Responsible Business Conduct provide a clear framework for how supplier standards should be managed.
In particular, the guidance outlines five key steps:
- Embed Responsible Business Conduct into policies and management systems.
- Identify and assess adverse impacts in operations and supply chains.
- Cease, prevent or mitigate actual and potential adverse impacts.
- Track implementation and results.
- Communicate how impacts are addressed.
You can read more about the OECD Guidelines and how to implement them here.
What is clear is that publishing a Supplier Code of Conduct only ticks box one. For procurement professionals, the job is far from done until the other steps are systematised, measured, and reported.
Procurement’s Role: Closing the Enforcement Gap
The challenge is significant, but procurement leaders are uniquely placed to drive progress.
Here’s how to start:
1. Operationalise the Code
Embed SCC requirements directly into supplier onboarding, contracts, and management processes. Move beyond passive agreement to active commitment—requiring suppliers to demonstrate how they align with your code.
2. Introduce Tiered Due Diligence
Not all suppliers carry the same risk. Use segmentation and risk-based prioritisation to apply deeper scrutiny where it’s needed most. For high-risk or high-value categories, this might include on-site audits, independent verification, or detailed sustainability assessments.
3. Measure and Monitor
Use digital platforms and third-party tools to assess and track supplier performance. Scorecards, dashboards, and automated alerts make ongoing monitoring scalable, consistent, and transparent.
4. Report Outcomes, Not Just Policies
Your stakeholders—including regulators—want to see what action has been taken. Capture and report on key metrics such as the number of suppliers assessed, percentage passing your compliance thresholds, and corrective actions implemented.
5. Enable and Improve
Enforcement doesn’t have to mean punishment. Many suppliers fail to comply simply because they don’t know how. Provide clear feedback, training resources, and a roadmap to improvement. Make the Code a shared tool—not just a top-down requirement.
Getting Serious About Consequences
One of the most difficult conversations in procurement is what to do when suppliers fail to meet your standards. But for your SCC to have teeth, consequences must be clear and credible.
This doesn’t mean immediately terminating every non-compliant supplier. It does mean:
- Setting clear timelines and milestones for corrective action.
- Following through when agreed remediation is not delivered.
- Creating a system where good performance is rewarded (e.g. visibility, preferential selection) and poor performance is escalated.
Done well, this isn’t about punishment—it’s about maturity. Suppliers that improve strengthen your value chain. Those that don’t, introduce risk. However, there needs to be recognition that capacity building takes time and more than anything, procurement should look to support suppliers who are willing to improve.
An Example of Best Practice
A leading Australia property developer wanted to align with this documented best practice approach. They commissioned Achilles to conduct two Ethical Business Audits, one on a live project site, one on a principal contractor who was leading the delivery of another strategic project.
This ASX-listed company was pleased to find on their live project site:
- No leading indicators of human rights or employment issues
- No workers raised issues regarding harassment, discrimination or bullying
- There was a comprehensive site induction process including access control management
However, opportunities to improve were identified:
- Modern Slavery awareness was low, with workers unaware of the definitions, indicators and signs
- Site induction and materials were only available in English, despite 24% of the workforce speaking English as their second language, and a further16% did not speak English at all.
The audit conducted on one of the property developers’ principal contractors highlighted further positive elements, but also suggested adherence to Supplier Codes of Conduct also need to be more closely monitored.
- This principal contractor had a site induction system available in 30+ languages
- Contractual controls for modern slavery topics, including subcontractors being required to complete a quarterly Risk Management Report.
Despite these positive elements, the principal contractor only received four responses to their thirty modern slavery questionnaires, with no site-based communication of modern slavery and no verification of labour agencies fee arrangements which is typically considered high-risk.
The property developer in question plans to expand the site-based audit approach for monitoring adherence to their standards and values into FY26. In addition, they plan to work with all of their principal contractors to share the lessons learned and monitor adoption of best practice processes and controls.
A Strategic Advantage for Procurement
Enforcing supplier standards isn’t just about compliance. It’s about creating a more resilient, transparent, and values-driven supply chain. Procurement leaders who embrace this challenge can position themselves as strategic business enablers, not just cost controllers.
By aligning enforcement with OECD guidance, regulatory frameworks, and stakeholder expectations, you demonstrate not only control, but leadership.
