Drafting Policies, Code of Conduct and Guidance Notes — Complete Guide 2026

Corporate Policies — Why They Matter

Corporate policies are internal governance documents that set out the company's rules, standards, and procedures on specific matters — ranging from ethical conduct and whistleblowing to related party transactions and data protection. Under the Companies Act, 2013 and SEBI LODR Regulations, listed companies are required to formulate and maintain specific policies. Even for unlisted companies, well-drafted policies reduce regulatory risk, ensure consistent decision-making, and demonstrate good corporate governance to investors and regulators.

Mandatory Policies Under Companies Act and SEBI LODR

Companies Act 2013: (a) CSR Policy — Section 135 (for companies meeting CSR thresholds), (b) Vigil Mechanism/Whistleblower Policy — Section 177(9)-(10) (for listed companies and companies accepting deposits), (c) Related Party Transaction Policy — Section 188 read with Audit Committee role, (d) Policy on Directors' Appointment and Remuneration — Section 178(3)-(4) (for companies required to constitute NRC).

SEBI LODR Regulations: (a) Code of Conduct for Board and Senior Management — Regulation 17(5), (b) Code for Prevention of Insider Trading — Regulation 9 of SEBI PIT Regulations, (c) Policy on Materiality of Events — Regulation 30, (d) Archival Policy — Regulation 30(8), (e) Dividend Distribution Policy — Regulation 43A (top 1,000 listed companies), (f) Risk Management Policy — Regulation 21, (g) Policy on Related Party Transactions — Regulation 23, (h) Familiarization Programme for Independent Directors — Regulation 25(7), (i) Policy on Determination of Materiality for Disclosures — Regulation 30(4)(ii).

Structure of a Corporate Policy

A well-drafted policy typically contains:

1. Title and Version: Clear title, version number, date of approval, and date of last revision.

2. Purpose/Objective: Why the policy exists — the regulatory requirement or business need it addresses.

3. Scope: Who the policy applies to — Board members, employees, contractors, subsidiaries, specific departments.

4. Definitions: Key terms defined for clarity and consistency.

5. Policy Statement: The core principles and rules — clear, specific, and actionable.

6. Responsibilities: Who is responsible for implementation, monitoring, and enforcement.

7. Procedures: Step-by-step processes for compliance with the policy — how to report violations, how to seek approval, how to escalate issues.

8. Consequences of Non-Compliance: Disciplinary actions for violations — warnings, suspension, termination, legal action.

9. Review and Amendment: How often the policy is reviewed (typically annually) and the approval process for amendments.

10. Approval: Approved by the Board/Committee on [Date] — with Board Resolution reference.

Code of Conduct — Drafting Guide

The Code of Conduct is the company's ethical charter — setting out the standards of behavior expected from directors, senior management, and employees. Under SEBI LODR Regulation 17(5): every listed company must lay down a code of conduct for all Board members and senior management. The code must be posted on the company's website. An annual compliance affirmation from all Board members and senior management must be obtained and disclosed in the Annual Report.

Key areas to cover: (a) ethical business practices, (b) conflict of interest — disclosure and management, (c) confidentiality — protection of company information, (d) insider trading prohibition — compliance with SEBI PIT Regulations, (e) related party transactions — arm's length dealing, (f) anti-bribery and anti-corruption, (g) workplace conduct — harassment prevention, equal opportunity, (h) health and safety, (i) environmental responsibility, (j) reporting violations — whistleblower mechanism, (k) compliance with laws — all applicable statutes and regulations, (l) protection of company assets.

Whistleblower Policy — Section 177(9)-(10)

Every listed company and every company accepting deposits must establish a Vigil Mechanism (Whistleblower Policy) for directors and employees to report genuine concerns about unethical behavior, fraud, or violation of the company's code of conduct. Key elements: (a) multiple reporting channels — email, hotline, written complaint to Audit Committee Chairman, (b) confidentiality — identity of the whistleblower is protected, (c) protection against retaliation — no adverse action against bona fide whistleblowers, (d) investigation procedure — timelines, responsible officer, escalation matrix, (e) direct access to Audit Committee Chairman — for cases involving senior management, (f) reporting to the Board — periodic reports on whistleblower complaints and outcomes.

CSR Policy — Section 135

Companies meeting CSR thresholds (net worth ≥ Rs. 500 crore, turnover ≥ Rs. 1,000 crore, or net profit ≥ Rs. 5 crore) must: (a) constitute a CSR Committee, (b) formulate a CSR Policy, (c) spend at least 2% of average net profits on CSR activities. The CSR Policy must specify: (a) the CSR activities to be undertaken (from Schedule VII), (b) modalities of execution — directly or through implementing agencies, (c) monitoring mechanism, (d) areas/geographies of focus, (e) surplus arising from CSR activities — shall not be part of business profits.

Guidance Notes

Guidance notes are interpretive and explanatory documents issued by regulatory bodies or professional institutes to help practitioners understand and implement specific provisions. Examples: (a) ICSI Guidance Notes on Board Meetings, General Meetings, CSR, RPT, (b) ICAI Guidance Notes on auditing standards, accounting standards, (c) SEBI Informal Guidance Notes on LODR provisions, (d) MCA FAQs and clarificatory circulars.

When drafting internal guidance notes: (a) explain the policy in plain language with practical examples, (b) include FAQs — addressing common questions employees may have, (c) provide workflow diagrams — step-by-step visual procedures, (d) include specimen forms and templates — making compliance easier, (e) update regularly — whenever the underlying law or policy changes.

Best Practices for Policy Drafting

(a) Plain language: Policies should be understandable to all employees — not just lawyers. Use simple sentences, avoid jargon, provide examples. (b) Actionable: Each policy provision should translate into a clear action — "employees shall report conflicts of interest to the Compliance Officer within 7 days of becoming aware." (c) Consistent with law: Ensure the policy reflects the latest legal requirements — Companies Act amendments, SEBI LODR changes, DPDP Act provisions. (d) Board-approved: Significant policies must be approved by the Board — the approval should be recorded in Board Meeting minutes and the policy posted on the company website. (e) Periodically reviewed: Policies should be reviewed annually — or whenever there is a significant change in law or business circumstances. (f) Training: Simply issuing a policy is insufficient — conduct regular training sessions to ensure awareness and compliance.