Skip to main content
Book a call — £89
Menu

Corporate Policy Templates UK: Ethics & Compliance

We're not a law firm — we help you find the right legal support. For advice on your situation, speak to a legal adviser or find a solicitor.

Part ofCorporate Legal Documents UK

Written by Brad Askew Solicitor (non-practising)
Brad is on the roll of solicitors of England & Wales but does not hold a practising certificate and does not provide legal advice.
Updated June 2026 · England & Wales
Running a business in the UK today means thinking carefully about how the organisation behaves, not just what it sells. Directors of small and medium-sized companies are under growing pressure from regulators, customers, suppliers and staff to show that ethical conduct sits at the heart of how decisions get made. A set of clearly written corporate policies is one of the most practical ways to demonstrate that. On this page I've pulled together the main policy statements UK businesses tend to adopt, what each one is meant to do, and where they fit within the wider compliance picture. Whether you're tidying up governance for a growing company or getting ready for a tender that asks hard questions about your practices, having the right documents on file makes life considerably easier.

What this document is

Corporate policy statements are internal documents that set out, in writing, how a business intends to behave in a particular area of its operations. They are not usually required by a single piece of legislation in the way that, say, a set of company accounts is, but they often exist to evidence compliance with laws such as the Bribery Act 2010, the Proceeds of Crime Act 2002, the Money Laundering Regulations, the Modern Slavery Act 2015, and various pieces of employment and equality law.

A good policy does two jobs at once. It tells employees, contractors and third parties what the company expects of them, and it gives the board a defensible position if something goes wrong and questions are asked later. The exact mix of policies a business needs depends on its size, sector and customer base.

A regulated firm will need more; a small consultancy will need fewer. What matters is that the policies are genuine reflections of how the company actually operates, not documents copied and forgotten in a drawer.

How to use this document

  1. Work out which policies you actually need. Start by mapping the legal and commercial risks your business faces. A construction firm has different exposures from a fintech or a training provider. Look at the sectors you sell into, the countries you deal with, the size of your workforce, and whether any of your clients require specific policies as a condition of contract.
  2. Draft in plain English, not legalese. Policies only work if the people who have to follow them can understand them. Write in the voice of the business, set out what is and isn't acceptable, explain who owns the policy, and describe what happens if it is breached. Avoid cutting and pasting from a competitor, because that tends to produce documents nobody recognises as their own.
  3. Tie each policy to real processes. A policy on anti-bribery means very little without a register of gifts and hospitality, a way to report concerns, and a named person responsible for handling them. The same applies to AML, ethics and CSR. Make sure every policy points to the procedures that support it, and that those procedures genuinely happen.
  4. Approve, communicate and train. Policies should be signed off at board level and then actively communicated to staff. That means induction for new joiners, periodic refreshers for everyone, and keeping a record of who has seen and acknowledged which documents. Training is what turns a policy from a piece of paper into something that shapes day-to-day decisions.
  5. Review at sensible intervals. Law changes, businesses grow, and risks shift. A yearly review is a reasonable default for most policies, with an out-of-cycle update whenever something significant happens, such as a new regulation, a major incident, or entry into a new market. Keep dated versions so you can show an auditor or court exactly what was in force at any point.

Common questions

If you're dealing with this kind of situation, speak to an experienced legal adviser who can walk you through it — from £89.

Common questions

Q Is my business legally required to have these policies?
It depends on the policy and the business. The Bribery Act 2010 expects commercial organisations to have adequate procedures to prevent bribery, and the Money Laundering Regulations require relevant firms to have AML controls. Others, such as a CSR statement, are not mandatory but are often expected by customers, investors and tender processes. Larger companies may also fall under modern slavery and gender pay reporting duties.
Q What is the difference between a CSR statement and an ethics policy?
A CSR statement sets out how the business sees its wider responsibilities to people, communities and the environment. An ethics policy is more internally focused, dealing with how staff should behave, conflicts of interest, honesty in dealings, and standards of conduct. They overlap but serve different audiences. Many businesses have both, with the CSR statement facing outward and the ethics policy facing inward.
Q Who should sign off corporate policies?
For most UK companies the board of directors should approve the main policies, with day-to-day ownership delegated to a suitable senior person such as the company secretary, compliance officer or HR director. Board approval matters because it evidences that governance happened at the right level, which can be important if a regulator or court later asks how a policy came to be adopted.
Q How often should policies be reviewed?
An annual review is a sensible rhythm for most policies, with additional reviews triggered by changes in law, significant incidents or major changes in how the business operates. Keep a version history so you can show what was in force at any given date. Policies that have not been looked at for several years tend to drift out of step with how the company actually works.
Q Do sole traders and very small businesses need policies too?
Formal policy documents are less critical for a genuine one-person business, but any business with employees, contractors or regulated activities should think carefully about written policies. Anti-bribery and data protection considerations can apply even to very small firms, particularly those dealing with public sector clients or handling personal data. Customers increasingly ask to see policies before placing orders.
Q What happens if an employee breaches a policy?
The policy itself should set out the consequences, which usually sit within the disciplinary procedure. Breaches can range from minor matters handled informally to gross misconduct leading to dismissal, and in serious cases such as bribery or money laundering there may be criminal implications for both the individual and the business. Consistent, documented enforcement is what gives policies real weight.
If you're dealing with this kind of situation, speak to an experienced legal adviser who can walk you through it — from £89.

Sources

This guide is based on primary UK law and official guidance.

Brad Askew, Solicitor (non-practising)

Written & reviewed by

Brad Askew Solicitor (non-practising)

Brad is on the roll of solicitors of England & Wales but does not hold a practising certificate and does not provide legal advice. LegalDocuments.co.uk is not a law firm and does not provide regulated legal advice.

Full profile →SRA register ↗
Legal disclaimer
This article is for general information only. It is a tool to help you find your way — not legal advice, and not a substitute for speaking to a qualified adviser about your situation.