Business ethics training is legally required for public companies under Sarbanes-Oxley, for federal contractors under the FAR, and for any company that wants to qualify for reduced fines under the Federal Sentencing Guidelines for Organizations. Skipping it doesn’t just create reputational risk — it can turn a regulatory violation into a criminal liability with fines that multiply up to four times the base amount.
For most HR managers, the challenge isn’t deciding whether to run ethics training. It’s figuring out who needs it, how often, and what a defensible program actually looks like to regulators who’ve already seen every checkbox approach there is.
Is Business Ethics Training Actually a Legal Requirement?
It depends on your company type — but for a large chunk of the employer market, yes.
Public companies under Sarbanes-Oxley. Section 406 of SOX requires publicly traded companies to disclose whether they’ve adopted a code of ethics for senior financial officers, and if not, explain why. The SEC defines the required code as written standards that promote honest and ethical conduct, proper disclosure, and compliance with law. Training on that code isn’t technically mandated in the statute, but the SEC expects companies to communicate it — and a posted PDF on the intranet has never impressed an enforcement attorney.
NYSE and Nasdaq listing rules. Both exchanges require listed companies to adopt a code of business conduct and ethics covering all directors, officers, and employees. Nasdaq Rule 5610 and NYSE Section 303A.10 both specify that waivers for executive officers must be disclosed publicly. The practical implication: your code needs to be real, documented, and actually understood by the people it covers. That requires training.
Federal contractors under FAR 52.203-13. If your company holds federal contracts over $6 million with a performance period longer than 120 days, the Federal Acquisition Regulation requires you to have a written code of ethics, a training program, and an internal disclosure program — all three. This isn’t optional or discretionary. The contracting officer can terminate for cause if the program is found to be absent or purely nominal.
The FSGO multiplier. Even for private companies that don’t fall into the categories above, the Federal Sentencing Guidelines for Organizations create a powerful incentive. Organizations convicted of federal crimes face a culpability score that can multiply base fines anywhere from 0.05x to 4.0x. An effective compliance and ethics program — with training as a documented component — is one of the few ways to bring that multiplier down. Companies that lacked a program when the offense occurred can face fines four times higher than those that had one in place.
Which Employees Need Ethics Training — and Who Usually Gets Left Out?
Most ethics programs cover the executive team and call it done. That creates compliance gaps that regulators notice.
Senior Financial Officers
This is the core SOX population: CFO, controller, principal accounting officer, treasurer, and anyone in a similar role. They need training on the company’s code of ethics, conflicts of interest policy, and financial disclosure obligations. A mid-size manufacturer in Ohio, for instance, may have three people who fit this description — the CFO, a VP of Finance, and a Corporate Controller. All three need documented training on the same content.
Government Contractor Employees
FAR 52.203-13 covers “all employees” on covered contracts, not just management. A government IT services firm with 80 employees on a $10 million DoD contract needs to train the whole team on the ethics code, how to report concerns, and what constitutes a disclosure obligation. Coggno’s Government Contractor Code of Conduct Course is built specifically for this requirement — it covers the FAR ethics rules, reporting channels, and the mandatory disclosure framework.
Employees in High-Risk Roles
Sales teams that interact with government customers, procurement staff with vendor relationships, and employees working in countries with elevated bribery risk all need training that goes beyond the standard code acknowledgment. The Foreign Corrupt Practices Act imposes liability on U.S. companies for bribes paid by third parties on their behalf — which means a sales rep in Mexico who doesn’t understand the FCPA is a potential criminal liability, not just an HR problem.
All Employees — the FSGO baseline
For the FSGO credit to hold, training must reach the full workforce. The DOJ’s Corporate Enforcement Policy (updated in 2024) explicitly asks whether training was relevant to the employee’s actual risk exposure and whether comprehension was measured — not just attendance. Signing a policy acknowledgment form doesn’t count. Coggno’s Code of Conduct and Ethics (USA) course delivers a documented, trackable training record that meets this standard for U.S. employees at any level.
What Should Ethics Training Actually Cover?
Generic “do the right thing” content doesn’t satisfy regulators. Here’s what a substantive program includes.
Code of Conduct Standards
Employees need to understand the specific behaviors your code prohibits — not just that a code exists. That means walking through conflict of interest scenarios, gift and entertainment policies, and how to handle a situation when a vendor offers something valuable. Coggno’s Ethical Values and Code of Conduct Course addresses these practical scenarios directly, covering the judgment calls that employees actually face rather than abstract ethical theory.
Fraud Prevention
Financial fraud, expense report manipulation, and procurement fraud are the categories most commonly surfaced in internal investigations. The Association of Certified Fraud Examiners estimates that organizations lose 5% of annual revenues to fraud on average — and that the median scheme runs for 12 months before detection. Training employees on red flags, reporting channels, and what happens when they report is a basic fraud control. Coggno’s Business Fraud: Avoiding Deceptive Business Practices (Foundation Manager) Course covers this from the manager’s perspective — including how to create an environment where employees actually report concerns instead of looking the other way.
Anti-Bribery and Anti-Corruption
The FCPA prohibits payments to foreign officials to obtain or retain business. Violations carry penalties up to $2 million per violation for companies and up to $250,000 per violation for individuals — plus possible criminal prosecution. Any company with international operations, foreign sales agents, or customers in government-adjacent industries needs specific FCPA training for relevant staff. This isn’t the same content as a general code of conduct module.
Reporting Channels and Non-Retaliation
An ethics program without a working report mechanism is, in the DOJ’s view, not a program at all. Employees need to know how to report a concern, what happens to the information, and that retaliation is prohibited. The non-retaliation piece is particularly important — SEC whistleblower rules under Dodd-Frank protect employees who report securities violations, and retaliation claims can result in reinstatement, back pay, and attorney’s fees.
How Often Does Ethics Training Need to Happen?
There’s no universal legal answer, but the practical standard has converged around annual training for the full workforce and more frequent updates when the code or regulations change.
For government contractors, FAR 52.203-13 doesn’t specify an interval but requires the program to be “ongoing” — which regulators interpret as more than once at onboarding. Most compliance attorneys recommend annual completion with documented records.
For FSGO purposes, the sentencing commission expects periodic training. Companies that ran ethics training once in 2019 and haven’t since will not receive credit for having an effective program. The DOJ’s 2020 update to its corporate compliance guidance explicitly asks prosecutors to evaluate whether training was kept current and whether it addressed the specific risks relevant to the company’s business.
New hires need training before they’re in a position to violate policy — not six months after onboarding. A retail chain with high turnover, for example, should have ethics training built into the first-week schedule, not queued behind payroll setup. Coggno’s Ethics and Code of Conduct Course is designed for exactly this use case: a concise, self-paced module that works as an onboarding requirement and an annual refresher.
What Are the Consequences of an Inadequate Ethics Program?
The FSGO culpability multiplier is the most direct financial risk. A company with no ethics program that’s convicted of a federal crime starts with a culpability score of at least 5 — which puts the fine multiplier at 1.0x to 2.0x the base fine. If the company had high-level personnel involved in the offense and no compliance program, the multiplier goes to 3.0x or 4.0x. On a $5 million base fine, that’s a $15–20 million difference.
The SEC takes a separate track. Under SOX Section 806, employees of public companies who report securities violations have whistleblower protections. If an employee is retaliated against for raising an ethics concern that the company didn’t have a proper channel to address, the SEC can pursue the company independently of any underlying fraud investigation.
For government contractors, the consequences can include contract termination, debarment, and referral to the inspector general. A contractor that the contracting officer determines lacks a meaningful ethics program can be found in material breach of the ethics requirements built into FAR contracts.
The non-legal consequences matter too. The 2024 ECI Global Business Ethics Survey found that employees at companies with strong ethics programs were more than twice as likely to report misconduct they observed. Companies with weak programs had higher misconduct rates and higher turnover in the same workforce.
Get Your Team Trained Without the Documentation Headache
Coggno’s ethics and code of conduct library covers every employer category — public companies, federal contractors, and private employers building FSGO-defensible programs. Every course includes completion tracking and certificate issuance, so your records hold up under audit.
Start with these three based on your situation:
- Code of Conduct and Ethics (USA) — The standard course for U.S. employees at all levels. Covers ethical decision-making, conflict of interest, reporting, and non-retaliation. Works as an annual refresher or onboarding requirement.
- Government Contractor Code of Conduct Course — Specifically built for FAR 52.203-13 compliance. Covers the ethics requirements, mandatory disclosure obligations, and internal reporting for contractor employees.
- Business Fraud: Avoiding Deceptive Business Practices (Foundation Manager) — For managers and supervisors who need to identify fraud red flags, handle reports from their teams, and understand their own disclosure obligations.
Frequently Asked Questions About Business Ethics Compliance Training
Is ethics training required by law for private companies?
Not universally, but the Federal Sentencing Guidelines for Organizations create strong financial incentives — companies without ethics training programs face significantly higher fine multipliers if convicted of federal crimes. Private companies holding federal contracts over $6 million are also directly required to maintain ethics training programs under FAR 52.203-13.
What’s the difference between a code of conduct and ethics training?
A code of conduct is a written document; training is the process of making sure employees actually understand and can apply it. Regulators and courts treat them as distinct requirements. Having a code without training — or training without a current code — leaves gaps that prosecutors and plaintiffs will find. Both are needed for an effective program.
Does ethics training need to be specific to our industry?
General code of conduct training covers the baseline. But employees in high-risk roles — sales staff with government customers, procurement personnel with vendor relationships, finance staff at public companies — benefit from role-specific content. The DOJ’s corporate compliance guidance asks whether training addressed the actual risk exposure of the employees receiving it, not just whether training occurred.
How long should ethics training take?
A defensible general ethics training module runs 20–45 minutes. Role-specific modules (FCPA, fraud prevention, government contractor requirements) typically run 30–60 minutes. What matters more than duration is comprehension — ideally, training includes a knowledge check, not just a completion acknowledgment. Pure click-through training without assessment has been criticized in multiple DOJ deferred prosecution agreements.
Can we use the same ethics training for new hires and annual refreshers?
You can, but refresher content should acknowledge that employees have seen the material before and focus on updates, new scenarios, or areas where your internal reporting data shows gaps. A refresher that’s identical to onboarding tends to get lower engagement and lower retention. Consider using onboarding for foundational content and annual updates to address what’s actually changed in your code or your industry.
