Commonwealth Supplier Code of Conduct - Guidance for Commonwealth entities

Purpose

To provide guidance on the Commonwealth’s application of the Commonwealth Supplier Code of Conduct (Code).

Context

The Commonwealth Procurement Rules (CPRs) 1 July 2024 includes the requirement to include the Code into all Commonwealth forms of contract. The Code is not retrospective and will apply only to new contracts entered into from 1 July 2024. 

How does the Code interact with existing legislative, policy, regulatory or other contractual obligations?

The Code expectations do not supersede or alter a supplier’s existing legislative, policy, regulatory or other contractual obligations.

Where provisions in the Code overlap, conflict, or differ with any other contractual, policy or legislative requirements, the higher requirement will apply.

Where a contract is significantly impacted by prescribed terms, that is, terms, conditions, guarantees and warranties (indemnities) implied by law into contracts which cannot be excluded, restricted or modified by agreement (such as lease agreements), you may need to seek advice on the legal, financial and contract implications of including the Code clauses in these types of arrangements.

Are there standard Code clauses I can use for my ATM and contract?

Code clauses are embedded in the Commonwealth Contracting Suite, the Commonwealth’s suite of contract templates, mandatory for procurements valued up to $200,000 (GST inclusive) and optional for procurements valued up to $1 million (GST inclusive).

ClauseBank clauses are available for entities to use within their entities existing contract templates or in bespoke contracts.

Are there circumstances where the Code does not apply?

The inclusion of Code clauses is not mandatory where non-Commonwealth forms of contracts are entered into, such as where:

• no formal approach to market and/or contract is required (for example when a telephone quote is sought, and payment is made via a payment card);
• it is industry practice to use the supplier’s terms and conditions; or
• the procurement is significantly impacted by prescribed terms, that is, terms, conditions, guarantees and warranties (indemnities) implied by law into contracts which cannot be excluded, restricted or modified by agreement (for example lease agreements).

Additionally, paragraph 6.12 of the CPRs allows an Accountable Authority (or an official to whom the Accountable Authority delegates the power to determine such measures) to determine that a contract should not include the Code, in part or in full, and document the basis for this decision.

Case Study 1 – Non-Commonwealth form of contract
Entity B is procuring data subscription services where is it is industry practice to use the supplier’s terms and conditions. After reviewing the guidance on the Code, Entity B identifies that, given the contract is a non-Commonwealth form of contract, the Code does not need to be incorporated. Entity B documents this in its approval documentation to the delegate and undertakes its usual departmental process for procuring the services and utilising the supplier’s terms and conditions.

What if I have a procurement activity underway, does the Code need to be incorporated?

Code clauses are mandatory for inclusion in all new Commonwealth forms of contract entered into from 1 July 2024 so if a contract has not yet been signed, the Code must be included in the contract.

When including the Code into a procurement process that is underway, consider what mechanisms for assuring probity should be applied, noting the management of probity issues should be tailored to each individual process. Refer to the Ethics and Probity in Procurement guidance for further information.

Should there be challenges incorporating the Code into a procurement process that is currently underway as at 1 July 2024 (for example, but not limited to, where the inclusion of new provisions into the draft form of Commonwealth contract at a late stage in the procurement process might jeopardise negotiations or delay the signing of a contract), CPR paragraph 6.12 provides the Accountable Authority the capacity to exclude the Code from a contract.

Note that all decisions in relation to a procurement should be documented and recorded appropriately.

Do I need to update existing contracts to include the Code?

Commonwealth entities may choose to negotiate the inclusion of Code clauses into existing arrangements where appropriate and agreed (for example, but not limited to, when refreshing an existing panel or exercising an extension option). When incorporating the clause into a contract, its interaction with related clauses will need to be considered.

How do I incorporate the Code into the ATM process?

The CPRs state that officials must consider, among other things, a potential supplier’s relevant experience and performance history when assessing value for money (refer CPR paragraph 4.5). This could include consideration of any unethical behaviour and/or deficiencies in performance in prior contracts (including the failure of a tenderer to abide by substantive contractual requirements such as adherence to the Code). Officials must factor these matters into the evaluation of tenderers.

You may seek information from tenderers when approaching the market to determine a tenderers ability to comply with the Code. The extent of information requested in the ATM to assess a tenderers adherence to the code should be informed by the scale, scope, complexity, and risk of the procurement. You should also consider which aspects of the Code are most likely to be relevant to the goods and/or services being procured when seeking information from a tenderer on their ability to comply with the Code.

An assessment of these factors may result in the need to seek assurance, as part of a tenderers response to an ATM, that expectations of the Code can be met. This could involve seeking assurance from the tenderer that it has in place, or can put in place, the appropriate policies, frameworks, or similar, regarding its businesses ethics, governance, and accountability. If you are seeking information from a tenderer, try to be as specific as possible. Too little guidance on what the entity requires in its evaluation may compromise the utility and relevance of the information you receive back from a tenderer.

You may request a tenderer declare, in their response to an ATM, whether they have ever been found to have previously breached the Code in connection with a Commonwealth Contract. Consider if it is relevant to specify a timeframe to which the declaration covers, noting that the Code is not retrospective, and the declaration can only apply to any breaches of the Code in contracts that contain the Code clauses since the Codes release on 1 July 2024.

You should only seek to obtain information from tenderers that will be used to inform a value for money assessment and/or aligns with an identified risk mitigation strategy for the management of a procurement and contract. For low value and low risk procurements, you may consider it appropriate not to ask a tenderer to provide any information supporting their compliance with the Code. Regardless of the value and risk of a procurement activity, you may consider asking tenderers if they have ever been investigated for a potential breach, or have been found to have actually breached, the Commonwealth Supplier Code of Conduct in connection with a Commonwealth contract.

Case Study 2 – Low value, low risk procurement
Entity C is procuring the services of a training professional to help the department develop and deliver its in-house training. The value of the procurement is estimated at $30,000 (GST inclusive) and the term will be six months. The entity determines that a limited tender approach to market is an appropriate procurement method and have identified a number of potential suppliers they can invite to participate in the approach to market. Based on their market research the businesses are all well-established within the industry. A risk assessment undertaken establishes the procurement as being low risk. Entity C uses the Commonwealth Contracting Suite approach to market and contract templates, which contain the Code clauses. The entity determines that, based on the nature of the services being procured, the low value and low risk of the procurement, the entity will not include any requirements in the approach to market for the tenderer to demonstrate their ability to comply with the Code. Submissions are evaluated and a contract is awarded to the tenderer who represents the best value for money. The contract entered into contains the Code clauses, which allow Entity C to seek information from the supplier throughout the term of the contract should it be required.

Case Study 3 – Low value procurement with identified risks
Entity D is procuring specialist clothing for officials. The value of the procurement is estimated at $70,000 (GST inclusive). Market research identifies there are a small number of suppliers, both inside and outside of Australia who can produce the specialist equipment required. Following a risk assessment, including application of the tools available on the Modern Slavery webpages, the entity identifies that there is a high prevalence of modern slavery in the industry being approached (textiles) and associated with the goods being procured (garments). Given expectation 3.2 of the Code requires suppliers to take all reasonable efforts to ensure that they, and organisations in their supply chain, are not causing, contributing to, or directly linked to human rights abuses such as coercion, involuntary and underage labour or modern slavery practice, Entity D determines that it would be prudent to request information from tenderers on their proposed approach to addressing modern slavery risks, in addition to considering any information that a supplier may already have provided under the Modern Slavery Act 2018. This information will be factored into the evaluation process and used to further evaluate risks. Entity D incorporates measures into the draft form of contract that safeguard against potential modern slavery risks, including a requirement for the supplier to disclose their supply chains to the department.

Case Study 4 – High value, high risk procurement
Entity E is procuring services for a large long-term engineering project. The value of the procurement is estimated at $8.5 million over a 5 year contract term. Initial risk assessments indicate that there are many potential risks that need to be considered and managed throughout the procurement process and the duration of the contract. The primary supplier will likely need to rely on a range of subcontractors and utilise a large supply chain network. Entity E determines that it requires assurance that the successful tenderer will be capable of meeting all aspects of the Code during both the tender evaluation process and throughout the term of the contract. Potential tenderers are requested to provide an overview of their ability to comply with each expectation of the Code in their response to the ATM. Entity E incorporates the assessment of the tenderers ability to comply with the Code into their evaluation process, including an assessment as to the extent each tenderers response addresses identified risks. Entity E incorporates a requirement in the draft form of contract for the successful supplier to reconfirm their ethical practices annually until the contract ceases.

How do I incorporate the Code into the management of contracts?

The Code strengthens the Commonwealth’s expectations regarding the ethical conduct of suppliers and requires suppliers, including their officers, employees, and agents, to comply with the Code when performing their obligations under the contract.

Contract managers should monitor the ethical behaviour of suppliers throughout the term of the contract. This may involve requesting information about the supplier’s continued compliance with the Code. For example, this could be performed as part a panel refresh, periodic performance reporting under the contract and/or as part of the management of risks and that may occur over the lifecycle of a contract.

As with the ATM, the extent of due diligence undertaken to determine a supplier’s adherence to the Code should be informed by the scale, scope, complexity, and risk of the contract. For high value, high risk and/or highly complex contracts, a greater level of due diligence might be undertaken to provide continued assurance that the Code is being complied with and identified risks are being addressed. For low value and low risk contracts, you may consider it appropriate to not ask a supplier to provide any information demonstrating their continued compliance with the Code.

Further information on managing contracts can be found in the Contract Management Guide.

How are breaches of the Code managed?

The Code leverages existing remediation and termination provisions in contracts and requires the procuring entity and the supplier to remediate potential breaches, with termination mechanisms only utilised where a supplier fails to comply with contractual clauses. Be mindful that breaches of the Code may also trigger a notification obligation under the Notification of Significant Events clause Notifications clause. You should carefully review the contract to determine if either party have an obligation under the Notifications clause.

If a supplier becomes aware of a breach of the Code while under contract with the Commonwealth, the Code clauses require the supplier to immediately notify the Commonwealth entity managing the contract. If a possible breach is identified by the Commonwealth entity managing a contract, it may issue the supplier a notice (consistent with the process detailed in the contract for issuing notices).

Following the notification of a breach, you may require the supplier to demonstrate it has appropriate policies, frameworks, or similar, in place regarding ethics, governance, and accountability to prevent reoccurrence of the breach.

Consequences for breaching the Code is dependent on the significance of the breach. In most instances, breaches may be rectified by both parties agreeing to a course of action that allows the breach to be addressed and controls to be put in place to prevent further instances of a breach occurring. This course of remediation can generally be managed under the contract in the same way as any other form of performance management.

When determining appropriate actions following a breach notice, you should consider if additional controls should be introduced into the contract, and the management of the contract, to mitigate risks that may have arisen in relation to the breach. The type and extent of controls introduced should be reflective of the significance of the breach.

If a supplier fails to comply with the Code clauses, it will be a breach of the contract. Should the Commonwealth entity consider a breach is material, the Commonwealth entity can terminate the contract for cause without remediation. Entities may also consider seeking specialist advice on contractual matters where appropriate.

As with all breaches of contract, entities should consider seeking legal advice when determining an appropriate response to a breach of the Code.

Suspected breaches of the Code that could constitute serious and systemic corrupt conduct must be notified to the National Anti-Corruption Commission (NACC) as soon as reasonably practicable. Further information on notifying the NACC can be found on the National Anti-Corruption Commission website.

Case Study 5 – Supplier identifies a breach, entity determines no breach has occurred
Supplier 2 identifies that it may have failed to, in accordance with Code Expectation 1.1, to declare and manage conflicts of interests in connection with Commonwealth contracts. Supplier 2 immediately reports and declares this to the contracting entity, Entity Y, who reviews Supplier 2’s declaration and the details of the perceived conflict of interest. Entity Y determines that there is no conflict of interest in connection with the contract and informs Supplier 2 in writing of the outcome of the declaration review and a record of this determination is kept with the contract for record and audit purposes. Whilst no breach has occurred, Supplier 2 is reminded of its obligation to ensure it continues to monitor for any conflicts of interests that could arise during the term of the contract and to report them to the entity.

Case Study 6 – Entity identifies a breach, supplier fails to rectify, contract terminated
Entity Z has discovered that Supplier 3 is failing to manage risks in relation to maintaining appropriate ICT security controls to protect Commonwealth data which Supplier 3 needs access to in order to undertake the requirements of the contract. Entity Z identifies that this is a breach of Code Expectation 2.2. (Suppliers must develop and maintain appropriate processes to manage the risks associated with their operations). Entity Z issues a Notice to the Supplier in accordance with the Code clauses. Supplier 3 agrees that a breach has occurred, and Supplier 3 and Entity Z agree to a course of action to rectify the issue, including Supplier 3 taking immediate steps to resolve the breach and introducing additional controls to mitigate the additional risks that have arisen in relation to this breach. Entity Z reviews the course of action undertaken and has determined that Supplier 3 has not rectified the ICT security control risk issues or implemented the additional controls as stipulated in the remediation plan. Entity Z subsequently determines that Supplier 3 has failed to comply with the Code clauses. Entity Z, with procurement and legal advice, terminates the contract in accordance with the termination clauses in the contract.

How does the Code apply to procurements undertaken via a panel?

The Code will only apply to procurements under existing panel arrangements where the Code has been included to the deed/head agreement.

Once a panel is established, panel suppliers should not be required to re-confirm their general compliance with the Code each time they are engaged to deliver under the panel. However, you may wish to include, in your ATM under the panel, details about particular aspects of the Code which panel suppliers should demonstrate their ability to comply with by considering which aspects of the Code are most likely to be relevant to the goods and/or services being procured.

You should be wary to avoid placing unnecessary burden on panel providers. Due diligence activities should be commensurate with the scale, scope, and risk of the procurement. You should only seek to obtain information that will be used to inform a value for money assessment and/or aligns with an identified risk mitigation strategy for the management of the contract. For further information refer to Due Diligence in Procurement.

Refer to the question ‘How do I incorporate the Code into ATMs’ for further information.

If you have queries in relation to the operation of a panel, including whether the Code clauses have been incorporated into the deed/head agreement, consult the relevant panel owner.

How does the Code apply when establishing and managing a panel?

For panels established from 1 July 2024, the Code must be included in the deed/head agreement.

The CPRs state that officials must consider, among other things, a potential supplier’s relevant experience and performance history when assessing value for money (refer CPR paragraph 4.5). This could include consideration of any unethical behaviour and/or deficiencies in performance in prior contracts (including the failure of a tenderer to abide by substantive requirements such as adherence to the Code). Officials must factor these matters into the evaluation of tenderers, including for procurements used to establish a panel.

When establishing a panel arrangement, you may wish to include details about the particular aspects of the Code which the panel supplier should demonstrate their ability to comply with by considering which aspects of the Code are most likely to be relevant to the goods and/or services being provided under the panel.

You should be wary to avoid placing unnecessary burden on panel suppliers. Due diligence activities should be commensurate with the scale, scope, and risk of the procurement. You should only seek to obtain information that will be used to inform a value for money assessment and/or aligns with an identified risk mitigation strategy for the management of the panel. For further information refer to Due Diligence in Procurement.

As a panel manager, you should monitor the ethical behaviour of suppliers throughout the term of the panel. This may involve requesting information about the supplier’s continued compliance with all or some of the expectations of the Code. For example, this could be performed when a panel is refreshed; as part of periodic performance reporting under the deed/head agreement; and/or as part of the management of risks that may occur over the lifecycle of the panel. Your deed/head agreement should clearly state any requirements of the supplier to provide assurance throughout the duration of the panel.

Where there has been a breach of the Code under a contract entered into under a panel arrangement, this will be notified to the entity responsible for that contract, and also reported to the entity responsible for managing the deed/head agreement.

Refer to the questions ‘How do I incorporate the Code into ATMs’ and ‘How do I incorporate the Code into contracts’ for further information.

How does the Code apply to panels established prior to 1 July 2024?

The Code will only apply to procurements under existing panel arrangements established prior to 1 July 2024 where the Code has been incorporated into the deed/head agreement.

For panel arrangements established prior to 1 July 2024, there is no requirement for contracts under those panels to incorporate the Code. Should entities want to incorporate the Code into a contract prior to any changes to the Head Agreement, they should speak with the relevant panel owner and seek legal advice to ensure that the changes align with the panel arrangement.

Where can entities go for help?

You should contact your entity’s central procurement team (or similar) or Finance at procurementagencyadvice@finance.gov.au if you require assistance incorporating the Code into your ATM and contract.

Where can businesses go for help?

For general queries in relation to the Code further information is available on the Selling to Government website or Finance at procurementagencyadvice@finance.gov.au. If the query is in relation to an active procurement or current contract, businesses should direct their questions to the specified entity contact in the relevant ATM and/or contract.