How to Build an Ethical Procurement Policy: A Step-by-Step Guide for UK Businesses

A code of ethics says what your business stands for. An ethical procurement policy is where that promise meets the suppliers, contractors and money that actually flow through your organisation. It is the document a tender will ask you for, the control that backs up your modern slavery statement, and part of the defence if a supplier ever pays a bribe in your name. This guide walks UK organisations through writing one from scratch: the components it must contain, the law it has to satisfy, how to run supplier due diligence, and how to embed and monitor it once it is signed off.

Why This Document Is Worth Getting Right

Most of an organisation's ethical and environmental risk sits not inside its own walls but in its supply chain. The people who make your products, the contractors on your sites and the firms you pay can expose you to forced labour, bribery, environmental harm and reputational damage that lands on your name, not theirs. An ethical procurement policy is the instrument that pushes your standards out to those parties and gives you grounds to act when they fall short.

There is a commercial driver too. Public buyers and large private customers now routinely ask bidders for an ethical or sustainable procurement policy, a supplier code of conduct and a modern slavery position before they award work. The Procurement Act 2023 gives UK contracting authorities stronger powers to exclude suppliers where there is evidence of modern slavery in their supply chains. A policy that exists, is followed and can be evidenced is increasingly the price of entry to tenders, not a nice-to-have.

The Legal Backbone You Are Building Around

You do not need to be a lawyer, but your policy has to line up with a handful of UK obligations. Knowing them shapes what the document covers.

• Modern Slavery Act 2015 (section 54). Organisations carrying on business in the UK with a total annual turnover of £36 million or more must publish a slavery and human trafficking statement each financial year, describing the steps taken to prevent slavery in their operations and supply chains. The statutory guidance asks for publication within six months of the financial year-end. Even below the threshold, the same checks are good practice and are often demanded by customers.
• Bribery Act 2010 (section 7). A commercial organisation can be guilty of failing to prevent bribery by a person associated with it, including suppliers and agents acting on its behalf. The defence is having adequate procedures in place. The official guidance frames those procedures around six principles: proportionate procedures, top-level commitment, risk assessment, due diligence, communication and training, and monitoring and review. Your procurement policy is where several of those principles live.
• Employment and environmental law. Suppliers must meet baseline UK standards on pay, working time, health and safety and the environment, and your policy should require it of them and their subcontractors.

Two voluntary references are worth aligning with. ISO 20400:2017 is the international guidance on sustainable procurement; it is guidance, not a certifiable standard, but it gives a sound structure covering human rights, labour practices, the environment and fair operating practices. The CIPS Corporate Code of Ethics and its Corporate Ethics Mark offer a recognised benchmark for organisations that want external validation.

What an Ethical Procurement Policy Must Contain

Before you draft, agree what the document needs to cover. A policy that leaves any of these gaps open will not hold up in a tender review or an audit. Use this as a copy-ready checklist.

• Purpose and scope. Why the policy exists and who it binds: every purchasing decision, every supplier and subcontractor, and the staff who buy on the organisation's behalf.
• Your ethical and sustainability commitments. The standards you expect, covering labour rights, modern slavery, anti-bribery, fair dealing, environmental impact and, where it fits, support for smaller and local suppliers.
• Supplier due diligence. How you assess and segment suppliers by risk before and during a relationship, and what evidence you require.
• The supplier code of conduct. The minimum standards suppliers must sign up to, and the duty to pass them down their own chain.
• Anti-bribery and conflicts of interest. Rules on gifts and hospitality, facilitation payments, and declaring conflicts in sourcing decisions.
• Modern slavery measures. How you identify, assess and respond to forced-labour risk, linked to your section 54 statement if you publish one.
• Monitoring and remediation. How you check compliance over time and what happens, short of immediate termination, when a supplier falls short.
• Roles and ownership. Who owns the policy, who approves new suppliers, and who escalates concerns.
• Reporting concerns. A route for staff and suppliers to raise issues, tied to your whistleblowing arrangements.
• Review and records. How decisions are logged and when the policy is reviewed.

Step 1: Get Leadership Commitment and Assign Ownership

An ethical procurement policy that the board has not visibly backed is the first thing a supplier ignores when a cheaper, dirtier option appears. Top-level commitment is also one of the six Bribery Act principles for a reason. Before drafting, get the owner or board to agree the standards apply even when they cost more or slow a deal down, and name a senior person accountable for the policy.

In a smaller business this is one accountable owner, usually whoever leads procurement or finance, plus a clear line to the board. You are not building a department. You are making sure someone owns the document, can say no to a non-compliant supplier, and reports up when a real problem appears.

Step 2: Map and Segment Your Suppliers by Risk

You cannot apply the same scrutiny to every supplier, and you are not expected to. Both the Bribery Act and Modern Slavery Act guidance describe a risk-based, proportionate approach. Start by listing who you actually pay, then sort them by two things: how much you spend with them, and how much ethical risk they carry.

Risk rises with certain sectors (construction, agriculture, cleaning, manufacturing, logistics), certain countries, the use of agency, migrant or seasonal labour, long or opaque subcontracting chains, and any history of issues. A low-spend, low-risk supplier of office stationery and a high-spend contractor staffing your sites with agency workers are not the same problem, and your policy should say they get different treatment.

Step 3: Decide How Deep Your Due Diligence Goes

Due diligence is where the policy stops being a statement and starts being a control. Tie the depth of checks to the risk tier you set in step 2, so effort lands where it matters. The table below sets out a workable three-tier model for a UK organisation.

Write the tiers and their checks into the policy so the rule is the same whoever does the buying. Keep the questionnaire short enough that suppliers actually complete it, and keep the records, because the ability to show what you asked and what you received is what an auditor or a customer wants to see.

Step 4: Write the Supplier Code of Conduct

The code of conduct is the part of the policy your suppliers actually sign. It translates your principles into clear minimum standards. Keep it plain and specific so there is no room to argue about what was meant. A workable code covers:

• No forced, bonded or child labour, and no withholding of identity documents or wages.
• Freedom of association and lawful working hours, pay and conditions.
• Safe and healthy working conditions.
• A ban on bribery, kickbacks and facilitation payments, with clear rules on gifts and hospitality.
• Disclosure of conflicts of interest.
• Compliance with data protection and applicable environmental law, with a commitment to reduce harm.
• A duty to flow the same standards down to their own suppliers and subcontractors.
• A right for you to ask for evidence, and the consequences of a breach.

Ask suppliers to sign the code as a condition of doing business, give them a confidential way to raise concerns, and state plainly what happens if they breach it, from a corrective-action plan through to ending the relationship.

Step 5: Embed the Policy Into How Buying Actually Happens

A policy filed on a shared drive changes nothing. To bite, it has to sit inside the buying process. Put the ethical and sustainability requirements into your tender and request-for-quote templates, so suppliers answer them as part of bidding rather than as an afterthought. Add an approval gate that no supplier passes without the relevant due diligence on file for their risk tier. Build the code of conduct into contract terms so it is enforceable, not aspirational.

Train the people who buy. In many organisations purchasing is done by staff who were never told these rules exist. A short briefing on what to check, what to refuse, and when to escalate does more than a long policy nobody reads. The goal is that anyone making a purchase knows the standard and the steps without having to ask.

Step 6: Monitor, Review and Remediate

Due diligence at onboarding is a snapshot. Suppliers change owners, win and lose subcontractors, and cut corners under pressure. Monitoring and review is the sixth Bribery Act principle and a core part of ISO 20400, so build a light ongoing rhythm rather than a one-off check.

Track a small set of figures and review them with leadership at least once a year: the share of active suppliers with a signed code, the proportion of high-risk suppliers with current due diligence on file, the number of concerns raised and how they were resolved, and any corrective-action plans open or closed. When you find a problem, prefer remediation over a reflexive exit where the supplier is willing to fix it, because cutting off a non-compliant supplier can leave the affected workers worse off. Reserve termination for serious or repeated breaches, and record the decision either way.

Common Mistakes to Avoid

A handful of predictable errors hollow out otherwise sound policies. Copying a generic template without tailoring the risk tiers to your actual supply chain produces a document that satisfies no auditor. Applying identical checks to every supplier wastes effort on the safe ones and misses the dangerous ones. Asking suppliers to sign a code and never checking compliance again makes the signature meaningless. Treating the policy as a procurement document with no link to your whistleblowing route leaves staff and suppliers with no safe way to flag the problems the policy is meant to catch. And writing the policy without board commitment guarantees it is overridden the first time price wins. Each of these is avoidable with the steps above.

Frequently Asked Questions

Moving Forward

An ethical procurement policy is where your values reach the suppliers and spending that carry most of your real-world risk. Build it in order: leadership commitment first, then a risk map of your suppliers, proportionate due diligence, a signed code of conduct, the buying process it lives inside, and the monitoring that keeps it honest. Keep the document short and the requirements specific, and tie it into the controls you already run.

This works best as part of a wider ethical framework. If you have not yet set out your code of ethics for business owners, start there, because the procurement policy enforces those values along the supply chain. Pair it with a whistleblowing policy so staff and suppliers have a safe route to flag the problems your due diligence is designed to catch. You can find more practical guides across the E-Business Ethics resources.

For the underlying law, the UK government's Bribery Act 2010 guidance and its guidance on how to publish an annual modern slavery statement are reliable starting points for checking what applies to your business.