Conflict of interest policy: examples, templates, and what to include

A conflict of interest policy is one of the most quietly important documents an organization can have. Not because it prevents conflicts from arising (they will, regardless) but because it determines what happens next. How quickly they surface. How fairly they are handled. Whether the person involved feels safe enough to disclose in the first place.

This guide covers what a conflict of interest policy needs to include, how to write one that employees will actually read, and what good policy examples look like in practice. It also includes a practical framework you can adapt for your own organization.

Sources referenced include guidance from the OECD, Transparency International UK, the Association of Certified Fraud Examiners (ACFE), and the EU's Whistleblowing Directive (2019/1937).

Why your conflict of interest policy matters more than you think

Most organizations have some version of a conflict of interest policy. Many of those policies sit in a compliance folder, attached to an annual attestation form, and are read once (if at all) during onboarding.

That is not a policy problem. It is a design problem.

When the ACFE's Report to the Nations analyzed over 2,000 fraud cases globally, it found that tips were the most common method of fraud detection, accounting for 43% of cases. In organizations with anonymous reporting channels, detection rates were significantly higher. The lesson is not that fraud is everywhere. It is that the conditions for disclosure matter enormously. A conflict of interest policy that employees trust is one they will use.

The OECD's guidance on managing conflicts of interest puts it plainly: the goal is not to eliminate conflicts (which is neither realistic nor necessary) but to identify, disclose, and manage them in a way that protects the integrity of decisions.

What is a conflict of interest policy?

A conflict of interest policy is a formal document that defines what constitutes a conflict of interest within your organization, establishes who it applies to, sets out how conflicts should be disclosed, and explains what happens after a disclosure is made.

A good policy does three things a mediocre one does not. It explains the why, not just the rules. It tells people what to do, not just what not to do. And it makes the disclosure process simple enough that people actually follow it.

To understand the full range of situations a policy needs to cover, see our guide to common examples of conflict of interest in the workplace.

Types of conflict covered

Actual conflicts: a competing interest is currently influencing, or is very likely influencing, a decision. These require immediate disclosure and, in most cases, recusal from the relevant matter.

Potential conflicts: a competing interest exists but has not yet affected a decision. These still require disclosure, so that a record exists and appropriate monitoring can be put in place.

Perceived conflicts: others could reasonably conclude that a conflict exists, even if the individual believes their judgment is unaffected. The OECD is explicit on this: perceived conflicts can be just as damaging to institutional trust as actual ones, and must be managed accordingly.

Who should a conflict of interest policy cover?

The instinct to limit scope to senior employees or board members is understandable but usually wrong. Conflicts arise at every level: in procurement teams, in HR functions, in finance, in operations. The question is not who might have a conflict, but who is involved in decisions where a conflict could affect outcomes.

A well-designed policy should apply to all employees regardless of seniority, board members and non-executive directors, contractors and consultants with decision-making authority, and immediate family members where their interests could influence the employee's decisions.

Some organizations extend this to suppliers and business partners, particularly in high-risk procurement environments. The EU's public procurement framework requires contracting authorities to effectively prevent, identify, and remedy conflicts of interest in procurement procedures, including from individuals acting on behalf of the authority.

What a conflict of interest policy must include

There is no single template that fits every organization. But there are components any effective policy needs, whether you are a 50-person company or a global enterprise operating across multiple jurisdictions.

1. A clear, plain-language definition

The definition is where most policies fall short. Legal language that employees cannot parse is worse than no definition at all. It signals that the policy is written for auditors, not people.

A working definition: a conflict of interest arises when an employee's personal interests (financial, relational, or otherwise) could influence, or appear to influence, their professional judgment or decisions.

Critically, the definition must make clear that a conflict does not require wrongdoing. The EU's guidance on conflicts of interest in EU-funded programs is explicit: the existence of the conflict is what matters, not whether it was acted upon.

2. Scope and who it applies to

Name the categories of people covered. Be specific. "All employees" is a start; "all employees, contractors, board members, and their immediate family members where relevant" is more useful. This section should also clarify whether the policy applies globally and note any jurisdiction-specific provisions.

3. Examples of what constitutes a conflict

Abstract definitions do not help people identify their own situations. Examples do. Your policy should include concrete illustrations: holding a financial interest in a vendor, customer, or competitor; supervising or making employment decisions about a family member; receiving gifts or hospitality from a third party connected to your work; running an outside business that competes with or supplies the organization; serving on the board of an organization with which your employer does business; negotiating future employment with a supplier while involved in decisions affecting that supplier.

4. Disclosure requirements

This is the operational heart of the policy. It should answer four questions clearly. When must a conflict be disclosed? As soon as it arises, not at the next scheduled review. To whom? Typically a line manager, HR, or the compliance function; for senior employees, directly to the Chair or audit committee. How? Through a formal channel (a dedicated disclosure form, a case management system, or a secure reporting platform) that creates a verifiable record. What if someone is unsure? The policy should actively encourage disclosure in cases of doubt. A "when in doubt, disclose" standard lowers the barrier and reduces the risk of inadvertent non-disclosure.

5. Assessment and resolution process

Employees need to know what happens after they disclose. A policy that describes disclosure but not resolution creates anxiety, and anxiety suppresses future disclosures. The process should include who assesses the conflict, what the possible outcomes are (recusal, role adjustment, approval to proceed with conditions, restriction, or prohibition), and the typical timeframe for a response. Transparency International UK recommends committing to a response within five to ten working days for straightforward cases.

6. Confidentiality and non-retaliation

This section is often the shortest and the most important. Employees will not disclose conflicts if they believe doing so will damage their careers. The policy must make an unambiguous commitment: disclosures made in good faith will be treated confidentially, and no adverse action will be taken against an employee for disclosing a conflict. Under the EU Whistleblowing Directive, retaliation against people who report concerns is prohibited, and organizations are required to take active steps to prevent it.

7. Consequences of non-disclosure

Failing to disclose a known conflict (particularly where it has influenced a decision) is a disciplinary matter in most organizations and may have legal consequences in regulated sectors. Stating this clearly is not about creating fear. It is about being honest that the policy has teeth, which in turn signals that it is taken seriously.

8. Annual declaration requirement

A one-time disclosure at the point of hiring is insufficient. Circumstances change: employees take on outside roles, personal relationships evolve, financial interests shift. An annual declaration requires all in-scope individuals to confirm whether they have any conflicts to disclose, even if the answer is no. It also serves a governance function: it creates a documented record that the organization has actively managed conflicts during the period, which matters in the event of an audit or investigation.

9. Record-keeping

All disclosures, assessments, and resolution decisions should be documented and retained. This protects the organization in disputes and investigations, and provides an audit trail demonstrating good-faith governance. ISO 37001 (the anti-bribery management standard) explicitly requires organizations to maintain documented information on the controls applied to conflicts of interest.

Conflict of interest policy examples and templates

Below is a framework you can adapt. It is not a legal document. Your compliance, legal, or HR function should review and tailor it to your jurisdiction, industry, and risk profile.

Policy name: Conflict of interest policy | Policy owner: [CCO / General Counsel / HR Director] | Applies to: All employees, contractors, board members, and immediate family members where relevant | Effective date: [Date] | Review date: Annual

1. Purpose: This policy sets out [Organization name]'s expectations for identifying, disclosing, and managing conflicts of interest. It exists to protect the integrity of our decisions, maintain the trust of our stakeholders, and ensure all individuals acting on our behalf do so without improper influence.

2. Definition: A conflict of interest arises when an individual's personal interests (financial, relational, or otherwise) could influence, or appear to influence, their professional judgment or decisions. Conflicts may be actual, potential, or perceived. All three require disclosure.

3. Examples: [Tailor to your sector and the roles most commonly affected.]

4. Disclosure: Any individual to whom this policy applies must disclose a conflict as soon as they become aware of it. When in doubt, disclose. Disclosures should be made through [reporting channel] and will be treated confidentially to the extent possible.

5. Assessment and resolution: Disclosures will be reviewed by [Compliance / HR / Legal]. The individual will be informed of the outcome including any conditions. Typical resolutions include recusal, role adjustment, or approval to proceed with documented safeguards.

6. Confidentiality and non-retaliation: Disclosures made in good faith will be treated with confidentiality. No adverse action will be taken against any individual for making a disclosure under this policy. Retaliation is a serious disciplinary matter.

7. Consequences of non-compliance: Failure to disclose a known conflict is a breach of this policy and may result in disciplinary action up to and including dismissal. In regulated sectors or where fiduciary duties apply, non-disclosure may also have legal consequences.

8. Annual declarations: All in-scope individuals are required to complete an annual conflict of interest declaration, coordinated by [Compliance / HR].

9. Record-keeping: All disclosures, assessments, and resolution decisions will be documented and retained in accordance with the organization's records management policy.

Common mistakes in conflict of interest policies

Using legal language in a document meant for everyone

A conflict of interest policy is not a contract. It needs to be readable by a procurement coordinator, an HR manager, and a finance analyst, not just a lawyer. If employees cannot understand it, they cannot follow it.

Focusing on prohibition rather than guidance

Policies that emphasize what employees must not do, without explaining what to do when a conflict arises, leave people in uncertainty. Uncertainty suppresses disclosure. The most effective policies are built around the disclosure process, not the prohibition.

Treating the annual attestation as the whole program

Annual declarations matter, but they are a backstop, not a substitute for real-time disclosure. Conflicts arise throughout the year, not on a schedule. Event-based disclosure triggers (new suppliers, role changes, tender periods) are essential.

Not providing a confidential reporting option

Some conflicts are observed by colleagues before they are disclosed by the person involved. A speak-up channel (allowing confidential or anonymous reporting) gives the organization an additional layer of protection and significantly increases the likelihood that hidden conflicts are surfaced. The EU Whistleblowing Directive requires organizations of 50 or more employees to provide such channels.

Managing conflict of interest disclosures at scale

For organizations managing dozens or hundreds of disclosures annually (across multiple geographies, with varied risk levels) a manual process is not sustainable. Email threads and spreadsheets do not provide the audit trail, workflow, or reporting that compliance teams need.

Purpose-built disclosure management platforms centralize the process: employees submit disclosures through a secure channel, compliance teams assess and resolve cases with a documented workflow, and leadership has visibility across the full picture. SpeakUp Paths combines conflict of interest disclosure management with anonymous reporting and case management, giving compliance teams a single, auditable system for the entire speak-up and disclosure lifecycle. Book a demo to see how it works in practice.

FAQ: conflict of interest policy

What should a conflict of interest policy include?

At a minimum: a plain-language definition, scope, examples of conflicts, a disclosure process, assessment and resolution process, non-retaliation commitments, consequences of non-disclosure, annual declaration requirements, and record-keeping provisions.

How often should a conflict of interest policy be reviewed?

At least annually. More frequently if there are significant changes in organizational structure, relevant legislation, or the risk environment. The review should be documented.

Is a conflict of interest policy a legal requirement?

This depends on your jurisdiction, sector, and organizational type. Public sector organizations, regulated financial institutions, and companies receiving public funding typically have explicit requirements. All organizations are affected by general duties of good governance and, in some jurisdictions, by whistleblowing legislation requiring appropriate internal reporting channels.

What is the difference between a conflict of interest policy and a code of conduct?

A code of conduct is a broader document covering general ethical expectations. A conflict of interest policy is a specific, operational document focused on identifying, disclosing, and managing situations where personal and professional interests overlap. The two should be consistent and cross-referenced.

What happens if an employee does not disclose a conflict of interest?

Non-disclosure is a disciplinary matter in most organizations. Where a conflict has influenced a decision (particularly in procurement, hiring, or financial matters) consequences can extend to contract rescission, personal liability, or regulatory sanction depending on the sector.