Ethics & Integrity

Trust is essential for any business. As such, AT&T is committed to operating ethically and with integrity. We draw on a long history of serving consumers and businesses with high standards of conduct and compliance. We continue that tradition in how we interact with our customers, our shareholders and each other. These principles include transparent communication and maintaining a culture of ethics at all levels of AT&T, backed by the tools and training to support that culture. 

In 2023, AT&T took several actions to continue enhancing our approach to ethics and integrity, including:

• Expanding our Anti-Bribery Anti-Corruption (ABAC) Policy to more clearly articulate U.S. domestic and commercial expectations.
• Making significant enhancements to the Records & Information Management (RIM) program.
• Continuing to design and develop innovative technology, advancing compliance and operational efficiency.
• Introducing additional practices to advance accessibility.
• Continuing introduction of enhanced sales-related controls and practices.
• Launching a new annual policy review and implementation program for more authentic policy governance.
• Delivering compliance training through live in-person and virtual tradeshows. These sessions, conducted by the Chief Compliance Office’s training team, covered crucial topics such as Ethics at Work, Security Awareness, Anti-Bribery/Anti-Corruption and the Code of Business Conduct. 

Code of Business Conduct

The AT&T Code of Business Conduct (the Code) is a values-based code that defines the standard of honest and ethical behavior that all employees are expected to follow. It is a key resource and practical tool for our employees, providing guidance about the attitudes and behaviors appropriate to relationships within and outside the company. All AT&T employees are required to review the Code, which is available online and through our mobile app, every year. Key aspects of the Code include:

• Content: The Code covers a wide range of topics related to ethics and compliance, such as inclusion and nondiscrimination, conflicts of interest, customer and employee data privacy, our policies of anti-bribery/anti-corruption and non-retaliation, and our commitment to environmental stewardship.
• Compliance: AT&T expects all employees to act lawfully and ethically in accordance with the Code and company policies. Violation of these policies may result in disciplinary action including, but not limited to, written warning or adverse pay treatment, suspension and termination of employment.
• Updates: We update the Code regularly to maintain its effectiveness and provide clear direction and resources on relevant topics. Any significant changes to the Code are communicated to all AT&T employees.

Our Board of Directors, as well as our employees, are held to standards of honest and ethical conduct as outlined in our Code of Ethics. The Code of Ethics emphasizes the importance of avoiding conflicts of interest and our expectations for ensuring the timeliness and accuracy of our Securities and Exchange Commission filings and related financial statements. For fiscal year 2023, AT&T had no material losses related to litigation or to non-appealable regulatory decisions involving anti-competitive behavior.

Employee Training & Awareness

We provide employees with training and communications in order to share our expectations for upholding ethics and integrity in our operations, as outlined in the Code of Business Conduct. Key aspects of these efforts include: 

• Accessibility: We strive to make our Code clear and accessible for employees. It is available in 22 languages and can be accessed on external websites, our company intranet and employee mobile devices. 
• Training: New hires receive Code training shortly after beginning at the company. Separate ethics and compliance training is conducted annually for existing employees. In 2023, 100% of employees completed the annual Code training.¹
• Senior Leadership Engagement: Our Chief Compliance Officer and senior leadership regularly communicate messages about ethics and integrity within the company through video messages, blogs, town halls and emails.

Ethics@Work

Ethics@Work is a set of resources and in-person and web-based employee trainings covering topics such as anti-bribery/anti-corruption, data protection, social media, conflicts of interest, reporting and privacy. Ethics@Work uses real-world examples and resources to assist individuals and their teams in identifying blind spots and making ethical business decisions. Employees can access our on-demand Ethics@Work toolkit on our Code of Business Conduct website or in our Ethics@Work app. We also offer a Spanish version of the app, Trabajo Ético, for AT&T Mexico employees.

Policies

We have several policies—including our Code of Business Conduct, Code of Ethics and Anti-Bribery Anti-Corruption Policy—that outline our commitment to ethical business conduct. Details about these policies are available on our Policies page.

Periodic Ethics Survey

The Chief Compliance Office (CCO) periodically conducts an anonymous employee survey that focuses on employee perception of ethics, honesty and integrity at AT&T. The results are used to improve programs throughout the company. Results are aggregated to protect the identity of our employees, ensuring our employees are more comfortable completing the survey.

Addressing Employee Concerns

AT&T has several strategies for receiving and addressing employee concerns, including: 

• Reporting Concerns: Employees can ask questions and report concerns relating to our Code of Business Conduct and Code of Ethics to their direct supervisor, another manager, Human Resources, the Chief Compliance Office, Asset Protection or the Legal Department. Employees can make a confidential and anonymous report of suspected or actual violations of the codes or other company policies through a telephone hotline or online reporting mechanisms. Employees can also ask questions directly to Compliance via our “Ask Compliance” portal. Information about these resources is available on our intranet sites and in the employee Code of Business Conduct and Ethics@Work trainings. 
• Non-retaliation: We have a strict non-retaliation policy² to protect employees who have grounds to report unethical behavior or a violation of company policy or law. We investigate allegations of retaliation and take appropriate action.

Chief Compliance Office (CCO)

The CCO is responsible for compliance oversight of legal and regulatory requirements of the countries and jurisdictions in which AT&T operates. The CCO promotes an ethical culture and ensures adherence to internal compliance requirements. These efforts focus on areas such as anti-bribery/anti-corruption, antitrust and competition, third-party oversight, data protection, sales practices, records and information management, and privacy. The CCO program is modeled in part on the Federal Sentencing Guidelines for Organizations, and we continuously improve our program in accordance with U.S. Department of Justice guidance for Evaluation of Corporate Compliance Programs and other leading sources of best practices, including external assessments of our program.  

• Compliance Responsibilty: While the CCO is under the direction of the Chief Compliance Officer, compliance is the responsibility of every department and employee. The CCO partners with a broad group of stakeholders across the business to provide tools and information to mitigate risk and manage compliance. 
• Compliance Risk Assessment: The CCO conducts formal risk assessments annually, focusing on compliance areas that could present a significant risk to the company from a reputational, operational and/or financial perspective. The compliance risk assessment process evaluates compliance in certain high-risk areas for inclusion in the program. The CCO leadership team and legal support review each risk assessment and communicate the results and action plans to business unit leadership. For more information about risk management, please visit our Annual Report and Proxy Statement.
• Compliance Oversight: The Audit Committee of the Board of Directors provides oversight of AT&T’s compliance with legal and regulatory requirements and of the administration and enforcement of the Codes and the Compliance Program. The Chief Compliance Officer reports at least annually to the Audit Committee on the company’s compliance and ethics-related trends, risks and action plans and has independent discussions with committee members as needed throughout the year. The CCO develops policies and principles, provides oversight and verification of the effectiveness of compliance controls throughout the company and protects AT&T’s assets.

Anti-Bribery/Anti-Corruption

We strive to behave honestly, ethically and fairly, relying on strict adherence to our codes of business practices. AT&T strictly prohibits giving, offering, authorizing or taking bribes or engaging in corruption under any circumstance. This prohibition includes bribery of or giving improper payments or rewards to private individuals as well as government officials. Our anti-bribery/anti-corruption compliance oversight program, which is part of the CCO, aims to prevent, detect and mitigate risks related to public and commercial bribery. Our approach includes but is not limited to the following:

• Policies & Guidelines: The Code of Business Conduct and ABAC Policy communicate expectations for handling and recording company transactions and executing company business, while our schedules of authorizations delineate who has the authority to approve certain transaction thresholds. The ABAC Policy outlines our approach to working with government officials and U.S. and non-U.S. entities. The ABAC Policy applies to all AT&T employees and is reviewed annually to confirm it remains current.  Employees can access the policy online and on our mobile app, and it is publicly available on our external website. Other AT&T corporate policies and guidelines reference the ABAC Policy and associated processes, including the Gifts & Hospitality Policy, Strategic Customer Positioning Policy (event tickets), AT&T Global Travel & Expense Guidelines, and the Contributions, Sponsorship & Memberships (CSM) Policy.
• Processes & Procedures: Various processes and procedures support the ABAC Policy. AT&T uses a risk-based approach to conduct ABAC due diligence procedures on suppliers acting on our behalf with government officials. Because ABAC compliance is vitally important when providing hospitality for customers and extending invitations to AT&T-sponsored business events, an ABAC hospitality procedure was established to assist the businesses in determining what type of hospitality is allowed, not allowed or requires additional review. In addition, ABAC screening questions and checks are embedded into various corporate processes and procedures that require additional review and approval if a public official is involved.
• Training & Awareness: We regularly provide training for employees who interact with public officials. Employees exposed to ABAC risk must complete ABAC basics training, while a subset of such employees who perform certain roles/functions must also complete ABAC role-based training. The training is interactive and designed to help employees understand permissible conduct when interacting with public officials. In addition, each of the AT&T business units perform periodic ABAC awareness activities such as ABAC “tone at the top” messaging. Finally, ABAC is a key component of broader employee training requirements including the annual Code of Business Conduct and Ethics@Work training courses.
• Monitoring & Testing: In addition to the corporate compliance risk assessment process that includes ABAC every year, we continuously monitor for bribery and corruption risk to assess the effectiveness of existing controls. This includes various ABAC transactional reviews such as quarterly red flags testing of certain payment activity. The AT&T internal audit organization, led by our Senior Vice President of Audit Services, performs annual ABAC control audits. 

As we continue to uphold our high standards for ethics and integrity, we will review industry trends and best practices, complete reviews of our programs, assess our policies, update training and more. Key highlights for our path forward include: 

• Launching an Enterprise Risk Management (ERM) governance program. The CCO launched this new program in Q1 2024 along with stakeholders from the Chief Operations Office, Human Resources, Legal, Audit, Finance and the Chief Security Office. The goal of our ERM program is to collectively identify and address key risks across AT&T. Our ERM program is not a one-time project but an ongoing, dynamic process that will develop as our strategic objectives and risk landscape continue to evolve.  
• Reviewing existing compliance training to ensure the content is relevant, interactive and engaging and that the audience is appropriately selected. We’ll also develop new training as needed. The Chief Compliance training team is collecting data on compliance trainings outcomes in order to develop more targeted and effective training opportunities within specific business units for 2024.
• Evaluating policies to maximize risk mitigation through effective policy management.
• Aligning our compliance program with the most current and relevant local and federal legislation and guidelines.
• Participating in the Organisation for Economic Co-operation and Development (OECD). Members of the CCO, including the Chief Compliance Officer, recently joined the OECD Anti-Corruption Leader program to continue to enhance our commitment in this space. OECD is a unique forum and knowledge hub for data and analysis, exchange of experiences, best-practice sharing and advice on public policies and international standard-setting.

• AT&T Annual Report
• AT&T Anti-Bribery Anti-Corruption Policy
• AT&T Code of Business Conduct
• AT&T Code of Ethics
• AT&T Policies
• AT&T Proxy Statement
• Federal Sentencing Guidelines for Organizations
• U.S. Department of Justice Evaluation of Corporate Compliance Programs