There’s no regulatory requirement specifically for code reviews that I’m aware of. Your question is a bit troubling in that it sounds like you want to throw “action” at a problem rather than have a well though-out V&V process.
There are numerous reasons why you might do a code review, including: assessment of compliance to coding standards, verification of low-level requirements (e.g., algorithms), supplemental verification support for safety-critical code, etc. What you do needs to be outlined in your Software Development Plan, elaborated further in your V&V plan, and then executed as planned.
If you do perform code reviews, it would be considered a design review / V&V activity so all procedural aspects apply (i.e., the unit under test / review needs to be baselined / configuration controlled, the review team identified, actions from the review captured and tracked to closure, etc.).