Conflict of Interest Blog

Business ethics research of interest to your whole company

In this article from the most recent issue of Ethisphere magazine Jon Haidt of NYU and I take readers on a tour of the Ethical Systems web site. ”EthSys” offers  cutting edge social science research that should be of  interest not only to C&E professionals but also  to board members and executives; to those working in finance, law, HR, audit and procurement; and to many others in the workplace as well.

The ideas and information on EthSys can be helpful in developing C&E training, drafting ethics sections of employee newsletters and in other types of  company communications.  This knowledge can enrich the ethics-related dialogue in workplaces by turning what sometimes seems like a dry and static subject into a compelling and dynamic one.  It can help leaders lead ethically – and show that the same sort of social science findings and insights that increasingly are seen as key to running a profitable business are also essential to running an ethical one. It can also be useful in designing risk assessments; creating various types of policies and procedures; and crafting recognition strategies to promote ethical behavior.

And, that’s only part of what EthSys can do for your company.

So, take the tour yourself.

With a little help from my friends – the why and the how of C&E program liaisons

In large and widely dispersed organizations, compliance and ethics program liaisons often play an essential role in ensuring program efficacy. Among other things, they can help extend the reach of the program  – both geographically and deeper into the business. Their knowledge of local culture, law and business personnel and operations can be vital broadly to gaining acceptance of the program throughout the enterprise and more specifically to a host of C&E functions, such as risk assessment. But for many reasons establishing a liaison role can be very challenging, and one should be mindful of the keys to success and things to avoid before setting down this path.

In  this article in the most recent issue of Compliance and Ethics Professional, my partner Rebecca Walker provides a comprehensive overview of  this increasingly important component to effective C&E programs.  I hope you find it useful.

The cost of director and officer conflicts of interest just went up

In the vast realm of conflicts of interest those involving boards of directors tend to stand out. That is because part of the reason the role of corporate director even exists is to mitigate the conflict-of-interest-type tensions (which fall under the broad heading of “agency problems”) that managements may have vis a vis shareholders.  Moreover, while the role of officers obviously differs somewhat from that of director, the duty of loyalty that both owe shareholders is the same.

Director and officer COIs can arise in many settings but often the most consequential of these involves mergers. And, as described in a post last week in the D&O Diary:  ”Within the past few days, two merger objection settlements – one involving Activision Blizzard, Inc. and the other involving Freeport-McMoRan, Inc. — have been announced involving massive cash payments,… The Activision settlement may represent the largest cash settlement payment ever in a shareholder derivative lawsuit.” The post further describes that “[t]he common feature of these two cases that may account for the magnitude of the cash payments seems to be the conflicts of interest that were alleged to be part of the challenged transactions.”

The specific facts of these two cases – both of which are complex, as COI cases involving mergers typically are – may be less important than is what they (and another one last year involving News Corp, which is discussed in the same post) may mean for insurance costs to companies: “The rise of jumbo shareholder derivative lawsuit settlements has a number of implications. Among other things, it is a topic that will have to be taken into account as D&O insurance buyers consider how much insurance they will need to ensure that their interests are adequately protected.”

While most directly relevant to risk managers and others in companies in charge of securing D&O coverage,  I think C&E professionals also need to know about this development – because directors and officer of their companies  likely will and will be concerned about it.  And, hopefully this awareness will contribute to a greater overall sensitivity at high levels in companies to COIs generally – meaning that this may be a good time to train (or retrain – or schedule training of) your directors and officers on COIs.

For those looking to develop such training, here is a prior post on that topic.  And here are some other posts, portions of which might provide helpful ideas or information for training boards on COIs:

- Friendship – and the ties that blind (directors to conflicts of interest).

- CEOs’ ethical standards and the limits of compliance.

- Are private companies more ethical than public ones?

- Catching up on the backdating cases

- Behavioral ethics training.

- Catching up on CEO COIs.

- Catching up on director COIs.

- The largest derivative lawsuit settlements (from the D&O Diary).

Here are some pertinent words of wisdom from two good friends of the blog: Steve Priest (on keeping ethics training real) and Scott Killingsworth (on mitigating C-Suite risks).

Finally, if you are training your board, and want to use the occasion to look beyond the COI area to general C&E oversight by directors this recent article by Rebecca Walker and me  from Compliance and Ethics Professional magazine might be useful.



Operational transparency and internal selling of C&E programs

While all companies try to “sell” their  C&E programs, often such efforts are  not particularly robust. And that’s too bad, because the need for effective C&E program selling measures is considerable.  This is due in part to the behavioral ethics/psychology-related phenomenon that we tend to overestimate how ethical we are, which leads us to underestimate how much we need the kind of help that C&E programs can provide.  Also relevant here is the moral hazard/economics-related phenomenon that leads to a misalignment of risk vis a vis rewards in many companies when it comes to C&E, meaning that the internal “market” for C&E services in many companies is not an efficient one.  On top of both of these challenges is, at least in some companies, a growing sense of  “compliance fatigue.” With all these forces aligned against them, what should C&E professionals do to sell their programs in an effective manner?

A few years ago, in a paper published in Management Science – “The Labor Illusion: How Operational Transparency Increases Perceived Value”  - Ryan W. Buell and Michael I. Norton, both of the Harvard Business  School, reviewed the results of experiments involving  the near-ubiquitous experience of consumers reacting to wait times on web sites. They found that “when websites engage in operational transparency by signaling that they are exerting effort, people can actually prefer websites with longer waits to those that return instantaneous results—even when those results are identical.”   While the context is obviously not at all specific to C&E work, the general learning about individuals valuing services more positively when they understand the amount of effort involved in providing those services seems broadly applicable,  and worth considering for possible lessons to those seeking to “sell” C&E programs.

Operational transparency can, of course, play a role in C&E programs in various ways – most obviously through the day–to-day work of compliance officers in training on and otherwise communicating about a company’s standards of business conduct, work which is presumably well understood in a company.  Beyond this, employees generally have some understanding that a C&E officer receives and responds to reports of suspected wrongdoing. But there is, of course,  much more to a C&E program than these two functions, the depth and breadth of which is often unknown to (or under-appreciated by)  its  “customers”  – meaning the employees.

For some companies, what is needed to make a strong and positive impression on the work force is an annual C&E report.  Such reports typically summarize major efforts and accomplishments  of  a company’s C&E department in a given year, and thereby hopefully have the kind of impact that will make employees truly value what goes into the program.  To my mind, the opportunity to publish reports of this kind should be seen as “low hanging fruit” in more than a few companies – and I hope that C&E officers who don’t currently engage in this practice will revisit the issue at some point soon.

There are, however, two caveats to this suggestion.  First, in publicizing the work of a C&E department, one must be careful not to do anything that might indicate that the promise of confidentiality in responding to helpline calls and undertaking other sensitive inquiries could be compromised.   Second, as the authors of the paper state: “Whereas operational transparency involves firms being clearer in demonstrating the effort they exert on behalf of their customers—an ethically unproblematic strategy—inducing the illusion of labor moves closer to an ethical boundary,…” to which I would add that this should indeed be seen as over the line for any C&E professional.  More broadly, while C&E officers often should make greater efforts to sell themselves and what they do, they must be mindful of restraints that are particularly relevant to (with apologies to The Godfather) “the business [they have] chosen.”

For further reading see this post on annual C&E reports in Corporate Compliance Insights.

Is Wall Street a bad ethical neighborhood?

For many years I taught ethics in the executive MBA program of a New York area business school. Because of the school’s location, the “day job” for many of the students was in the financial services field, and on average they seemed less ethics-focused than did the others.  I did not find this surprising – since for many years my “day job” was as a white collar criminal defense lawyer, and a disproportionate number of my clients were from that same industry.

Wall Street is not, of course, run by wolves.   And there have been other industries that could be seen as “bad ethical neighborhoods,” at least for a time.  (Indeed, it was from defending several members of a very different, and even more troubled, industry – the specialty pipe business – in the 1980s that I began to be interested in the possibility of what was then seen as preventive corporate criminal law and has now become corporate compliance and ethics.)

But the financial services field has always been different because – by definition – the day-to-day work there is dominated by dealings with money itself.  As described in this earlier post, research published in 2013 showed that “mere exposure to money can trigger unethical intentions…” – and presumably the greater the exposure the greater the ethical peril.

Now, and more directly relevant to the issue of financial services and culture, is the publication this week in Nature of “Business culture and dishonesty in the banking industry” - by Alain Cohn, Ernst Fehr and Michel André Maréchal,   their summary of which is: “Contemporary commentators have attributed scandals [in the financial services sector] to its…business culture … but no scientific evidence supports this claim. Here we show that employees of a large, international bank behave, on average, honestly in a control condition. However, when their professional identity as bank employees is rendered salient, a significant proportion of them become dishonest. This effect is specific to bank employees because control experiments with employees from other industries and with students show that they do not become more dishonest when their professional identity or bank-related items are rendered salient. Our results thus suggest that the prevailing business culture in the banking industry weakens and undermines the honesty norm, implying that measures to re-establish an honest culture are very important.”

So, an important knowledge gap has been filled, even if it is primarily a matter of proving with experimental data what has long been known from observation of real life.

But  identifying a neighborhood as unsafe is  not the same thing as reducing the peril.  In one of our exchanges on the ECOA web site, Steve Priest recommends these five areas to focus on in ethical culture building:  a true “commitment to doing the right thing; clear standards; organizational values put into action (by leaders and employees); accountability, and open communications up, across and down the organization,” to which I add promoting long-term thinking; moderating any undue pressure to perform; and  nurturing employee identification with the company, its customers or its products/services.  Finally, because so much of the ethical trouble in the financial services field has  seemingly sprung less from purposeful lying than from carelessness about the truth, the “culture of care” approach discussed here might be useful for reestablishing an honest culture in this rough neck of the woods.


Conflicts of interest, corruption and fraud: what are the connections?

Whether one is drafting a code of conduct or other C&E policy documents, developing training, designing audit protocols,  conducting a risk or program assessment or creating C&E metrics, it may be useful to bear in mind the relationships between COIs, corruption and fraud – particularly given the extent of overlap among these areas.  The following is offered as an overview of these connections, but note that these are intended only as general principles under US law; aspects of the analysis may differ under various other countries’ legal regimes, and even  some aspects of US law itself.

Corruption  generally involves a breach of a duty of loyalty – either the duty an employee owes her employer or that owed by an agent to her principal. Corruption – at least viewed this way – always involves COIs.

Outbound corruption involves causing such a breach by others – e.g., paying a bribe to an employee of another organization to cause her to breach her duty of loyalty to such entity.  Inbound corruption involves breaching one’s own duty to employer/principal – e.g., by receiving a bribe to betray the employer.

While all corruption involves COIs not all COIs involve corruption.  Typically (but perhaps not always), the added dimension of concealment is required for an act to be considered truly corrupt.  (So, for instance, supervising a family member at work would generally not be viewed as a criminally corrupt act if it were disclosed, although it typically would still be seen as a COI.)

Fraud involves a misrepresentation for the purposes of cheating another.   In some circumstances, particularly where a duty of loyalty exists, a material omission/failure to disclose – even in the absence of an overt falsehood –  is enough for fraud liability.

Outbound fraud can involve cheating shareholders/lenders (through, e.g., misstatements about financial condition/performance); customers (e.g., though deception about the product/service in question);  or regulators (e.g., lying about one’s product/service or general business matters, such as tax). Insider trading is seen as a form of fraud, although in some circumstances the fraud analysis is a stretch.

Inbound fraud involves the organization itself being cheated either by employees (e.g., submission of phony expense reports) or third parties (e.g., suppliers lying about conditions in which a product is manufactured). In such cases the failure to disclose/material omission will often be sufficient for liability, given the nature of the relationships involved.

It is possible to see all forms of corruption as involving a fraud element, in that corrupt schemes presumably always implicate an overt deception or material omission.  And, the nature of deception/omission tends to involve COIs.

However, clearly not all acts of fraud have an element of corruption. For instance, deceiving a customer about the quality of a product would not entail corruption, unless an employee of the customer was “in on it.”

Some closing points:

First, while I think it is important to keep these different categories in mind for different aspects of C&E work (such as those noted in the first paragraph of this post), they – and indeed many other forms of wrongdoing – should be seen as connected to each other, in the sense of how they can affect an organization’s culture.  That is, an employee seeing even small-scale COIs or cheating on expense forms at her company is, I think, more likely to become more vulnerable (through desensitization) to other types of offenses.  Included here would be those involving outbound corruption which, of all the participants in the above-described “parade of horribles,” is often treated most harshly by the legal system in the US and elsewhere. Put otherwise, COIs and small scale frauds can be seen as “gateway offenses.”

Second, even where conceptually distinct, fraud and corruption often have the same controls-related issues.  For instance, weakness in the vendor selection/management process can be an occasion for an inbound fraud (supplier cheats company), an inbound corrupt act (supplier bribes company procurement personnel) or an outbound corrupt act (extra money given to supplier used as a slush fund to pay off company’s customers or regulators).  Or, all three could be happening at once.

Finally, a brief repeat of the opening cautionary note that my framework is not intended to be universal. Indeed, as recently as yesterday we saw an executive jailed for “breach of trust” in Germany under circumstances that might not (at least as I read the story) be considered criminal under US law.

For additional reading:

A post on “slippery slopes.”

Mapping a territory of ethical impairment.

Major laws in the US designed to promote ethical conduct by businesses (from the Ethical Systems web site).

Gifts and entertainment as “soft-core” corruption.

Other people’s conflicts of interest.





Risk assessment: law, economics, morality science…and liquor

Many years ago a client who was in the compliance department of a pharma company told me his strategy for conducting risk assessments.  He would schedule the interviews of sales people – a key, but typically difficult, constituency for nearly any risk assessment – to begin late in the work day, and after a while suggest that the discussion continue in a nearby bar.  As the drinks began to flow, so apparently did the information about risks.

Risk assessment is the foundation of an effective C&E program – certainly as a matter of common managerial sense, and increasingly as a matter of law.  In  connection with the latter, we recently passed the ten-year anniversary of the revised Sentencing Guidelines, which established risk assessment as an official C&E program expectation of the U.S. government; and on virtually the same day, the Italian government published important new competition law compliance  guidelines, discussed in this publication from the Baker & McKenzie law firm, which include a risk assessment component.

Still, meeting such expectations – by getting business people people to talk openly about the uncomfortable topic of risk – is as challenging as is anything in the C&E field.  So, what can you use to make these conversations succeed if, like most C&E professionals, your toolkit doesn’t include a liquor cabinet?

Part of the way for dealing with this challenge is to provide that the assessment is conducted under the company’s attorney-client privilege  and, beyond this, that no attribution to the sources of information will be included in the assessment report.  These are the tools of law, and deploying them can be essential to success in a risk assessment.

But offering confidentiality alone may not be enough because while it is typically in the clear interest of a company to have a thorough risk assessment, individuals’ interests often seem (and sometimes are) out of alignment with those of the organization. This is the realm of the economics-based concept of moral hazard, discussed in various prior posts of this blog that are collected here.

There is no panacea for dealing with this impediment – but hopefully one can make a persuasive appeal to an interviewee’s being a “C&E leader,” a formulation which seeks to blend considerations of personal and organizational benefit, to get the interviewee  to be truly helpful for the  risk assessment. Of course, for an approach such as this to work, it cannot be limited to the risk assessment process. Senior executives, and even the board of directors, need make clear through various intangible and occasionally tangible ways that such leadership is duly appreciated.

Finally, there is also a psychological dimension to the challenge of risk assessment.  As discussed in this recent article in Science  - “Morality beyond the lab” by Jesse Graham (which I learned of from the Ethics Unwrapped web site ),  various  “laboratory  studies have shown a ‘holier-than-thou’  effect, in which people over-optimistically predict their own future moral behavior but accurately predict the not-so-moral future behavior of others” – a view which has now been supported by the results of an important recent field study (by W. Hofmann, D. C. Wisneski, M. J. Brandt, L. J. Skitka, which is published in the same issue of Science). As summarized by Graham: “[T]he study suggests that moral life can largely be characterized by two kinds of events: noting one’s own good deeds and gossiping about the bad deeds of others.”

For those conducting risk assessments, the path suggested by this research is clear:  to the maximum degree possible, one should structure the inquiry so that it is not seen as asking about the interviewee’s own risks but those of others.  And, in providing information about others, at least in the aggregate, employees of an organization will likely be helping you analyze risks that in fact involve themselves.

One other point about the above-discussed research, which is that while I have highlighted its use for risk assessment there are other ways in which this aspect of  what Graham calls “morality science” can enhance the efficacy of a C&E program.  Mostly notably, it can be used in training and other communications to underscore the overarching behavioral ethics notion that “we are not  as ethical as we think,” which should help reinforce an appreciation for the help that C&E staff and other resources can provide to employees when  confronted with legal risks or ethical dilemmas.

For further reading on risk assessment, here’s a link to a complimentary e-book comprised mostly of my risk assessment columns in Corporate Compliance Insights.

For an index of posts on “behavioral ethics and compliance” please click here. 

Internal auditors as compliance program helpers: opportunities and independence challenges

Internal auditors often have the skill set and opportunities to lend an important hand to their respective companies’ C&E programs beyond the program-related audits that they conduct.  But such assistance can raise independence issues where the activity in question itself  should be audited.  This post considers what some of these opportunities are and which are problematic from an independence point of view.

First, in some companies auditors answer the help line.  This seems problematic to me, as a company’s responding to help line inquiries is sufficiently important – particularly under the Caremark case – and challenging that it should be audited, at least in companies with a relatively high degree of compliance risk.

On the other hand, in many companies auditors do receive in-person compliance-related inquiries from employees on an ad hoc basis – particularly during site visits.  Given the relatively infrequent and unplanned nature of this sort of activity, it generally need not be audited – and so I think that no significant independence issues are raised by auditors helping C&E programs in this way.

Related to responding to help line inquiries is, of course, conducting investigations into suspected violations of  C&E policies – which internal auditors often do, particularly on financial-misconduct related matters.  I believe that an internal investigations functions should be audited periodically (either as part of the help line audits or on a stand-alone basis) but for many companies – particularly medium and small sized ones – there is no practical alternative to having auditors conducting investigations.  While not ideal from an independence perspective, I think this is a compromise many companies can live with (although for some having an external assessment for this activity may be warranted).

A somewhat less obvious, but often useful, C&E program role for internal auditors concerns training/other communications.  The line I would draw here is, on the one hand, between an auditor designing training and/or determining who should receive it – which one might want to audit, at least in high-risk companies, as they involve the exercise of a significant amount of judgment; and, on the other hand, acting in a more ministerial/facilitating capacity  – e.g., delivering training that others have developed, particularly on site visits – where there is generally less of a need to audit.

Finally, and perhaps most significantly, internal auditors sometimes assist in designing C&E-related policies, monitoring measures and process controls. Here, too, the appropriate line to draw is between the auditor acting in a facilitating role – which, in my view, is generally acceptable independence wise, versus her having principal responsibility for such activity – which should be avoided, if possible.   But, as with auditors conducting investigations, in some companies independence perfection is not possible with these sorts of efforts, and where that’s the case companies need to do whatever’s reasonably possible to maximize independence possibilities for such situations – including in some cases using external resources for the audit/assessment.

A final point:  I hope I don’t seem overly willing to accept compromises in this area, but in analyzing the involvement of internal auditors in C&E programs I’m mindful of the fact that so long as their pay (and that  of the boards that serve as their protectors) comes from the companies where they are employed total independence is not attainable.  (In this sense, independence issues and conflicts of interest in companies are indeed different – because one can have a zero tolerance approach to COIs, but not to independence challenges.)  So, the task here is striking the right balance and not seeking to attain complete purity.

For additional reading:

- A post regarding internal audit and reporting relationships on the web site of the Institute for Internal Auditors by Mike Jacka – Internal Audit is the Midst of a Great War.

- An important real-world experiment involving conflicts of interest and auditors.

The modern era of compliance and ethics at ten years old

This week will see the tenth anniversary of the advent of the revised Federal Sentencing Guidelines for Organizations – the most influential set of official C&E-program-related expectations ever issued. More than any other legal development,  these revisions – which went into effect on November 1, 2004 – made possible the work that C&E professionals do.

In the latest issue of the SCCE’s Compliance and Ethics Professional magazine (see page 2 of this PDF) I try to sum up in a mere 400 words what the legacy to date of the Guidelines is. (My emphasis in this piece –  being a “compliance guy” – is on the empty part of the glass, but perhaps this is unfair. Indeed, by any measure, the revised Guidelines have had more of an impact in their first decade than did the Sherman Act – which can be viewed as the federal government’s first compliance law – in its first ten years of existence.)

For those with more of an appetite (and budget) for this topic, you might check out the just-published 2014 edition of this 1400-page treatise on the Guidelines which I edited with Joe Murphy, who is the one true founder of our profession (and my one true mentor).

I look forward to watching C&E program law continue to develop – particularly outside the U.S. – and hopefully live up to the full promise of the standards issued a decade ago.


Episode 100

For the 100th episode of his FCPA Compliance and Ethics Report, the amazingly prolific, extremely knowledgeable  and always thoughtful Tom Fox interviews yours truly.

You can hear the interview – which covers  a number of topics, ranging from the early days of the compliance field to the latest views of the Justice Department on what makes a program effective – here.

I hope you find it interesting – and thanks again to Tom, not only for inviting me to be part of the Report but for his many contributions to the field.