Conflict of Interest Blog

Summer compliance reading for boards of directors

A recent post by attorneys at the Sullivan & Cromwell law firm on the blog of the Harvard Law School Forum on Corporate Governance and Financial Regulation examined an important decision issued last month by the Delaware Supreme Court which “reversed the dismissal of a stockholder derivative lawsuit against the members of the board of directors and two officers of Blue Bell Creameries USA, Inc., a leading manufacturer of ice cream products. The lawsuit arose out of a serious food contamination incident in 2015 that resulted in widespread product recalls and was linked to three deaths. The Delaware Supreme Court, applying the ‘duty to monitor’ doctrine enunciated in In re Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), and noting the very high hurdle to claims under it, nonetheless ruled that the plaintiff had adequately alleged the requisite bad faith by the members of the Blue Bell board. Plaintiff did so by… show[ing] facts supporting their contention that the Company did not have in place ‘a reasonable board-level system of monitoring and reporting’ with respect to food safety, which the Court deemed to be ‘a compliance issue intrinsically critical to the company’s business.’ …[t]he Supreme Court ruled that bad faith was adequately pled by alleging ‘that no board-level system of monitoring or reporting on food safety existed.’ The Court thus declined to dismiss a claim that the directors breached their duty of loyalty, potentially exposing directors to non-exculpated (and potentially not indemnifiable) monetary damages.”

The facts of the Blue Bell case do seem somewhat extreme. Presumably there are not many companies that have zero board oversight for compliance with areas of very high risk. But the case is worth directors’ attention as a reminder that the prospect of personal liability for directors arising from compliance failures is real. Among other things, directors may want to use the occasion of this case being published to review their respective boards’ procedures for monitoring compliance issues.

Also worth reading by directors and others is the Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations published last week by the US Department of Justice. This document contains an exhaustive list of questions and considerations that the Antitrust Division will use in evaluating compliance programs in investigations, including the following: “Who has overall responsibility for the antitrust compliance program? Is there a chief compliance officer or executive within the company responsible for antitrust compliance? If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body? How often does the compliance officer or executive meet with the Board, audit committee, or other governing body? How does the company ensure the independence of its compliance personnel?” The Antitrust Division will also ask: “Does [compliance] training include senior management/supervisors and the Board of Directors?”

None of these are trick questions. But some companies would need trick answers if their antitrust compliance program was evaluated by the Justice Department in the context of an investigation. So, this is another reason for a compliance “check up” for prudent boards of directors.

Lawyers as compliance officers: a behavioral ethics perspective

What role do corporate lawyers play in preventing wrongdoing by executives in their client organizations? And how is this role impacted by behavioral ethics?

In “Behavioral Legal Ethics Lessons for Corporate Counsel,” to be published in the Case Western Reserve Law Review, Paula Schaefer of the University of Tennessee College of Law  first examines “the corporate lawyer’s consciously held conceptions and misconceptions about duty owed to her corporate client when company executives propose a plan that will create substantial liability for the company—when and if it is caught.” As she shows, lawyers often have an unduly limited view of what that duty is.

Schaefer next “turns to behavioral science and highlights some of the key factors that corporate attorneys are unconsciously influenced by as they try to decide how (or if) to address client conduct that may amount to a crime or fraud.” Those factors are:

Attorney self-interest. A key point on this: “Corporate advisors keep their jobs (as inside or outside counsel) when they keep executives happy; they do this by finding ways to implement corporate executives’ plans, and not by saying no.” Of course, on some level this is obvious but, based on the research of Tigran W. Eldred of New England Law School,  she notes that lawyers are often not aware of the extent to which self-interest corrupts the professional conduct of attorneys vis a vis clients.

Obedience Pressure. A key point here: “Obedience research explains the power an authority figure or colleagues have to influence bad advice.” The best-known study in this area is, of course, that conducted by Stanley Milgram, which measured the extent to which participants were willing to inflict shocks on apparent learners in the experiment when instructed to do so by an apparent authority figure and which demonstrated just how powerful obedience pressure could be. As Schaefer notes: “In the case of a corporate attorney addressing planned conduct that may be criminal or fraudulent, the authority figure is likely the corporate executive that the attorney reports to in the professional relationship.” And as she notes this is likely to create more pressure than the instruction of some man in a white coat in Milgram’s experiment.

Conformity Pressure. Here, Schaefer describes experiments by Solomon Asch concerning the extent to which the participants gave knowingly incorrect answers to a question because of the fact that other participants did so. The results showed a high degree of such correlation. As she notes: “Asch’s research should be particularly concerning for lawyers. For Asch’s subjects, the stakes were low—the subjects likely did not know the other participants in the study and had no ongoing relationship with them. Further, the right answer was black and white, and they still felt pressured to choose the wrong answer selected by the majority. For a corporate lawyer addressing possibly fraudulent or criminal conduct, the group (with whom she feels pressure to conform) might be fellow attorneys or other decision makers at the corporation.”

Partisan Bias. Schaefer writes: “The research reveals that partisanship makes it difficult for a lawyer to filter and interpret information objectively. One study found that students who participated in a moot court competition overwhelmingly perceived that their assigned side had the better case. In another study, subjects were asked to play the role of attorney for plaintiff or defendant in determining the settlement value of a case. Even though both sides received identical information, those who were randomly assigned to play the plaintiff predicted an award substantially higher than that predicted by the defendant.”

Schaefer next considers “interventions to combat a corporate attorney’s wrongful obedience and conformity.” All of these seem sound, but I don’t have space to discuss them here.

However, I do want to add that – although not the focus of Schaefer’s paper – the research may also be relevant to the longstanding debate about whether the general counsel or other member of the law department should serve as chief ethics and compliance officer (CECO)  or if the individual in that role should be independent with respect to reporting purposes. At least to me, the research suggests that it may be more difficult for in-house attorneys to rise above the potential conflicts in this role than is generally thought.

Of course, even an independent CECO would be subject to the various biases described in this article. However, they would still – in my view – stand a better chance of ethical success since the notion of independence is truly foundational to their role, i.e., there is presumably not the same confusion about their duty than Schaefer found was the case with in-house attorneys.

Finally, note that I am not saying that this means that the General Counsel can never serve in a CECO role – only that the implications of this research should be considered along with various other factors in determining what approach makes the most sense for a given company.

For further reading:

– The Legal Ethics Blog

– An earlier post from the COI Blog with a different view on lawyers as compliance officers

Ethics made easy

We justly praise those who show true ethical heroism.  But to protect business organizations  and society generally from legal and ethical breaches we need to aim our efforts more broadly.

In “How to Design an Ethical Organization” in the May-June 2019 issue of the Harvard Business Review, Nicholas Epley, John Templeton Keller Professor of Behavioral Science at the University of Chicago Booth School of Business, and Amit Kumar, an assistant professor of marketing and psychology at the University of Texas at Austin, argue: few executives set out to achieve advantage by breaking the rules, and most companies have programs in place to prevent malfeasance at all levels. Yet recurring scandals show that we could do better. Interventions to encourage ethical behavior are often based on misperceptions of how transgressions occur, and thus are not as effective as they could be. Compliance programs increasingly take a legalistic approach to ethics that focuses on individual accountability. They’re designed to educate employees and then punish wrongdoing among the “bad apples” who misbehave. Yet a large body of behavioral science research suggests that even well-meaning and well-informed people are more ethically malleable than one might guess…Creating an ethical culture thus requires thinking about ethics not simply as a belief problem but also as a design problem. We have identified four critical features that need to be addressed when designing an ethical culture: explicit values, thoughts during judgment, incentives, and cultural norms.

The first of these is “explicit values.” Among the key points here are that:

Strategies and practices should be anchored to clearly stated principles that can be widely shared within the organization. A well-crafted mission statement can help achieve this, as long as it is used correctly. Leaders can refer to it to guide the creation of any new strategy or initiative and note its connection to the company’s principles when addressing employees, thus reinforcing the broader ethical system.

A mission statement should be simple, short, actionable, and emotionally resonant. Most corporate mission statements today are too long to remember, too obvious to need stating, too clearly tailored for regulators, or too distant from day-to-day practices to meaningfully guide employees.

The second design consideration is “thoughts during judgment.” Among the key points here are that:

– Most people have less difficulty knowing what’s right or wrong than they do keeping ethical considerations top of mind when making decisions. Ethical lapses can therefore be reduced in a culture where ethics are at the center of attention. … Behavior tends to be guided by what comes to mind immediately before engaging in an action, and those thoughts can be meaningfully affected by context.

– Several experiments make this point… In a large field experiment of approximately 18,000 U.S. government contractors, simply adding a box for filers to check certifying their honesty while reporting yielded $28.6 million more in sales tax revenue than did a condition that omitted the box.

The third consideration is incentives. Here the authors note: Along with earning an income, employees care about doing meaningful work, making a positive impact, and being respected or appreciated for their efforts… An ethical culture not only does good; it also feels good.

The final design consideration is cultural norms. Here the authors recount the results of several experiments showing the often underappreciated power of such norms in creating ethical risk.

The authors conclude the article with several helpful suggestions for putting ethical design into practice – including in the contexts of hiring, personnel evaluation, compensation.

Note that there is a lot more that could be said about how behavioral ethics can inform and fortify compliance programs. (See this index of prior posts on this subject.) But the ideas and information is this article are very helpful, and the overall point – that [o]rganizations should aim to design a system that makes being good as easy as possible – seems exactly right to me.

Trump’s hotel

As noted in the Washington Post last month: President Trump recently released financial disclosure forms which “show that the Trump International Hotel produced $41 million in revenue, which, according to CNN, brings to more than $80 million the total amount he has made from the property during his presidency. The hotel accounted for almost a tenth of his company’s revenue last year. High demand on the part of Republicans, lobbyists and foreign governments helps explain the hotel’s success. T-Mobile executives spent nearly $200,000 there as they sought approval for a merger with Sprint. A variety of foreign countries have held events at Trump International. The Trump Organization says it donates all the profits it makes from foreign governments. But the president, who has refused to divest from his company, undoubtedly still benefits from high, price-driving demand at his landmark property, not to mention the profits domestic lobbyists produce. For those seeking to influence the Trump administration, padding the president’s wallet with conspicuous spending at his hotel must seem like a viable strategy.”

But could a man apparently worth billions be influenced by a mere $200,000? When reading this story I was reminded of a study  from 2016 on the impact on prescription writing of pharma companies buying meals for doctors. One of the results was stunning: “As compared with the receipt of no industry-sponsored meals, we found that receipt of a single industry-sponsored meal, with a mean value of less than $20, was associated with prescription of the promoted brand-name drug at significantly higher rates to Medicare beneficiaries.” (Emphasis added.)

The last (for now) word on this subject goes to this timeless exchange: George Bernard Shaw: Madam, would you sleep with me for a million pounds? Actress: My goodness, Well, I’d certainly think about it. Shaw: Would you sleep with me for a pound? Actress: Certainly not! What kind of woman do you think I am?! Shaw: Madam, we’ve already established that. Now we are haggling about the price.

 

Point-of-risk compliance

Here is my latest column from C&E Professional – on  “point-of-risk compliance.”

I hope you find it useful.

The toll at the top

As recently reported by NPR: For decades, the main reason chief executives were ousted from their jobs was the firm’s financial performance. In 2018, that all changed. Misconduct and ethical lapses occurring in the #MeToo era are now the biggest driver behind a chief executive falling from the top. That’s according to a new study from the consulting division of PwC, one the nation’s largest auditing firms. It is the first time since the group began tracking executive turnover 19 years ago that scandals over bad behavior rather than poor financial performance was the leading cause of leadership dismissals among the world’s 2,500 largest public companies… Thirty-nine percent of the 89 CEOs who departed in 2018 left for reasons related to unethical behavior stemming from allegations of sexual misconduct or ethical lapses connected to things like fraud, bribery and insider trading, the study found…”Employees are starting to say, ‘how can you enforce a policy on us without holding CEOs accountable?’ ” said Bill George, a senior fellow at Harvard Business School and former chief executive of Medtronic, who has served on the boards of Goldman Sachs and Exxon Mobil. “The CEO’s behavior has to be beyond reproach. Boards are aware of this and are really feeling pressure around that now.”

But what exactly should boards do to respond to this pressure? As noted in an earlier post in the COI Blog:

In recent months, the unprecedented sexual misconduct allegations against (among others) high ranking officials in prominent businesses has brought unprecedented attention to the need to prevent and detect such wrongdoing using high-level solutions. For instance, writing recently in the Harvard Law School corporate governance blog, Subodh Mishra, Executive Director at Institutional Shareholder Services, Inc., identifies the following five components of an effective sexual misconduct risk management policy:

– Sexual misconduct risk is specifically enumerated and oversight assigned to a board committee.

– The board has expertise in workplace and employee issues.

– Material penalties are in place for perpetrators and abettors.

– Executive compensation structures—at a minimum—contain incentives for creating a safe and equitable workplace.

– The company models the behavior it seeks to promote.

These seem like generally sound observations, but the point of my post is not to add to the conversation on this particular area of risk but rather to suggest that ideas of this sort can and should be applied to compliance risks more broadly.

Certainly, assigning a board-level committee compliance  responsibility with an emphasis on risks (such as corruption or antitrust ones) at the top, would be a sound measure generally for companies to take.  And the board having expertise regarding compliance issues is compelling for the same reason that having such expertise in workplace/employment issues is – though for both areas expertise can (in my view) sometimes be provided by access to an outsider adviser rather than appointment to a seat on the board.

Moreover, I certainly think that the emphasis on penalties for those engaged in misconduct is important to preventing wrongdoing of various kinds at the top, particularly the suggestion that “These policies may also be extended to any individuals that willfully concealed violations or engaged in retaliation against whistleblowers.” And, on the other side of the coin, reflecting compliance success generally in executive compensation structure makes sense just as it does for promoting diversity (part of Mishra’s recommendations), although doing so with the former may be more methodologically challenging than it is with the latter. Still, it can be done.

Finally, the point about modeling behavior is every bit as important to promoting compliance generally as it is to preventing harassment and discrimination in particular. For a board committee overseeing compliance at the top, this aspect of effective risk management has implications for a wide range of conduct – both substantive (e.g., how conflicts of interest are dealt with by senior managers) and procedural (such as ensuring that managers take the required training).

Cross references:

CEOs’ ethical standards and the limits of compliance

Catching up on CEOs’ COIs.

CEOs’ ethics: what’s new

 

 

Behavioral ethics program assessments

Rebecca Walker and I have an article in the Spring 2019 issue of Ethical Boardroom on behavioral ethics program assessments.

We hope you find it interesting.

E-book on compliance & ethics risk assessment

I am pleased that Corporate Compliance Insights has just published a revised and expanded edition of my e-book on risk assessment: Compliance & Ethics Risk Assessment: Concepts, Methods and New Directions.

You can get a free download here.

Risk assessment expectations under DOJ C&E program evaluation criteria

A column in Corporate Compliance Insights.

I hope you find it interesting.

Preventing investigative failures

It is too soon to know how history will judge the efficacy of the Mueller special counsel investigation. But there is no shortage of clear investigative failures in the private sector, such as in the Wells Fargo debacle.

In Complex Compliance Investigations – a soon-to-be-published article in the Columbia Law Review – Professor Veronica Root Martinez of Notre Dame Law School argues that many recent compliance failures “within organizations might have been avoided if more robust processes –  meaning the actions, practices, and routines that firms can employ to communicate and analyze information  – had been in place to ensure investigations were conducted in a manner that allowed the firm to analyze information from diverse areas within the firm.” She further notes: “The task of creating effective compliance programs has been made more challenging, however, by the shift from small, discrete organizations to complex ones. The challenge for complex organizations is, quite simply, more complicated than what’s faced by those with a smaller footprint and reach.”

She makes the following recommendations for addressing these challenges:

Track Similar Unlawful Behavior within the Firm. She suggests this because “[w]hen firms focus on policing and structural components of a compliance program, they sometimes focus too heavily on particular compliance areas, when they might otherwise benefit from assessing certain types of behavior.”

Engage in Consistent Compliance Assessments. Specifically, “Complex organizations could choose to develop formal, prospective processes in an effort to ensure that members throughout their organizations engage in similar investigative methods when misconduct is detected.”

Aggregate Potential Compliance Concerns. As she notes: “sometimes a seemingly innocuous or isolated event is actually an indication of a larger problem within the firm,…”

However, she also notes that: “ The promise of process is, however, limited in that for it to be effective it requires a firm to have (i) a strong organizational structure (ii) free from a corrupt culture.”

There is far more to Professor Martinez’s very fine article than I have space to address here. I encourage you to read all of it.

Additionally, for more information about making investigations effective please see this post in the Compliance Program Assessment Blog.