Conflict of Interest Blog

Robots and conflicts of interest

From “Do You Have a Conflict of Interest? This Robotic Assistant May Find It First”  recently published in the NY Times:

What should science do about conflicts of interest? When they are identified, they become an obstacle to objectivity... Sometimes a conflict of interest is clear cut.But other cases are more subtle, and such conflicts can slip through the cracks, especially because the papers in many journals are edited by small teams and peer-reviewed by volunteer scientists who perform the task as a service to their discipline.

The Times  piece further notes: With such problems in mind, one publisher of open-access journals is providing an assistant to help its editors spot such problems before papers are released. But it’s not a human. Software named the Artificial Intelligence Review Assistant, or AIRA, checks for potential conflicts of interest by flagging whether the authors of a manuscript, the editors dealing with it or the peer reviewers refereeing it have been co-authors on papers in the past…(Note: prior coauthoring of an article by itself would not constitute a COI, but could be an indication of one.)  The tool cannot detect all forms of conflict of interest, such as undisclosed funding sources or affiliations. But it aims to add a guard rail against situations where authors, editors and peer reviewers fail to self-police their prior interactions.

Note that the use of data mining for COIs is not new. Indeed, for many years, auditors have looked for matches between the addresses of employees and vendors. And  anti-corruption compliance programs increasingly involve data mining, as is true of competition law compliance too

Moreover, the specifics of efforts like these will vary by industry. (E.g., the co-author relationships of the type referenced above would presumably  be relevant only to businesses where publishing plays an important role.)

But for any company it is worth considering – based upon the company’s risk profile – whether there  are any opportunities of this sort.




A (partial) conflict of interest agenda for Biden

There are many reasons to celebrate the  apparent defeat of Donald Trump in the presidential election, but among the top ones for me is his total antipathy toward rules and norms concerning conflicts of interest.

Trump has created or maintained literally thousand of COIs during his presidency.   The concern here is less what might be considered his ill-gotten gains from the COIs than what is on the other side of the conflicted transaction, i.e. what interest did he improperly trade/betray for the COI.

But more so that this is the larger issue of the lasting general impact from the very rotten “tone from the top” on future ethical conduct issues

I do not believe that many individuals have overtly justified their engaging in  COIs based on Trump’s behavior.  But we also know from behavioral ethics research  that many of the causes of wrongdoing lie below the surface. To me these are the most dangerous aspects of COIs because they undermine the trust that will be necessary for dealing with the many complex and high stakes challenges, we face, including Covad 19 and climate change.

To help restore that trust the president elect should build a COI element into his communications  plan. Note that this need not be an every day affair. But there are presumably lots of opportunities of this sort, and Biden’s communications staff should be directed to make the most of them.

Do honesty pledges work?

Pledges often sound like a good idea but whether they are depends on various factors. Just ask Jim Comey.

In Honesty Pledges for the Behaviorally-based Regulation of Dishonesty, Eyal Pe’er, School of Public Policy, Hebrew University of Jerusalem,  and Yuval Feldman, Faculty of Law, Bar-Ilan University,  take up the topic of honesty pledges.   A study they conducted found, among other things, “that an ex-ante [before the event] pledge can reduce dishonesty significantly, considerably, and even when compared to a (maximally possible) fine. In addition, the effect of the pledge did not seem to decay over the (relatively short) period of time we examined in this study. Reminding participants about their pledge in the middle of the time interval did not add to the reduction in cheating. The effect of the pledge seems not to be restricted to the highly lawful or obedient participants, … Moreover, this effect was also evident when specifically examining those who cheated to a larger extent than others…”  The authors conclude “that pledges could be an effective tool for the behavioral regulation of dishonesty, reduce the regulatory burden, and build a more trusting relationship between government and the public, even in areas where incentives and opportunities to cheat are high.”

This paper could indeed be useful to some government officials regulating business  in determining when to substitute or supplement pledges for the harder edges of compliance   (e.g., monitoring).

To this I would add that it could also be relevant to internal company officials (and their advisors)  considering adding honesty pledges to their compliance arsenal.

Effective Discipline According to the DOJ.

My latest column in Compliance & Ethics Professional. 

I hope you find it interesting.

Do compliance officers have an inherent conflict of interest?

In Agency, Authority, and Compliance, Sean J. Griffith of the  Fordham University School of Law argues:

Compliance can and often does serve as a conduit through which regulators and enforcement authorities enlarge their authority beyond statutory bounds. The potential to do so is a function of the symbiotic relationship between compliance officers and regulatory authorities. Compliance officers owe their professional existence and their organizational authority to the interventions of regulators and enforcement agents. This creates a unique incentive structure and renders compliance officers especially receptive to regulators’ extra-legal pronouncements. As a result, the separation of compliance from legal and the elevation of the compliance function as the co-equal of the legal department, a structure often insisted upon by regulators and enforcement authorities, effectively enlarges the compliance conduit through which the government may abuse the rule of law. Rather than separating compliance from legal, compliance should be subordinated to legal so that an officer accountable exclusively to the best interests of the firm is charged with interpreting the law and advising the firm on what the law requires. Only after this determination has been made should compliance officers be charged with the task of executing on these decisions. A necessary condition to realigning organizational responsibilities in this way, however, is for the government to stop insisting on the alternative. More broadly, the government should not involve itself in the organizational details of compliance, but rather should limit itself to making and enforcing the law.

This is an interesting and unusual  perspective and one that I am not unsympathetic to.  Indeed, in a piece last year in Compliance Week I argued that in many companies having the chief compliance officer report administratively to the general counsel would in fact be appropriate  (assuming – among other things –  that the CCO reported informationally to the board of directors).

But I’m not persuaded that a conflict-like condition exists because CCOs “owe their professional existence and their organizational authority to the interventions of regulators and enforcement agents,” at least, not as a general matter.  One might find exceptions where a company is under a monitorship or is in a very highly regulated business. But for most organizations, I believe, this is no more the stuff of conflict than is the fact that a company’s sales people effectively owe their respective jobs to its customers (which presumably would not diminish the sales people’s fidelity to their employer’s best interest).

I also don’t agree with the notion that whether to take a contemplated compliance measure should be decided by the GC and how to do so that of the CCO. While conceptually neat, as a practical matter the two areas tend to overlap considerably, making the proposed separation of powers difficult to implement.

Finally, regarding the suggestion that, “the government should not involve itself in the organizational details of compliance, but rather should limit itself to making and enforcing the law,…”  I generally believe that without the government’s involvement in the details of compliance over the past nearly 30 years, the overall state of compliance would be weaker than it is today.

Behavioral ethics and compliance to the rescue?

A colleague once voiced the view that the C&E field was “out of energy and out of ideas.”  I have often been of the same mind but am cheered by the advent in recent years  of “behavioral ethics and compliance”

The need for new C&E ideas was recently articulated in Preventing Corporate Crime from Within: Compliance Management, Whistleblowing and Internal Monitoring   by Benjamin van Rooij of the University of California, Irvine, School of Law, University of Amsterdam –  Faculty of Law, and Adam Fine, Arizona State University,  School of Criminology & Criminal Justice:

To reduce and prevent corporate crime and wrongdoing requires more than punishment of corporations and corporate executives. True change requires transformations within such corporations. This paper discusses three options to induce such corporate transformations: corporate compliance management mechanisms, whistleblower protection rules, and independent internal monitoring. The paper concludes that the existing empirical evidence shows doubt whether these systems actually can be effective in reducing corporate crime and wrongdoing. It concludes that the available studies show that these systems are more likely to be effective exactly where it is least needed, namely when there is leadership commitment to compliance, when there is successful external oversight and when there is a compliance culture. The paper concludes with critical thoughts about what this means for existing legislation stimulating these systems, for regulators and compliance officers, as well as for research in this area. Here it argues that internal compliance management must become much more based on behavioral insights from the social and behavioral sciences, and that the scientific community must do a greater effort to provide such support to public and private practitioners.

I certainly agree with this  last conclusion, and for those looking for practical  ideas on how compliance officers, regulators and social scientists can assist one another along these lines  please see my Behavioral Ethics and Compliance Index, which has nearly 100 posts on this area.

Is a weak compliance program worse than no program?

Many years ago I was asked by a prospective client if I could design a “C minus” (i.e., just barely passing) compliance program for them. I responded that, for various reasons, by aiming for a C minus they were likely to end up with an “F.” I did not get the gig. But would there have been any harm in aiming low?

Yes, there would – at least according to David Hess of the University of Michigan’s Ross School of Business, who argues, in a piece in the Brooklyn Journal of Corporate Finance and Commercial Litigation:

“Employee perceptions of an organization’s compliance program are critical. A program that has lost legitimacy with its employees is not just ineffective, but it creates more harm than good by leading to more unethical behavior. This Article identifies ways in which compliance programs can start to lose legitimacy, explains how that lost legitimacy leads to increased wrongdoing, and then concludes by setting out some basic reforms focused on helping stop this downward spiral and protecting the legitimacy of the compliance function.”

Hess’s first point – that, for a variety of reasons, compliance programs can lose their legitimacy – is well trod ground.  Less so is the notion that that an “ineffective program creates more harm than good.” Here, he argues – persuasively, in my view: “If there was no ethical infrastructure, then the individual would rely on his or her own moral reasoning. With a weak infrastructure the organization is sending the message to the individual that ethical concerns do not matter for doing his or her job.” Hess also notes, in this regard, that while research has shown “that a properly enforced code of conduct decreases unethical behavior …  the simple existence of a code of conduct, after controlling for perceived code enforcement and corporate culture, increased unethical behavior.”

Finally, he notes: “Corporations should be required to regularly evaluate their ethical culture.  This recommendation focuses on helping to ensure appropriate and ongoing monitoring of the ethical infrastructure to prevent the compliance program from chipping away to a point where it has lost legitimacy … Measurement of the ethical culture helps  corporate actors recognize when intervention is necessary.”

To which we should all say Amen.





How to assess the efficacy of codes of conduct

Here is a post from the Compliance Program Assessment Blog on assessing codes of conduct.

Rebecca Walker and I hope you find it useful.

Lessons learned from lessons learned

Rebecca Walker and I recently authored this post for our program assurance column in Corporate Compliance Insights.

We hope you find it useful.

“To lose one parent may be regarded as a misfortune; to lose both looks like carelessness.”

So said Oscar Wilde. And while he clearly didn’t have compliance programs in mind, his immortal words provide a humorous introduction in these distinctly unfunny times to the topic of how the Department of Justice’s recently revised Evaluation of Corporate Compliance Programs (“the Evaluation”)  has impacted how the Department evaluates companies’ risk assessment measures in investigations and prosecutions.

By way of background, over the years many compliance failures have been risk assessment failures. But risk assessment was not in the original Sentencing Guidelines, which were issued in 1991, although it was added when the Guidelines were amended in 2004.  In 2017 the Department published the first iteration of the Evaluation, which was followed by revised versions in 2019 and this year. In this post I look at aspects of the whole of the discussion of risk assessment in the Evaluation – not just the 2020 additions.

One key aspect of the Evaluation is documentation. Many risk assessments are somewhat informal and not sufficiently documented.  Documenting the risk assessment is useful not only in the event of a government investigation or prosecution but also for self-checking by management and for the board of directors’ periodic review of the program. Therefore, for those companies that haven’t already done so, drafting a risk assessment governance document should be considered.

Having a defined methodology – which not all companies do – is also important under the Evaluation. There  are lots of methodological considerations for conducting risk assessments. Included are:

– Different processes – document reviews, interviews, focus groups, surveys.

– Different substantive approaches – e.g., how important is risk impact (as opposed to risk likelihood)? What are boundaries?  What are likely risk scenarios?

– Finding a way to measure success. What have you learned – not just about newly discovered risks, but getting a better understanding about known ones?

One size doesn’t fit all, but all need to select and deploy a methodology.

A third important area under the Evaluation is resources, with the issue being whether the process enables the company to allocate resources to different program elements in an effective and efficient way.  Note that many companies use the results of risk assessments for auditing and board oversight,  but there are many other program elements that could benefit from such use.

Finally, the Evaluation calls upon companies to adopt a “lessons learned” approach to compliance. This brings us back to the title of the piece, and specifically to the need to avoid the appearance of being careless by failing to prevent a recurrence of a specific type of wrongdoing. While funny in a great comic play, there would be little to laugh about in such a situation in a criminal case.