Conflict of Interest Blog

Asking a good question

The late Nobel Laureate in physics Isidor I. Rabi once said: ”My mother made me a scientist without ever intending it. Every other Jewish mother in Brooklyn would ask her child after school: ‘So? Did you learn anything today?’ But not my mother. She always asked me a different question. ‘Izzy,’ she would say, ‘did you ask a good question today?’ That difference – asking good questions – made me become a scientist!”

Asking good questions can also help companies promote compliance and ethics.

In The Road to Character, David Brooks notes that he once met an employer  who asked every job applicant: “’Describe a time when you told the truth and it hurt you.’”  This is, to my mind, a good C&E-related question, as it can help identify those who practice, as well as preach, ethical behavior. It also reminds those asking the questions about the importance of C&E to the organization. A frequently used variation on this question is: “Describe an ethical challenge you’ve faced and how you dealt with it?”

Of course, employment interviews are not the only setting in which it is important to ask good C&E-related questions. Another is employee engagement surveys, in which one commonly sees questions about relative comfort in reporting violations and perceptions of the ethicality of the organization’s management.

These are good topics for questions, and I think every company that fields an employee engagement survey should use them. But my favorite question of this sort  comes from a survey conducted by the Economist which measured respondents’ perception of the need for ethical flexibility to advance one’s career within an organization.  What I particularly like about this question is the focus on flexibility – which may be easier for respondents to admit to than asking outright about their engaging in  ethical transgressions.

Yet another setting for asking C&E questions is the compliance audit. While most of what is done in C&E audits revolves around document reviews, interviewing employees can be part of the picture as well. Among the topics that should be considered for such questioning: Does the interviewee think that the company’s training is effective? In addition to producing useful information about training itself, posing this question may make it easier for employees to identify concerns about risks and actual violations. I.e., like the question above about ethical “flexibility,” questions about C&E training may offer a “soft” way of approaching a “hard” topic.

Moreover, questions about training can be asked  not only in audits but as part of (and typically at the end of) the training itself.  One possibility here is to ask whether after the training the employee now feels that she understands how the company’s compliance program applies to her job – again, a variation on the “soft” question approach.

Finding the right question can also be important in developing a C&E-component to a company’s exit interview template. Options include general culture questions, such as how do you rate our company as a values and ethics driven employer – with an opportunity to say why; specific questions about key aspects of the program, such as whether the departing employee understood all the options for reporting concerns; and, of course, asking whether the employee was aware of any unreported concerns.

I should stress that this post is not intended to cover the whole world of asking C&E-related questions.  Among the areas not addressed: the importance of Q&A in codes of conduct and approaches to asking questions in risk assessments.

Finally, to an extraordinary degree, boards of directors can have the power to impact a C&E program simply by asking the right questions. Here (on page 2 of the PDF) is an article which offers not actual questions but topics that boards can turn into questions in overseeing their respective companies’ C&E programs

The risk of good intentions

As noted  in an earlier posting, we are entering an era of unprecedented Environmental, Social and Governance (“ESG”) imperatives, which will hopefully) be beneficial to millions of people in many ways. But those involved in ESG efforts (and others who “do good”)  must also be aware of the dangers  of “moral licensing.”

As described in Rational Wiki: “Moral licensing or self licensing is a cognitive bias that occurs when a person uses their prior ‘good’  behavior to justify later bad behavior, often without explicitly using that logic. The effect has been demonstrated in numerous psychological studies.[1]

For instance, as noted in  an article in the Irish Times: “One experimental study found people ‘are more likely to cheat and steal’ after purchasing green products than after purchasing conventional products.”

According to another piece on moral licensing: “In a set of pioneering studies, participants who established their racial non-prejudiced attitudes by endorsing President Obama or through selecting a black person for a consulting firm job were subsequently more likely to make pro-white decisions. In one test, after subjects were given a chance to condemn sexist statements, they were found to be subsequently more likely to support hiring a man in a male-dominated profession. One study on consumer behavior suggested that shoppers who brought their own bags felt licensed to buy more junk food.”

Interesting stuff.

However,  I caution, that not all moral licensing results have been replicated. Still there is an obvious  logic to thus line of reasoning, at least enough of one to consider the effects of moral licensing on compliance.

I also caution that moral licensing is not a reason to do less when it comes to ESG  and other pro-social efforts.  Rather, it is a reason to up one’s compliance game.

More specifically, moral licensing should be made part of risk assessment processes. It can  also  be worth mentioning in training and other communications.

Finally, moral licensing can be  be particularly relevant not only to ESG-related work but also to the work of governmental bodies, charities and other non-profits. Indeed, organizations of this sort – particularly charities tend to have relatively weak compliance and ethics programs need to understand and address this variety of risk.

 

 

Training managers in conflicts of interest

While  COI risks can exist at any level of an organization, as a general matter the risks increase (often sharply) as one proceeds up the org chart.  Most obviously, this is because a) senior managers tend to have greater opportunities for COI-fraught relationships and activities than do other employees; and b) COIs at higher levels of an organization are likely to be more harmful than are lower-level conflicts.    Given these  and other factors, training managers on COIs can be an essential risk mitigant for many organizations.

COI training for managers can (and often should) be part of broader C&E training covering other significant areas of risk, as well as the roles of managers in the operation of the C&E program.  Such training typically has two dimensions: an individual one – to help managers avoid having COIs themselves, and an organizational one – to assist managers in preventing//detecting/addressing COIs by colleagues and third parties.

More specifically, one might i) start the COI part of the training with an attention-getting hypothetical (or actual) case, perhaps showing how harmful even well-meant COIs can be; ii) identify generally the types of COIs most relevant to the entity (individual COIs for all, organizational ones for some), as well as any special COI issues (such as, for certain types of entities, the need to avoid contributing to a COI by a third party); iii) describe the legal and business imperatives for strong C&E efforts in these areas; iv) discuss how employee perceptions of COIs by managers can undermine faith in the C&E program as a whole (an aspect of “normative compliance,” v) review applicable company policies and procedures regarding COIs, perhaps using a hypothetical case or cases to illustrate how they should work – and what the risks of familiar might be; vi) examine particular compliance challenges for this risk area, including the tendency of individuals to rationalize conflicts-driven decision making (a facet of behavioral ethics) and the frequent difficulty of challenging individuals on matters that have a sensitive personal dimension (which COIs often do); vii) explain what a manager’s specific role is to ensure COI-related compliance; viii) identify COI-related “red flags” to help them meet those responsibilities; and ix) connect COI issues to other risk areas of significance – such as corruption, fraud and insider trading/confidential information.

When ethics “don’t mean anything”

Many years ago, I heard federal judge J. Skelly Wright tell this wonderful story.  He was presiding over a trial in Louisiana and asked one of the attorneys why the attorney referred to all the witnesses as “Colonel,” to which the attorney responded:  That don’t mean anything – it’s like when I call you Your Honor. “

There are lots of things wrong with painting with too board a brush. This comes up in a variety of contexts. But it seems particularly problematic when the setting is compliance.

Last week,  as reported in the NY Times,  the “Supreme Court [gave]  Goldman Sachs a Do-Over in Securities Fraud Suit. The justices said the bank may renew its arguments that its statements about honesty and integrity were too generic to support a class action for billions of dollars.” (The decision can be found here.)

I’m not sure what lessons should be drawn from this. However, some companies may be tempted to draft compliance policies and other documents that are little more than generic professions of ethicality.  But while this approach might get past the Supreme Court I doubt it would do so at the Department of Justice.

A 30-year experiment in ethics and compliance

In his 2008 book Experiments in Ethics, Anthony Appiah made a strong and important case that behavioral science ideas and information should be used to address ethical challenges. But for me the most compelling ethics-related experiment of modern times comes from the realm of political – rather than behavioral – science: the experiment that began in 1991 with the advent of the Federal Sentencing Guidelines for Organizations and which continues to this day.

Although we have become accustomed to living in an “Age of Compliance,” the Guidelines were initially considered “developmental,” as the then Chair of the Sentencing Commission put it. The notion of government providing businesses with incentives for C&E programs and direction on how to make such programs effective was largely new and untested at the time. Of interesting historical note to behavioral ethics aficionados: before the Sentencing Commission chose its current C&E-program-based approach to preventing corporate crime it considered applying an “Optimal Penalties” strategy.  The Commission’s ultimate rejection of that approach – which was premised on a hyper-rational (“Chicago School”) view of how business crime occurs – in favor of one that promotes strong C&E programs can be seen as an early (albeit presumably intuitive) official endorsement of the behavioral science based view of human nature.

Thirty years later, it is fair to ask: has the  Guidelines experiment been a success?

It would be hard to prove or disprove success using traditional tools of measurement, since the Guidelines are, of course, a policy interacting with a wide range of real-world factors in an uncontrolled way, not a true self-contained experiment. But if the results were not positive to a significant degree then it is hard to imagine that other governmental bodies – in the U.S. and increasingly around the world  – would have followed suit to the significant degree that they have. While “success breeds imitation” is not an iron-clad rule, it is a pretty good description of what happens much of the time including, I think, in this instance.

Another way to think about success here is to imagine a “counterfactual” world where C&E wasn’t as important as it has become under the Guidelines approach. Would we be better off with little or no sexual harassment training or protection of whistleblowers in corporations? Would we want to work for or do business with a company that made little or no effort to prevent its employees and agents from engaging in corruption, bid rigging or fraud? Indeed, one doesn’t have to strain one’s imagination to picture these counterfactual possibilities: they are the way things used to be before the Guidelines, at least in many companies.

Looking forward, while a compliance-based strategy to business crime prevention no longer faces a serious threat from the Optimal Penalties view of the world, one does hear what are occasional critiques of the C&E approach from a behavioral science perspective (which is somewhat ironic, given the above-described history). The argument goes that C&E programs – by treating employees with suspicion, and thereby making employees resentful – can actually spawn wrongdoing.

As described in an earlier post, this does not ring true to me, at least not insofar as it concerns serious offenses. Although there is no question that some companies engage in overkill with aspects of their C&E programs, employees should not (and I think do not) feel resentful that their employers try to help keep them safe from the risk of being sent to prison and having their careers destroyed. And even if there is some resentment, that is presumably a small price to pay for preventing serious harm to company, employees and others.

Finally, I am very aware that my musings are themselves not scientific, and hope that the next 30 years  scholars and practitioners will find ways of assessing the efficacy of the many different strategies and tools for having C&E programs. There is lots of room for improvement in this area – and experimentation. At least to me, that’s much of what makes the field exciting to be part of.

But as to the basic notion of C&E  itself – I think that’s here to stay, not so much as a matter of proof but of logic. On this point I give the last word to Joe Murphy – the visionary lawyer who (together with Jay Sigler of Rutgers) first wrote about what was ultimately to become the Guidelines approach: “For those who ask ‘does compliance work,’ my response is to ask them, ‘does management work?’ One question makes as much sense as the other. C&E is a management commitment to do the right thing and management steps to make that happen. If you do not use management steps to do something in an organization, how on earth do you do so?”

 

 

Self assessing your conflict of interest compliance program

C&E program assessments sometimes have a general scope and sometimes are focused on a single substantive risk area – such as corruption or competition law. (Still others have elements of both approaches, i.e., general assessments and deep dives.)

For some companies it makes sense to do such a targeted/deep dive assessment for conflicts of interests. This is particularly so for those responding to a significant COI violation or “near miss,” but it is also the case where the likelihood of COI risks is heightened due to geographic, organizational or industry cultural considerations.

The scope and approach of such assessments for any given company at any given time should vary based on a variety of circumstances.  However, for many companies the effort should not be time consuming or intrusive.

What does one look for in a COI program assessment? Hopefully, the following questions/comments could be helpful to some organizations seeking to determine whether/how to go down this road – and if so, how far.

– Risk Assessment. Has the company assessed COI risk? If so, has it done so in a documented way? Has it used the results of the assessment(s) in designing and implementing other aspects of the COI program? Beyond this, does the company have a good sense of its areas of jeopardy from what might be called “the risk assessment of everyday life”?

– Governance. Have the respective COI oversight roles of the board of directors and senior management been formalized? Do they receive appropriate reports of COI program activity? Are there sufficient escalation provisions regarding COIs?

– Culture. Are COI rules truly followed or are there double standards? What is the sense of “organizational justice” vis a vis COIs? Same question re: the “tone at the top.” Do employees – particularly senior ones –  understand the harm that COIs could cause the company?

– Policies. Presumably nearly every business organization has a COI provision in its code of conduct. But there are also many that need but do not have a standalone policy as well. Is your company in this category? Also, is your COI policy well known and readily accessible? Is it reviewed periodically by the C&E officer?

– Procedures. Are disclosure and related COI procedures clear, easy to use and well known? Do those tasked with reviewing COIs have enough knowledge and independence for the job? Are the reviews sufficiently documented?

– Training/other communication. Is there enough training given relevant COI risks (which tend to be high for senior managers/board members and in certain functions, like procurement)? Is training reinforced through other communications, particularly from senior managers?  Does the training/other communication use the learning from “actual cases”?

– Auditing and monitoring. Are the COI disclosure practice and other aspects of the program audited? Same question for monitoring (of conditionally approved COIs).

– Responding to allegations/request for guidance. Do employees feel comfortable seeking guidance on possible COIs? Are investigations truly independent? Are violations of the COI policy treated with sufficient seriousness? Does the company conduct a “lessons learned” analysis of significant COI failures?

Of course, there is much more that could be included in a COI self-assessment (and I encourage you to browse the blog for ideas in this regard). But hopefully the above will be a useful foundation for starting.

 

 

Should the fight against conflicts of interest be treated as a national priority?

President Biden recently received well-deserved attention for declaring the fight against foreign corruption to be a national security priority. Should conflicts of interest be viewed  in the same manner?

In particular, how much does it matter that organizations, individuals and governments pay close attention to identifying and mitigating conflicts of interest?  One way to answer this question is to consider – as I used to ask students in my business school ethics class to do  – what the world would look like without such focus and sensitivity.  Below are some of the observations that I have heard from them over the years.

In “Conflict of Interest World,”

– Individuals might be reluctant to take the medicines that their doctors recommend for fear that those recommendations are motivated more by the doctors’ financial relationships with pharma companies than by the patients’ well-being.

– Individuals and organizations might not use financial advisors for fear that the advice they receive is driven by hidden, adverse interests – and would instead devote otherwise productive time to trying to become their own financial experts, resulting in a significant misallocation of capital as well as time.

– Organizations could hesitate to take a wide range of everyday actions for which they need to trust their employees and agents to do what’s right by the organizations – or would proceed only with highly intrusive and costly surveillance-like measures in place.

In short, Conflict of Interest World is a place of needlessly diminished lives, resources and opportunities.

Bottom line: a short visit to this unhappy imaginary world – a place of “all against all” – is a reminder of the vital role that sufficient attention to COIs play in our very real world. To my mind, this well deserves to be seen as a national priority.

 

New data on whistleblower incentives

Does offering financial incentives for reporting misconduct to the government in fact work?  Apparently, there is not much data on this point, as noted in a post on the Harvard corporate governance blog by Aiyesha Dey, Jonas Heese, and Gerardo Pérez Cavazos, all of the Harvard Business School .  However, they set out to fill this gap.

“To examine the effects of financial incentives on whistleblowing, we exploit staggered decisions taken by U.S. Courts of Appeals that increase the financial incentives for whistleblowing under the [False Claims Act]  specific judicial districts. We find the following three effects. First, we find that whistleblowers file a greater number of lawsuits in district courts following decisions that increase financial incentives for whistleblowing. However, we do not find a reduction in the fraction of allegations reported internally before the filing of a lawsuit. Second, we find that the DOJ increases the investigation length for allegations filed in treated courts. Third, we find an increase in the percentage of DOJ-intervened lawsuits and the percentage of settled lawsuits. In sum, these findings support the view that cash-for-information programs help to expose misconduct. Our findings show that whistleblowers respond to financial incentives by filing additional lawsuits, which the DOJ investigates for a longer period and that are more likely to result in a settlement. These findings are inconsistent with the critics’ view that greater financial incentives for whistleblowers primarily trigger meritless lawsuits.” (Emphasis added.) (Note: they also report on  some interesting data on the financial impact of whistleblowing on the whistleblowers themselves.).

So, good news for supporters of incentives for whistleblowing.

But if offering financial incentives works for the government shouldn’t companies implement reward programs for internal reporting by employees?

To my knowledge the first business to try this was Bear Stearns, many years ago.  The firm has long since gone out of business and I don’t recall  whether this practice was seen as successful in its time.  In any event, not many have followed since.

I have indeed cautioned clients against going this route. My primary concern is that paying for information can be seen as inconsistent with the important – indeed solemn – obligation that employees already have to protect their company.  This obligation goes well beyond reporting suspected wrongdoing, touching the many ways employees can support and promote the efficacy of a C&E program.

 

 

 

Caremark and caring about carelessness

Samuel Johnson once said: “It is more from carelessness about truth than from intentionally lying that there is so much falsehood in the world.” And carelessness is obviously at the root of many other types of wrongdoing too.  But what does this have to do with the liability of boards of directors in connection with ESG failures?

In a recent posting in the Harvard Law School Forum on Corporate Governance the Wachtell Lipton law firm argues: “the Caremark doctrine—which requires directors to monitor enterprise-level risk and is newly invigorated by recent Delaware court rulings—is the likely tool of choice for plaintiffs complaining about board inaction in the face of climate-related exposure.”

How should companies and boards mitigate the risk of Caremark liability? Per the Wachtell memo: “Firms throughout the economy—anyone who manufactures, sells, or finances products that are implicated in environmental harm—should be preparing today for governance, regulatory, and litigation challenges. Thus, among other steps: Companies should focus on robust disclosure of climate-related economic and business risks. Management and boards should consider new playbooks and strategiesfor engaging with institutional shareholders, asset owners, and even activist investors focused on climate and other ESG-related issues. Boards should ensure regular consideration of climate-related risk, oversight structures, and robust documentation of risk-management and monitoring efforts. Companies that take these steps, and then tailor bespoke responses to any remaining climate-related risks, will earn goodwill with regulators and investors and be better prepared to weather the climate-litigation and climate-activism storm.”

This is sound advice from the perspective of companies, officers and directors. But is the underlying legal regime – particularly the Caremark doctrine – up to the gravely important task of protecting society as a whole from the ravages of climate change?

In A Simple Model of Corporate Fiduciary Duties: With an Application to Corporate Compliance WC Bunting of Temple’s business school  notes that compliance failures  by boards are currently  cognizable under Delaware law based on  the duty of loyalty, not the duty of care — – even though the latter would make more sense.  He writes: “the optimal judicial approach would define the duty to monitor as a subset of due care–and not loyalty.”

The reason he suggests this is that “that compliance is fundamentally about inducing effort” by managers more than it is about honesty. Lack of effort seems more a matter of failure of care than it is failure to be loyal.

Does this matter? To draw again from the Samuel Johnson treasure trove of memorable sayings, the change of law proposed by Bunting, could help focus the minds of directors on a subject that is truly life or death.

 

Drafting and reviewing conflict of interest policies

Here is my latest column in Compliance Ethics Professional – on drafting/enhancing conflict of interest policies.

I hope you find it useful.