Conflict of Interest Blog

Compliance program standards of proof

The Chauvin trial in Minneapolis has caught the attention of much of the US, and rightly so, given the importance of the issues it raises and the highly compelling nature of the proof in the court. The case – like many highly public prosecutions – also provides the occasion for instructive civics lessons in various aspects of litigation.

One of these concerns standards of proof, with  commentators describing and discussing “proof beyond a reasonable doubt.” Another concerns the defendant’s state of mind, with possibilities including “depraved mind murder.”

Compliance officers sometimes deal with standards of proof and state of mind in connection with disciplinary procedures.  Less obviously, these issues can be relevant to conflicts of interest.

While some organizations bar conflicts of interest in all cases, many opt for allowing COIs  to exist where appropriate. But how should appropriate be defined for these purposes?

One formulation that I have recommended is: A COI may be approved only where doing so would clearly be in the best interest of the company.

Two comments about this.

First, the word “clearly” is intended to require a showing greater than a mere preponderance of the relevant facts. Of course, it is not as high as “beyond a reasonable doubt,” which, in my view, would be widely seen as too much in this setting.  But, it is still a high standard  and presumably would require rejection of any proposed COI where there was a lack of genuine clarity on this issue.

Second, the “best interest of the company” should be read broadly. It requires more than an absence of corruption or other  outright misconduct. Rather, it also mandates consideration of how  the COI at issue could impact the ethical culture of the organization and related matters.

A behavioral ethics and compliance primer

Published by Ethical Systems.

In praise of Goldilocks compliance

My latest column in C&E Professional.

I hope you find it useful.

Defamation as a compliance risk area

Dominion Voting Systems recently sued Fox News and two of President Trump’s former lawyers – Sydney Powell and Rudolph Giuliani – for their statements that Dominion had engaged in election fraud in connection with the 2020 presidential election. This could have profound adverse affects on the defendants. (Among other things, Dominion is suing Fox for $1.6 billion in damages and Powell for $1.3 billion.)

While of special relevance to the defendants, C&E professionals from all companies should use the occasion to consider if they have defamation risks of their own.

Defamation is generally not in the first tier of compliance risks for corporations, the way that corruption, antitrust and fraud tend to be. But second-tier risks can still be significant, as discussed in this recent post in the FCPA Blog.

Here are some brief thoughts and questions on defamation and compliance:

– Risk assessment. What kind of communications do your salespeople have about competitors? What about their salespeople communicating about your company?  Given the nature of the products and services you sell does defamation seem reasonably likely?

– Policies. Defamation should be mentioned in the code but generally need not be a standalone section. (It can often be part of a general sales compliance discussion.)

– Procedures. For high-risk areas, companies should consider preapprovals by the legal department or other control functions.

– Auditing or monitoring. Internal auditors should, for high-risk areas, be trained on defamation risks. And, for such areas, consider requiring monitoring.

– Training. For his risk companies consider including defamation in the code course. And for higher risk individuals consider targeted in-person training.

– Third parties. As with  other  risk areas third-parties can pose special C&E challenges and so should be focused on in the risk assessment.

There’s much more to be said about this topic but hopefully this post will help some companies get started.

Moral hazard and ethical habits of mind

“Moral hazard” means the provision of incentives that encourage unduly risky conduct by shifting the impact of a bad decision to a party other than the decision maker.   Perhaps the most consequential area of moral hazard ever is climate change, as those individuals most likely to bear the brunt of it (young and not-yet-born people) are largely different than those creating the risk of the harm.  Another example is refusing to receive the COVID-19 vaccination, as this puts others at risk. However, individuals who do this are also putting themselves at risk– so this can be considered a case of partial moral hazard.  Still, even a partial moral hazard can, in some circumstances (like these), have grave consequences.

Moral hazard  – an economic concept – dovetails somewhat with the behavioral ethics phenomenon of “victim distance,”–  a psychological one.     That is, the more distant we are from the possible victims of our actions the less weight we’ll likely give to their interests.

Together, these two phenomena present formidable challenges to companies and individuals seeking to promote compliance and ethics (“C&E”), because they may negatively  shape habits of mind that may affect behavior in ways that are difficult to dislodge.  This is true not only of workplace ethical issues but also in other realms as well.

But habits of mind can be forces of good too. Indeed, the full promise of C&E programs goes beyond the business realm to nurturing habits of mind that can be helpful to addressing a wider range of challenges than traditional corporate law abidance and ethicality. Among other things, such habits could include thinking systemically about risk, having a deep appreciation for the interests of other individuals, insisting on transparency where it is reasonable to do so, embracing meaningful approaches to accountability for doing what is right and for stopping what is wrong and protecting truth telling at all costs.

None of these ways of thinking were invented by C&E practitioners. But for many millions of Americans and others there is now a steady reminder through C&E programs of the importance of thinking in these and related ways – and this could provide a foundation for promoting greater ethicality in the broader societal realm, including addressing moral hazard.

There is a lot more that can be said about how ethical thinking in one realm can inspire and support such thinking elsewhere. See this prior post for the somewhat similar suggestion that ethical thinking in the private sphere can strengthen C&E in the business world.  Here is another

Conflicts of interest: the role of norms

There has lately been much discussion of norms in the realm of politics and governance.  But norms are also important in the business world, particularly  those established within a profession.

In Regulating Conflicts of Interest Through Public Disclosure: Evidence From a Physician Payments Sunshine Law, Matthew Chan of William College and  Ian Larkin of  UCLA  Anderson  review the literature and report on the results of their recent study in the area of pharma companies providing things of value to prescribing physicians and legal mandates to make disclosure in Massachusetts, which has such a requirement, and several  other states which don’t. They also conclude with an interesting thought about the role of norms in COI mitigation.

In particular, they show a significant post-disclosure reduction in brand name drug prescriptions by Massachusetts physicians, relative to control doctors in other states. These effects are driven by heavy prescribers of brand name drugs in the pre-policy period, particularly for drugs with large pre-policy sales forces. Effects are also detected before the first data were released, implying that the effects are not because patients or administrators responded to the disclosed payments. Instead, some physicians may have reduced payments after disclosure is mandated, leading to changes in their prescriptions. Taken in tandem with the many studies showing that industry payments influence prescribing, this study suggests a strong role for mandatory public disclosure in reducing conflicts of interest in medicine and costly prescribing of brand name drugs.

They further note:

These results carry important managerial implications in healthcare. For health care managers and officials concerned with the effects of pharmaceutical marketing on prescription drug costs, increasing the coverage of disclosure or making disclosed payments more salient (e.g. by implementing hospital-wide communications or campaigns) may be an effective method for changing physician behavior. Other physician conflicts of interest may also benefit from disclosure. For instance, the “Total Transparency Manifesto” and the “Who’s My Doctor?” campaign advocates for physicians to disclose all sources of potentially conflicting incentives, including incentives for ordering additional tests or procedures (Wen 2013; Sifferlin 2014). Approximately 70% of surveyed physicians believed that clinicians are more likely to perform unnecessary procedures when they profit from them (Lyu et al. 2017); disclosure of these payments may be worth exploring, especially as alternative pay structures continue to be introduced into the field, thus making fee-for-procedure structures more optional.”

.They conclude with the following:

These results may also carry important implications for how managers and officials manage conflicts of interest even in non-healthcare settings. The principal-agent problems inherent in drug prescribing, where an informed expert makes important decisions for an uninformed principal, are found in many other industry settings such as retirement planning, consumer insurance, mortgage origination, and legal advice, to name a few. However, within medicine, there are norms (such as the Hippocratic Oath) that place great importance on earning a patient’s trust (Sah 2019); since our results suggest agents must care about appearing unbiased in order for disclosure to work, it remains for future research to test whether disclosure is effective in settings where such norms are not as heavily emphasized. Nevertheless, the results in this paper suggest that disclosure is at least worth exploring further in these contexts, despite the literature on the pitfalls of disclosure,

As a COI generalist, I am particularly interested in the notion that unlike the other professions they mention, “within medicine, there are norms…”  Of course, in light of the striking statistic that “70% of surveyed physicians believed that clinicians are more likely to perform unnecessary procedures when they profit from them” one might wonders what the real norms are.

But still, the point is an important one, and I do hope that there will be future research conducted along the lines they propose.

Assessing your conflict of interest compliance program

Under Department of Justice standards for the government’s evaluating compliance & ethics (C&E) programs companies should undertake program self-assessments from time to time.

What does this entail? At a minimum, it should include assessing the general components of the C&E program (e.g., compliance office, helpline, training) as well as corporate culture.  And, for many companies, a “deep dive” into substantive areas of high risk, such as anti-bribery and competition law, should be be within  the scope of the assessment.

Somewhat less common is companies assessing their conflict-of-interest (“COI”) compliance programs. This post will offer some ideas for use in conducting such an assessment.

Process

At the outset, I wish to stress that a COI program assessment need not be a standalone process. Rather, companies can – and in most instances, should – make it part of the larger program assessment.

Is COI included in your risk assessment?

Note that what this question asks is more than just whether there are actual COIs at the organization in question. Rather, the inquiry is about how likely and potentially impactful COI risks are.

As a practical matter this means:

– Determining how culture affects COI likelihood – as a matter of organizational, geographic and industry culture. Note that while the first two types of culture are commonly the focus of risk assessment, the third – industry culture – generally is not, but (in my view) should be,

– Determining what the opportunities for COIs are.  This is a matter of having adequate financial controls, of course, but also entails looking at the “supply side” of opportunities to enter into COIs,

Note that there is no particular formulae for this. What is required is an act of “informed imagination.”

Also, it is particularly important to ask the impact question with COIs, because such impacts are often dismissed as “harmless.” Focusing on impacts in a COI risk assessment can help show why that is not the case.

COI policies and procedures

Presumably almost all companies have COI provisions in their respective codes of conduct, but not all have standalone policies. The latter aren’t typically mandatory but are generally a good idea where the subject may be too complex for a code provision to cover completely.

The most important topic for COI policies and procedures often concerns disclosure/approval. As a general matter disclosure should be made to – and approval required of – compliance, legal or HR. Allowing approvals by line supervisors – if necessary – should still entail notice to compliance, law or HR.

Training and communications

These should be driven by the risk assessment, and there is clearly no one size that fits all when it comes to COI training and communications. However, a fairly typical approach for a medium risk company would entail:

– COI as a module in code of conduct training for all employees delivered every year or two.

– Other training on a risk-based basis (such for managers or procurement).

– Other communications on a risk-based basis (e.g., about gift giving – to be disseminated during the holidays).

Auditing and discipline

Companies often review COI case files as part of site audits.  Whether to do this – or other auditing – should be informed by the  risk assessment.

Finally, from an organizational justice perspective, it is important that COIs be handled in a fair way. While fairness is important  to how all C&E issues are resolved this is particularly so for COIs  – given that COIs have an obvious personal dimension, e.g., hiring  or promoting a relative arguably hurts other mployees more  than other offenses would.

Liability of corporate officers: new developments

The liability of corporate directors is well-trod territory.   But what about corporate officers?

In a recent issue of the Harvard Law School Forum on Corporate Governance          /    Edward Micheletti, Bonnie David and Andrew Kinsey of  Skadden, Arps, Slate, Meagher & Flom LLP, write: “More than a decade ago in the seminal case Gantler v. Stephens, the Delaware Supreme Court clarified that officers of Delaware corporations owe the same fiduciary duties of care and loyalty that directors owe to the corporation and its stockholders.” But “until recently, officer liability cases were still few and far between. Over the past year, however, stockholder plaintiffs have increasingly pursued claims against officers for breaches of the duty of care.”

Note that the cases described in the Skadden memo involve deal litigation – not compliance program oversight, which is the setting for Caremark   the case which paved the way for fiduciary liability against directors and officers. But there is, to my knowledge, nothing preventing such a case against officers, at least as a general matter.

What should be done with this news? It should be the subject of training not only of corporate officers but also of the directors who oversee the officers and the chief compliance & ethics officer who helps the others keep fiduciary duties top of mind.

Compliance thought experiments

My latest article in CEP.

I hope you enjoy it.

“Maginot Line” compliance

A post in the FCPA Blog on spending too much effort looking backward in risk assessments.

I hope you rind it interesting.