Edited by Jeff Kaplan
|
Conflict of Interest Blog
|
Last Friday I spoke on how to encourage reports of suspected violations and prevent retaliation at the SCCE NE Regional C&E Conference. In the presentation – the slides for which can be accessed here – I examine:
- The uniquely powerful (in the C&E world, that is) legal drivers for strong program efforts in this area.
- The many relevant do’s and don’ts in code of conduct drafting. (Note that while I tend to think that codes play less of a part in the success of C&E programs than is often assumed to be the case, what is and isn’t in a code can play an outsized role in encouraging C&E reports, as the code might well be closely reviewed by a potential whistleblower seeking to determine just how sincere a company is its urging employees to report suspected violations.)
- The necessity of other policies – particularly an escalation one – in this effort.
- Various relevant forms of training and communications – particularly training managers how to respond when an employee reports a concern to them.
- Investigations and discipline, including the importance of seeking “organizational justice” in the workplace, and also the role that incentives can play in this area.
- Relevant governance, management, auditing, monitoring and self-assessment measures.
I hope you find some of it useful.
|
|
|
Within the world of conflicts, those arising from prior employment relationships occupy a particularly significant territory. (Indeed, one of the most notable COI cases of this – still young – year concerns the former head of a pension system helping a fund manager get business from the system.) In today’s post, I briefly explore different aspects of this part of the COI map.
First, the most consequential forms of conflicts based on previous employment tend to involve public-to-private sector transitions (as in the above-mentioned pension case), and here the relevant standards are generally defined by law. At least in the U.S., the rules for such transitions can be fairly restrictive, as reflected in this 2009 memorandum from the Gibson Dunn law firm relating to employees of the federal executive branch and also in this discussion of relevant state law on the UCLA web site. Government employees and those who would hire them need to be very mindful of these rules and the latter should build into their hiring processes rigorous means for ensuring compliance.
Second, in terms of purely private sector employment transitions, restrictions of the above sort are less universal – and tend to be the domain of internal policy, rather than law. Here (on page 24) is a good example of one such approach from the Verizon Wireless code. Based on what I’ve seen over the years, this is an area where many companies have room to improve.
Finally, there are other less common COI-related employment transitions for which the inquiry goes beyond law or internal policy to something else – an ethical concern, with an element of public policy, perhaps. While difficult to define using current COI categories, these cases tend to be among the most interesting of the lot.
For instance, late last month, as reported in the Guardian, a report issued by the public accounts committee of the House of Commons in the UK charged that Deloitte, Ernst & Young, KPMG and PricewaterhouseCoopers “are using knowledge gained from staff seconded to the Treasury to help wealthy clients avoid paying UK taxes… [the firms provided] the government with expert accountants to draw up tax laws [but] went on to advise multinationals and individuals on how to exploit loopholes around legislation they had helped to write… Margaret Hodge, the [committee’s] chair, said the actions of the accountancy firms were tantamount to a scam and represented a ‘ridiculous conflict of interest’ which must be stopped.” Note that for various reasons (some of which are laid out in the Guardian piece) this doesn’t sound like a black-and-white issue to me, but it is indeed worrisome. And given the importance – not just in the UK, but pretty much everywhere - of enhancing the fairness and efficiency of tax systems, I imagine that it is the sort of issue that we’ll be hearing about more in the years ahead.
Finally, there is the story from earlier this year about Treasury Secretary Jack Lew having received a $685,000 severance payment when he left an administrative post at NYU for one at Citibank, which he subsequently left to return to government work – at which time he also got a bonus from Citibank. While the latter payment was contractually mandated, the former one was not and, as noted in this article, was “considered unusual by outside experts in benefits and raises questions about why a tax-exempt university would give a large exit bonus to an executive who was departing voluntarily.”
In light of the chronology, Lew was presumably not being paid by NYU to influence his exercise of specific duties as a government employee – and so this cannot be called a COI in the traditional sense. But it is also hard to see the severance as the school simply rewarding an employee for a job well done – especially since, in addition to a large salary, he also received a loan forgiveness valued at about $440,000. Moreover, given the path of his career (most of which was spent in public service, including holding some powerful posts) it doubtless seemed likely at the time he left NYU that he would at some point return to government in a high ranking position.
So in terms of where the Lew matter fits on our “map,” it may be most accurate to say that it has the spirit – if not the actual form – of a conflict of interest (although perhaps it could be called a COI “on spec”). But - along with other such cases - it may suggest a need to look at the adequacy of our current understanding of what a COI is, and consider redrawing the boundaries of what is out of bounds along the lines of common ethical sense.
|
|
|
Risk assessment is, of course, the foundation for effective compliance measures generally – and various prior posts describe what should be included in conflict of interest risk assessment. One of the keys to mitigating identified conflicts risks is through the appointment of a subject matter expert, as discussed here.
A risk action plan is a tool for having SMEs identify and help to address C&E risks. In a post earlier this week on the Corporate Compliance Insights web site, I discuss four practice pointers for success in designing and implementing such plans. While not focused on any one type of risk, I think the approach in the CCI piece could be particularly useful to mitigating COI (as well as other) risks in some organizations, given how diffuse COI risks often are in businesses.
|
|
|
In his blog on the Ethics Unwrapped website published by the University of Texas’ McCombs School of Business, Prof. Robert Prentice reviews some important recent research on the behavioralist phenomenon of “conformity bias” – “the tendency of people to take their cues as to the proper way to think and act from those around them.” As he describes, in one experiment conducted by Francesca Gino, “students were more likely to cheat when they learned that members of their ‘in-group’ did so, but less likely when learning the same about members of a rival group.” In a related vein, a study by Scott A. Wright, John B. Dinsmore and James J. Kellaris showed that the identity of the victim was also influential in forming individuals’ views of cheating – and specifically that “in-group members who scammed other in-group members were judged more harshly than in-group members who scammed out-group members.” (Citations/links to these and other studies on conformity bias can be found in Prentice’s post – which I encourage you to read.)
As with various other behavioral ethics concepts previously reviewed in the COI Blog, the ideas here may seem obvious (“When in Rome…”) – but being able to prove the points with data could help C&E officers get the attention they need in their companies to deal with conformity bias based ethical challenges. But even if the leaders in their organizations agree that something should be done about conformity bias, what is that something?
One step in this direction – which potentially covers a lot of ground – is to include a conformity bias perspective in C&E risk assessment. For instance, where, based on the findings of a risk assessment, the victims of a particular type of violation are likely to be seen more as out-group members than in-group ones, that may suggest the need for extra C&E mitigation measures (of various kinds) to address the risk area in question. Similarly, risk assessment surveys should (as many, but not all, currently do) target regional or business-line based employee populations that may be setting a bad example for other member employees. Additionally, one should – for the purposes of identifying conformity-biased based risks – consider whether for some employee populations the most relevant in-group is defined less by the culture in your organization but rather by that of members of their industry, as industries (as much as companies or geographies) can have unethical cultures (as suggested most recently in this Wall Street Journal story on the LIBOR manipulation scandal).
More broadly, just as the sufficiency of internal controls (policies, procedures, etc.) need to be assessed in any analysis of risk, so do “inner controls,” which is another way of thinking about how various behavioral ethics related factors diminish or enhance the risk of C&E violations. That is, the weaker the inner controls (based not only on conformity bias but other risk causing phenomena, behaviorist or otherwise), the greater the need for traditional internal controls.
A second such type of measure – which also is potentially broad – is in the realm of training and communications, and specifically finding ways to highlight the connections employees may have to those who otherwise are likely to be viewed as out-group members. The good news here, as Prentice writes, is that “[a]mong the most interesting findings in this entire line of research is how little it takes for us to view someone as part of our in-group, or of an out-group.”
At least in theory, this seems to underscore the benefits of a broad “stakeholder” approach of C&E. Ultimately, however, what may be needed here is less the skills of those who draft codes of conduct than of those can reach us on a deeper level regarding how we should really view our “group” membership – as was perhaps most famously done by Charles Dickens.
|
|
|
In a case (previously featured in this blog) that the Department of Justice recently brought against S&P and its corporate parent McGraw-Hill based in part on S&P’s allegedly false claims that its ratings of certain financial instruments were free of COIs, the defendants last week filed a motion to dismiss on the grounds (among others) that such claims of ethicality were mere “puffery.” Readers of this blog may recall a case last year (involving Goldman Sachs) also based on allegations of false professions of ethicality in which a judge rejected a puffery defense, calling it “Orwellian.” On the other hand, S&P/McGraw-Hill has recently prevailed on a puffery defense in an lawsuit based on its ratings.
The court’s decision on the instant motion will, of course, be driven both by prior precedents (presumably those mentioned above and others) and also the specifics of the alleged operative facts, and other commentators will do a better job of dealing with these than the COI Blog could. So instead, I want to use this occasion to consider the broader issue of whether false claims of ethicality should, at least in some instances, be legally actionable, as S&P’s defense seems to suggest should never be the case.
To begin, the basic concept of a puffery defense is certainly logical, as one wouldn’t want every sales or marketing related exaggeration to be grounds for a lawsuit. Mike’s Coffee House should be spared an onslaught of litigation from customers if its claim of serving “the best coffee in the world” is something of a “stretcher.” The common-sense issue in all puffery cases is whether a false claim can reasonably be said to make a difference to a buyer and while the ethicist in me dreams of the day when ethics is a significant part of every commercial decision my lawyer self knows that that day hasn’t arrived (and probably never will).
Indeed, from a purely economic perspective, in many commercial settings, an ethics-related “stretcher” – while ethically deplorable – should not give rise to a lawsuit. If you buy a widget from a manufacturer that makes vague and false pronouncements of being an ethical company, the courts presumably will not order that damages be paid to you – because the widget is likely no less valuable due to the falsity of the proclamations. Moreover, making all false claims about ethics legally actionable could have the undesirable consequence of making companies less eager to speak publicly about their ethical efforts.
But then there are cases where the claim of ethicality is not – from an economic perspective – mere parsley on the plate, but is baked into the actual meal. And - again, without knowing what the evidence in the S&P case will be – it certainly seems possible that a ratings agency’s allegedly falsely claims that it has addressed conflicts of interest in its ratings would fall into that category, given a) how essential independence is to making a rating valid and b) the industry’s troublesome history in ensuring that its ratings are actually conflicts free. That is, unlike the hypothetical widget case, the user of credit ratings would presumably have zero commercial interest in a product tainted by conflicts of interest.
A final point from a historical perspective, which is that while there was a time when little beyond good intentions was expected of an organization claiming to be ethical that has changed in recent years. Owing in part to the Federal Sentencing Guidelines for Organizations and their progeny – as discussed here – companies are now expected to have effective policies, procedures, resources and accountabilities to support their good intentions. In determining what the users of S&P’s ratings could reasonably expect from that organization’s professions of ethicality one hopes that the court will take that important development into account.
|
|
|
Both government standards and sound management practices underscore the importance of business organizations periodically assessing their compliance and ethics (“C&E”) programs. But what should such an assessment entail? And who should conduct these assessments, and with what frequency?
I’m pleased to announce that on Wednesday, May 15 at 12 pm Eastern time my partner Rebecca Walker and I will join the Compliance & Ethics Leadership Council’s Leslie Altizer (Director - Legal, Risk, and Compliance Practice) and Abbott Martin (Research Director – Legal, Risk & Compliance Practice) in a comprehensive, complimentary web cast – Program Assessment: Meaningful Program Measurement – which will explore these and other key issues about C&E program assessments, including:
- How should program effectiveness be defined? How can it be measured?
- How can you garner feedback from employees and business partners in a program assessment, and what role should that feedback play?
- How should key program areas – such as risk assessment, training/communications, auditing/monitoring, encouraging and responding to reports of suspected violations, and board program oversight – be assessed?
- What does a “deep dive” into a high-risk compliance area, such as anti-bribery, entail?
- How can an assessment report be translated into a program enhancement action plan?
We hope that the web cast will provide a good amount of useful information for those with C&E program responsibilities, and that we will see you there.
Click here to register.
|
|
|
C&E programs rely, of course, on transparency. But they also require confidentiality. Most obviously, protecting confidentiality can be necessary for an effective system to receive and respond to employee C&E-related concerns. Perhaps less obviously, confidentiality can be necessary to ensure that a company analyzes and mitigates its C&E risks in an effective manner.
For instance, in the course of a risk assessment I was conducting a few years ago, the client’s compliance officer informed an employee of the need to be interviewed and what the topics of the interview would be. The prospective interviewee responded that this plan was utter madness, given that the results could be used, he thought, against the company by regulators and others. However, the compliance officer replied that the risk assessment was being conducted to provide the company with legal advice so that the results were confidential under the law – they could be used to help the company reduce C&E risks but would not provide aid and comfort to the company’s litigation adversaries. Based on this assurance, the interview went off without a hitch and the results were indeed helpful to the overall risk assessment – and the process had no adverse “side effects” (meaning unwanted disclosures).
However, the corporate attorney-client privilege is not a magic wand, and indeed an earlier post examined the issue of possible misuse of the privilege – and the consequences of such misuse. Today, we explore an approach to preventing problems of this sort – which, among other things, could leave a company’s sensitive information unprotected - from occurring.
First, to help create a foundation that will later support the assertion of the privilege, companies should (if they have not done so already) consider formally establishing and assigning the role of program counsel, i.e., designating an attorney to provide it with legal advice about the program. This assignment can be documented in an overall program charter (or what an earlier post referred to as a program “constitution”); the C&E committee charter, for companies with such a committee; the attorney’s job description – if using an in-house approach for this role; or the engagement letter – if using an outside counsel.
Second, counsel’s role in providing legal advice should be documented on an ongoing basis, such as in investigations, self-assessments and C&E committee minutes and agenda. With risk assessments, for example, at the initiation of the process the need for legal advice should be documented, as should the nature of the advice sought. Communications to interviewees should reflect this purpose, too. So, of course, should the final report, and one should restrict distribution of the report in a manner consistent with the privilege.
Third, companies should occasionally conduct reviews to ensure that the privilege is being protected appropriately. This might include reviewing investigation files and seeking to determine what legal advice C&E program counsel has in fact provided in connection with investigations.
Of course, as discussed in the first post, attorneys must be mindful that they do not attempt to construct a privilege around communications that are not in fact related to legal advice. For this reason, one should consider splitting C&E risk issues out of an Enterprise Risk Assessment, as the latter generally has little to do with legal advice. Similarly, it could be a mistake to attempt to “privilege” all audits – as opposed to those where legal advice is indeed being sought.
Finally, counsel must in fact give legal advice regarding the communications at issue. However, in light of the importance of law to C&E programs, doing so should not be a great challenge.
Indeed, by ensuring that the privilege is maintained in this way, one increases the likelihood that a company is devoting sufficient attention to C&E law, which, in turn, should strengthen its C&E program. That is, appropriate use of the attorney-client privilege can help to establish a “virtuous circle” in which the pursuit of confidentiality and program efficacy reinforce each other.
(As with the prior post on this topic, my discussion of attorney-client privilege is limited to US law – I don’t know enough about the privilege under nations’ laws to take a global approach to this tricky area.)
|
|
|
In today’s post we conclude our interview with Steve Priest. Information about Steve, and Part One of the interview, can be found here.
Should ethics training be a stand-alone offering or is ethics part of broader training (compliance, leadership, etc.)? Jeff, I wish I had 1%–even 1/10 of 1%–of the money companies have wasted on ethics and compliance training in the past 20 years. There is some evidence that training that is risk and role based—and is targeted, short and engaging—can improve employee perceptions of management commitment, and perhaps even decrease the likelihood that they will engage in stupid, unethical or non-compliant behavior. On the other hand, let’s look at the somewhat prominent school in Princeton, your beautiful town. Dan Ariely’s research there found that taking a week long morality course did not affect the rates at which Princeton students cheated in an experiment one week later. What did make a difference? A reminder right before the experiment about the school’s honor code. Short, sweet, targeted, proximate—these were the keys even before the Twitter/Angry Birds generation. So integration makes a lot of sense because we can have much more frequent, relevant touch points.
What works and what doesn’t when it comes to training boards on ethics? Same question with senior managers. In the past two months I had the opportunity to train the board of one of the world’s largest energy companies and one of the world’s largest retailers. In the latter case it was the third time they asked me. I think the secret is no secret: board members and senior leaders view themselves as very smart, successful, and ethical. And for the most part they are. Respecting that, and building training that is engaging and relevant to their roles and responsibilities works with senior leaders just like it does with front line employees. Cases and conversation make it real and relevant.
You’ve done ethics & compliance work in close to 50 countries. Can you describe some of the pitfalls that one can face when training without being sufficiently attuned to the local culture? A number of years ago I was conducting training in Moscow when a person raised his hand and said “You are from Chicago, right?” “Yes.” “Well, I am from Yekaterinburg, and we have hundreds of missiles aimed at you right now.” Usually the defensiveness is not so overt, but it is always in the room. The biggest danger is the perception of (misplaced) ethical superiority. That is, it is very easy for people to interpret that the reason that an American/Brit/etc. is coming over to conduct ethics/compliance training is because it is believed that the US/Great Britain is ethically superior to whatever country you are in. I address this head on first thing by talking about how I am from Chicago, listing several of the ethical challenges we have faced, and acknowledging that I don’t have all the answers but have become pretty good at thinking about these things. I also try to tap into local ethical heroes or foundations to illustrate that this is not a Western issue—ethics is important in every culture.
Thanks, Steve – wise words.
|
|
|
Steve Priest has had a storied career in the field of ethics & compliance. Over the past two decades he has, among other things, consulted “on the ground” in 48 countries on every continent with over 25% of the Fortune 200, trained more than forty Boards of Directors and senior leadership teams and written numerous codes of conduct. He has also conducted many E&C program assessments (and it has been my great pleasure to partner with him on a good number of these engagements). And so, I was delighted that Steve agreed to be interviewed by the COI Blog.
In your twenty years in the field, has there always been a tension between law and ethics and, if so, how has it changed? Jeff, I am not surprised that you ask the hardest question first. In most companies, most of the time, there is little tension. But in some situations fine attorneys trained in zealous advocacy may overweight an effective short term defense strategy and undervalue long term ethics and reputational considerations. Perversely, the high stakes now visible in many compliance areas have heightened this tension.
Is this tension positive, negative or a bit of both? Most of the time the legal thing and the ethical/right thing are the same, so there’s little or no tension. Now the rest of this will betray my ethics bias, but from my perspective when there is a tension it is NOT a good thing, because the short term legal emphasis often prevails over the longer term ethical perspective. Choosing the ostrich approach versus a “look and learn” model has prevented companies from conducting assessments or root cause analyses that could dramatically improve their operations. Defining a disclosure of an event of wrong doing as “in a gray area” rather than as the legal and right thing to do may provide a short term benefit, at the high risk of breaching trust with regulators.
What are some measures for companies to use each (ethics, compliance) to fortify the other? The primary measure is this: messaging to employees must consistently integrate ethics and compliance. Many employees have a knee jerk negative response to the word compliance. Just look up the definition in the dictionary to understand why. And, especially in highly regulated companies it has become segregated. Ethics, on the other hand, runs the risk of being marginalized as something merely nice to do. Put them both together in all messaging and you can tap into the strong preference employees have for doing the right thing and working for a company that does the right thing.
Do companies do enough to assess ethics – as opposed to traditional compliance – risks? No. Partly because it is squishier. Corruption risk assessment is easy—look at prosecutions, legal developments, Transparency International rankings, industry developments, reliance on third parties, etc. But assessing whether employees believe they can raise difficult issues, or that people are held accountable if they do the wrong thing—these questions can rarely be answered in a meeting room by a few people. And yet these attributes are probably more important in understanding compliance risk than the corruption probability in China. A company culture where employees believe they can raise difficult issues has lower risk of major problems in corruption, competition, money laundering, etc. because employees will raise concerns early and often. Conversely, if employees believe that the way to get ahead is to make your numbers and that living up the Code is not so important, then risks of corruption are substantially higher. Additionally, employee perceptions of the ethics of business practices can also serve as a canary in a coal mine for future compliance risks. Often employees have a sense that a practice “doesn’t feel right” or “isn’t fair for a customer” well before these practices gain the attention of the media, plaintiffs’ attorneys or prosecutors. So a good risk assessment has to understand cultural attributes, including the ethical dimension.
Steve can be reached at ethical@aol.com.
Part two of the interview will cover various challenges in providing effective ethics training.
|
|
|
