Conflict of Interest Blog

Does your company need a stand-alone conflicts of interest policy?

Last month, Pro Publica published an extensive report regarding a dispute on whether Goldman Sachs should be sanctioned by the Federal Reserve for failing to have a firm-wide policy on conflicts of interest.  An examiner for the Fed had argued in favor of such an action but the firm contended – successfully – that the COI provision in the company code of conduct coupled with COI policies for various of its divisions was good enough.

At least for C&E aficionados, the story is an interesting one (and the issue, in my view, a close call), particularly given Goldman Sachs’ recent COI history.  (See this post and this one.)   But for readers of this blog the piece may be most useful as an occasion to ask: Does my company have the COI policy that it needs?

To begin, a great many businesses don’t need a stand-alone COI policy. For many what’s in the code of conduct is policy enough. But there are, in my view, quite a few companies that should have stand-alone policies but don’t.

Five things to ask in a COI policy needs assessment

Certainly where companies have client relationships that could give rise to COIs there is a good reason to have a stand-alone policy, as such businesses generally face a greater array of COI risks than do others. Such risks tend to warrant a fuller discussion of COI standards and mitigation than can fit into a code of conduct. Put otherwise., companies that have relationships of trust with clients tend to have higher COI risks – both in terms of likelihood and impact – than do other sorts of businesses, and that should be reflected in how formal and extensive the related mitigation should be.

But other types of organizations should  consider drafting stand-alone policies too, at least if they:

- Have had more than their share of COIs in recent years, as a stand-alone policy can help signal to key constituencies resolve in dealing appropriately with COIs.

- Face more diverse, complex, non-obvious or culturally challenging COI possibilities than the average company has.  The more there is to say about different sorts of COI risks, the greater the need for a stand-alone policy, as there simply won’t be enough room in the code to do justice to all pertinent issues.

- Have significant COI-related process needs – in such areas as disclosure, management and auditing. Here too the code may not offer enough space to deal with the company’s requirements.

- Face heightened COI expectations for other reasons (e.g., non-profits, or other organizations that could be held to a “Caesar’s wife” standard of ethicality).

And don’t forget organizational justice

Even companies that don’t fit into any of the above categories should consider developing a stand-alone COI policy as a means of promoting “organizational justice.” As noted in this earlier post: “The special harm that COIs can cause to organizational justice arises from their frequently personal nature: because COIs often involve a personal benefit to an individual employee that is denied to others, the latter (i.e., rule abiding employees) can feel personally harmed (from a relative perspective) by the COI in a way that they would not feel, for example, with an antitrust offense or violation of export regulations.” Implementing a stand-alone COI policy can thus, in my view, help elevate the confidence employees have in the overall ethicality of their companies. Of course, to do so the policy must be sufficiently promoted and enforced.  But being successful here could have a ripple effect – by enhancing trust that management is committed to doing the right thing generally, which can be utterly vital to compliance and ethics program efficacy.

Note that while this consideration presumably applies to all companies, it does not mean that all companies need stand-alone COI policies.  But it is a factor that all companies should weigh in determining whether to implement such a policy.

Drafting a policy

If one does opt to create a stand-alone COI policy there are obviously lots of choices to be made in determining the content of the policy, and the links below to prior posts in the COI Blog might be useful in that regard.

To start, you might see this overview,  which includes links to several leading companies’ policies (that could be helpful samples from a form – as well as substance – perspective).

Regarding the key question of what COIs to address in the policy, a fairly comprehensive list is included in this post about certifications (the content of which is equally applicable to policies).

Here are some more specific discussions:

-  G&E generally  and gifts between employees.

Supervising family members in the workplace.

Moonlighting.

- Serving on another company’s board.

Next, regarding standards for allowing COIs to continue and related process issues, see this post and this one.

Finally, note that within the above posts there are links to many other posts and resources that might be useful in drafting or revising a COI policy.

The complicated and consequential world of compliance “checking”

Over time, companies should devote an increasingly greater amount of C&E program effort/resources to “checking” – auditing, monitoring and other forms of self assessment.  More than two decades after C&E checking became the law of the land, one can imagine how little sympathy the government would have for a company that tries to get “credit” for its C&E program but which had taken insufficient steps to determine if that program was in fact fit for purpose.

However, if the need for checking is clear, where to start  (or what step to take next) may not be. Both as a conceptual and practical matter, this can be a daunting area to tackle given the many types and dimensions of checking available.

In a complimentary web cast sponsored by The Network on January 20, 2015 at 1:00 pm Eastern, I’ll try to survey the world of C&E checking, describing relevant legal expectations and best practices that apply to both the risk area and the general program dimensions.  I’ll also discuss practical measures that companies can take to begin or improve a regime of C&E checking – in effect, a needs assessment for one’s C&E auditing, monitoring, program assessment and risk assessment.  Finally, I’ll consider what the impact of “behavioral ethics” should be on C&E checking.

Postscript:  more than 500 C&E folks attended the web  cast live and another 400 are getting the recorded version.   If you’d just like the slides, please click here.

Just friends? Chris Christie and Jerry Jones

A long time ago – before Enron, World Com and Sarbanes-Oxley – business ethics issues in general and conflicts of interest compliance requirements in particular had little prominence in the work lives of the average employee.  But now – through codes of conduct, policies, training, certifications, hotline calls, investigations and discipline – that has changed.

Of course, not all ethics issues are of equal interest to all employees.  But COIs tend to be high on the list, because of their inherently personal nature.  In the post-Enron era, employees who used to be allowed to receive hospitality from suppliers often now are barred from doing so.  And to a large degree they accept that as being good for their companies and therefore ultimately good for themselves – so long as the rules apply to everyone equally.   Indeed,  when one of their colleagues breaks those rules the hotline can ring off the hook – often motivated not by jealousy but a sense of fairness that is truly innate to the human species. (For more on the evolutionary foundation of fairness as a moral value see this chapter from Jon Haidt’s The Righteous Mind.)

Over the past week, the story of NJ governor and presidential aspirant  Chris Christie  and family being flown to a Cowboys game in Dallas by the team’s owner Jerry Jones and being entertained in Jones’ sky box has been oft told in the press and echoed by football fans throughout the country too.  The COI issue is that a company in which Jones was a significant investor received a lucrative contract with the Port Authority, an entity over which, as governor of New Jersey, Christie has powerful influence (and also an entity which has been plagued by patronage).  Here is an article from In These Times  with more details about the story.

Christie’s defense is that he and Jones were  personal friends. While it is true that the relevant NJ ethics code does permit gifts from personal friends, this cannot mean what the governor claims as that would essentially permit any government employee to receive a gift from any vendor by declaring his or her friendship with that vendor. Not only would such a loophole gut the ethics law, it would encourage vendors and government employees to become real friends  - thereby making the COI worse and further discouraging ethical vendors from competing for the government’s business. (For the details of the purported Christie-Jones friendship see this story  - in which the governor says the friendship started only a few months after Jones’ company got the Port Authority contract, which underscores that this is not the kind of relationship for which the gift exception was designed.)

As a former federal prosecutor who brought many corruption cases, the governor almost certainly knows that this interpretation of the ethics law is untenable.* But as a politician with his eyes on the White House he seems to have made the choice that his “jury” – potential voters – won’t care.

Years ago, another brash politician – the first Mayor Daley of Chicago – was caught in a conflict of interest involving a family member getting government business, and responded:  “If I can’t help my sons, then [my critics] can kiss my ass. I make no apologies to anyone.”  Given the broad tolerance for COIs at the time,  it is not surprising that this didn’t seem to hurt him (at least from what I recall about the incident).

But in the post-Enron era that way of thinking may no longer make sense.  As noted above, many American workers are reminded constantly about the importance of an ethical approach to COIs – and know that if they tried to do something like what was done here they would probably be fired.  And the obvious unfairness of a double standard like this could end up hurting Governor Christie in ways that the late Mayor Daley could not have imagined – but which the governor should have foreseen.

___

* The Justice Department’s example of when the personal relationship exemption to gift rules applies:  Jenny is employed as a researcher by the Veteran’s Administration. Her cousin and close friend, Zach, works for a pharmaceutical company that does business with the VA. Jenny’s 40th birthday is approaching and Zach and his wife have invited Jenny and her husband out to dinner to celebrate the occasion. May Jenny accept? Yes.Gifts are permitted where the circumstances make it clear that the gift is motivated by a family relationship or personal friendship rather than the position of the employee.

Some other reading of possible interest:

A story from several years ago about a Justice Department Inspector General Report finding travel expense abuses by Christie when he was a US Attorney.

An earlier post on attendance at sporting events and COIs.

 

Scoping out your C&E program/risk assessment

This is the season when companies often turn their attention to planning for C&E risk and/or program assessments in the year ahead.  But often such efforts are stymied by a threshold challenge: what is the scope of the assessment?

My latest risk assessment column on the Corporate Compliance Insights aims to help C&E officers dealing with this often gnarly issue.

I hope you find it useful.

Behavioral ethics and reality-based law

Historically, one of the ways law has advanced is by becoming more “reality based” in general and accepting of social science information and ideas in particular. This is a legacy of the great Louis Brandeis.

In the latest issue of Compliance & Ethics Professional (on the second page of  the PDF) I ask whether behavioral ethics can play a role of this kind – by providing the social science basis for more C&E friendly law.  Another way to ask this: Is behavioral ethics and compliance ready for a “Brandeis moment”?

I hope you find it interesting.

Risk assessments for office romances

Perhaps the most celebrated story ever about a love affair is Anna Karenina  and the story doesn’t end well – as the distraught heroine throws herself under a train.  Office romances typically don’t end that way, but they are not without risks – particularly those involving senior leaders.

This is indeed an oft-told tale. Here is an earlier post on “frisky executives” discussing one such case from 2012.  Others around that time involved the CEOs of Lockheed Martin and Best Buy. And the latest in this line concerns the CEO of Johnson Controls.

As described in this article of a few weeks ago in the Milwaukee Business Journal, that CEO “failed to inform the corporation’s audit committee about the potential conflict of interest in his extra-marital affair with a consultant hired by the company.”  The net result: a reduction “of his annual incentive performance plan payout to $3.92 million, down nearly $1 million.”

A few thoughts on this case, perhaps of use to any CEO conducting a pre-office affair risk assessment.

First, while the economic hit is high it seems justified for a high ranking official – anything less could be seen as a slap on the wrist. Indeed, one of the cases discussed in the “frisky executives” post also involved a million dollar penalty. So, don’t expect economic leniency.

Second, consider the risk to the other party. In the case of the Johnson Controls executive, she was a consultant in a firm that lost an apparently long standing client in the scandal. No surprise there either.

Finally, while disclosure is necessary it may not be sufficient to prevent harm.  That is because even if an actual COI can be avoided the appearance of a COI might be inescapable – as the natural suspicion among others in the workplace could be that with the relationship comes workplace favoritism. For more on how some  apparent COIs simply can’t be mitigated by disclosure see this post.

(Thanks to COI Blog reader Don Bauer for letting me know about this story.  And, happy new year to all.)

 

Business ethics research of interest to your whole company

In this article from the most recent issue of Ethisphere magazine Jon Haidt of NYU and I take readers on a tour of the Ethical Systems web site. ”EthSys” offers  cutting edge social science research that should be of  interest not only to C&E professionals but also  to board members and executives; to those working in finance, law, HR, audit and procurement; and to many others in the workplace as well.

The ideas and information on EthSys can be helpful in developing C&E training, drafting ethics sections of employee newsletters and in other types of  company communications.  This knowledge can enrich the ethics-related dialogue in workplaces by turning what sometimes seems like a dry and static subject into a compelling and dynamic one.  It can help leaders lead ethically – and show that the same sort of social science findings and insights that increasingly are seen as key to running a profitable business are also essential to running an ethical one. It can also be useful in designing risk assessments; creating various types of policies and procedures; and crafting recognition strategies to promote ethical behavior.

And, that’s only part of what EthSys can do for your company.

So, take the tour yourself.

With a little help from my friends – the why and the how of C&E program liaisons

In large and widely dispersed organizations, compliance and ethics program liaisons often play an essential role in ensuring program efficacy. Among other things, they can help extend the reach of the program  – both geographically and deeper into the business. Their knowledge of local culture, law and business personnel and operations can be vital broadly to gaining acceptance of the program throughout the enterprise and more specifically to a host of C&E functions, such as risk assessment. But for many reasons establishing a liaison role can be very challenging, and one should be mindful of the keys to success and things to avoid before setting down this path.

In  this article in the most recent issue of Compliance and Ethics Professional, my partner Rebecca Walker provides a comprehensive overview of  this increasingly important component to effective C&E programs.  I hope you find it useful.

The cost of director and officer conflicts of interest just went up

In the vast realm of conflicts of interest those involving boards of directors tend to stand out. That is because part of the reason the role of corporate director even exists is to mitigate the conflict-of-interest-type tensions (which fall under the broad heading of “agency problems”) that managements may have vis a vis shareholders.  Moreover, while the role of officers obviously differs somewhat from that of director, the duty of loyalty that both owe shareholders is the same.

Director and officer COIs can arise in many settings but often the most consequential of these involves mergers. And, as described in a post last week in the D&O Diary:  ”Within the past few days, two merger objection settlements – one involving Activision Blizzard, Inc. and the other involving Freeport-McMoRan, Inc. — have been announced involving massive cash payments,… The Activision settlement may represent the largest cash settlement payment ever in a shareholder derivative lawsuit.” The post further describes that “[t]he common feature of these two cases that may account for the magnitude of the cash payments seems to be the conflicts of interest that were alleged to be part of the challenged transactions.”

The specific facts of these two cases – both of which are complex, as COI cases involving mergers typically are – may be less important than is what they (and another one last year involving News Corp, which is discussed in the same post) may mean for insurance costs to companies: “The rise of jumbo shareholder derivative lawsuit settlements has a number of implications. Among other things, it is a topic that will have to be taken into account as D&O insurance buyers consider how much insurance they will need to ensure that their interests are adequately protected.”

While most directly relevant to risk managers and others in companies in charge of securing D&O coverage,  I think C&E professionals also need to know about this development – because directors and officer of their companies  likely will and will be concerned about it.  And, hopefully this awareness will contribute to a greater overall sensitivity at high levels in companies to COIs generally – meaning that this may be a good time to train (or retrain – or schedule training of) your directors and officers on COIs.

For those looking to develop such training, here is a prior post on that topic.  And here are some other posts, portions of which might provide helpful ideas or information for training boards on COIs:

- Friendship – and the ties that blind (directors to conflicts of interest).

- CEOs’ ethical standards and the limits of compliance.

- Are private companies more ethical than public ones?

- Catching up on the backdating cases

- Behavioral ethics training.

- Catching up on CEO COIs.

- Catching up on director COIs.

- The largest derivative lawsuit settlements (from the D&O Diary).

Here are some pertinent words of wisdom from two good friends of the blog: Steve Priest (on keeping ethics training real) and Scott Killingsworth (on mitigating C-Suite risks).

Finally, if you are training your board, and want to use the occasion to look beyond the COI area to general C&E oversight by directors this recent article by Rebecca Walker and me  from Compliance and Ethics Professional magazine might be useful.

 

 

Operational transparency and internal selling of C&E programs

While all companies try to “sell” their  C&E programs, often such efforts are  not particularly robust. And that’s too bad, because the need for effective C&E program selling measures is considerable.  This is due in part to the behavioral ethics/psychology-related phenomenon that we tend to overestimate how ethical we are, which leads us to underestimate how much we need the kind of help that C&E programs can provide.  Also relevant here is the moral hazard/economics-related phenomenon that leads to a misalignment of risk vis a vis rewards in many companies when it comes to C&E, meaning that the internal “market” for C&E services in many companies is not an efficient one.  On top of both of these challenges is, at least in some companies, a growing sense of  “compliance fatigue.” With all these forces aligned against them, what should C&E professionals do to sell their programs in an effective manner?

A few years ago, in a paper published in Management Science – “The Labor Illusion: How Operational Transparency Increases Perceived Value”  - Ryan W. Buell and Michael I. Norton, both of the Harvard Business  School, reviewed the results of experiments involving  the near-ubiquitous experience of consumers reacting to wait times on web sites. They found that “when websites engage in operational transparency by signaling that they are exerting effort, people can actually prefer websites with longer waits to those that return instantaneous results—even when those results are identical.”   While the context is obviously not at all specific to C&E work, the general learning about individuals valuing services more positively when they understand the amount of effort involved in providing those services seems broadly applicable,  and worth considering for possible lessons to those seeking to “sell” C&E programs.

Operational transparency can, of course, play a role in C&E programs in various ways – most obviously through the day–to-day work of compliance officers in training on and otherwise communicating about a company’s standards of business conduct, work which is presumably well understood in a company.  Beyond this, employees generally have some understanding that a C&E officer receives and responds to reports of suspected wrongdoing. But there is, of course,  much more to a C&E program than these two functions, the depth and breadth of which is often unknown to (or under-appreciated by)  its  “customers”  – meaning the employees.

For some companies, what is needed to make a strong and positive impression on the work force is an annual C&E report.  Such reports typically summarize major efforts and accomplishments  of  a company’s C&E department in a given year, and thereby hopefully have the kind of impact that will make employees truly value what goes into the program.  To my mind, the opportunity to publish reports of this kind should be seen as “low hanging fruit” in more than a few companies – and I hope that C&E officers who don’t currently engage in this practice will revisit the issue at some point soon.

There are, however, two caveats to this suggestion.  First, in publicizing the work of a C&E department, one must be careful not to do anything that might indicate that the promise of confidentiality in responding to helpline calls and undertaking other sensitive inquiries could be compromised.   Second, as the authors of the paper state: “Whereas operational transparency involves firms being clearer in demonstrating the effort they exert on behalf of their customers—an ethically unproblematic strategy—inducing the illusion of labor moves closer to an ethical boundary,…” to which I would add that this should indeed be seen as over the line for any C&E professional.  More broadly, while C&E officers often should make greater efforts to sell themselves and what they do, they must be mindful of restraints that are particularly relevant to (with apologies to The Godfather) “the business [they have] chosen.”

For further reading see this post on annual C&E reports in Corporate Compliance Insights.