Conflict of Interest Blog

Nearly 1500 C&E professionals have downloaded the free risk assessment e-book

Have you?

It is available from Corporate Compliance Insights.

I hope you find it useful.

Making the most of risk assessment

Today the FCPA Blog published a post I authored on risk assessment.

I hope you find it useful.

Moral hazard and the revised DOJ compliance standards

One of the great afflictions of our age is moral hazard. As noted in an earlier post: “The concept of moral hazard was used originally to refer to the phenomenon that providing insurance tended to promote risky behavior by insured parties.  Subsequently, the idea has been applied more generally to mean the provision of incentives that encourage unduly risky conduct by shifting the impact of a bad decision to a party other than the decision maker.”

Another way of thinking about this area is that moral hazard can arise from of lack of appropriate accountability. A notable example of this can be found in an SEC report several years ago on ratings agencies quoting an e-mail between two analysts concerning their plans to give positive ratings to certain financial instruments that were, in fact, unworthy of such ratings: “Let’s hope we are all wealthy and retired by the time this house of cards falters.” A more consequential example is climate change: those who are most likely to be affected by this unparalleled calamity are generally not the same as those who have the power to slow it down (and ultimately reverse it).  And, the Pandemic presents millions of  moral hazard influenced decisions concerning wearing safety masks and other issues.

Moral hazard is not the same thing as conflicts of interest. But they are close enough to each other to be considered “cousins.”   However, the former does not get nearly the attention that the latter does. (See prior posts on moral hazard collected here.)

Moral hazard poses a significant challenge to law enforcement in many types of business crime cases. That is, the Sentencing Guidelines provide for large fines for organizations convicted of federal offenses, but those who bear the brunt of such punishments (mostly the shareholders) are often different than the individuals (usually executives) who benefit from the wrongdoing. The problem, of course, is that their organizations do not hold them to account through the investigation and disciplinary processes.

The history of corporate business crime enforcement is, in part, an effort to close this moral  hazard gap. The latest chapter of this history was released June 1 when the Criminal Division of the Justice Department published its  third iteration of Evaluation of Corporate Compliance Programs.

The prior iterations of the guidance already had included considerably strong approaches to promoting accountability by individual wrongdoers.  In the new version what  most struck me as relevant to the moral hazard issue was the following question: “Does the compliance function monitor its investigations and resulting discipline to ensure consistency?”

I am not suggesting that this is some sort of panacea for moral hazard in companies.  Moreover, adding this to a  compliance program works only if the compliance function is indeed independent and has a sufficient degree of “clout.”  As well, a company needs to publicize that it is doing such monitoring and also that it imposes discipline for violations in a sufficiently rigorous way.

But if taken to heart a corporation’s having the compliance function monitor its investigations and resulting discipline to ensure consistency could be a helpful (albeit only partial) antidote to moral hazard.

For more information about the revisions to the Evaluation of Corporate Compliance Program see this post on the Compliance Program Assessment Blog.



Revised DOJ compliance program standards: what is new

In the most recent posting on the Compliance Program Assessment Blog Rebecca Walker and discuss what is new in the  June 1, 2020  update  to the Department of Justice’s standards for evaluating compliance programs.

We hope you find it useful.

Assessing conflict of interest compliance programs

Here is a just-published article in Corporate Compliance Insights by Rebecca Walker and me on conducting assessments of conflict of interest compliance programs.

We hope you find it useful.

Beyond the attorney-client privilege

In my latest column in Compliance & Ethics Professional I consider the issue of whether program assessments should be conducted under the attorney-client privilege.

I hope you find it useful.


Mapping the field of “”behavioral business ethics”

In “Toward a Better Understanding of Behavioral Ethics in the Workplace,”  David De Cremer of the Business School, National University of Singapore, and Celia Moore of the Cambridge Judge Business School, review literature that is part of the growing area that they call “behavioral business ethics.” They use this formulation to “build a bridge between business ethics and behavioral ethics,” and they consider the various implications of “behavioral business ethics” research.

As their article is itself largely a compilation of summaries of various studies I won’t attempt to summarize it, but do note generally that the article considers the significance of this body of knowledge on three levels: intrapersonal, interpersonal and organizational. They “conclude by recommending future research opportunities relevant to behavioral business ethics and discuss its practical implications.”

For instance, they note that on an intrapersonal level, “understanding what drives people to act unethically is essential to the behavioral ethics approach. Behavioral business ethics helps us identify psychological processes that can be harnessed to ensure that employees and managers do not fall prey to basic human frailties that can derail one’s good behavior. One important practical goal of a behavioral business ethics approach is to gather evidence so managers can be trained to act more ethically themselves, and elicit more ethical behavior from their subordinates, as well as to refrain from moral licensing, where people give themselves credit for initial ethical behavior, allowing them to follow it up with unethical behavior ….”

The article is filled with useful and interesting information, and I do think the “behavioral business ethics” formulation works. And this also poses an appropriate occasion to take note of the formulation I have used in this blog and elsewhere – “behavioral ethics and compliance” – and the mapping (in this blog and elsewhere) relevant thereto.

In brief, behavioral ethics and compliance seeks to:

– Use the overarching message of behavioral business ethics that we are not as ethical as we think to persuade boards of directors and managers of the need for strong C&E programs.

– Use that same message to persuade governmental bodies of the need to adopt enforcement approaches that incent business organizations to develop and maintain effective programs.

– Provide C&E professionals with information that can be used to develop and utilize risk assessments, training, enforcement approaches and other C&E program elements in a behaviorally informed way.

– Provide a similar approach with respect to specific types  of wrongdoing, such as conflicts of interest and insider trading.

The current iteration of the map for this can be found here. I hope you find it interesting.  Finally, note that there is obviously a lot of overlap between the two fields. But hopefully having one specifically tied  to compliance is worthwhile, particularly for compliance personnel.

More on “reverse conflicts of interest”

In a post several years back I discussed what could be called “reverse conflicts of interest,” starting with an example from my work:

A company enters into a complex business arrangement where one of its managers has a relationship with the other entity.  The relationship is fully disclosed and approved pursuant to company policy on COI waivers.  After time, the arrangement runs into business difficulties.  Although the company has lived up to its contractual obligations, the other entity seems to feel that the company should have done more to make the arrangement work.  Based partly on that, some employees of the company question whether that entity had been promised more than was disclosed by the manager, causing the employees to take various defensive measures which put further strain on the arrangement. Ultimately, the arrangement collapses.

As a general matter, if properly disclosed and approved, some COIs can be waived (although some should not be permitted under any circumstances).  Such approvals can be either a true “green light” or subject to being managed on an ongoing basis, i.e., a “yellow light.”

Like many C&E-related determinations, this type of decision tends to be made based on a balancing of costs versus benefits (hopefully, with a reasonably high burden of showing that the latter outweigh the former).

The case above illustrates what I believe is a factor that should generally be considered by companies deciding whether to grant a COI waiver: whether there will be reasonable possibility of overcompensating for the COI in ways that are harmful to the company.  The potential for such “reverse COIs” could turn on many factors – perhaps most significantly, on the extent to which the contemplated relationship must rely on trust.  (That is, the greater the need for trust, the greater the possibility of suspicion – at least as a general matter.)

Historically, reverse COIs may not have been common.  But as sensitivity to COIs has grown dramatically over the past few years …they seem more likely to occur than ever before, and should be on a company’s radar in making COI waiver determinations.

In the many years since that post I cannot say that I have seen many reverse COIs. But I did find notable the following discussion from the recently published  Conflict of Interest Disclosure With High Quality Advice: The Disclosure Penalty and the Altruistic Signal by Sunita Sah of the Johnson Graduate School of Management, Cornell University and Daniel Feiler of the Tuck School of Business at Dartmouth: “In this paper, we explore whether laws requiring conflict of interest disclosure damage the advisor-advisee relationship more than is intended. Across six experiments (N = 1,766), we examine situations in which advisors give high quality advice but still must disclose a conflict of interest. As predicted, such disclosures yield negative attributions regarding the advisor’s character, even when advice is of high quality (and advisees have full information to judge advice quality), and even when the advisor’s professional responsibility and self-interest are aligned, or the advice runs counter to the advisor’s self-interest. This disclosure penalty decreases trust in honest advisors…” (emphasis added).

In short, a reverse COI experiment, of sorts.

Finally, given the extent to which President Trump’s extraordinary COIs have garnered widespread attention, it will interesting to see if over time the reverse COI phenomenon has a widespread effect on how we view COIs in the government realm generally.




Assessing conflicts of interest risks

Conflicts of interest have long been seen as an area of significant risk. But that does not always translate into the conduct of meaningful risk assessments.

Part of the reason for this disconnect is a widespread belief that COI risks are already well known. Certainly every C&E professional knows that the major types of COI for most business organizations involve employees a) having financial ties to competitors and third parties that do or seek to do business with the organization, and b) hiring family and friends into the organization. Similarly, the basics of the other two major COI categories – organizational and gatekeeper COIs – are generally understood by C&E professionals working in fields where risks of such conflicts are significant.

But understanding the general risks regarding COI may  not be enough to generate the type of information that an effective risk assessment process requires, which is information that will help design or modify all the risk-sensitive elements of a program to mitigate COIs. These are policies, training,  and other communications,  auditing and accountability. (Note the other program elements – e.g., helplines, investigations,  incentives, discipline  – are obviously important too, but tend not to vary by risk area.)

Each assessment will vary in substance. But here are some areas of inquiry that may be useful to companies just starting out.

– Any relevant COI history at the organization – violations, near misses and inquiries.

– Any relevant COI history at competitor or otherwise comparable organizations, to the extent known.

– Same inquiry regarding customers, suppliers and other third parties with which one  does business.

– COI standards that are not fully understood or appreciated.

– Weakness in “inner controls” (where – due to factors described in behavioral ethics research – moral constraints against wrongdoing are of diminished efficacy).

– Instances or prospects of prosocial COIs (“right v. right” risks).

– Industry-related risks.

– Cultural-related factors.

– Efficacy of process controls (particularly around COI disclosure/approval regimes).

Note that in some instances the inquiry can be done on an enterprise-wide basis but for others it should be granular (e.g., region, business line, function) too.

Come to the Navex Global master class on conflicts of interest

Together with Rebecca Walker and Jolene Wall of REI, I will be teaching a master class for Navex Global on conflicts of interest compliance programs.

More information is available here.