Conflict of Interest Blog

General counsel as chief ethics and compliance officer

Woody Allen once wrote: “Why pork was proscribed by Hebraic law is still unclear, and some scholars believe that the Torah merely suggested not eating pork at certain restaurants.” Something similar can be said about general counsels serving as chief ethics and compliance officers.

The dispute about GCs wearing the CECO hat as well also has porcine-related origins – Senator Charles Grassley’s famously saying: “It doesn’t take a pig farmer from Iowa to smell the stench of conflict in that arrangement.” But based on my experience with hundreds of companies’ C&E programs,  the Senator’s sweeping proclamation doesn’t hold up for all organizations. While  there are indeed certain situations where the CECO should be independent of the GC – e.g., the company is in an industry where the government has voiced a preference for such reporting structures – plenty of times  the opposite is true and the principal effect of  being “independent” is being powerless.

Earlier this month LRN made a significant contribution to this debate with its 2015 Ethics and Compliance Effectiveness Report (which is available for download here). The survey which served as the basis for that report found that: “Among our respondents, 29% are led by CECOs reporting to the CEO, but not all of them get the same-sized seat at the C-Suite table. Roughly half of them also serve as general counsels, and these two-hatted stalwarts run programs significantly more effective than those of their one-capped colleagues.”

I won’t try to summarize the study’s methodology or  all of the specific findings on program efficacy, but one result really stood out for me: “Fully 68% of the GC/CECOs see the primary mandate of their programs as ensuring ethical behaviors and the alignment of decision making and conduct with core values, while that is true of only 41% of the dedicated CECOs. By contrast, 59% of those full-timers see their primary mandate as ensuring compliance rules and regulations, a position taken by only 32% of the GC/ CECOs. As we have previously determined, values based programs outperform rules-based programs by almost every measure.”

There’s plenty more in the study that challenges the orthodox view on this topic, and I encourage you to read it.


Inherent conflicts of interest and behavioral ethics

At his trial for Libor rigging, evidence was introduced last week that former trader Tom Hayes had told the Serious Frauds Office that “many of the people responsible for submitting panel banks’ Libor rates also traded products linked to the rate, creating an inherent conflict of interest” and that “’[n]ot even Mother Teresa wouldn’t manipulate Libor if she was trading it,…’”

While obviously somewhat self-serving, this colorful bit of analysis still  helps to underscore the overarching behavioral ethics point that to reduce the risk of ethical transgression often one cannot always count on the characters of those involved.  Rather, the situation will play the decisive role.

Inherent COIs are an instance of that. Granted, they are just one of many such types, but they may also be more common than most others, and hence worth further study.

And beyond an area of interest to behavioral ethicist scholars, seeing some COIs as being inherent (or near to inherent) can be useful to others, too, such as:

– C&E professionals, who should consider the category of inherent COIs in their risk assessments.

– Senior managers and directors, who should – as part of their C&E program oversight – make sure that nothing their company is doing or contemplating doing falls into (or anywhere near) this category of risk.

– Enforcement personnel, who often can find good fishing in the inherent COI waters.

– Individual business people, who – in making career decisions – should steer clear of jobs that could involve inherent conflicts of interest.

On this last point, Mr. Hayes would surely agree.

And on the point about the role of enforcement personnel, in my view the “fishing” shouldn’t be limited to those individuals who succumbed to the pull of the inherent COIs, but should also include the senior managers and directors who allowed the COIs to exist in their respective organizations. (For further reading on how a behavioral understanding of ethics and compliance should inform our approach to liability see this earlier post.)

(Thanks to Scott Killingsworth of the Bryan Cave law firm for letting me know about this story.)

The compliance officer as spy (among other unusual roles)

I was on a conference panel this week discussing compliance officer reporting relationships and the topic of C&E officers reporting to the audit committee came up.  I stated my general view: strong informational reporting by the C&E officer is always a good thing, but with administrative reporting the picture is mixed. (In brief, I think that the latter type of reporting can contribute to C&E office independence and “clout,” but some audit committees might not be able to provide C&E officers with the day-to-day supervision that a general counsel does, resulting in their becoming organizational orphans.) One of my co-panelists then voiced a different reason for being chary of administrative reporting to the audit committee:  other employees might take this to mean that the C&E officer is the board of directors’ “spy.”

In my nearly 25 years in the C&E field I’d never heard this view before.  My initial reaction is that it generally shouldn’t be an issue, but I also see the visceral logic of the concern.  Moreover, the person who made the comment is one of the nation’s most experienced C&E officers, and his saying it underscored for me that compliance professionals may have a view of issues relating to reporting relationships that many employees of their respective companies – who are typically less schooled in the basics of corporate governance  – may not share.

Somewhat similarly, I occasionally encounter companies where the C&E officer’s role includes representing the company in regulatory matters.   My general reaction to this has been that it is a negative with respect to the independence dimension – mostly in terms of how the C&E officer is viewed (as a defender, who might be reluctant to criticize her company) but also possibly how she acts (in ways she may not realize). On the other hand, perhaps dealing with regulators on behalf of their company would be seen as a plus in terms of clout.  As with the C&E officer as “spy,” it would be nice to know what the take of a general employee population – as opposed to C&E professionals – is on this issue.

Finally, what about  C&E officers who call themselves ombudspersons? I’ve always been troubled by this practice, as a true ombuds role requires institutional neutrality of a sort that few C&E officers have – and an employee might feel misled by this designation.  But perhaps none would actually notice or care.

Anyway, I would be interested in the views of readers of the COI Blog on these (or related) issues.

What should your risk assessment do for your compliance program?

On Monday June 1 I’m giving a presentation on risk assessment at PLI’s Compliance & Ethics Institute in NYC.  Here are the slides, which discuss, among other things:

– Fourteen specific things a risk assessment should do for your program – most of which are missed by many companies.

– How an assessment can also educate key people in your company about C&E, set useful boundaries for your program and maintain program momentum.

– The need for assessments to become more granular with time.

– How to develop an initial list of possible risks.

– What “cultural” factors should be considered in an assessment.

– Corruption and competition law assessments.

– A look into the future – the “demand side” of risk assessment.

There’s still time to sign up for the conference – which is also being web cast.
But for those who can be there in spirit only, I hope you find the slides useful.

Ps – this is my 20th year in a row speaking at the PLI compliance conference.  I wish I could say that it makes me feel proud, but mostly it makes me feel old.

The ethics of “backscratching”

The notion of reciprocity plays a foundational role in our ethical order. Most prominently, variations of the Golden Rule are evidently found in all of the world’s major religions.  Ethics-promoting reciprocity can be negative (“an eye for an eye”) or positive (“the best place for [an Eskimo] to store his surplus is in someone’s else’s stomach.) But, there are also the less ethically savory types – commonly referred to as “mutual backscratching,” but having other names too (my favorite being “the ledger system”).

This past weekend, the Wall Street Journal reported  that the “U.K.’s financial regulator on Friday said it is investigating a banking-industry practice known as ‘reciprocity,’ where investment banks bring rivals into deals in exchange for future business. The Financial Conduct Authority, in a paper detailing the scope of a wide-ranging review into possibly anticompetitive investment-banking practices, said it was investigating whether reciprocity ‘might restrict the entry or expansion of firms which are not party to these arrangements.’ The investigation into reciprocity comes after The Wall Street Journal reported in March on the widespread practice in Europe of investment banks doling out lucrative work to competitors, partly based on how much business they will receive in return.”

Not being a competition law expert, I don’t have a sense of what would need to be involved for this practice to rise to the level of a competition law violation, although I have to believe that occasional acts of “garden variety” reciprocity alone wouldn’t be enough to cross that line.  But in many circumstances – particularly involving “other people’s money” – the potential for a conflict of interest arising from reciprocity seems clear enough.

Consider two cases.  In the first, a bank needs legal services and a law firm needs banking services – both needs being purely internal – and each agrees to use the services of the other.  I see no COI there, as there are no interests for which a duty of loyalty are being compromised.

But in the second case, the law firm is recommending banking services to its clients, in return for the bank  recommending the firm to the bank’s clients. In circumstances of this type – of which many exist – there is the potential for a COI.

How much of a COI is presented will depend in part on whether the referring party has a fiduciary duty to the party receiving the referral.  Presumably the law firm would, and I imagine the bank would as well.   However, in other settings it is more doubtful – e.g., a plumbing supplies store referring a general contractor to a customer to reciprocate for the contractor’s referring her customers to it.

My own view is that there is some kind ethical duty here but not to the same extent as there would be for those who are paid to give unvarnished advice.  The ethical analysis might depend on how long the customer has been dealing with the store – and how much trust he has placed in it during the course of those dealings. Another factor might be how harmful a conflicted recommendation could be. (E.g., substitute “safety equipment” for “plumbing supplies” in the store case above, and you might get a different result.) For further reading on what an “informal” fiduciary duty might entail, please see this post.

From a psychological perspective, reciprocity may not feel like a COI because it does not involve the direct receipt of cash or other things of value – just as barter transactions may not feel as much like tax fraud as does not declaring cash income. A behavioral scientist might say that this increases the extent of ethical peril.

Finally, I believe that – whether based on a true fiduciary duty or some lesser obligation – these sorts of COI (like many others)  generally can be addressed by disclosure: that is, they are not inherently evil as some COIs are, as there will sometimes be quite legitimate reasons for the referral. This is especially true where the referring party’s knowledge of the abilities of the referred party comes from their having previously worked together. However, in all situations involving reciprocity COIs the burden is on the referring party to make sure that the disclosure is indeed meaningful.

For reading on a related topic, here  is a recent post on the issue of “referral fees.”

A recent judicial decision helps make compliance a little less risky

In a world thick with laws, it is unfortunately to be expected that law would not only make C&E program measures necessary – it would also make them more difficult.  The latest instances of this (at least in the U.S.) are decisions/guidance by the National Labor Relations Board which limit the ability of companies to prohibit certain conduct in social media policies – such as disclosing confidential information from the workplace – that is basic to any C&E program. (See this article for more information.)

Over the years another source of “law versus law” tension in the C&E field has concerned the area of defamation.   Specifically, the danger is that those investigating and otherwise addressing wrongdoing in the workplace will, for such efforts, find themselves on the wrong end of a defamation suit.  (Defamation law also has a chilling effect on doing background checks of prospective hires – another a negative from a C&E perspective.)

Because of this tension, some C&E practitioners have been closely watching the progress of Shell Oil Company v Writt through the Texas state courts.  The case involved a defamation suit brought by an employee of Shell regarding the results of an internal investigation into possible FCPA violations that was provided to the Department of Justice. He said that the report falsely accused him of bribery.

The company asserted that in this context its report was absolutely privileged. The trial court agreed, and dismissed the suit.  (The employee was allowed to proceed to trial on a wrongful termination claim, but the jury ruled against him on that.) However, an appeals court reversed the trial court’s decision on privilege.  Last Friday, the Texas Supreme Court reversed the appeals court, upholding the claim of absolute privilege, on the grounds that Shell’s report was “preliminary to a proposed judicial proceeding”. (The court’s decision can be found here.)

By way of background, Texas and other states have traditionally offered absolute immunity with respect to comments made in judicial proceedings.  This is only fair given that participation in judicial proceedings can be compulsory and that complete candor is necessary to the operation of such proceedings

But the question in the Shell case is how does this apply to companies’ theoretically voluntary dealings with DOJ – an important issue for C&E personnel given how much the real action involving the prosecution of companies occurs not in courtrooms but in prosecutors’ offices.  Citing the Sentencing Guidelines, DoJ enforcement policy and huge FCPA penalties as establishing powerful incentives for companies to cooperate with the DOJ, the court held that Shell was indeed entitled to absolute privilege in the setting presented by this case.

Finally, note that my brief summary of the decision leaves out the court’s doctrinal analysis of different privileges under Texas law, as I believe what will be most interesting to readers of this blog is the big-picture view of law helping to make compliance less legally risky.  At least a little less.

“Advanced tone at the top” and the role of behavioral ethics and compliance

Many years ago a CEO at a client organization was called on to respond to a case of employee misuse of T&E expenses at his company.   The CEO was, as best I could tell, an honest individual, and he used the occasion to tell managers in no uncertain terms that he expected them to be that way too.  What he didn’t do was to use the occasion to tighten the loose procedures in the T&E area, let alone to consider enhancing risk assessment, monitoring or other C&E measures or improving the company’s culture.

Through employee surveys, board of director reviews and compliance/ethics program assessments, the “tone at the top” at many companies is being measured to an extent never before seen.  But what exactly is being measured – and is it all the “right stuff”?

Personal honesty is, of course, foundational to a good tone at the top.  So is communicating regularly and sincerely the importance to one’s company about the need to act in an ethical and law abiding way.

But CEOs should, in my view, also aim for something higher than these basics.

An “advanced tone at the top” should include not only maintaining a culture of honesty but also one of care.  The importance of a culture of care to promoting ethical and compliant behavior is discussed in this prior post.

More broadly, an advanced tone at the top entails senior management truly understanding why companies need to have strong C&E programs.  And while that understanding can come from many sources – including the history of compliance failures and writings about the economics-based phenomenon of “moral hazard” – leaders should be particularly inclined to respond to the psychology-based field of behavioral ethics.

This is indeed a growing field and I won’t try to summarize in this post all the ways that behavioral ethics can strengthen corporate compliance programs.  For that I commend you to this index of several dozen behavioral C&E posts  and particularly  to  Scott Killingsworth’s important paper “’C’ Is for Crucible: Behavioral Ethics, Culture, and the Board’s Role in C-suite Compliance.”

Why do I think that senior leaders are likely to respond to this approach?  Because behavioral science has become very mainstream in fields such as finance and medicine, and seems to have a lot of momentum behind it generally.  Catching that wave could well be attractive to business leaders, as could the idea of advancing to a higher level of performance in an area – C&E – that is increasingly seen as integral to leading a business.


Compliance program assessments: a “teacher’s guide”

In the May issue of Compliance & Ethics Professional I look at two areas where companies frequently come up short in C&E program assessments.

Can you guess what they are?  Click here (and go to the second page)  to find out.

Can ethics be “unbundled” from business?

Imagine the following: You need to hire a lawyer to advise you on a complex and highly confidential corporate acquisition, but the one you’d most like to have is pretty pricey. You explain this to her and she proposes what she calls a “win-win” solution:  if you sign an engagement letter that broadly states that she need not act in your best interests while performing services for you she’ll discount her hourly rate by 25%.

Or, imagine that your doctor has two schedules of fees: a “full price” one for patients who want the doctor to prescribe medicine based purely on what’s in their best interests and a lower-cost “value plan” for those who agree that the doctor can receive money from pharma companies for prescribing their medicines. Like the lawyer, your doctor is offering to “unbundle” his professional ethical obligations from the other aspects of his service – as a way of saving you money.

You seek clarification from both of them – what will this mean for me?  They both have the same response: while we won’t promise to act in your best interest we will act in ways that are “suitable” for you.

Would you be tempted by either offer?

Note that it is doubtful that either arrangement would be considered lawful – certainly the medical one  wouldn’t be, and I doubt the lawyer one would be either (although professional ethics issues arising from providing unbundled legal services are somewhat complicated – as reflected in this piece in the ABA Journal).    But even if they were permissible it is hard to imagine clients and patients saying yes to such options, where the risk of betrayal is so clear-cut and the adverse impact of such could be so great.

Yet a less obvious but not at all hypothetical version of ethics unbundled from business is already standard operating procedure in large parts of the investment world, where some of those who give advice to investors about retirement accounts have been allowed to operate outside of a best-interests-of-the-client framework. The main argument for this state of affairs is that “Consumers Deserve Choices”,  as described in this recent article in Investment News – including the choice of low-cost/non-fiduciary advice.

Of course, not all business relationships warrant the imposition of fiduciary duties. With some, “the morals of the marketplace” – in the immortal words of Judge Benjamin Cardozo – may well be morality enough.  But the business of providing advice about retirement accounts would not seem to be in this category, given how much is at stake for retirees (and, in a sense, for society as a whole), and the massive conflicts of interest problems that have beset the financial services industry for decades.

However, change is in the air. As described by the director of policy research at Morningstar,  last week “the Department of Labor proposed an amendment to the fiduciary definition under ERISA, the Employee Retirement Income Security Act. In short, the proposal would require any individual receiving compensation for providing investment advice to a plan sponsor, plan participant, or IRA owner making a retirement investment decision to adhere to a series of fiduciary duties–that is, to act in the best interests of their clients. The rule is based, in part, on a Council of Economic Advisors analysis showing that when individuals receive what the White House calls ‘conflicted advice,’ they tend to enjoy lower investment returns.”

Note that the even the proposed rule does have some exceptions built into it. For instance, “you can call a broker to execute a trade without triggering fiduciary duties, you just can’t ask for advice,…” as noted in this article in Forbes.   There are other exceptions too.  But overall it is a big step forward.

At this risk of being repetitive, I definitely recognize that there are times when it may indeed make sense to “unbundle” what would otherwise be an ethical duty from a business relationship.  An example from an earlier post is that joint ventures partners may and sometimes do waive fiduciary duties expected of board members on the JV.

However, one would be hard-pressed to look at instances such as this – where the investors in question tend to be powerful and sophisticated – as being relevant to the reality faced by most individuals struggling to grow/maintain their retirement accounts. Like the lawyer and doctor examples at the beginning of the post, if you take ethics out of the equation for investment advice involving retirement, what’s left might well be worthless …or outright damaging.


Is compliance still just “putting on its shoes”?

Mark Twain famously said “A lie can travel half way around the world while the truth is putting on its shoes,” and one might think something similar about risk and C&E. Perhaps it has always been this way and maybe it always will be, at least to some extent.  But forward looking companies should look for ways to narrow or possibly eliminate the gap between the immediacy of the problem and that of the solution.

In a sense, this is much of the point of the “cultural” approach to compliance and ethics, and it can also be seen as part of the promise  – albeit still largely theoretical  – of  “behavioral” C&E.  Both seek to have C&E operate, in effect, as an instinct. (For more on behavioral ethics visit the Ethical Systems web site.) But, at least in part, the idea goes back much earlier  –  to Aristotle’s focus on ethics and habit.

There are various avenues for pursuing this goal but, as a general matter, a valuable though often underutilized approach lies in the realm of incentives. Incentives tend, I believe, to reach employees more deeply than policies and procedures do – and thus can help create instinct-like ethical behavior.

Companies indeed do seem to be more interested than ever in exploring ways to use incentives to promote strong C&E. For instance, one company I know now uses the results of internal controls testing in setting compensation for its senior executives. This kind of measure might not sound particularly exciting, but it could  – at least over time – help make compliance operate as something of a reflex, in that it presumably contributes to  managers being focused on risk on a day-to-day basis (and not just on the far less frequent occasions of responding to cases of possible violations).  More generally, this and other incentive measures could be part of a larger C&E strategy of moving from  a necessary but somewhat limited “culture of honesty” to also include a broader and deeper “culture of care,” as described in this earlier post.

Moreover, C&E incentives need not be solely of the negative type, nor need they be tangible. Appealing to the better angels of our nature through praising pro-social behavior could, to my mind, be a powerful force for helping ethics move at the speed of risk, particularly with the somewhat idealistic generation of younger employees.

But, in some cases traditional economic incentives are indeed called for. That is why  – as discussed in these earlier posts – the notion of “moral hazard” should play a greater part than it currently does in many C&E programs.

Finally, note that incentives are just one type of tool in the C&E “tool box.”  And, whether it be through a cultural/behavioral approach or something else, the risk-reduction discussion should include consideration of all available tools – which is what a C&E risk assessment offers …or, at least, should. (For more on risk assessment generally, please download this complementary e-book, available at CCI.)