Conflict of Interest Risk Assessments – Part One
Risk assessments are increasingly seen as essential to effective C&E programs. This is true for programs generally, of course, under the 2004 amendments to the Federal Sentencing Guidelines for Organizations. Risk assessments are also contemplated for anti-corruption compliance under the Good Practices Guidance of the OECD Anti-Bribery Working Group, the UK Bribery Act compliance guidance issued by the Ministry of Justice and settlements of various FCPA cases involving both compliance failures and model compliance programs.
With respect to COIs, at least for some industries, enforcement bodies have been very explicit about the need for risk assessments. For instance, several years ago the Chief of Enforcement of the Securities and Exchange Commission issued a challenge to representatives of the financial services industry “to undertake a top-to-bottom review of [their] business operations with the goal of addressing conflicts of interest of every kind. No one is in a better position than you to identify the conflicts that arise from a financial services firm’s efforts to pursue business profitability. I encourage you to approach the task systematically.” Similarly, a regulation concerning C&E programs for pharmaceutical manufacturers indicates the need for COI risk assessments in that industry.
But even absent industry-specific guidance of this sort, the general expectation of the Sentencing Guidelines – as well as the pervasiveness and potential impact of COIs throughout the business world – provides reason enough for organizations of all kinds to conduct focused assessments of COIs risks.
Additionally, the very nature of certain sorts of COIs – in particular, those involving personal interests of powerful individuals within an organization or long standing industry practices – suggests that absent a well-defined risk assessment process, some conflicts risks might go unaddressed. Put otherwise, compared to many other areas of C&E risk, the identification and mitigation of COI risks is not “a machine that runs of itself.”
In this series of (approximately one a week, for the next month) posts we will examine ways to assess COI risks (typically as part of a larger risk assessment). Among other things, we will a) suggest an analytic framework for such risk assessments, b) address specific issues/challenges in conducting COI risks assessments, and c) discuss how to use the information obtained by the assessment to mitigate COI-related risks.