Conflict of Interest Risk Assessments – Part Three

In the first posting in this series we discussed legal mandates and other reasons to assess COI risks and in the second we explored the uses to which assessment information and ideas can be put.  We now begin to examine risk assessment methodology.

One framework for assessing COI-related risks is to identify and analyze the “reasons” and “capacities” for conflicts on the part of all relevant individuals and entities – employees, various third parties and the organization itself.  This posting will address the reasons dimenson of risk assessment, which generally include “motivations” and “misunderstandings.”

Motivations are reasons to engage in wrongdoing purposefully, and an employee’s having a personal economic interest – e.g., ownership of or other revenue participation in an entity that does business with your organization – is the most obvious form of COI motivation.  But, less tangible personal interests can create motivations, too – such as, in some cases, reputation enhancement, political affiliations or professional development (all of which can lead to COI-related involvement with suppliers and other third parties), and one should consider what the relevant risks are in those respects.

Additionally, in some settings, a motivation can involve tending to others’ interests (although there is usually a self interest in doing so).  In a professional or financial services setting, a motivation for COI-based behavior can consist of reasons to place the interests of one client over that of another.  (E.g., Company A, which provides outsourcing purchasing functions to Companies B and C, could have a conflict if it buys for their accounts from Company D in the hope of getting more work from Company D.)   Another example of this type of conflict is serving on an outside board; for some kinds of organizations (e.g., those in highly entrepreneurial sectors of the economy) this is more likely to give rise to a COI than others, at least as a general matter.  So, a risk assessment for companies of this kind should identify foreseeable situations of this sort.

The other broad category of reason – “misunderstandings” – refers first to COI-related expectations that may truly not be understood, e.g., third-party standards.  But, this factor also encompasses standards that are known but under-appreciated, as COI rules might be in certain cultures or industries.   Note that risks of this sort tend to increase when business practices lag behind changes in enforcement strategies or expectations of other key third parties, such as customers.

Finally, while not fitting neatly into either the motivation or misunderstanding category, a reason for a COI can also be structural. An example is a small outpost of a big organization in a location where the organization’s key employees have close (family or friendship) relationships with the area’s principal local suppliers of key goods or services.

In the next post in this series we’ll continue the discussion of a COI risk assessment framework by looking at COI “capacities.”  But, before then we’ll continue our other ongoing series – on “moral hazard,” and also launch a new series – on “behavioral ethics and compliance.”