Conflict of Interest Risk Assessments: Part Two

Louis Sullivan famously said that form follows function, and the same principle applies to risk assessment as well as architecture. The first post in this series examined legal mandates and other reasons to conduct COI risk assessments.  In this post we will explore the uses to which the information and ideas developed in these efforts can be put; along with the legal mandates, these help to define the function of risk assessments.  In the posts to follow we will examine the form – or methodology – for  assessing COI risks.

Any COI risk analysis should not only serve to identify COI risks that need to be addressed but also to determine how best to use C&E  program resources for mitigating these risks  This may sound obvious but experience suggests that it is important to stress, as many companies don’t do nearly as much as they should in this respect – i.e., their risk assessments (COI or otherwise) don’t live up to their full potential in terms of making their C&E programs as effective as reasonably possible.

What is that potential? Among the possibilities here are using the information to:

– Revise the COI portion of the code of conduct and/or draft or revise a stand-alone COI policy document or other related written materials (e.g., FAQs on the organization’s intranet).

– Decide whether to deploy COI certifications and, if so, who should receive them and what their content should be.

– Create/revise COI provisions of supplier codes and other third-party-related measures (e.g., compliance certificates by agents and distributors, terms and conditions in purchase orders).

– Develop a plan and content for COI training and other communications for employees, directors and (as appropriate) third parties.

– Determine the best ways to audit for COIs and develop/revise plans and protocols for such audits.

– Decide whether COI monitoring is warranted and, if so, when and what form it should take.

– Structure/improve the COI disclosure approach, including policies and procedures for reviews of disclosed COIs.

– Develop a COI management mechanism for situations where COIs are permitted under specified terms and conditions.

– Determine whether technology should be deployed for COI disclosures, reviews and management.  If technology is not used, one should utilize the risk assessment to determine/review record keeping needs.

– Help the board of directors and senior executives meet their respective governance and management responsibilities regarding COIs.

– Determine whether/how to embrace customer and other third-party C&E standards, to avoid causing COIs in other.

– Lay the groundwork for targeted (i.e., efficient) follow-on COI risk assessments.

So, there’s a lot of uses to which COI risk assessment information can be put.  And, in the posts to come in this series we’ll explore how to gather and analyze that information.