SMEs for COIs: should your organization have one?
Does your C&E program have a subject matter expert/point of contact for conflict of interests – the way that you are likely to have for anti-corruption or competition law compliance?
Not all programs need to have this sort of position, but those with relatively high COI risks should consider creating one. So should large organizations, or those with many different types of COI issues (such as a diverse holding company).
The role is not, of course, likely to require the full time of the appointed employee. Rather, it can be an additional responsibility for an individual already in the C&E department. But if one takes this step, the role should be documented, such as in the program charter or the individual’s job description.
Among the duties of a COI SME/point of contact could be:
– Keeping abreast of COI laws and other knowledge (e.g., behavioral ethics teaching about the limits of disclosure) that is relevant to designing and implementing compliance measures. In connection with the former, the fact that there is no single unified body of law the way there is for other areas (such as with anti-corruption) may seem like a reason not to have an SME for COIs. However, COI-related law being so spread out is in my view a reason to have someone in charge of keeping track of it.
– Ensuring that risk assessment adequately addresses COI risks – a more complex effort than might be imagined by some, and that policies, controls (e.g., certifications), training and communications and other C&E measures are adequate in light of risks. As well, the COI SME can help a company’s audit function understand the need to include COI-related risks when setting audit priorities.
– Helping to address individual COI issues (e.g., when to permit COIs, what type of management measures should accompany approved COIs) when they arise.
– Ensuring that routine business processes (e.g., hiring) adequately take into account pertinent COI risks.
– Serving as a repository of internal COI precedent.
– Serving as a repository of third-party COI policy information (e.g., gift policies of major customers).
– Supporting SMEs in other C&E fields that have a COI component (e.g., anti-corruption).
– Identifying and seeking to address risks that, while not meeting the formal definition of a COI, are COI-like – such as moral hazard.
Finally, organizations with high COI risks but no internal C&E bandwidth to address sufficiently those needs should consider engaging an outside advisor to fill the role.