“Checking” – auditing, monitoring, certifications, self assessments and questions in exit interviews (among other things) – can play an essential role in nearly any COI compliance regime. See the several sub categories below for more information about some of the principal checking tools.

Conflict of interview review processes

As prior posts have discussed, reviews of disclosed employee conflicts of interest pose a number of challenges. Disclosures may not truly mitigate conflicts.  Indeed, they may actually cause more wrongful COI-based conduct to occur than would be the case absent a disclosure.

Still, very few business organizations opt for a true “zero tolerance” approach to all COIs.  And for those that don’t, COI review processes are necessary for determining when a COI should be permitted to exist and under what conditions.

At a minimum, COI reviews should be conducted by an independent person or body.   Independence for these purposes means more than COI-free in the traditional sense.  It should also encompass the behavioral ethics concept of “motivated blindness,”  i.e., a reviewer should not be someone who may – due to the relationships involved – be inclined to approve a conflict-laden relationship or transaction.

For this reason, companies may wish to have COI reviews conducted by a C&E committee.  One obvious benefit to this approach is that there is “safety in numbers.” Another is that the committee will have or develop expertise (born of experience) in evaluating conflicts, which behavioral ethics research shows can be useful.    Offering less C&E protection – but still more than having COI reviews made by a line supervisor – is tasking a staff function, such as legal or HR,  for this job.

Of course, some companies do permit supervisors to approve COIs.  If this approach is adopted, companies should still seek to have a reasonable degree of rigor in the process by:

– requiring that any approvals be in writing and sought before engaging in a conflict-based transactions;

– providing and publicizing avenues for supervisors to ask questions of the C&E function when performing COI reviews; and

– including the issue of COI reviews in supervisor training – or, if this is impractical, providing written guidance (e.g., FAQs)  regarding such reviews.

Finally, companies should check on the supervisors’  actions in reviewing or approving COIs, such as through audits.

Moral Hazard – Part Three: Intangible Interests, Monitoring By Boards

In prior postings, we introduced the concept of “moral hazard” (which, again, is principally based on economics, not ethics) to the Blog and considered how moral hazard risks can be addressed through appropriate attention to incentives, both positive and negative.  In this posting we discuss the less common form of intangible moral hazard based interests.

Consider the example of corporate support for political causes or candidates for public office (hopefully a good example to use in an election year).  In some instances, a senior manager with the power to make decisions  for a company regarding such support may use that power to embrace a candidate or cause even if doing so is against her company’s interests  (e.g., the cause or candidate’s positions may offend a large percentage of the company’s customers).   For the purposes of our example, assume further that the manager does not expect to be tangibly rewarded for providing the company’s support to the candidate, and thus may not have a true “interest” for COI purposes (at least not in the traditional sense).  Nonetheless, because of the manager’s political beliefs, she may cause the company to take risks in supporting the candidate that are unjustifiable from the organization’s perspective.  In other words, this is a case of an intangible moral hazard risk.

Of course, compared to other C&E risks (e.g., corruption, competition law) political support is not an area of great danger to most companies.  Nonetheless, presumably because of this potential for divergence of interests, it is in fact area of relatively significant amount of board oversight and other high-level compliance measures, as described in The Conference Board’s  Handbook on Corporate Political Activity Emerging Corporate Governance Issues.

I should emphasize that most moral hazard risks really are of the tangible variety – and come particularly from the area of compensation.  But as with COIs, organizations need to think broadly about moral hazard to have an effective C&E approach regarding all the ways in which employees might be moved to act inconsisently with  the interests of the organization.

Next up on the Blog: “behavioral ethics and compliance.”

Conflicts of Interest in the News: 011412 Edition


The two big COI news stories of the week were:

–  Economists Adopt New Disclosure Rules for Authors of Published Research.  The reforms follow “heavy scrutiny of economists’ conflicts of interest before the financial crash of 2008.”  This is a good (and certainly overdue) step (and sadly underscores how it often takes a scandal for COI-related reforms to be implemented).  Of course, disclosure by itself does not necessarily mitigate COIs.

Ties of FDA experts to pharma companies revealed. The “FDA asked outside experts in December to discuss the safety of birth control that contains the compound drospirenone, including Bayer’s Yaz and Yasmin. The panel decided by a four-vote margin that the benefit of pregnancy prevention from these pills outweighed their risk of dangerous blood clots. But according to court and public documents, three of the FDA’s 26 advisers had research or financial ties to Bayer. A fourth adviser had a connection to a manufacturer of generic copies of Yaz, Barr Laboratories, now part of Teva Pharmaceuticals. All four of these advisers voted that the drugs’ benefits outweighed risks, meaning the pills could stay on the market…” Beyond the impact on the decision at issue, one can imagine the harm that COIs of this sort have on public trust of the FDA.

Other news of the week concerns COIs and…

Government contractors.  This is an analysis from the Corporate Compliance Insights website of an important decision from the General Accounting Office concerning government contractors hiring former government officials, underscoring, among to other things, the need to do meaningful conflicts checks in hiring.

Journalists: “Next week, thousands of tech journalists will descend on Las Vegas to get a sneak peek at coming tech gadgets at the International Consumer Electronics Show.  Many will also probably come away with grab bags of goodies…The question, of course, is whether journalists can properly serve their readers when the industry is handing them bottles of top-shelf booze and pricey toys.”

Supreme Court Justices.  A tricky issue,  indeed: who decides COI issues for the court of last resort?

Regulators: “A former Securities and Exchange Commission official has agreed to pay a $50,000 fine for going through the revolving door and working for alleged Ponzi scheme mastermind Robert Allen Stanford after purportedly taking part in SEC decisions to not investigate Stanford, the Justice Department said Friday.” (Bad facts – but also an unusual case.)

And, thanks to Broc Romanek of the invaluable – particularly for securities and corporate lawyers – for featuring our post on COIs in serving on other companies’ boards.  Apparently this was the occasion for much discussion there – and so we will return to the topic before not too long.

Coming up next week: more on COI risk assessment, moral hazard and a video coming attraction for a series on cognitive bias and “behavioral compliance and ethics.”


Conflict of Interest Certifications – Part Two: Content

In a recent post we discussed the “why” and “who” of COI certifications.  Below, we examine what is typically covered by a COI certification.

First, the basics tend to be questions around the following issues:

– Employment (of oneself or family members) with or consulting for an entity doing or seeking to do business with or competing against the company.

– Holding a financial interest (again, involving oneself or family members) in the above-described types of organizations.

– Employment of relatives at the company.

– Gifts, entertainment and travel involving any person or entity doing or seeking to do business with the company (including loans involving such persons or entities).

Sometimes these questions are asked broadly, other times in terms of the employee’s area of responsibility (e.g., do you have any procurement- or management-related duties concerning any entity in which you or a family member have an ownership interest?)

Second, less frequently one also sees questions concerning:

– Any other outside employment or consulting (i.e., regardless of whether it involves a competitor, supplier, etc.)

– Service on a board (of directors or advisors).

– Anti-corruption requirements –  questions involving employees of governmental entities and, less commonly, union officials.

– Corporate opportunities.

– Purchases, sales or leases of property involving the company.

– Holding government office (presumably on a part-time basis) – which is generally relevant only to organizations that have significant dealings with a large number of local governmental bodies, like energy utilities; and

– Relationships with the company’s external auditors.

Finally, one should ask, in substance:  Do you have any other relationships, etc., that might reasonably be regarded as creating an actual or apparent conflict of interest with your responsibilities to the company?

I hope that readers of the Blog will use the comment feature to share any other issues or relationships that organizations might wish to consider for their COI certifications.

Conflict of Interest Certifications

There’s one way to find out if a man is honest – ask him.  If he says, “Yes,” you know he is a crook.  Groucho Marx

There is, of course, something to this bit of Marxist logic. But, on balance, the benefits of “asking” in a C&E program can be considerable, and one asking-based tool that has existed for many years is the certification.

Should an organization require employees to execute on a periodic basis certifications regarding actual or apparent COIs?  If so, what should be the content of the certifications? And should an entire employee population receive them?

We will consider the first and third questions in this post and the other in the next post.

While not advisable for every entity, this type of process can, I believe, be useful for reminding employees (in a way that a terse general code of conduct certification  typically does not do) of the organization’s specific COI standards and requirements.  Certifications indeed often will surface  COIs that have not otherwise arisen through other C&E processes.  While they might elicit denials regarding  truly illicit behavior (Groucho’s thesis), that is less true of many other, less nefarious sorts of COIs.  As one  reader of the Blog wrote to us yesterday, “employees are often confused about  COIs and don’t think they have one when they do or at least when there is an  appearance of a possible conflict. [Certifications] seem to be a good way to help employees focus on specific activities that can present a conflict.”

However, certifications  are clearly not for everyone. Whether an organization should undertake this  sort of effort – which can require a substantial time commitment – depends on a variety of factors.  In effect, this is a form of risk assessment, which should typically include the following considerations:

Likelihood:  How likely is the process to uncover an  otherwise unidentified COI?  And, how likely is a certification to prevent an otherwise undeterred  COI?

Impact:  How harmful could such a COI be – meaning one that would likely be deterred or detected and addressed by the certification process but not other ways?

Other benefits:  Are there other high-risk activities (e.g.,“sensitive payments,” contacts with competitors) that should be added to a COI certification, and, if so, what does a likelihood and impact assessment of those topics add to the analysis?

Capacity:  Does your organization have the resources to follow-up on all “yes” answers or failures to respond?  (This is a deal breaker for many companies.)

Finally, this analysis should not necessarily be performed on an all-or-nothing basis.  Even if it does not make sense to require all employees to execute certifications – as, in my experience, is frequently the case – there may still reason to do so for managers and others in sensitive positions (e.g., procurement; “control” functions – such as law, finance, human resources and audit; and, in some organizations, sales).

To be continued…



Other People’s Conflicts

Samuel Johnson once famously said of some unfortunate soul, “He is not only dull himself, he is the cause of dullness in others,” and in this posting we’ll examine how companies can avoid the misfortune that sometimes comes from causing conflicts of interests in others.

To start, a brief bit of COI history.

Several years ago an advertising agency lost a highly lucrative account with Wal-Mart and – according to some press accounts at the time – part of the reason for the loss was the agency’s entertaining of a Wal-Mart executive in ways that allegedly caused her to violate that company’s code of conduct. Although the agency presumably violated no law, its loss of future revenue could be seen as costly as some of the largest criminal fines in history.

The case led many companies to add to their codes of conduct a requirement that in providing gifts, entertainment or travel to employees of third parties one must not cause those employees to violate their respective employers’ codes. But is such a provision by itself enough to mitigate risks of this kind?

For any given business organization, addressing this issue should, of course, be driven by an assessment of relevant risk. However, for all organizations it may be useful to consider the range of available C&E measures that can be taken here, and “work backwards” to determine if their respective risks warrant implementing the measure in question.

First, there is the language of the code itself. While at first blush a mandate that employees must not cause a violation seems strong, a preferable approach may be to specify that employees must ensure that they do not cause a violation. The latter sort of requirement (particularly if reinforced the right ways) suggests a higher and more meaningful burden on the employees who deal with third parties.

Second, companies can establish a practice of periodically collecting customers’ and other relevant third parties’ codes and disseminating gifts and entertainment language to at-risk employees and their respective managers. Even if it is not possible to do this for all third parties, the effort can be useful if codes for major customers are obtained.

Third, COI training can emphasize the importance of identifying and following relevant third-party standards. Fourth, companies can deploy “just-in-time” communications to at-risk employees around these issues.

Fifth, for organizations with relatively high risks in this area, managers can be required to monitor for compliance with third-party codes. Sixth, auditors might be tasked with including third-party standards in their audits.

Finally, note that this post deals with the topic of other people’s conflicts only at a very high level. There are many other aspects to this area. Indeed, the whole field of corruption by definition involves “causing conflicts in others,” and many of the largest criminal fines in history (specifically in the FCPA and health care fraud-and-abuse areas) have been precisely about that. The point of this post is to suggest that even without significant corruption risks, all organizations should consider whether they do enough to avoid creating third-party COIs.