Policies and Procedures

In addition to code provisions, some companies have stand-alone COI policy documents, with more detailed standards and procedures. When does it make sense for a business organization to have such a policy, and what standards and procedures should be in a document of this kind?

Conflict of interest? Who decides?

Many companies have, of course, escalation provisions for responding to allegations of wrongdoing. But do they need such provisions with respect to routine self disclosures of conflicts of interest?

At least for some companies that allow line managers to approve disclosed conflicts the answer is, in my view, Yes. That is in part because managers may – thanks to the behavioral ethics phenomenon of  “motivated blindness” – be inclined to “go easy” on a particularly valued employee who has disclosed a COI.  Line managers may also fail to appreciate in such situations the danger to the compliance program generally of an overly liberal approach to COIs – particularly to the sense of “organizational justice” at the company.

But what should an escalation provision entail? Here are some possibilities, meaning circumstances where the line manager should be required to enlist the help of HR, Compliance or Legal in addressing a disclosed COI:

– Disclosure is by a relatively high-level person.

– Disclosure is by a person in a controls function.

– Conduct would tend to diminish trust of key stakeholders in the company. (Most important of all the criteria – but also hardest to apply.)

– Conduct involves a relatively high degree of money or other tangible or intangible  interests.

– Resolving disclosed conflict would entail complicated fact finding.

– Resolving conflict would entail interpretation of legal or regulatory mandates.

Finally, and perhaps less obvious than the others, going forward, would the manager be sufficiently aware of the relevant actions of the disclosing employee to help ensure adherence to Company COI standards? In other words, can the manager act like a de facto COI monitor?

Imagine the real

 

An early post on this blog noted that among the more interesting phenomena of behavioral ethics was the impact that knowing or not knowing a party could have on how one treated that party.

A set of circumstances that is relatively likely to lead to an ethical shortfall is where we do not know who will be impacted by a contemplated act.   As described in this paper by Deborah A. Small and George Loewenstein,  in one study “subjects were more willing to compensate others who lost money when the losers had already been determined than when they were about to be” and in another “people contributed more to a charity when their contributions would benefit a family that had already been selected from a list than when told that the family would be selected from the same list.”   Beyond their direct application to the area of charitable giving, these findings may be relevant to a broader range of ethics issues, and, for instance, could help explain the relative ease with which so many individuals engage in offenses where the victims are not identifiable.  

One example of this is insider trading – a crime which, although widely known to be wrong, seems utterly pervasive (based, among other things, on the extent of trading in securities right before public disclosure of market moving events).  A behavioral ethics perspective suggests that (at least part of) the reason for this “inner controls” failure is that the victims of insider trading are essentially anonymous market participants. 

Another offense of this sort is government contracting fraud (where the victims tend to be everyone),  and indeed Ben Franklin famously described the risks of an ethics shortfall here as well as anyone could: “There is no kind of dishonesty into which otherwise good people more easily and more frequently fall than that of defrauding the government.”   Understanding why “otherwise good people” do bad things is much of what behavioral ethics is about.

But what about COIs? The picture there is mixed, as some COIs do involve identifiable victims – such as the job applicant who does not get hired because the position was filled by the boss’s son. Similarly, an organization might suffer identifiable harm when its procurement process is corrupted by a COI – e.g., paying too much or getting too little.

However, with other sorts of COIs the harm is less apparent. It is the damage to trust in key relationships.

For this reason, organizations might consider including the following question in their COI resolution protocols: “How likely would it be at that the COI would diminish the trust that stakeholders (shareholders, employees, customers, business partners, suppliers or regulators) would have in the Company or otherwise adversely impact the Company’s reputation?”

Of course, this thought experiment works only if you truly try to put yourself in the shoes of one of these parties. Or, to use the memorable words (albeit from  another setting) of philosopher Martin Buber: “Imagine the real.”

Frequently asked questions about conflicts of interest

An earlier post  explored the various contexts – such as board meetings, hiring interviews, employee engagement surveys, training, compliance audits and exit interviews – where asking the right question can help promote C&E at a business organization. To this list should be added frequently added questions documents (“FAQs”).

FAQs are used with some frequency to supplement codes of conduct and policy statements. They can provide a greater level of information than is feasible in a traditional policy statement – because they are generally easier to read than the latter.

FAQs can be particularly useful in promoting COI-related compliance measures. That is because the issues raised in the COI realm tend to be more personal than are other types of C&E issues and so employees might welcome a chance to have their questions answered in this way rather than through actual contact with someone in their organization – at least as an initial matter.

Those seeking a model for drafting a COI FAQ, should take a look at what Walmart has done in this area – which can be found here. It is a very comprehensive document, covering in some detail what are presumably all the major COI risk areas for the company (financial interests, gifts and entertainment, outside employment, personal relationships with other associates, personal relationships with suppliers, protecting personal and business information and information sharing). For each, the document recites the relevant company policy and follows that with one or more questions and answers. (E.g., the Outside Employment section asks and answers questions about working for a competitor, operating a side business and working for a supplier.)

The Walmart FAQ document also does a good job in explaining the reasons for the company’s position on the issues raised in the questions. For instance: I supervise an associate who does odd jobs on the side. I would like to hire the associate to do some work at my home. Is this okay? As a manager with direct reports, it’s important to remain objective regarding your associate’s work. This situation requires a manager to think through all of the potential issues and use good judgment. This particular situation could potentially create a real or perceived conflict of interest since the work done for you at home may appear to influence how you view your direct report at work. If you hire someone you supervise to do work on your home, the boundaries between work and personal life may become blurry and difficult to manage. For instance, if you are not pleased with the outcome of the work, it could impact your perception of the associate. It may also appear to others that you are more lenient on that associate’s performance at work since the associate is doing work for you at your home. Finally, the associate may not want to do personal work for their manager for these same reasons, but may feel obligated to do so.

Of course, not every C&E program needs an FAQ – for COIs or any other risk areas. Those that do tend to be large and have relatively complex compliance profiles. And in considering whether to go this route companies should consider the total mix of relevant information about the risk area in question (i.e., not just what is in the code and policy document, but also the treatment of the risk area in training and other communications). As with any part of a C&E program, one has to be mindful of the dangers here of doing too much as too little.

A code of conduct for Caesar’s wife

“Follow the money” is as good a rule as any for an assessment of compliance risk, and this is surely true for conflicts of interest.   In many companies that trail leads to procurement – and often to the understanding that those involved in buying goods and services for a company on a day-to-day basis must be above any suspicion.

Increasingly (at least from what I can see) procurement activity is being centralized in enterprise-wide procurement functions.  Much of the impetus for this has nothing to do with conflicts of interest – but, rather, arises from a need to bring more professionalism to procurement and to get the benefit of buying in large quantities, among other things. However, centralization is also a plus from a COI prevention perspective, as it is easier to monitor and otherwise mitigate COI risks in a small group than in the much larger general employee population.

Such C&E measures sometimes include having a specific (and typically very short) code of conduct for the procurement department (in addition to the general code). Among the types of COI issues that could be covered are those relating to gifts, entertainment, travel and donations – meaning these codes can have more restrictive rules about such activities  for procurement staff than for the rest of the employee population. Other types of COIs are typically addressed in these codes as well (e.g., having an ownership interest in or receiving other income from a supplier).

Of course, procurement codes should cover issues beyond  those in the COI area. Confidential information (meaning that of suppliers) is one such topic.  Another is antitrust, with a focus on the oft-neglected buy side.

Reviewing such a code should be part of the on-boarding process for new procurement employees.  As well, periodic training on its key provisions should be provided.  And, one should consider certifications by procurement employees too.

I should emphasize that not every company needs a code like this. However, in my view there are many companies that don’t but should consider developing one.

Finally, there is more to a “Caesar’s wife” approach to compliance for procurement than a code, training and certification. Companies should also be alert to “point-of-risk” compliance opportunities (a concept explored in a recent post). For instance, when a procurement department member  leaves a company to go work for a supplier and has knowledge of pricing and other sensitive information of other suppliers (meaning her new employer’s competitors) the exiting process should include  a reminder of the continuing obligation to keep information of this sort confidential.  And, somewhat more drastically, for higher risk business lines or geographies, rotating procurement assignments may be what it takes to be truly above suspicion.

 

Are conflicts of interest policies a violation of labor law?

In recent years, an unfortunate – in my view – line of decisions and reports has been issued by the U.S. National Labor Relations Board (“the NLRB”) holding that various aspects of company policies violate the National Labor Relations Act (“the Act”).  For those looking to learn more about this area generally, a good place to start is with this article by Joe Murphy in a recent issue of Compliance & Ethics Professional.  Of particular concern to readers of the COI Blog might be a decision handed down by the NLRB  in June – in Remington Lodging & Hospitality, LLC d/b/a The Sheraton Anchorage – finding that a generic conflict of interest policy in an employer’s handbook was unlawful under the Act.  The case can be found here, but – given the procedural history involved – readers may wish instead to review this summary of it published by attorneys at the Arent Fox law firm.

The case may be seen as an instance of bad facts making bad law, as the respondent company had asserted that certain employees had violated its COI policy by engaging in what were clearly protected activities under the Act (presenting a boycott petition to management).  Based on this, all three members of the NLRB panel hearing the case found that the company had engaged in an unfair labor practice.

However, two of the panel members also found that the COI policy was unlawful on its face. As noted in the Arent Fox summary, the majority found that “employees would reasonably interpret the rule prohibiting them from having a ‘conflict of interest’ with the Respondent as encompassing activities protected by the Act. Particularly when viewed in the context of the Respondent’s other unlawfully overbroad rules, ‘employees would reasonably fear that the rule prohibits any conduct the Respondent may consider to be detrimental to its image or reputation or to present a ‘conflict’ with its interests, such as informational picketing, strikes, or other economic pressure.’”

The third member of the panel – while agreeing “with the majority that the Respondent violated …the Act when it applied the rule against conflicts of interest to restrict employees’ [protected] activity…. disagreed with the majority’s additional finding that the rule against conflicts of interest was unlawful on its face. ‘Employers have a legitimate interest in preventing employees from maintaining a conflict of interest, whether they compete directly against the employer, exploit sensitive employer information for personal gain, or have a fiduciary interest that runs counter to the employer’s enterprise.’ Therefore, he wrote ‘I do not agree with my colleagues’ conclusion that employees would reasonably understand the conflict-of-interest rule as one that extends to employees’ efforts to unionize or improve their terms or conditions of employment.’ In his view, ‘the rule, on its face, does not reasonably suggest that efforts to unionize or improve terms and conditions of employment are prohibited.’ He also noted that the challenged rule was immediately adjacent to a rule in Respondent’s handbook stating: ‘I understand that it is against company policy to have an economic, social or family relationship with someone that I supervise or who supervises me and I agree to report such relationships.’ He claimed that this context ‘bolsters my conclusion that the Respondent’s rule merely conveys a prohibition on truly disabling conflicts and not a restriction on activities protected by the Act.’”

I wholeheartedly agree with this concurrence (and the authors of the Arent Fox piece) and add that in my 25 years of creating, enhancing and assessing C&E programs I have seen zero indication (until this case) that generic COI provisions are likely to be interpreted as limiting activities protected by labor law. Murphy’s general analysis of the NLRB’s approach to C&E policies applies with particular force to this recent decision: “what the NLRB has done here is venture into the field of Compliance and Ethics without close consultation with those in the field and without sufficient regard for the important public policy behind compliance and ethics programs.”

Beyond this, the underlying assumption of the decision is that the efforts of working people to act through labor unions are in fact disloyal to such individuals’ employers.  While ostensibly a “pro-labor” holding, the implication here is potentially anti-labor.

One hopes that this will be fixed before too long – by the NLRB itself, or some court.

 

Does your company need a stand-alone conflicts of interest policy?

Last month, Pro Publica published an extensive report regarding a dispute on whether Goldman Sachs should be sanctioned by the Federal Reserve for failing to have a firm-wide policy on conflicts of interest.  An examiner for the Fed had argued in favor of such an action but the firm contended – successfully – that the COI provision in the company code of conduct coupled with COI policies for various of its divisions was good enough.

At least for C&E aficionados, the story is an interesting one (and the issue, in my view, a close call), particularly given Goldman Sachs’ recent COI history.  (See this post and this one.)   But for readers of this blog the piece may be most useful as an occasion to ask: Does my company have the COI policy that it needs?

To begin, a great many businesses don’t need a stand-alone COI policy. For many what’s in the code of conduct is policy enough. But there are, in my view, quite a few companies that should have stand-alone policies but don’t.

Five things to ask in a COI policy needs assessment

Certainly where companies have client relationships that could give rise to COIs there is a good reason to have a stand-alone policy, as such businesses generally face a greater array of COI risks than do others. Such risks tend to warrant a fuller discussion of COI standards and mitigation than can fit into a code of conduct. Put otherwise., companies that have relationships of trust with clients tend to have higher COI risks – both in terms of likelihood and impact – than do other sorts of businesses, and that should be reflected in how formal and extensive the related mitigation should be.

But other types of organizations should  consider drafting stand-alone policies too, at least if they:

– Have had more than their share of COIs in recent years, as a stand-alone policy can help signal to key constituencies resolve in dealing appropriately with COIs.

– Face more diverse, complex, non-obvious or culturally challenging COI possibilities than the average company has.  The more there is to say about different sorts of COI risks, the greater the need for a stand-alone policy, as there simply won’t be enough room in the code to do justice to all pertinent issues.

– Have significant COI-related process needs – in such areas as disclosure, management and auditing. Here too the code may not offer enough space to deal with the company’s requirements.

– Face heightened COI expectations for other reasons (e.g., non-profits, or other organizations that could be held to a “Caesar’s wife” standard of ethicality).

And don’t forget organizational justice

Even companies that don’t fit into any of the above categories should consider developing a stand-alone COI policy as a means of promoting “organizational justice.” As noted in this earlier post: “The special harm that COIs can cause to organizational justice arises from their frequently personal nature: because COIs often involve a personal benefit to an individual employee that is denied to others, the latter (i.e., rule abiding employees) can feel personally harmed (from a relative perspective) by the COI in a way that they would not feel, for example, with an antitrust offense or violation of export regulations.” Implementing a stand-alone COI policy can thus, in my view, help elevate the confidence employees have in the overall ethicality of their companies. Of course, to do so the policy must be sufficiently promoted and enforced.  But being successful here could have a ripple effect – by enhancing trust that management is committed to doing the right thing generally, which can be utterly vital to compliance and ethics program efficacy.

Note that while this consideration presumably applies to all companies, it does not mean that all companies need stand-alone COI policies.  But it is a factor that all companies should weigh in determining whether to implement such a policy.

Drafting a policy

If one does opt to create a stand-alone COI policy there are obviously lots of choices to be made in determining the content of the policy, and the links below to prior posts in the COI Blog might be useful in that regard.

To start, you might see this overview,  which includes links to several leading companies’ policies (that could be helpful samples from a form – as well as substance – perspective).

Regarding the key question of what COIs to address in the policy, a fairly comprehensive list is included in this post about certifications (the content of which is equally applicable to policies).

Here are some more specific discussions:

–  G&E generally  and gifts between employees.

Supervising family members in the workplace.

Moonlighting.

– Serving on another company’s board.

Next, regarding standards for allowing COIs to continue and related process issues, see this post and this one.

Finally, note that within the above posts there are links to many other posts and resources that might be useful in drafting or revising a COI policy.

Strong ethics medicine: best practice COI policies for academic medical centers

In the universe of conflicts of interest, perhaps none are more significant – and worthy of study…. and action – than are those  involving doctors and health care industry (e.g., pharma, medical devices) companies.

On the one hand,  these types of conflicts are widely recognized to be very damaging.  Indeed, when I last compiled my largest  federal corporate criminal  fine list, three of the top four  cases of all time involved such COIs (though with a new entrant  to be added to this list  –   the SAC insider trading case – one should now say three of the top five).  On the other hand, this is one of the few areas where there is actually research to show that  good policies can in fact mitigate conflicts – as described in this earlier post

But that raises the question: what constitutes a best practice policy?

A new and useful resource in that regard is  this recently published article from Compliance Today by friend of the COI Blog Bill Sacks of HCCS,  which is based on a study issued by the Pew Charitable Trust late last year on best practice COI policies for academic medical centers. While most readers of this blog (to my knowledge) do not work in the health care area, C&E practitioners of all types (or others who are COI aficionados) might be interested in this case study of what strong COI-related mitigation can look like, and find useful ideas in it for dealing with COIs in their own respective fields.

Supervising spouses and other family members in the workplace

A story earlier this week in the NY Daily News  reported:  “The doctor picked by [NYC] Mayor de Blasio to run the municipal hospital system was slapped with a conflict-of-interest ruling after his wife went to work for the hospital he was overseeing. The city Conflicts of Interest Board issued its ruling against [the doctor] in 2008, but allowed the arrangement to continue as long as [he] avoided matters involving his wife…”  The particulars of the case are not especially interesting, but it did serve to remind me that in the more than two years of its existence the COI Blog has yet to cover the often important issue of supervising family members at work.

But first a disclosure: my parents met in a workplace (the newsroom of the Minneapolis Tribune, in the 1940’s), where my father (then a night city editor) supervised my mother (then a police reporter) and, but for the personal relationship they formed there, I literally would not exist.  So, I have what could be called an existential bias on this issue.  On the other hand, at least judging by the classic film about journalists about that era – His Girl Friday – maybe workplace relationships weren’t  prominent on the ethical radar in the industry then, so perhaps I’ve over-disclosed (which comes with writing a COI blog, and for which my mother will hopefully forgive me).

But in the contemporary world, conflict-of-interest issues involving supervision of family members in the workplace can be among the most sensitive that a C&E officer ever faces.  Often one (and sometimes both) of the individuals involved is at a high level within the corporate hierarchy, making the issue as inviting to approach as a field of landmines.  Moreover, because of the strong loyalty instincts that people tend to have about their families, allegations about conflicts of this sort often trigger strong defensive reactions – as discussed in this earlier post  (which should be read mainly  for the immortal story about the late Mayor Daley’s saying – with respect to his having the city of Chicago do business with one of his children:  “If I can’t help my sons, then [my critics] can kiss my ass.”)

On the other hand, other employees may feel deeply resentful of those involved – particularly where the relatives in question are seen (rightly or wrongly) as receiving favored treatment and benefiting from job-related opportunities that otherwise might have gone to such other employees.  The others could also feel stifled in how they do their work.  For instance,  many employees might  be  uncomfortable criticizing a favorite business idea that the spouse of a senior executive has – even if they  think it is no good. Unlike most other COIs, those involving family members on the job tend to be very visible  – and grating, possible even on an everyday basis.

Not surprisingly,  many companies’ COI policies address the issue of supervision of family members.  A somewhat typical policy of this sort is the following from Tower Bank: “The potential for conflict of interest clearly exists if your spouse, partner or immediate family member also works at the Company and is in a direct reporting relationship with you. Officers or employees should not directly supervise, report to, or be in a position to influence the hiring, work assignments or evaluations of someone with whom they have a romantic or familial relationship.”

Of course, a direct reporting relationship between spouses is widely seen as being problematic – and that part of the rule should be easy to apply.  But the “being in a position to influence” part of the rule is much broader, and presumably anyone higher up in a reporting chain is in such a position regardless of how many layers there are in between.

Still, the more layers there are, the more checks against abuse exist – even if they are not strong checks (since they rely on subordinates in preventing and detecting conflicts by their workplace supervisors).  One company that relies explicitly on the number of such layers is United Technologies, whose policy asks the question, “[i]s it a Code of Ethics violation for my spouse and myself to work in the same department at our UTC Division?” and provides this answer: “In most instances this would not be a problem as long as neither employee reported to the other. A sufficient number of reporting levels (at least three) between supervisor and family member must exist to preclude conflict of interest issues.” While not a cure-all, this seems like a strong approach to me.

A final point: given the nature of this particular type of conflict the concern is often less actual COIs than apparent ones.  For this reason, effective mitigation must address the issue of what will employees think about a proposed solution to such a COI – including the broader question of whether such a solution will undermine the workforce’s view of management’s commitment to ethics in general.   More on apparent COIs can be found here, but the bottom line is that this is among the most difficult types of COI to mitigate.

What counts as a conflict of interest policy?

Conflict of interest policies were in the news last week.   The first story comes from the world of medical schools. As described in a recent issue of Science Codex, “U.S. medical schools have made significant progress to strengthen their management of clinical conflicts of interest (CCOI), but a new study demonstrates that most schools still lag behind national standards. The Institute on Medicine as a Profession …study, which compared changes in schools’ policies in a dozen areas from 2008 to 2011, reveals that institutions are racing from the bottom to the middle, not to the top. In 2011, nearly two-thirds of medical schools still lacked policies to limit ties to industry in at least one area explored, including gifts, meals, drug samples, and payments for travel, consulting, and speaking. Only 16% met national standards in at least half of the areas, and no school met all the standards.”  This finding is unfortunate because –as discussed in an earlier posting – COI policies in medical schools have been shown by research to be effective in actually reducing COIs.

A different type of COI policy story concerned a whistleblower lawsuit brought by a “former senior bank examiner for the Federal Reserve Bank of New York [against] her ex-employer, which claim[ed] she was fired because she refused to change her findings that Goldman Sachs Group Inc. … lacked a firm-wide conflict-of-interest policy.”  As best I can tell from the various pieces about the case, the examiner felt that although the firm had divisional COI policies and a COI section in its code of conduct it was deficient in that it lacked a stand-alone, firm-wide document in policy form addressing COIs of the sort that was evidently common in other investment banks.    Of course, as with any lawsuit, we will learn more here as the case  progresses.  But the initial complaint alone does raise what is for the COI Blog an interesting question: what exactly counts as a COI policy?

The answer here will depend on the context.   For many (indeed most) organizations a code of conduct provision on COIs is policy enough.  Indeed, as can be seen from some of the links in this earlier post, COI provisions of a code can be as detailed as those in a stand-alone policy.

But for large, complex organizations – and particularly those with complex COI issues, as an investment bank likely has and Goldman Sachs clearly has had (see posts here and here) – a stand-alone, firm-wide policy seems like a good idea, as a way of ensuring sufficient attention is devoted to the area and that standards are applied thoroughly and consistently throughout the organization.   And, it is hard to see what the argument against having such a policy would be.

This is not to suggest that I think that there is merit to the whistleblower’s claim or that the firm was deficient in this respect.  Rather, as with most news-related posts on this blog, I’m only using the story of the day to make a more general point about COIs.

“Those are my principles, and if you don’t like them… well, I have others,…”

So famously said frequent contributor to this blog, Groucho Marx.  Well, we know that’s not right, but should we go all the way in the opposite direction, and agree with Einstein that “Relativity applies to physics, not ethics”?  At least when it comes to COIs the answer is a clear Sometimes (or Maybe).

Certainly the underlying principle of being faithful to those to whom one owes a duty of trust seems to leave no room for compromise. But in practice it often is not that simple, given that loyalties can… conflict. For instance, and as described in guest posts from Lori Tansey Martens, in some societies  there are sound ethical underpinnings for approaches to hiring that in the West would be considered unacceptable nepotism. More generally, what could be considered a relativist approach to COIs is embodied in the law – specifically the Securities and Exchange Commission’s rules regarding codes of conduct for senior financial executives and CEOs of public companies.  That is, rather than banning COIs outright for individuals in such positions, codes must provide for “the ethical handling of actual or apparent conflicts of interest between personal and professional relationships… .”   Finally, as we have explored in other posts, there are indeed a variety of circumstances where COIs are not in fact ethically worrisome. Still, public companies seeking to meet the Sarbanes COI code requirement and other organizations seeking to handle COIs ethically can’t rely on a Marxist (referring to Groucho) approach to this area.

One step that can be helpful in this regard is to write into the company’s relevant compliance documentation (such as an ethics committee charter) words to the effect that, “Conflicts of interest will be permitted only upon clearing showing that doing so is in the best interest of the organization.” The idea is to erect a high standard for decisions of this type – so that a close call means no go.  (Note that this should be an easy thing to do in most businesses  – but, in my experience, relatively few organizations have done it.)

Another step is to structure decision making regarding conflicts so that there is “strength in numbers” and taking other measures discussed in this post.   Building up a solid infrastructure for  dealing with COIs may help not only to ensure that COIs are handled ethically, but can deter some of them from arising in the first instance.