Standards and Procedures

Setting meaningful but also feasible standards of conduct can be among the most challenging aspects of COI compliance efforts, as is the related area of COI processes (regarding, e.g., disclosure and approval), both of whch will be explored in the sub-categories to this section of the blog.

Essential ingredients of an effective conflict of interest policy

In today’s edition of the FCPA Blog.

I hope you find it useful.

Conflict-of-interest policies and procedures

My latest column in C&E Professional (3rd page of PDF).

I hope you find it useful.

International Chamber of Commerce publishes conflict of interest guidelines

The International Chamber of Commerce – apparently the world’s largest business organization – recently published Guidelines on Conflicts of Interest in Enterprises. It is available for free download here.

Among other things, the Guidelines provide a useful summary of what should generally be included in a COI compliance policy:

Objective: first, the prevention of Conflicts of Interest, and if nevertheless they do arise, dealing with them, disclosing them and finally mitigating the risks of them arising;

Scope: applicable and binding for all directors, officers, managers, employees, agents and representatives (Associates) of the Enterprise;

Definitions: include clear definitions;

Provisions:

– comply with all applicable laws and regulations in addition to internal regulations of the Enterprise, including privacy laws and policies;

– all decisions and actions by all Associates shall be taken in the best interest of the Enterprise;

– Associates shall not take business opportunities that belong to the Enterprise for themselves;

– Associates shall immediately disclose any Conflicts of Interest;

– Associates shall abstain or withdraw from debating, voting, or other decision-making processes or activities when a Conflict of Interest exists or might arise;

– Senior Management shall lead by example and give guidance on Conflicts of Interest;

– job applicants and newly hired or appointed Associates shall disclose any Conflicts of Interest immediately during the hiring or appointment process;

– every member of Senior Management shall update his/her disclosure on Conflicts of Interest at least annually to the Compliance Officer, or any other person in charge of the Conflict of Interest Policy;

– provision on communication and training on Conflicts of Interest;

– provision explaining where guidance may be obtained in case of questions or concerns; and

– provision on regular reporting of Conflicts of Interest and evaluation of the Policy.

Overall, I agree with these recommendations, but to me the principal value of the Guidelines lies more in the very fact that it exists than the particulars of its various provisions.

That is, perhaps because COIs are so widespread and diffuse (meaning not the subject of a unified legal regime), they often seem to discourage meaningful efforts to mitigate them in the type of programmatic way that one typically sees with anti-bribery and competition law. The Guidelines – issued by an organization with six million members – is an important step in the direction of making such approach a mainstream expectation.

(For more information on the components of a COI compliance program see the various entries and subentries under “Compliance” on the index on the left hand part of this blog – also available here.)

Conflict of interest? Who decides?

Many companies have, of course, escalation provisions for responding to allegations of wrongdoing. But do they need such provisions with respect to routine self disclosures of conflicts of interest?

At least for some companies that allow line managers to approve disclosed conflicts the answer is, in my view, Yes. That is in part because managers may – thanks to the behavioral ethics phenomenon of  “motivated blindness” – be inclined to “go easy” on a particularly valued employee who has disclosed a COI.  Line managers may also fail to appreciate in such situations the danger to the compliance program generally of an overly liberal approach to COIs – particularly to the sense of “organizational justice” at the company.

But what should an escalation provision entail? Here are some possibilities, meaning circumstances where the line manager should be required to enlist the help of HR, Compliance or Legal in addressing a disclosed COI:

– Disclosure is by a relatively high-level person.

– Disclosure is by a person in a controls function.

– Conduct would tend to diminish trust of key stakeholders in the company. (Most important of all the criteria – but also hardest to apply.)

– Conduct involves a relatively high degree of money or other tangible or intangible  interests.

– Resolving disclosed conflict would entail complicated fact finding.

– Resolving conflict would entail interpretation of legal or regulatory mandates.

Finally, and perhaps less obvious than the others, going forward, would the manager be sufficiently aware of the relevant actions of the disclosing employee to help ensure adherence to Company COI standards? In other words, can the manager act like a de facto COI monitor?

Imagine the real

 

An early post on this blog noted that among the more interesting phenomena of behavioral ethics was the impact that knowing or not knowing a party could have on how one treated that party.

A set of circumstances that is relatively likely to lead to an ethical shortfall is where we do not know who will be impacted by a contemplated act.   As described in this paper by Deborah A. Small and George Loewenstein,  in one study “subjects were more willing to compensate others who lost money when the losers had already been determined than when they were about to be” and in another “people contributed more to a charity when their contributions would benefit a family that had already been selected from a list than when told that the family would be selected from the same list.”   Beyond their direct application to the area of charitable giving, these findings may be relevant to a broader range of ethics issues, and, for instance, could help explain the relative ease with which so many individuals engage in offenses where the victims are not identifiable.  

One example of this is insider trading – a crime which, although widely known to be wrong, seems utterly pervasive (based, among other things, on the extent of trading in securities right before public disclosure of market moving events).  A behavioral ethics perspective suggests that (at least part of) the reason for this “inner controls” failure is that the victims of insider trading are essentially anonymous market participants. 

Another offense of this sort is government contracting fraud (where the victims tend to be everyone),  and indeed Ben Franklin famously described the risks of an ethics shortfall here as well as anyone could: “There is no kind of dishonesty into which otherwise good people more easily and more frequently fall than that of defrauding the government.”   Understanding why “otherwise good people” do bad things is much of what behavioral ethics is about.

But what about COIs? The picture there is mixed, as some COIs do involve identifiable victims – such as the job applicant who does not get hired because the position was filled by the boss’s son. Similarly, an organization might suffer identifiable harm when its procurement process is corrupted by a COI – e.g., paying too much or getting too little.

However, with other sorts of COIs the harm is less apparent. It is the damage to trust in key relationships.

For this reason, organizations might consider including the following question in their COI resolution protocols: “How likely would it be at that the COI would diminish the trust that stakeholders (shareholders, employees, customers, business partners, suppliers or regulators) would have in the Company or otherwise adversely impact the Company’s reputation?”

Of course, this thought experiment works only if you truly try to put yourself in the shoes of one of these parties. Or, to use the memorable words (albeit from  another setting) of philosopher Martin Buber: “Imagine the real.”

Frequently asked questions about conflicts of interest

An earlier post  explored the various contexts – such as board meetings, hiring interviews, employee engagement surveys, training, compliance audits and exit interviews – where asking the right question can help promote C&E at a business organization. To this list should be added frequently added questions documents (“FAQs”).

FAQs are used with some frequency to supplement codes of conduct and policy statements. They can provide a greater level of information than is feasible in a traditional policy statement – because they are generally easier to read than the latter.

FAQs can be particularly useful in promoting COI-related compliance measures. That is because the issues raised in the COI realm tend to be more personal than are other types of C&E issues and so employees might welcome a chance to have their questions answered in this way rather than through actual contact with someone in their organization – at least as an initial matter.

Those seeking a model for drafting a COI FAQ, should take a look at what Walmart has done in this area – which can be found here. It is a very comprehensive document, covering in some detail what are presumably all the major COI risk areas for the company (financial interests, gifts and entertainment, outside employment, personal relationships with other associates, personal relationships with suppliers, protecting personal and business information and information sharing). For each, the document recites the relevant company policy and follows that with one or more questions and answers. (E.g., the Outside Employment section asks and answers questions about working for a competitor, operating a side business and working for a supplier.)

The Walmart FAQ document also does a good job in explaining the reasons for the company’s position on the issues raised in the questions. For instance: I supervise an associate who does odd jobs on the side. I would like to hire the associate to do some work at my home. Is this okay? As a manager with direct reports, it’s important to remain objective regarding your associate’s work. This situation requires a manager to think through all of the potential issues and use good judgment. This particular situation could potentially create a real or perceived conflict of interest since the work done for you at home may appear to influence how you view your direct report at work. If you hire someone you supervise to do work on your home, the boundaries between work and personal life may become blurry and difficult to manage. For instance, if you are not pleased with the outcome of the work, it could impact your perception of the associate. It may also appear to others that you are more lenient on that associate’s performance at work since the associate is doing work for you at your home. Finally, the associate may not want to do personal work for their manager for these same reasons, but may feel obligated to do so.

Of course, not every C&E program needs an FAQ – for COIs or any other risk areas. Those that do tend to be large and have relatively complex compliance profiles. And in considering whether to go this route companies should consider the total mix of relevant information about the risk area in question (i.e., not just what is in the code and policy document, but also the treatment of the risk area in training and other communications). As with any part of a C&E program, one has to be mindful of the dangers here of doing too much as too little.

A core value for our behavioral age

Groucho Marx famously said: “Those are my principles, and if you don’t like them… well, I have others.” When it comes to companies committing to follow key principles to guide their behavior – what are often called “core values” – there is clearly no shortage of options. Indeed, this posting on the Threads web site offers 500 ideas for those in the market for values.

One value that I see occasionally (but not frequently) selected for “core” status is humility. Kellogg, for instance, includes humility among several other core values.  Humility is not principally about ethics – Kellogg embraces an integrity value too (as is the case with a large number of companies). But I do see humility as having an important role to play in promoting compliance and ethics in business organizations, in several ways.

First, humility is a logical and arguably inevitable response to the vast body of behavioral ethics research showing “we are not as ethical as we think.”  Thinking and acting with humility is indeed a way of operationalizing behavioral ethics. (For a list of behavioral ethics and compliance posts click here. Also, please see this recent article in the NY Times on behavioral ethics and the notion of “servant leadership.”)

Second, humility is well suited for addressing ethical challenges that are based not on the purposeful failure to be honest but on the less well-appreciated dangers of being careless. (For a post on that click here.) Recognizing the limits of one’s abilities – which is part of being humble –  should help underscore the need for carefulness.

Finally, humility has the potential to resonate deeply in our political, as well as business, culture. By this I mean humility can help form part of a broader mutually supporting relationship between business ethics and what might be called societal ethics of the sort described in other posts.

From a professional viewpoint the benefits to the business side are of most immediate interest to me, but as a citizen (hopefully in the broad sense) I know that the societal dimension is of greater importance. So, let me close by quoting what is one of the best (albeit largely forgotten) expressions of humility’s role in societal ethics, which  can be found in Learned Hand’s “Spirit of Liberty” speech: “The spirit of liberty is the spirit that is not too sure that it is right [and] which seeks to understand the minds of other men and women…”  Delivered in 1944 – when the US and other democracies were engaged in a truly existential battle for survival – these words have never been more compelling than they are today.

Domestic bribery and code of conduct waivers

It was – at least according to this Blog – the most interesting COI story of 2015 (as of February of that year): the head of the New York/New Jersey Port Authority (the PA)  – David Samson – had persuaded United Airlines to reinstate a money-losing route that was convenient for his personal use in return for his giving them favorable treatment on certain PA matters. But what has happened since? And what can C&E professionals learn from it?

In July of 2016, Samson “pleaded guilty to one charge of bribery for accepting a benefit of more than $5,000 from” the airline. “At the same time, United–which was not criminally charged–agreed to pay a fine of $2.25 million and pledged to institute ‘substantial reforms’ to its compliance program.”  And earlier this month the airline settled related charges with the Securities and Exchange Commission.

Above all, that settlement – which involved violations of the FCPA’s books-and-records and internal accounting controls provisions – is a reminder that an effective anti-corruption compliance program must be addressed to domestic  bribery, as well as the foreign kind. In that regard, it is worth remembering that the US is not at or near the top of the Transparency International Corruption Perception Index: it is tied for 16th. And for certain parts of the country – including New Jersey, where Samson worked (and I live) – the picture is worse.

Yet, in my experience some companies don’t address domestic bribery risks with the same rigor that they do foreign ones – even those involving “cleaner” countries than the US.  So, this settlement may be a useful opportunity for companies to consider whether their anti-corruption policies and procedures – including risk assessment – are sufficient to address domestic bribery.

Less significant but perhaps more interesting to C&E practitioners is the SEC’s discussion of the issue of code of conduct waiver – and specifically the failure to get a waiver of the code’s gift provision in connection with the reinstatement of the unprofitable route. The SEC noted that a companion document to the code had provided that: “exceptions would be granted only in accordance with the following procedure: Generally, requests for exceptions must be submitted in writing to the Director – Ethics and Compliance Program.  Approvals for an exception will also be in writing and must be obtained in advance of the action requiring the exception.”  Yet “no one at United sought a waiver of United’s Code of Business Conduct prior to initiating the … Route for Samson’s personal benefit. Nor did anyone at United seek or obtain an exception to Continental’s Ethics and Compliance Guidelines [which was still in effect following the merger of the two carriers]  prior to initiating the … Route. As a result, no written record reflecting the authorization for the … Route was prepared or maintained, as required by United’s Policies.”

Code of conduct waiver-related requirements are based on, among other things,  rules of the New York Stock Exchange and SEC . They derive,, to some extent, from the Enron case.  Yet in recent years I’ve heard very little about them. That may be because the NYSE and SEC standards apply to a narrow band of senior officials at public companies. Yet waiver requirements can go beyond this, as United’s ostensibly did.

So, is there any takeaway for C&E professionals from this aspect of the United case? One idea would be to include questions about waivers in audit interviews – which might pick up information that a question about violations might miss. A second is to include a discussion of waivers in training boards and senior executives – who may have at one point known the Enron-related origins of the waiver provision requirement but have likely forgotten this piece of C&E history.

Finally, for those revising their codes of conduct, one might consider requiring that waivers be granted only upon a clear showing that doing so would be in the best interests of the Company – and that all meaningful circumstances surrounding a waiver be documented in a complete and accurate way. Indeed, given that the SEC has taken the occasion of the United case to speak about code waivers, this is an area where companies should take a moment to make sure they are doing everything right.

  • 3 years ago
  • Comments Off on Domestic bribery and code of conduct waivers

A code of conduct for Caesar’s wife

“Follow the money” is as good a rule as any for an assessment of compliance risk, and this is surely true for conflicts of interest.   In many companies that trail leads to procurement – and often to the understanding that those involved in buying goods and services for a company on a day-to-day basis must be above any suspicion.

Increasingly (at least from what I can see) procurement activity is being centralized in enterprise-wide procurement functions.  Much of the impetus for this has nothing to do with conflicts of interest – but, rather, arises from a need to bring more professionalism to procurement and to get the benefit of buying in large quantities, among other things. However, centralization is also a plus from a COI prevention perspective, as it is easier to monitor and otherwise mitigate COI risks in a small group than in the much larger general employee population.

Such C&E measures sometimes include having a specific (and typically very short) code of conduct for the procurement department (in addition to the general code). Among the types of COI issues that could be covered are those relating to gifts, entertainment, travel and donations – meaning these codes can have more restrictive rules about such activities  for procurement staff than for the rest of the employee population. Other types of COIs are typically addressed in these codes as well (e.g., having an ownership interest in or receiving other income from a supplier).

Of course, procurement codes should cover issues beyond  those in the COI area. Confidential information (meaning that of suppliers) is one such topic.  Another is antitrust, with a focus on the oft-neglected buy side.

Reviewing such a code should be part of the on-boarding process for new procurement employees.  As well, periodic training on its key provisions should be provided.  And, one should consider certifications by procurement employees too.

I should emphasize that not every company needs a code like this. However, in my view there are many companies that don’t but should consider developing one.

Finally, there is more to a “Caesar’s wife” approach to compliance for procurement than a code, training and certification. Companies should also be alert to “point-of-risk” compliance opportunities (a concept explored in a recent post). For instance, when a procurement department member  leaves a company to go work for a supplier and has knowledge of pricing and other sensitive information of other suppliers (meaning her new employer’s competitors) the exiting process should include  a reminder of the continuing obligation to keep information of this sort confidential.  And, somewhat more drastically, for higher risk business lines or geographies, rotating procurement assignments may be what it takes to be truly above suspicion.

 

Tending to personal matters on company time

Last week the Institute of Business Ethics published its 2015 Ethics at Work survey of employees in the UK and Western Europe, available for free download here.  One of the findings was that “employees tend to be more lenient towards conducting personal activities during work hours, than other practices.”

For instance, in Western Europe (France, Germany, Italy and Spain), more than 90% of respondents found it unacceptable to pretend to be sick to take the  day off,  charge personal entertainment to their employer or engage in “minor fiddling of travel expenses.” Eighty-five percent thought it was not okay to “use company petrol for personal mileage” and 76% said the same of “favoring family or friends when recruiting or awarding contracts.” However, only 59% had such a view of using the internet for personal use during work hours and only 52% said that it was wrong for employees to make personal calls from work.

Frankly, I’m surprised that the disapproval percentages for the last two questions were as high as they were.  To the extent that respondents could tell (from instruction, context or otherwise) that they were part of an ethics survey perhaps that – based on the notion of “framing” –  played a role in the results. But regardless of this methodological quibble, the authors’ conclusions about employees’ views of personal use of company time and resources are almost surely sound.

In this connection, they note that the fairly widespread acceptability of “using the internet during hours is perhaps indicative of the way in which lines between work and home have increasingly become blurred over the past few years, as the 21st Century business landscape becomes increasingly mobile and flexible and less reliant on employees being physically present in the office.” This makes sense to me, and I think that a successful conflicts of interest/use of company  resources regime is one that accepts these (and other similar) modern realities.

That is, for many employees (particularly those with young children), a total bar on using phone or intranet for personal purposes is simply impractical, and thus cannot be a true ethical issue – as there is effectively no choice involved. The same is obviously not true with respect to fudging expenses or faking sick days.

The alternative, harsher view would be that embodied in a classic episode of the TV series The Office (the US one), concerning (among other things) a “time theft” policy applicable to the company – under which even a four-second yawn is seen as a transgression.  Besides being impractical and unfair, branding reasonable use of company time/facilities as morally wrong could actually lead to other, more worrisome wrongdoing – by making reasonable uses the first step on a “slippery slope,” as described here.

On the other hand, reasonable personal use really should be limited to uses that a) are truly personal, and do not further other business  interests; and b) cannot harm the company by subjecting its tangible or intangible property or other interests to risk. For instance, many years ago a client of mine learned that an employee was using company phones to run an “escort service.”  Although he apparently did so only during his lunch hour, the reputational harm to the company was clear enough to justify firing him.

Finally, and in a somewhat related vein, you might find of interest this prior post on the connections between ethical standards at work and those in our home lives.