In this section of the blog we will examine both live and web-based COI training for employees, as well non-training communications (e.g., COI sections of intranet sites, holiday letters to vendors).

“Point-of-risk” compliance

Marketers have long known that “point-of-sale” display of products can be a powerful advertising tool.  But can its logic be put to work for promoting compliance and ethics?

I was recently asked by a client to fill out a vendor information form and noticed that in addition to seeking information from vendors the form required the employee proposing the hiring to certify that any conflict of interest involving the vendor had been disclosed and okayed by management and the C&E officer.  While I know that many companies have some form of COI certifications (see prior posts collected here), I can’t recall having seen one on a vendor information form of this sort before – even though the common sense of such a “point-of-risk” compliance approach seems pretty obvious.  Indeed, it is hard to think of any reason why a company wouldn’t do this.

Moreover, such an approach  is supported by behavioral science, as described in this earlier post.  And, as also noted in that post, beyond the COI risk area there is no shortage of  other “point-of-risk” compliance opportunities for many companies: “anti-corruption – before interactions with government officials and third-party intermediaries;  competition law – before meetings with competitors  (e.g., at trade association events);  insider trading/Reg FD – during key transactions, before preparing earnings reports;  protection of confidential information – when receiving such information from third parties pursuant to an NDA;  …  accuracy of sales/marketing – in connection with developing advertising, making pitches; and employment law – while conducting performance reviews…” (Note: in the earlier post I refer to this approach as “just-in-time” compliance, but on reflection think that “point of risk” is closer to the mark.)  Doubtless there are many others too.

I should stress that this suggestion does not imply an increase in the total amount of C&E education, which for some companies would be a non-starter.  Rather, a robust “point-of-risk” strategy might allow a company to decrease its use of less impactful communications, meaning principally those that  lack immediacy and context.

Thinking more broadly, a “point of risk” C&E communication strategies might work for teaching ethics in business schools and colleges. Writing last week in the Huffington Post,  William Steiger of the University of Central Florida’s College of Business Administration  argued that: “Business schools should use examples of ethical practices and decision-making throughout the curriculum, not just in the ethics class.” I agree (and indeed when I was teaching business ethics years ago made a similar proposal; I hope Steiger has more success with this than  I did).

Whether it is in the workplace or classroom, there is a growing need to  find ways to better communicate and otherwise support ethical expectations.  For many businesses and schools, a point-of-risk approach may be a good place to start.

An outline for core employee training on conflicts of interest

COI training is not a new topic for the blog. Prior posts have addressed training of board members  on conflicts;   cultural challenges to global COI training efforts  (through guest posts by Lori Tansey Martens); and  various forms of non-training communications addressed to COIs (through guest posts  by Joel Rogers), such as COI quizzes.  We have, as well, considered the implications of certain behavioral  ethics research for compliance training and communications generally  and recently done the same with respect to moral intuitionism.   Moreover, many of the various news stories covered in this blog over the past two years provide – we hope – useful material for some COI training.  However, we have never looked broadly at core COI training for employees, and so do that today.

What should such training entail? One approach would be to:

– Define COIs, perhaps using the fiduciary duty of loyalty (at least for US-based training) to underscore the potential seriousness of COI issues in the employment setting.

– Describe the potential harms that can be caused by COIs – not only in terms of corrupted decision making on the part of the conflicted party but also the potentially even greater harm that can flow from loss of trust by shareholders, employees, customers, suppliers and regulators, as well as the various ways in which COIs can give rise to legal liability for organizations and individuals. (Prior posts about some of these harms are collected here.)

– Explain what both apparent and potential COIs are and why they can be as harmful as actual  conflicts.  (Here are posts on apparent – and, to a lesser extent, potential – COIs.)

– Provide an overview of the organization’s abstain-or-disclose rules. (Here is a prior post on COI review processes.)

– Review need-to-know points about the most common forms of COIs  – conflicting financial/ownership-type interests conflicting employment-type interests; misuse of company resources; conflicts involving family members; and accepting gifts, entertainment, travel and the like (see posts collected here ).

– Depending on one’s industry, possibly explain the difference between individual and organizational COIs.

– If not already covered in other training  provided by the organization, include the mandate of  not  causing conflicts in others  (in effect, corruption-related risks  – although often a  more soft-core form than what is covered by anti-bribery laws) .

Finally COI training can provide a useful opportunity for discussing the important and interesting area of behavioral ethics, and particularly the overarching lesson of that field – we are not as ethical as we think, which underscores the importance of a strong approach to C&E programs generally and enhanced ethical awareness for managers in particular. (For more on this see behavioral ethics posts collected here.)

Values, culture and effective compliance communications – the role of behavioral ethics

Compliance-related communications constitute a large part of the day-to-day work of many compliance-and-ethics departments.  But is this work being done in the most effective manner reasonably possible?

“Modeling the Message: Communicating Compliance through Organizational Values and Culture,” – published last fall by attorney  Scott Killingsworth in The Georgetown Journal of Legal Ethics  – provides a thoughtful examination of what we can learn about compliance  communications from various findings of behavioral science.  The article critiques the traditional approach to compliance communications – which focuses on avoidance of personal risks  – as being premised on a  “rational actor” theory that in recent years has been seriously undermined by the results of behavioral economics/ethics research. In this regard, Killingsworth argues: “Instead of conveying the message that compliance is non-negotiable, [the personal risk versus reward approach] implies that it may be negotiable if the price is right.”  An additional source of concern is that this way of communicating may send the implicit message “that management does not trust employees. Potential side effects of this message range from resentment, to an ‘us-versus-them’ attitude towards management, to a reverse-Pygmalion effect in which employees may tend to ‘live down’ to the low expectations that are projected upon them.”

As an alternative, Killingsworth draws upon the behaviorist concept of “framing” to suggest that communications framed in terms of values and ethics are more likely to be effective in reducing wrongdoing than are traditional compliance communications. In that connection, he describes a study showing “that over eighty percent of compliance choices [in the workplace] were motivated by internal perceptions of the legitimacy of the employer’s authority and by a sense of right and wrong, while less than twenty percent were driven by fear of punishment or expectation of reward.” A second benefit to the values-based approach is that it can better serve as “a source of internal guidance in novel situations” than does the traditional alternative.   Third, communications framed from the former perspective may enhance companies’ efforts to promote internal reporting of violations (obviously an important consideration in the Dodd-Frank era),  a contention that he bases on a study which showed that “the reporting of compliance violations encountered dramatically different effects depending on whether the subjects considered a particular infraction morally repugnant or not.”

As well as discussing communications per se, Killingsworth’s piece examines “the messages implicit in key company behaviors, which can either reinforce, undermine, or obliterate explicit compliance messages.”   So, while explicit communications are important, C&E officers must also “reach across functional boundaries to executive management and the human resources group and, if necessary, educate them about the principles of employee engagement and the value of consistent explicit and behavioral messaging that activates the employees’ values and brings out their [employees’] better natures.” The piece concludes with a list of other practical recommendations – concerning, among other things, culture assessments and communications strategies – for making all these good things happen.

Finally, I should emphasize that this posting only scratches the surface of what is in “Modeling the Message: Communicating Compliance through Organizational Values and Culture,” and I strongly encourage both C&E professionals seeking to up their respective companies’ communications efforts and behavioral scientists seeking to learn more about how their work can be put to practical use in compliance programs to read the piece in full.

Conflict of interest compliance quizzes

Good C&E training generally makes use of questions.  Sometimes these are learning questions found in the body of the training.  Sometimes they come in the form of a test at the end of a course.  Both ways, questions can help cement the C&E information from training while they are fresh in employees’ minds.

But, not all companies have a chance to deploy COI training on a regular basis.  And for those that don’t, the possibility of using training techniques in other communications should be considered.

For instance, companies with C&E newsletters could publish a COI issue in which they:

– Describe the importance of appropriate handling of actual or apparent COIs to the company (e.g., how this matters in preserving the trust of shareholders, suppliers, etc.)

– Provide an overview of the company’s COI policies and processes.

– Pose several hypothetical situations to test employees’  knowledge.

Two practice pointers on test questions:

– Consider asking employees to answer not only whether there is (or may be) a COI in a given scenario, but also if they can articulate why.  So, for instance, employees get one point for answering the first question right about a scenario and two if they can also get the second.

– Print the answers upside down in the newsletter, as that should make readers more eager to test their knowledge.

I think this approach should be helpful not only as a way of reinforcing knowledge but also by conveying – given the difficulty that many employees will have in answering the “why” – that maintaining C&E standards (COI and other)  is not as easy as is often assumed to be the case.  And that, in turn, underscores the importance of getting help from the company’s C&E office when COI issues arise.


Global Challenges in Addressing Conflicts of Interest (Part Two)

By Lori Tansey Martens

In my last post, I outlined some of the challenges that global organizations face when implementing conflict of interest procedures throughout the world.  In this post, I make recommendations to help mitigate some of those challenges. 

Standards and Policies

First, many international employees will be unclear as to the definition of conflicts of interest.  Accordingly, conflict of interest standards should include a clear and precise definition of the concept.  Unfortunately many companies define conflicts of interest around the following lines: A conflict of interest occurs when you have personal interests which may conflict, or appear to conflict, with the company’s interests, or, A conflict of interest arises when we become involved, directly or indirectly, in activities that could impair, or be perceived to impair, our responsibility to act in the best interests of the company.

Sound familiar?  The problem with this type of definition is that it assumes that the employee’s and the company’s interests are at odds – the term ‘conflict’ itself is negative.  Yet, many international employees will see some of these situations not as conflicts, but as “win-wins,” both for themselves and for the company. 

If we could go back and rewrite our terminology on this topic, I would recommend that we talk about “Confluences of Interests” as opposed to “Conflicts of Interests”; however, I doubt that’s going to happen anytime soon.  But companies can certainly embed this concept into their definitions.  For example, companies can add the following to their standard conflict of interest definitions:  We may face situations where there is an overlap between our own personal interests, and the interests of the company.  Even when these situations appear to be in the best interests of both parties, they require particular care and scrutiny by your manager (or other appropriate company resource.)

The policy itself should also include “Q&As” that illustrate the nuances around some of the situations that can arise in an international context.  For example: Q.  In our region, the best supplier for a certain resource is a firm owned by our Managing Director’s wife.  To not buy from this firm will increase our costs significantly.  What should we do? A. In certain situations, the company may elect to do business with suppliers who are closely related to key personnel.  However, in all such cases, in order to promote transparency and to ensure fairness in supplier selection, the personal relationship must be disclosed to the Regional Director, who will make a determination as to the best course of action.

Another global concern is that some companies may consider employee involvement with certain non-profit organizations and charities to be a potential conflict of interest. However, companies should be aware that this is a particularly sensitive issue in Europe. Employees in Europe may view such concerns as a violation of their right to privacy. If companies include this element in the standard, the language should be very precise. For example, companies might specify that service in charities and nonprofit organizations “with aims that are overlapping or in direct conflict with the goals and aims of the Company” should be disclosed.

The standard or policy should also include a statement demonstrating respect for employees’ right to privacy for relationships that are outside the business sphere.  For example, “The Company respects the privacy of personal affairs of all employees, but employees must disclose situations that could result in real or perceived overlaps and/or conflicts between their personal interests and the interests of the Company.”

Finally, the policy should explain why managing confluences of interest are important for an organization. The rationale should extend to both potential ‘conflicts’ (e.g., an employee’s personal relationships may compromise his/her business judgment, decisions clouded by personal interests can negatively influence the long-term welfare of the organization, etc.) and ‘confluences’ (e.g., the company desires full transparency even in situations where both the company and the employee stand to benefit from the particular situation to ensure fairness, avoid misunderstandings, etc.)


The same considerations for policy concerning definitions, illustrations and rationales, holds equally true for training.  Dedicated training on this topic is a must in many international locations given that, as discussed in the previous blog post, it may run counter to prevailing local culture and customs.  And similar to the formation of policy, the training needs to focus on not just the “what,” but the “why” and the “how,” using scenarios, case studies, and potentially even role-plays.


Multinational companies should avoid blanket prohibitions against all confluences of interest since situations may arise internationally that are unique and ambiguous. Likewise, there may be situations in which overlapping interests are unavoidable. If a company operates in small villages where all residents know each other, it could be difficult for staff to avoid business relationships with relatives or friends.  The conflict of interest processes can anticipate these situations and outline clear procedures for employees to follow.  For example, many companies place the focus on disclosure of these situations to management, or other appropriate company resource, either verbally or in writing, instead of forbidding such situations outright.

While conflicts of interest can pose global challenges, companies can anticipate and mitigate many of these concerns through well thought-out standards, dedicated training and adaptable procedures. 

And I’d like to thank my good friend Jeff Kaplan for allowing me to post on his blog site.  I’m hoping that you’ll agree that this was a good example of an entirely appropriate ‘confluence’ of interest!

Lori Tansey Martens, a 20-year veteran in global business ethics, is the President of the International Business Ethics Institute. The Institute helps companies develop effective global ethics and compliance programs. For more information, please visit www.business-ethics.org



Other People’s Conflicts

Samuel Johnson once famously said of some unfortunate soul, “He is not only dull himself, he is the cause of dullness in others,” and in this posting we’ll examine how companies can avoid the misfortune that sometimes comes from causing conflicts of interests in others.

To start, a brief bit of COI history.

Several years ago an advertising agency lost a highly lucrative account with Wal-Mart and – according to some press accounts at the time – part of the reason for the loss was the agency’s entertaining of a Wal-Mart executive in ways that allegedly caused her to violate that company’s code of conduct. Although the agency presumably violated no law, its loss of future revenue could be seen as costly as some of the largest criminal fines in history.

The case led many companies to add to their codes of conduct a requirement that in providing gifts, entertainment or travel to employees of third parties one must not cause those employees to violate their respective employers’ codes. But is such a provision by itself enough to mitigate risks of this kind?

For any given business organization, addressing this issue should, of course, be driven by an assessment of relevant risk. However, for all organizations it may be useful to consider the range of available C&E measures that can be taken here, and “work backwards” to determine if their respective risks warrant implementing the measure in question.

First, there is the language of the code itself. While at first blush a mandate that employees must not cause a violation seems strong, a preferable approach may be to specify that employees must ensure that they do not cause a violation. The latter sort of requirement (particularly if reinforced the right ways) suggests a higher and more meaningful burden on the employees who deal with third parties.

Second, companies can establish a practice of periodically collecting customers’ and other relevant third parties’ codes and disseminating gifts and entertainment language to at-risk employees and their respective managers. Even if it is not possible to do this for all third parties, the effort can be useful if codes for major customers are obtained.

Third, COI training can emphasize the importance of identifying and following relevant third-party standards. Fourth, companies can deploy “just-in-time” communications to at-risk employees around these issues.

Fifth, for organizations with relatively high risks in this area, managers can be required to monitor for compliance with third-party codes. Sixth, auditors might be tasked with including third-party standards in their audits.

Finally, note that this post deals with the topic of other people’s conflicts only at a very high level. There are many other aspects to this area. Indeed, the whole field of corruption by definition involves “causing conflicts in others,” and many of the largest criminal fines in history (specifically in the FCPA and health care fraud-and-abuse areas) have been precisely about that. The point of this post is to suggest that even without significant corruption risks, all organizations should consider whether they do enough to avoid creating third-party COIs.