Compliance

In this section we examine how the various “tools” of a C&E program can be deployed to mitigate COIs, as well as other matters regarding the interaction of COIs and C&E programs. Please see the various sub-categories for information about each of these tools.

Conflict of interest risk assessment (part 2)

My latest column in Compliance & Ethics Professional. (Last page of PDF.)

I hope you find it useful.

Frequently asked questions about conflicts of interest

An earlier post  explored the various contexts – such as board meetings, hiring interviews, employee engagement surveys, training, compliance audits and exit interviews – where asking the right question can help promote C&E at a business organization. To this list should be added frequently added questions documents (“FAQs”).

FAQs are used with some frequency to supplement codes of conduct and policy statements. They can provide a greater level of information than is feasible in a traditional policy statement – because they are generally easier to read than the latter.

FAQs can be particularly useful in promoting COI-related compliance measures. That is because the issues raised in the COI realm tend to be more personal than are other types of C&E issues and so employees might welcome a chance to have their questions answered in this way rather than through actual contact with someone in their organization – at least as an initial matter.

Those seeking a model for drafting a COI FAQ, should take a look at what Walmart has done in this area – which can be found here. It is a very comprehensive document, covering in some detail what are presumably all the major COI risk areas for the company (financial interests, gifts and entertainment, outside employment, personal relationships with other associates, personal relationships with suppliers, protecting personal and business information and information sharing). For each, the document recites the relevant company policy and follows that with one or more questions and answers. (E.g., the Outside Employment section asks and answers questions about working for a competitor, operating a side business and working for a supplier.)

The Walmart FAQ document also does a good job in explaining the reasons for the company’s position on the issues raised in the questions. For instance: I supervise an associate who does odd jobs on the side. I would like to hire the associate to do some work at my home. Is this okay? As a manager with direct reports, it’s important to remain objective regarding your associate’s work. This situation requires a manager to think through all of the potential issues and use good judgment. This particular situation could potentially create a real or perceived conflict of interest since the work done for you at home may appear to influence how you view your direct report at work. If you hire someone you supervise to do work on your home, the boundaries between work and personal life may become blurry and difficult to manage. For instance, if you are not pleased with the outcome of the work, it could impact your perception of the associate. It may also appear to others that you are more lenient on that associate’s performance at work since the associate is doing work for you at your home. Finally, the associate may not want to do personal work for their manager for these same reasons, but may feel obligated to do so.

Of course, not every C&E program needs an FAQ – for COIs or any other risk areas. Those that do tend to be large and have relatively complex compliance profiles. And in considering whether to go this route companies should consider the total mix of relevant information about the risk area in question (i.e., not just what is in the code and policy document, but also the treatment of the risk area in training and other communications). As with any part of a C&E program, one has to be mindful of the dangers here of doing too much as too little.

Does your conflict of interest risk assessment do this?

My latest column in Compliance & Ethics Professional, available on page 2 of attached PDF.

I hope you find it useful.

A core value for our behavioral age

Groucho Marx famously said: “Those are my principles, and if you don’t like them… well, I have others.” When it comes to companies committing to follow key principles to guide their behavior – what are often called “core values” – there is clearly no shortage of options. Indeed, this posting on the Threads web site offers 500 ideas for those in the market for values.

One value that I see occasionally (but not frequently) selected for “core” status is humility. Kellogg, for instance, includes humility among several other core values.  Humility is not principally about ethics – Kellogg embraces an integrity value too (as is the case with a large number of companies). But I do see humility as having an important role to play in promoting compliance and ethics in business organizations, in several ways.

First, humility is a logical and arguably inevitable response to the vast body of behavioral ethics research showing “we are not as ethical as we think.”  Thinking and acting with humility is indeed a way of operationalizing behavioral ethics. (For a list of behavioral ethics and compliance posts click here. Also, please see this recent article in the NY Times on behavioral ethics and the notion of “servant leadership.”)

Second, humility is well suited for addressing ethical challenges that are based not on the purposeful failure to be honest but on the less well-appreciated dangers of being careless. (For a post on that click here.) Recognizing the limits of one’s abilities – which is part of being humble –  should help underscore the need for carefulness.

Finally, humility has the potential to resonate deeply in our political, as well as business, culture. By this I mean humility can help form part of a broader mutually supporting relationship between business ethics and what might be called societal ethics of the sort described in other posts.

From a professional viewpoint the benefits to the business side are of most immediate interest to me, but as a citizen (hopefully in the broad sense) I know that the societal dimension is of greater importance. So, let me close by quoting what is one of the best (albeit largely forgotten) expressions of humility’s role in societal ethics, which  can be found in Learned Hand’s “Spirit of Liberty” speech: “The spirit of liberty is the spirit that is not too sure that it is right [and] which seeks to understand the minds of other men and women…”  Delivered in 1944 – when the US and other democracies were engaged in a truly existential battle for survival – these words have never been more compelling than they are today.

Domestic bribery and code of conduct waivers

It was – at least according to this Blog – the most interesting COI story of 2015 (as of February of that year): the head of the New York/New Jersey Port Authority (the PA)  – David Samson – had persuaded United Airlines to reinstate a money-losing route that was convenient for his personal use in return for his giving them favorable treatment on certain PA matters. But what has happened since? And what can C&E professionals learn from it?

In July of 2016, Samson “pleaded guilty to one charge of bribery for accepting a benefit of more than $5,000 from” the airline. “At the same time, United–which was not criminally charged–agreed to pay a fine of $2.25 million and pledged to institute ‘substantial reforms’ to its compliance program.”  And earlier this month the airline settled related charges with the Securities and Exchange Commission.

Above all, that settlement – which involved violations of the FCPA’s books-and-records and internal accounting controls provisions – is a reminder that an effective anti-corruption compliance program must be addressed to domestic  bribery, as well as the foreign kind. In that regard, it is worth remembering that the US is not at or near the top of the Transparency International Corruption Perception Index: it is tied for 16th. And for certain parts of the country – including New Jersey, where Samson worked (and I live) – the picture is worse.

Yet, in my experience some companies don’t address domestic bribery risks with the same rigor that they do foreign ones – even those involving “cleaner” countries than the US.  So, this settlement may be a useful opportunity for companies to consider whether their anti-corruption policies and procedures – including risk assessment – are sufficient to address domestic bribery.

Less significant but perhaps more interesting to C&E practitioners is the SEC’s discussion of the issue of code of conduct waiver – and specifically the failure to get a waiver of the code’s gift provision in connection with the reinstatement of the unprofitable route. The SEC noted that a companion document to the code had provided that: “exceptions would be granted only in accordance with the following procedure: Generally, requests for exceptions must be submitted in writing to the Director – Ethics and Compliance Program.  Approvals for an exception will also be in writing and must be obtained in advance of the action requiring the exception.”  Yet “no one at United sought a waiver of United’s Code of Business Conduct prior to initiating the … Route for Samson’s personal benefit. Nor did anyone at United seek or obtain an exception to Continental’s Ethics and Compliance Guidelines [which was still in effect following the merger of the two carriers]  prior to initiating the … Route. As a result, no written record reflecting the authorization for the … Route was prepared or maintained, as required by United’s Policies.”

Code of conduct waiver-related requirements are based on, among other things,  rules of the New York Stock Exchange and SEC . They derive,, to some extent, from the Enron case.  Yet in recent years I’ve heard very little about them. That may be because the NYSE and SEC standards apply to a narrow band of senior officials at public companies. Yet waiver requirements can go beyond this, as United’s ostensibly did.

So, is there any takeaway for C&E professionals from this aspect of the United case? One idea would be to include questions about waivers in audit interviews – which might pick up information that a question about violations might miss. A second is to include a discussion of waivers in training boards and senior executives – who may have at one point known the Enron-related origins of the waiver provision requirement but have likely forgotten this piece of C&E history.

Finally, for those revising their codes of conduct, one might consider requiring that waivers be granted only upon a clear showing that doing so would be in the best interests of the Company – and that all meaningful circumstances surrounding a waiver be documented in a complete and accurate way. Indeed, given that the SEC has taken the occasion of the United case to speak about code waivers, this is an area where companies should take a moment to make sure they are doing everything right.

  • 2 years ago
  • Comments Off on Domestic bribery and code of conduct waivers

Conflict of Interest at Harvard and the Need for Deterrence

We are pleased to have this guest post from Jameson W. Doig, Visiting Research Professor of Government, Dartmouth College  and Professor Emeritus at the Woodrow Wilson School of Public and International Affairs.

On September 12, the Journal of the American Medical Association carried an important story regarding conflict-of-interest in research carried out at Harvard.  In the 1960s, the chairman of Harvard’s Nutrition Department and two of his researchers were given $50,000 (in today’s dollars) to provide a critical review of studies that had identified Sugar as a significant factor in coronary heart disease. Recently discovered files indicate that the Harvard researchers were in close contact with the Sugar Research Foundation, and that they shaped their analysis so it raised doubts about research studies that identified sugar as a causal factor (they suggested that instead “fat” had a key role in causing heart disease). On reviewing a draft, a SRF official said he was pleased with the results. The role of the SRF in financing and partially guiding the study was not revealed in the researchers’ report, which was published in the New England Journal of Medicine in 1967.

The study was completed in 1967 and all three researchers have now died. Even so, the case raises important issues in the field of deterrence. In my view, Harvard should review the evidence described in the JAMA article, and if the integrity of the researchers’ work was compromised significantly by their contacts with the sugar industry, the University should consider public action — formally announcing the negative findings, perhaps removing any Harvard awards given to the three, etc. Action of this kind should help to deter other researchers who may be tempted to carry out research shaped to benefit the funder. (If the allegations in the article are incorrect, the Harvard review should publicly challenge the JAMA implication of unprofessional faculty behavior.)

Although professional rules now ask researchers to reveal their funding sources, it is reasonable to expect that some will not fully comply. More important, revealing funding sources may not be a sufficient deterrent, when large sums to finance research and complex studies are involved. For example, Coca-Cola has recently funded studies on the links between sugary drinks and obesity; and the National Confectioners Association has financed and been actively involved in studies that raise doubts that eating candy is a factor in child obesity. The candy studies were carried out by researchers at two universities, in collaboration with an industry consultant. To protect the reputation of their own institutions, and to improve the quality of research said to benefit the public, university officials should actively monitor apparent conflicts of interest and take punitive action when appropriate.

A code of conduct for Caesar’s wife

“Follow the money” is as good a rule as any for an assessment of compliance risk, and this is surely true for conflicts of interest.   In many companies that trail leads to procurement – and often to the understanding that those involved in buying goods and services for a company on a day-to-day basis must be above any suspicion.

Increasingly (at least from what I can see) procurement activity is being centralized in enterprise-wide procurement functions.  Much of the impetus for this has nothing to do with conflicts of interest – but, rather, arises from a need to bring more professionalism to procurement and to get the benefit of buying in large quantities, among other things. However, centralization is also a plus from a COI prevention perspective, as it is easier to monitor and otherwise mitigate COI risks in a small group than in the much larger general employee population.

Such C&E measures sometimes include having a specific (and typically very short) code of conduct for the procurement department (in addition to the general code). Among the types of COI issues that could be covered are those relating to gifts, entertainment, travel and donations – meaning these codes can have more restrictive rules about such activities  for procurement staff than for the rest of the employee population. Other types of COIs are typically addressed in these codes as well (e.g., having an ownership interest in or receiving other income from a supplier).

Of course, procurement codes should cover issues beyond  those in the COI area. Confidential information (meaning that of suppliers) is one such topic.  Another is antitrust, with a focus on the oft-neglected buy side.

Reviewing such a code should be part of the on-boarding process for new procurement employees.  As well, periodic training on its key provisions should be provided.  And, one should consider certifications by procurement employees too.

I should emphasize that not every company needs a code like this. However, in my view there are many companies that don’t but should consider developing one.

Finally, there is more to a “Caesar’s wife” approach to compliance for procurement than a code, training and certification. Companies should also be alert to “point-of-risk” compliance opportunities (a concept explored in a recent post). For instance, when a procurement department member  leaves a company to go work for a supplier and has knowledge of pricing and other sensitive information of other suppliers (meaning her new employer’s competitors) the exiting process should include  a reminder of the continuing obligation to keep information of this sort confidential.  And, somewhat more drastically, for higher risk business lines or geographies, rotating procurement assignments may be what it takes to be truly above suspicion.

 

“Point-of-risk” compliance

Marketers have long known that “point-of-sale” display of products can be a powerful advertising tool.  But can its logic be put to work for promoting compliance and ethics?

I was recently asked by a client to fill out a vendor information form and noticed that in addition to seeking information from vendors the form required the employee proposing the hiring to certify that any conflict of interest involving the vendor had been disclosed and okayed by management and the C&E officer.  While I know that many companies have some form of COI certifications (see prior posts collected here), I can’t recall having seen one on a vendor information form of this sort before – even though the common sense of such a “point-of-risk” compliance approach seems pretty obvious.  Indeed, it is hard to think of any reason why a company wouldn’t do this.

Moreover, such an approach  is supported by behavioral science, as described in this earlier post.  And, as also noted in that post, beyond the COI risk area there is no shortage of  other “point-of-risk” compliance opportunities for many companies: “anti-corruption – before interactions with government officials and third-party intermediaries;  competition law – before meetings with competitors  (e.g., at trade association events);  insider trading/Reg FD – during key transactions, before preparing earnings reports;  protection of confidential information – when receiving such information from third parties pursuant to an NDA;  …  accuracy of sales/marketing – in connection with developing advertising, making pitches; and employment law – while conducting performance reviews…” (Note: in the earlier post I refer to this approach as “just-in-time” compliance, but on reflection think that “point of risk” is closer to the mark.)  Doubtless there are many others too.

I should stress that this suggestion does not imply an increase in the total amount of C&E education, which for some companies would be a non-starter.  Rather, a robust “point-of-risk” strategy might allow a company to decrease its use of less impactful communications, meaning principally those that  lack immediacy and context.

Thinking more broadly, a “point of risk” C&E communication strategies might work for teaching ethics in business schools and colleges. Writing last week in the Huffington Post,  William Steiger of the University of Central Florida’s College of Business Administration  argued that: “Business schools should use examples of ethical practices and decision-making throughout the curriculum, not just in the ethics class.” I agree (and indeed when I was teaching business ethics years ago made a similar proposal; I hope Steiger has more success with this than  I did).

Whether it is in the workplace or classroom, there is a growing need to  find ways to better communicate and otherwise support ethical expectations.  For many businesses and schools, a point-of-risk approach may be a good place to start.

Tending to personal matters on company time

Last week the Institute of Business Ethics published its 2015 Ethics at Work survey of employees in the UK and Western Europe, available for free download here.  One of the findings was that “employees tend to be more lenient towards conducting personal activities during work hours, than other practices.”

For instance, in Western Europe (France, Germany, Italy and Spain), more than 90% of respondents found it unacceptable to pretend to be sick to take the  day off,  charge personal entertainment to their employer or engage in “minor fiddling of travel expenses.” Eighty-five percent thought it was not okay to “use company petrol for personal mileage” and 76% said the same of “favoring family or friends when recruiting or awarding contracts.” However, only 59% had such a view of using the internet for personal use during work hours and only 52% said that it was wrong for employees to make personal calls from work.

Frankly, I’m surprised that the disapproval percentages for the last two questions were as high as they were.  To the extent that respondents could tell (from instruction, context or otherwise) that they were part of an ethics survey perhaps that – based on the notion of “framing” –  played a role in the results. But regardless of this methodological quibble, the authors’ conclusions about employees’ views of personal use of company time and resources are almost surely sound.

In this connection, they note that the fairly widespread acceptability of “using the internet during hours is perhaps indicative of the way in which lines between work and home have increasingly become blurred over the past few years, as the 21st Century business landscape becomes increasingly mobile and flexible and less reliant on employees being physically present in the office.” This makes sense to me, and I think that a successful conflicts of interest/use of company  resources regime is one that accepts these (and other similar) modern realities.

That is, for many employees (particularly those with young children), a total bar on using phone or intranet for personal purposes is simply impractical, and thus cannot be a true ethical issue – as there is effectively no choice involved. The same is obviously not true with respect to fudging expenses or faking sick days.

The alternative, harsher view would be that embodied in a classic episode of the TV series The Office (the US one), concerning (among other things) a “time theft” policy applicable to the company – under which even a four-second yawn is seen as a transgression.  Besides being impractical and unfair, branding reasonable use of company time/facilities as morally wrong could actually lead to other, more worrisome wrongdoing – by making reasonable uses the first step on a “slippery slope,” as described here.

On the other hand, reasonable personal use really should be limited to uses that a) are truly personal, and do not further other business  interests; and b) cannot harm the company by subjecting its tangible or intangible property or other interests to risk. For instance, many years ago a client of mine learned that an employee was using company phones to run an “escort service.”  Although he apparently did so only during his lunch hour, the reputational harm to the company was clear enough to justify firing him.

Finally, and in a somewhat related vein, you might find of interest this prior post on the connections between ethical standards at work and those in our home lives.

Are conflicts of interest policies a violation of labor law?

In recent years, an unfortunate – in my view – line of decisions and reports has been issued by the U.S. National Labor Relations Board (“the NLRB”) holding that various aspects of company policies violate the National Labor Relations Act (“the Act”).  For those looking to learn more about this area generally, a good place to start is with this article by Joe Murphy in a recent issue of Compliance & Ethics Professional.  Of particular concern to readers of the COI Blog might be a decision handed down by the NLRB  in June – in Remington Lodging & Hospitality, LLC d/b/a The Sheraton Anchorage – finding that a generic conflict of interest policy in an employer’s handbook was unlawful under the Act.  The case can be found here, but – given the procedural history involved – readers may wish instead to review this summary of it published by attorneys at the Arent Fox law firm.

The case may be seen as an instance of bad facts making bad law, as the respondent company had asserted that certain employees had violated its COI policy by engaging in what were clearly protected activities under the Act (presenting a boycott petition to management).  Based on this, all three members of the NLRB panel hearing the case found that the company had engaged in an unfair labor practice.

However, two of the panel members also found that the COI policy was unlawful on its face. As noted in the Arent Fox summary, the majority found that “employees would reasonably interpret the rule prohibiting them from having a ‘conflict of interest’ with the Respondent as encompassing activities protected by the Act. Particularly when viewed in the context of the Respondent’s other unlawfully overbroad rules, ‘employees would reasonably fear that the rule prohibits any conduct the Respondent may consider to be detrimental to its image or reputation or to present a ‘conflict’ with its interests, such as informational picketing, strikes, or other economic pressure.’”

The third member of the panel – while agreeing “with the majority that the Respondent violated …the Act when it applied the rule against conflicts of interest to restrict employees’ [protected] activity…. disagreed with the majority’s additional finding that the rule against conflicts of interest was unlawful on its face. ‘Employers have a legitimate interest in preventing employees from maintaining a conflict of interest, whether they compete directly against the employer, exploit sensitive employer information for personal gain, or have a fiduciary interest that runs counter to the employer’s enterprise.’ Therefore, he wrote ‘I do not agree with my colleagues’ conclusion that employees would reasonably understand the conflict-of-interest rule as one that extends to employees’ efforts to unionize or improve their terms or conditions of employment.’ In his view, ‘the rule, on its face, does not reasonably suggest that efforts to unionize or improve terms and conditions of employment are prohibited.’ He also noted that the challenged rule was immediately adjacent to a rule in Respondent’s handbook stating: ‘I understand that it is against company policy to have an economic, social or family relationship with someone that I supervise or who supervises me and I agree to report such relationships.’ He claimed that this context ‘bolsters my conclusion that the Respondent’s rule merely conveys a prohibition on truly disabling conflicts and not a restriction on activities protected by the Act.’”

I wholeheartedly agree with this concurrence (and the authors of the Arent Fox piece) and add that in my 25 years of creating, enhancing and assessing C&E programs I have seen zero indication (until this case) that generic COI provisions are likely to be interpreted as limiting activities protected by labor law. Murphy’s general analysis of the NLRB’s approach to C&E policies applies with particular force to this recent decision: “what the NLRB has done here is venture into the field of Compliance and Ethics without close consultation with those in the field and without sufficient regard for the important public policy behind compliance and ethics programs.”

Beyond this, the underlying assumption of the decision is that the efforts of working people to act through labor unions are in fact disloyal to such individuals’ employers.  While ostensibly a “pro-labor” holding, the implication here is potentially anti-labor.

One hopes that this will be fixed before too long – by the NLRB itself, or some court.