Compliance

In this section we examine how the various “tools” of a C&E program can be deployed to mitigate COIs, as well as other matters regarding the interaction of COIs and C&E programs. Please see the various sub-categories for information about each of these tools.

Conflict-of-interest policies and procedures

My latest column in C&E Professional (3rd page of PDF).

I hope you find it useful.

Deadly – and small – gifts and entertainment

Virtually every conflict of interest policy contains monetary limits for individual acts of gift giving or entertainment, but not all seek to quantify how many of such acts are permitted to occur in a given time period. This issue was raised in a particularly grim way – as described in this article in MarketWatch – by a recent study which “found that both deaths from opioid overdose and opioid prescriptions rose in areas of the country where physicians received more opioid-related marketing from pharmaceutical companies, such as consulting fees and free meals,…”

Relevant to the specific issue in this post, Magdalena Cerdá, director of the Center on Opioid Epidemiology and Policy at NYU Langone Health and the senior author on the study, stated: “A lot of the discussion around the pharmaceutical industry has been around high value payments, but what seems to matter is really the number of times doctors interact with the pharmaceutical industry,… ‘A physician’s prescribing pattern could be influenced more by multiple inexpensive meals than a single high-value speaking fee,’ she noted.”

She also said: “’We think it’s because the more times physicians interact with someone from the pharmaceutical industry, the easier it is to build a relationship of trust,… ‘We in no way think the prescribing is some kind of nefarious intentional behavior by physicians. The fact that it is the frequent, low-level payments that have the most effect shows that it’s more unintentional ‘…” Of course, unintentional conflicts tend to be more difficult to address than are intentional ones.

More generally, this finding  seems to me to be significant in a broad-based way as it presumably applies to other commercial contexts as well. And, compliance officers in all industries should make sure that their COI policies address not just high-value gifts and entertainment but also high volumes of such.

International Chamber of Commerce publishes conflict of interest guidelines

The International Chamber of Commerce – apparently the world’s largest business organization – recently published Guidelines on Conflicts of Interest in Enterprises. It is available for free download here.

Among other things, the Guidelines provide a useful summary of what should generally be included in a COI compliance policy:

Objective: first, the prevention of Conflicts of Interest, and if nevertheless they do arise, dealing with them, disclosing them and finally mitigating the risks of them arising;

Scope: applicable and binding for all directors, officers, managers, employees, agents and representatives (Associates) of the Enterprise;

Definitions: include clear definitions;

Provisions:

– comply with all applicable laws and regulations in addition to internal regulations of the Enterprise, including privacy laws and policies;

– all decisions and actions by all Associates shall be taken in the best interest of the Enterprise;

– Associates shall not take business opportunities that belong to the Enterprise for themselves;

– Associates shall immediately disclose any Conflicts of Interest;

– Associates shall abstain or withdraw from debating, voting, or other decision-making processes or activities when a Conflict of Interest exists or might arise;

– Senior Management shall lead by example and give guidance on Conflicts of Interest;

– job applicants and newly hired or appointed Associates shall disclose any Conflicts of Interest immediately during the hiring or appointment process;

– every member of Senior Management shall update his/her disclosure on Conflicts of Interest at least annually to the Compliance Officer, or any other person in charge of the Conflict of Interest Policy;

– provision on communication and training on Conflicts of Interest;

– provision explaining where guidance may be obtained in case of questions or concerns; and

– provision on regular reporting of Conflicts of Interest and evaluation of the Policy.

Overall, I agree with these recommendations, but to me the principal value of the Guidelines lies more in the very fact that it exists than the particulars of its various provisions.

That is, perhaps because COIs are so widespread and diffuse (meaning not the subject of a unified legal regime), they often seem to discourage meaningful efforts to mitigate them in the type of programmatic way that one typically sees with anti-bribery and competition law. The Guidelines – issued by an organization with six million members – is an important step in the direction of making such approach a mainstream expectation.

(For more information on the components of a COI compliance program see the various entries and subentries under “Compliance” on the index on the left hand part of this blog – also available here.)

Conflict of interest? Who decides?

Many companies have, of course, escalation provisions for responding to allegations of wrongdoing. But do they need such provisions with respect to routine self disclosures of conflicts of interest?

At least for some companies that allow line managers to approve disclosed conflicts the answer is, in my view, Yes. That is in part because managers may – thanks to the behavioral ethics phenomenon of  “motivated blindness” – be inclined to “go easy” on a particularly valued employee who has disclosed a COI.  Line managers may also fail to appreciate in such situations the danger to the compliance program generally of an overly liberal approach to COIs – particularly to the sense of “organizational justice” at the company.

But what should an escalation provision entail? Here are some possibilities, meaning circumstances where the line manager should be required to enlist the help of HR, Compliance or Legal in addressing a disclosed COI:

– Disclosure is by a relatively high-level person.

– Disclosure is by a person in a controls function.

– Conduct would tend to diminish trust of key stakeholders in the company. (Most important of all the criteria – but also hardest to apply.)

– Conduct involves a relatively high degree of money or other tangible or intangible  interests.

– Resolving disclosed conflict would entail complicated fact finding.

– Resolving conflict would entail interpretation of legal or regulatory mandates.

Finally, and perhaps less obvious than the others, going forward, would the manager be sufficiently aware of the relevant actions of the disclosing employee to help ensure adherence to Company COI standards? In other words, can the manager act like a de facto COI monitor?

Imagine the real

 

An early post on this blog noted that among the more interesting phenomena of behavioral ethics was the impact that knowing or not knowing a party could have on how one treated that party.

A set of circumstances that is relatively likely to lead to an ethical shortfall is where we do not know who will be impacted by a contemplated act.   As described in this paper by Deborah A. Small and George Loewenstein,  in one study “subjects were more willing to compensate others who lost money when the losers had already been determined than when they were about to be” and in another “people contributed more to a charity when their contributions would benefit a family that had already been selected from a list than when told that the family would be selected from the same list.”   Beyond their direct application to the area of charitable giving, these findings may be relevant to a broader range of ethics issues, and, for instance, could help explain the relative ease with which so many individuals engage in offenses where the victims are not identifiable.  

One example of this is insider trading – a crime which, although widely known to be wrong, seems utterly pervasive (based, among other things, on the extent of trading in securities right before public disclosure of market moving events).  A behavioral ethics perspective suggests that (at least part of) the reason for this “inner controls” failure is that the victims of insider trading are essentially anonymous market participants. 

Another offense of this sort is government contracting fraud (where the victims tend to be everyone),  and indeed Ben Franklin famously described the risks of an ethics shortfall here as well as anyone could: “There is no kind of dishonesty into which otherwise good people more easily and more frequently fall than that of defrauding the government.”   Understanding why “otherwise good people” do bad things is much of what behavioral ethics is about.

But what about COIs? The picture there is mixed, as some COIs do involve identifiable victims – such as the job applicant who does not get hired because the position was filled by the boss’s son. Similarly, an organization might suffer identifiable harm when its procurement process is corrupted by a COI – e.g., paying too much or getting too little.

However, with other sorts of COIs the harm is less apparent. It is the damage to trust in key relationships.

For this reason, organizations might consider including the following question in their COI resolution protocols: “How likely would it be at that the COI would diminish the trust that stakeholders (shareholders, employees, customers, business partners, suppliers or regulators) would have in the Company or otherwise adversely impact the Company’s reputation?”

Of course, this thought experiment works only if you truly try to put yourself in the shoes of one of these parties. Or, to use the memorable words (albeit from  another setting) of philosopher Martin Buber: “Imagine the real.”

Conflict of interest self assessments

C&E program assessments sometimes have a general scope and sometimes are focused on a single substantive risk area – such as corruption or competition law. For some companies it makes sense to do such a targeted assessment for conflicts of interests – particularly those responding to a significant COI violation or “near miss.”

The scope and approach of such assessments for any given company at any given time should vary based on a variety of circumstances. Hopefully, however, the following questions/comments can be helpful to some organizations seeking to determine whether/how to go down this road.

Risk Assessment. Has the company assessed COI risk? If so, has it used the results of the assessment(s) in designing and implementing other aspects of the COI program?

Governance. Have the respective COI oversight roles of the board of directors and senior management been formalized? Do they receive appropriate reports of COI program activity? Are there sufficient escalation provisions regarding COIs?

Culture. Are COI rules followed or are there double standards? What is the sense of “organizational justice” vis a vis COIs?

Policies. Presumably nearly every business organization has a COI provision in its code of conduct – but there are also many that need but do not have a standalone policy as well.

Procedures. Are disclosure procedures clear, easy to use and well known? Do those tasked with reviewing COIs have sufficient knowledge and independence for the job?

Training/other communication. Is there enough training given relevant COI risks (which tend to be high for senior managers/board members and in certain functions). Is training reinforced through other communications?

Auditing and monitoring. Is the COI disclosure practice audited? Same question for monitoring (of conditionally approved COIs)..

Responding to allegations/request for guidance. Do employees feel comfortable seeking guidance on possible COIs? Are investigations truly independent? Are violations of the COI policy treated with sufficient seriousness? Does the company conduct a “lessons learned” analysis of significant COI failures?

Of course, there is much more that could be included in a COI self-assessment (and I encourage you to browse the blog for ideas in this regard). But hopefully the above will be a useful foundation for starting.

 

 

Conflict of interest risk assessment (part 2)

My latest column in Compliance & Ethics Professional. (Last page of PDF.)

I hope you find it useful.

Frequently asked questions about conflicts of interest

An earlier post  explored the various contexts – such as board meetings, hiring interviews, employee engagement surveys, training, compliance audits and exit interviews – where asking the right question can help promote C&E at a business organization. To this list should be added frequently added questions documents (“FAQs”).

FAQs are used with some frequency to supplement codes of conduct and policy statements. They can provide a greater level of information than is feasible in a traditional policy statement – because they are generally easier to read than the latter.

FAQs can be particularly useful in promoting COI-related compliance measures. That is because the issues raised in the COI realm tend to be more personal than are other types of C&E issues and so employees might welcome a chance to have their questions answered in this way rather than through actual contact with someone in their organization – at least as an initial matter.

Those seeking a model for drafting a COI FAQ, should take a look at what Walmart has done in this area – which can be found here. It is a very comprehensive document, covering in some detail what are presumably all the major COI risk areas for the company (financial interests, gifts and entertainment, outside employment, personal relationships with other associates, personal relationships with suppliers, protecting personal and business information and information sharing). For each, the document recites the relevant company policy and follows that with one or more questions and answers. (E.g., the Outside Employment section asks and answers questions about working for a competitor, operating a side business and working for a supplier.)

The Walmart FAQ document also does a good job in explaining the reasons for the company’s position on the issues raised in the questions. For instance: I supervise an associate who does odd jobs on the side. I would like to hire the associate to do some work at my home. Is this okay? As a manager with direct reports, it’s important to remain objective regarding your associate’s work. This situation requires a manager to think through all of the potential issues and use good judgment. This particular situation could potentially create a real or perceived conflict of interest since the work done for you at home may appear to influence how you view your direct report at work. If you hire someone you supervise to do work on your home, the boundaries between work and personal life may become blurry and difficult to manage. For instance, if you are not pleased with the outcome of the work, it could impact your perception of the associate. It may also appear to others that you are more lenient on that associate’s performance at work since the associate is doing work for you at your home. Finally, the associate may not want to do personal work for their manager for these same reasons, but may feel obligated to do so.

Of course, not every C&E program needs an FAQ – for COIs or any other risk areas. Those that do tend to be large and have relatively complex compliance profiles. And in considering whether to go this route companies should consider the total mix of relevant information about the risk area in question (i.e., not just what is in the code and policy document, but also the treatment of the risk area in training and other communications). As with any part of a C&E program, one has to be mindful of the dangers here of doing too much as too little.

Does your conflict of interest risk assessment do this?

My latest column in Compliance & Ethics Professional, available on page 2 of attached PDF.

I hope you find it useful.

A core value for our behavioral age

Groucho Marx famously said: “Those are my principles, and if you don’t like them… well, I have others.” When it comes to companies committing to follow key principles to guide their behavior – what are often called “core values” – there is clearly no shortage of options. Indeed, this posting on the Threads web site offers 500 ideas for those in the market for values.

One value that I see occasionally (but not frequently) selected for “core” status is humility. Kellogg, for instance, includes humility among several other core values.  Humility is not principally about ethics – Kellogg embraces an integrity value too (as is the case with a large number of companies). But I do see humility as having an important role to play in promoting compliance and ethics in business organizations, in several ways.

First, humility is a logical and arguably inevitable response to the vast body of behavioral ethics research showing “we are not as ethical as we think.”  Thinking and acting with humility is indeed a way of operationalizing behavioral ethics. (For a list of behavioral ethics and compliance posts click here. Also, please see this recent article in the NY Times on behavioral ethics and the notion of “servant leadership.”)

Second, humility is well suited for addressing ethical challenges that are based not on the purposeful failure to be honest but on the less well-appreciated dangers of being careless. (For a post on that click here.) Recognizing the limits of one’s abilities – which is part of being humble –  should help underscore the need for carefulness.

Finally, humility has the potential to resonate deeply in our political, as well as business, culture. By this I mean humility can help form part of a broader mutually supporting relationship between business ethics and what might be called societal ethics of the sort described in other posts.

From a professional viewpoint the benefits to the business side are of most immediate interest to me, but as a citizen (hopefully in the broad sense) I know that the societal dimension is of greater importance. So, let me close by quoting what is one of the best (albeit largely forgotten) expressions of humility’s role in societal ethics, which  can be found in Learned Hand’s “Spirit of Liberty” speech: “The spirit of liberty is the spirit that is not too sure that it is right [and] which seeks to understand the minds of other men and women…”  Delivered in 1944 – when the US and other democracies were engaged in a truly existential battle for survival – these words have never been more compelling than they are today.