Compliance

In this section we examine how the various “tools” of a C&E program can be deployed to mitigate COIs, as well as other matters regarding the interaction of COIs and C&E programs. Please see the various sub-categories for information about each of these tools.

Assessing conflict of interest compliance programs

Here is a just-published article in Corporate Compliance Insights by Rebecca Walker and me on conducting assessments of conflict of interest compliance programs.

We hope you find it useful.

Assessing conflicts of interest risks

Conflicts of interest have long been seen as an area of significant risk. But that does not always translate into the conduct of meaningful risk assessments.

Part of the reason for this disconnect is a widespread belief that COI risks are already well known. Certainly every C&E professional knows that the major types of COI for most business organizations involve employees a) having financial ties to competitors and third parties that do or seek to do business with the organization, and b) hiring family and friends into the organization. Similarly, the basics of the other two major COI categories – organizational and gatekeeper COIs – are generally understood by C&E professionals working in fields where risks of such conflicts are significant.

But understanding the general risks regarding COI may  not be enough to generate the type of information that an effective risk assessment process requires, which is information that will help design or modify all the risk-sensitive elements of a program to mitigate COIs. These are policies, training,  and other communications,  auditing and accountability. (Note the other program elements – e.g., helplines, investigations,  incentives, discipline  – are obviously important too, but tend not to vary by risk area.)

Each assessment will vary in substance. But here are some areas of inquiry that may be useful to companies just starting out.

– Any relevant COI history at the organization – violations, near misses and inquiries.

– Any relevant COI history at competitor or otherwise comparable organizations, to the extent known.

– Same inquiry regarding customers, suppliers and other third parties with which one  does business.

– COI standards that are not fully understood or appreciated.

– Weakness in “inner controls” (where – due to factors described in behavioral ethics research – moral constraints against wrongdoing are of diminished efficacy).

– Instances or prospects of prosocial COIs (“right v. right” risks).

– Industry-related risks.

– Cultural-related factors.

– Efficacy of process controls (particularly around COI disclosure/approval regimes).

Note that in some instances the inquiry can be done on an enterprise-wide basis but for others it should be granular (e.g., region, business line, function) too.

Insider trading and conflicts of interest

The Coronavirus is,of  course, creating considerable volatility in the stock market. With such volatility comes opportunity for investors to make profits, either honestly or otherwise. Are companies prepared for what might be an increase in insider trading risk?

In many companies the principal “owner” of insider trading compliance is the corporate secretary or other member of the law department – not the compliance & ethics officer. That is generally fine, as the subject is of a fairly technical nature.

But in my view the CECO should still have  a “line of sight” into insider trading compliance too. This is particularly so given that insider trading laws are – at least in part – conflict-of-interest based, and COIs are within the “heartland” of a CECO’s duties.

The basics

The core of an insider trading compliance program is the policy, which every public company (and some private companies) should have. A typical policy should cover the following

– Explanation of insider trading, including definitions of key terms such as “material” information, non-public information, purchase and sale.

– Procedures to prevent insider trading, including preapprovals and black-out periods.

– Policy and procedures on “tipping.”

– Any additional transactions that are prohibited by the policy, such as trading in options in the company stock or buying on margin,

– Rule 10b5-1 trading plans.

– Penalties and enforcement.

The basics also include:

– Insider trading training and periodic communications.

– Certificates of compliance.

– Avenues for seeking guidance and reporting concerns.

The role of the CECO

Most of these items are, as noted above this is fairly technical. But an insider trading program can also have a broader cultural dimension.

For instance, as noted in an earlier post: insider trading should be seen as a form of private corruption, rather than as a more technical and indeed victimless form of wrongdoing,  which it is sometimes seen as. This can give enforcement and compliance efforts  a degree of moral force that they might otherwise lack.

Can the corporate secretary make the case about insider trading being a form of private sector corruption? Sure – but in all likelihood the CECO can do it better because she will be able to place insider trading within the larger conflict of interest framework. This could make both areas stronger.

Again, I’m not trying to take work from the corporate secretary. But having the insider trading program learning from the CECO could help companies strengthen their compliance in a time of heightened risk.

*****************************************************

You might be interested in this piece about abuses in the gifts and entertainment area  being viewed as “soft-core corruption.”

This is a test

In Testing Compliance, (published on the Harvard corporate governance web site, with the full paper available at SSRN), Brandon L. Garrett. Professor of Law at Duke Law School, and Gregory Mitchell, Professor of Law at the University of Virginia School of Law, note that “what makes the compliance enterprise deeply uncertain and problematic is that the information generated by compliance efforts is simultaneously useful and dangerous. However, documenting problematic behaviors creates a record that may be used against the corporation in future administrative, criminal or civil proceedings, or may become the subject of a media exposé. Officers and directors, and the in-house compliance team, may sincerely hope compliance programs are effective, but they may quite rationally avoid testing that hope. The end result will often be rational ignorance with respect to the effectiveness of corporate compliance programs. This dynamic—the hope that greater attention to compliance will reap benefits drives more resources toward compliance efforts, yet fears about what examining the effects of those efforts might reveal hinders validation of compliance programs—creates a ‘compliance trap’ that can ensnare corporations and regulators alike.” The authors  “explore ways out of this trap.”

Among other things:

– They argue for government policies to promote more information sharing by companies about what works and what doesn’t in terms of C&E. While there is already some such sharing via compliance conferences and though various professional organizations there is clearly room for improvement here.

– They also note, based on compliance information published by Fortune 100 companies, that if such companies “are measuring the effectiveness of their compliance programs, they are not sharing it. It is also possible that what we see is what we get: active educational efforts focused on employee training and assessments of that training using employee surveys and reactive compliance efforts relying on whistleblower reporting and investigation of those reports. The public record reveals few active efforts to detect and remedy weaknesses within internal compliance systems.” I agree that sharing of this kind could be a powerful force in promoting strong C&E.

– They propose instituting a “legal mandate that organizations regularly test their compliance systems for effectiveness. But to incentivize companies to put in place strong compliance programs and audit those programs rigorously, the mandated reports should not increase their litigation exposure. ” I think implementing legislation to help companies avoid the “compliance trap” in this way would be very beneficial, though getting to such a safe place would – in my view – be a lengthy and difficult journey.

– They note: “Companies need to proactively test whether their employees, when given the chance to misbehave, really do. Such testing need not involve comprehensive data collection or expensive analytics, although firms increasingly use such tools, and consultants may market AI approaches to compliance. Rather, experiments, relying on blind performance testing of randomly sampled employees, can quite inexpensively measure whether employees comply in realistic work situations.” I note (as do the authors) that some this already happens but think there needs to be more of it. However, one must be careful to avoid the perception that employees are being treated as the subject of experiments.

Finally, there is much more to this piece and I encourage you to read it in its entirety.

 

“Corporate Law for Good People”

Compliance programs have long been viewed (at least by me) as a “delivery device” for bringing behavioral ethics ideas and information into the workplace. And now something similar can be said about corporate governance.

In Corporate Law for Good People Yuval Feldman, Adi Libson (both of Bar-Ilan University) and Gideon Parchomovsky (of the University of Pennsylvania Law School) offer “a novel analysis of the field of corporate governance by viewing it through the lens of behavioral ethics.” As they note: “In the legal domain, corporate law provides the most fertile ground for the application of behavioral ethics since it encapsulates many of the features that the behavioral ethics literature found to confound the ethical judgment of good people, such as agency, group decisions, victim remoteness, vague directives and subtle conflict of interests.”

Of these, the topic of COIs is (predictably) is of greatest interest to me. The authors’ area of particular focus here is independent boards of directors. They note that independent directors may suffer from the “curse of partial independence. Their status as independent directors intensifies their self-perception as ‘objective’ agents, making them more susceptible to subtle conflicts-of-interest. As many scholars have pointed out, independent directors have a weaker type of a conflict-of-interest. According to behavioral ethics, this might cause those directors to be more rather than less biased, making it easier to ignore or justify self-interested decision-making.”

“Even though they have no formal ties to the management or major shareholders and do not receive direct benefits from them, some degree of non-formal ties are likely, which may make them less rather than more objective relative to other directors. Furthermore, it is mostly the management that effectively chooses independent directors, so even without any pre-existing ties, the management is to some degree the benefactor of the independent director. This subtle conflict-of-interest may lead independent directors to lean to return the favor by showing leniency toward the management, similar to the studies that have found tendency to take sides even when the actor does not derive direct gains from the triumph of the party she supports.”

“This analysis does not necessarily lead to the conclusion that the institution of independent directors should be abolished. On the contrary, independent directors have the potential to improve corporate governance, if measures are taken to address the subtle conflict of interest that undermines their performance.”

I agree with this analysis, as I do nearly everything said in this paper.

But one area that I found questionable was the finding that “building an atmosphere of a ‘corporate family’ and forming organizational loyalty is mostly perceived as an important value for investors, but under certain circumstances it may work to their detriment. Similar studies have found that ethical codes that use more formal and less ‘familial’ language—usage of the term ‘employee’ and not ‘we’—are more effective in curbing unethical behavior” (emphasis added).  The principal support for this is a reference to an unpublished manuscript on file with authors, which left me eager to learn more about  this contention.

Does ethics training actually affect business conduct?

In “Can Ethics be Taught? Evidence from Securities Exams and Investment Adviser Misconduct,” forthcoming in the Journal of Financial Economics,  Zachary T Kowaleski of University of Notre Dame, Andrew Sutherland of the Massachusetts Institute of Technology, and Felix Vetter of the London School of Economics “study the consequences of a 2010 change in the investment adviser qualification exam that reallocated coverage from the rules and ethics section to the technical material section. Comparing advisers with the same employer in the same location and year, we find those passing the exam with more rules and ethics coverage are one-fourth less likely to commit misconduct. The exam change appears to affect advisers’ perception of acceptable conduct, and not just their awareness of specific rules or selection into the qualification. Those passing the rules and ethics-focused exam are more likely to depart employers experiencing scandals. Such departures also predict future scandals. Our paper offers the first archival evidence on how rules and ethics training affects conduct and labor market activity in the financial sector.”

This seems like a very important study and there are far too many aspects of it to provide a comprehensive summary here. But I was particularly struck by the following:

“[W]e find the misconduct differences across passers of the old and new exam persist for at least three years, which we would not expect if advisers merely memorize rules rather than draw more fundamental lessons about acceptable conduct from the ethics portion of the exam. In sum, this evidence suggests that our main results cannot be explained by compliance alone, and that the exam change altered advisers’ perceptions of acceptable conduct.”

“[T]he behavior of the least experienced advisers is most sensitive to the extent of rules and ethics testing. These results are consistent with the exam playing a ‘priming’ role, where early exposure to rules and ethics material prepares the individual to behave appropriately later.”

“[W]e find the exam’s coverage to be less pertinent to those advisers working at firms where misconduct is prevalent. Thus, the contagion of misconduct behavior appears to limit the effectiveness of training in preventing transgressions.”

“We study turnover among all Wells Fargo advisers, and find those passing the old exam are most likely to leave after the scandal broke.”

There is much more to the study than this and I encourage you to read the original.

 

 

Conflicts of interest and nonprofit organizations

The settlement by President Trump of a lawsuit brought by the NY Attorney General claiming that the Trump Foundation misused funds to benefit his 2016 campaign was attention getting not only because of who was involved in the case but also because he was compelled to pay $2 million to have the matter resolved. But while unique in some ways, the matter is a good reminder of the need for effective COI compliance in the nonprofit world generally.

Writing in a recent issue of Nonprofit Quarterly Vernetta Walker notes: “Just in the past few months, Baltimore’s mayor Catherine Pugh resigned following a scandal that revealed she had profited in the hundreds of thousands of dollars from selling her self-published children’s book to the University of Maryland Medical System, where she served as a board member; the Washington Post exposed eighteen board members of the National Rifle Association who were paid commissions and fees ranging from thousands to over $3 million; and ProPublica’s searing investigation into Memorial Sloan Kettering Cancer Center revealed a nest of self-serving behavior, including top executives who received personal annual compensation in the hundreds of thousands of dollars and in one instance over a million dollars in equity stakes and stock options from the drug and healthcare companies. Meanwhile, dozens of stories have appeared that raise questions in the minds of the public about pharmaceuticals’ funding of patients’ rights groups. These are just the tip of the iceberg of recent examples eroding the public trust.” She also writes that a “closer look at real-life examples reveals three separate but related issues that surface repeatedly: (1) failure to navigate the gray areas of conflicts of interest, including group dynamics within the boardroom; (2) failure to navigate the gray areas of recusal and disclosure; and (3) failure to fully appreciate unintentional reputational damage because, technically, the transaction being considered is not illegal.”

Walker further asks: “So, how should nonprofits navigate the gray areas where relationships are involved, the actions are not illegal, and the organization has complied with the conflict policy (i.e., disclosure and recusal)? Some organizations decide, as a matter of policy, never to enter into paid contractual relationships with any board member, so as to avoid speculation about abuse of position and influence for personal gain. Such organizations, of course, steer well clear of inviting vendors or potential vendors onto their boards. They also tend to be very careful about contracting with other organizations where staff members have an interest in the vendor or hire family members or personal friends, because they are consciously holding an ethical standard that argues against it. Where using a board member as a vendor is concerned, there may be some cases in which such situations emerge and the connection is limited enough, or thought to benefit the organization enough, that it may decide to leave some room in its policy while recognizing the risks it incurs in doing so. In all such cases, the board should make comparisons of alternative options; and it should take a vote on whether the proposal is fair and reasonable and in the financial best interest of the organization, but only if no other acceptable option is available.”

There is much more to Walker’s piece and I encourage those involved in compliance work for non-profits to read all of it.

And, you might find of  interest  this earlier post on nonprofit COI policies.

Conflicts of interest: why we fight

The current attention to President Trump’s using his official position to bring business to his properties – discussed here – has drawn national (and even global) focus on the area of conflicts of interest. It is thus an opportune time for the COI Blog to review some basic principles.

First, as Justice Louis Brandeis famously said: “Our government is the potent, the omnipresent teacher. For good or for ill, it teaches the whole people by its example.” While Brandeis was speaking about violations of law the point seems just as applicable to ethics.

Second, and as one would expect, the impact of COIs can go beyond the economic value of the transaction at issue. How much does it matter that organizations, individuals and governments pay close attention to identifying and mitigating conflicts of interest? One way to answer this question is to consider – as I used to ask students in my business school ethics class to do – what the world would look like without such focus and sensitivity. Below are some of the observations that I have heard from them over the years:

– Individuals might be reluctant to take the medicines that their doctors recommend for fear that those recommendations are motivated more by the doctors’ financial relationships with pharma companies than by the patients’ well-being.

– Individuals and organizations might not use financial advisors for fear that the advice they receive is driven by hidden, adverse interests – and would instead devote otherwise productive time to trying to become their own financial experts, resulting in a significant misallocation of capital as well as time.

– Organizations could hesitate to take a wide range of everyday actions for which they need to trust their employees and agents to do what’s right by the organizations – or would proceed only with highly intrusive and costly surveillance-like measures in place.

In short, Conflict of Interest World is a place of needlessly diminished lives, resources and opportunities.

Finally, and returning to the issue of Trump’s COIs, the negative impact of presidential impunity regarding COIs is particularly worrisome in a way that is unique in our history.  In the coming years we will be compelled to make sacrifices to address increasingly urgent needs regarding climate change and public debt. If government’s motives on these and other critical issues are subject to question due to COI’s then the (already small, in my view) likelihood of sufficient sacrifice being made is further diminished, with potentially catastrophic consequences for our country and planet. (For more on the link between morality-based sacrifice and the success of human societies see Jonathan Haidt’s The Righteous Mind.)

What is in a name?

A recent letter to the editor of Nature argues:

Transparency about competing interests is essential when reporting scientific data. However, use of the term ‘conflict of interests’ for such declarations can be misleading in some biomedical papers. A genuine example of a conflict of interest is when academic researchers are financially rewarded for their work by commercial partners. The situation can be more nuanced for reports of biomedical discoveries that could be applied in clinical situations. After all, developing such treatments for patients is a moral obligation for academic researchers, both to their funders and to society — even though it can mean working with biotechnology or pharmaceutical companies. Disclosing a financial arrangement as a ‘conflict of interest’ under such circumstances implies that engagement with for-profit companies is a nefarious activity, potentially at odds with what society expects from biomedical scientists. In that context, a ‘declaration of interest’ would be a more accurate term for a mandatory and transparent disclosure of financial relationships. A ‘conflict of interest’ should instead be reserved for authors who cannot document efforts to translate their discoveries to the clinic. (The author of the letter is  René Bernards of the Netherlands Cancer Institute.)

I do not know enough about biomedical research conflicts of interest to gauge the merits of this suggestion, but I would be surprised if some scientists couldn’t  still have a conflict of interest even if they translated their discoveries to the clinic. However, the larger point about a COI disclosure seeming to unfairly suggest nefarious conduct basically seems sound.

More generally, I believe that in organizations of all kind,  policies, training and disclosure documents should communicate that not all ostensibly conflicting interests are  wrongful. (This point is sometimes made, but  in my view  not often enough.) The alternative may be to discourage desirable conduct and to drive other conduct underground.

The toll at the top

As recently reported by NPR: For decades, the main reason chief executives were ousted from their jobs was the firm’s financial performance. In 2018, that all changed. Misconduct and ethical lapses occurring in the #MeToo era are now the biggest driver behind a chief executive falling from the top. That’s according to a new study from the consulting division of PwC, one the nation’s largest auditing firms. It is the first time since the group began tracking executive turnover 19 years ago that scandals over bad behavior rather than poor financial performance was the leading cause of leadership dismissals among the world’s 2,500 largest public companies… Thirty-nine percent of the 89 CEOs who departed in 2018 left for reasons related to unethical behavior stemming from allegations of sexual misconduct or ethical lapses connected to things like fraud, bribery and insider trading, the study found…”Employees are starting to say, ‘how can you enforce a policy on us without holding CEOs accountable?’ ” said Bill George, a senior fellow at Harvard Business School and former chief executive of Medtronic, who has served on the boards of Goldman Sachs and Exxon Mobil. “The CEO’s behavior has to be beyond reproach. Boards are aware of this and are really feeling pressure around that now.”

But what exactly should boards do to respond to this pressure? As noted in an earlier post in the COI Blog:

In recent months, the unprecedented sexual misconduct allegations against (among others) high ranking officials in prominent businesses has brought unprecedented attention to the need to prevent and detect such wrongdoing using high-level solutions. For instance, writing recently in the Harvard Law School corporate governance blog, Subodh Mishra, Executive Director at Institutional Shareholder Services, Inc., identifies the following five components of an effective sexual misconduct risk management policy:

– Sexual misconduct risk is specifically enumerated and oversight assigned to a board committee.

– The board has expertise in workplace and employee issues.

– Material penalties are in place for perpetrators and abettors.

– Executive compensation structures—at a minimum—contain incentives for creating a safe and equitable workplace.

– The company models the behavior it seeks to promote.

These seem like generally sound observations, but the point of my post is not to add to the conversation on this particular area of risk but rather to suggest that ideas of this sort can and should be applied to compliance risks more broadly.

Certainly, assigning a board-level committee compliance  responsibility with an emphasis on risks (such as corruption or antitrust ones) at the top, would be a sound measure generally for companies to take.  And the board having expertise regarding compliance issues is compelling for the same reason that having such expertise in workplace/employment issues is – though for both areas expertise can (in my view) sometimes be provided by access to an outsider adviser rather than appointment to a seat on the board.

Moreover, I certainly think that the emphasis on penalties for those engaged in misconduct is important to preventing wrongdoing of various kinds at the top, particularly the suggestion that “These policies may also be extended to any individuals that willfully concealed violations or engaged in retaliation against whistleblowers.” And, on the other side of the coin, reflecting compliance success generally in executive compensation structure makes sense just as it does for promoting diversity (part of Mishra’s recommendations), although doing so with the former may be more methodologically challenging than it is with the latter. Still, it can be done.

Finally, the point about modeling behavior is every bit as important to promoting compliance generally as it is to preventing harassment and discrimination in particular. For a board committee overseeing compliance at the top, this aspect of effective risk management has implications for a wide range of conduct – both substantive (e.g., how conflicts of interest are dealt with by senior managers) and procedural (such as ensuring that managers take the required training).

Cross references:

CEOs’ ethical standards and the limits of compliance

Catching up on CEOs’ COIs.

CEOs’ ethics: what’s new