Bias

Two very different types of bias topics will be examined in the blog: A) Under what situations involving business organizations should bias be treated like a traditional COI. B) How often-unrecognized biases can inhibit ethical decision making, which is one of the principal teachings from behavioral ethics (i.e., “cognitive biases.”)

Are you a member of the “compliance elite”?

In “Compliance Elites ”Professor Miriam Baer of Brooklyn  Law School writes:

“As corporate compliance has expanded its influence, so too has the status of those who implement and oversee the firm’s compliance function. Chief compliance officers (CCOs), who are often (but not exclusively) lawyers by training, increasingly boast the types of resumes one associates with elite lawyers. In many ways, this is good news for compliance. There may, however, be several downsides to a strategy of relying so heavily on a cadre of compliance elites. The aim of this Article is to discuss one of these downsides.”

At the outset, I question how significant the phenomenon of compliance elites is.  (As used by Baer, “the term ’elite’ refers to an attorney’s academic and postgraduate achievements: her education, her awards while in law school, her clerkship, and the various positions she held after law school.” )  In my nearly thirty years in the field I have encountered many CCO’s who, while not elite, have been very successful in developing and implementing sound compliance programs. We still have a ways to go before elite is the norm,  And that to me is a good thing.

Still, as noted above, there are many “pluses” to having elite compliance personnel. Baer lists here recruiting top-flight human capital and otherwise securing necessary resources for the compliance program.  To me this is key, both as a matter of common managerial sense and because the U.S. Department of Justice places great emphasis on these factors in its criteria in evaluating programs.

Additionally, by hiring members of the compliance elite, “the organization emits potent internal and external signals. Within the firm, the CCO’s arrival affirms to its rank-and-file employees that corporate management is committed to improving its compliance effort. That, in turn, improves morale among those inclined to follow the law and potentially induces broader and earlier internal whistle-blowing.”

Finally, on the downside,  Baer argues: “imagine a new CCO confronts a series of performance targets upon entering the firm. Which ones merit the closest attention, and which ones deserve to be shelved immediately? If the firm is emerging from a scandal, the worst systems may be obvious to everyone. Beyond this, however, reasonable people will differ. It will be the CCO’s responsibility to tread carefully but thoroughly in determining which additional performance goals merit a closer look, and it may not be the goal itself that is the problem. It may be how the firm measures the goal, how it compensates (or punishes) performance aimed at achieving said goal, or how quickly it expects its employees to meet its goal that induce different degrees of misconduct. It is within this ambiguous gray zone that performance blind spots are most likely to emerge and do their damage. Absent blunt evidence to the contrary, someone who has repeatedly scored in the top percentiles nationally on standardized tests; who has then followed up that performance by scoring at the top of a law school’s grading curve; and who has bested many of her competitors in series of workplace mini tournaments might not find a series of severe or unforgiving performance targets problematic.”

This is interesting but, in my view, a stretch. While lots of life experiences can contribute to cognitive biases, I just don’t think doing well on  a standardized test rises to that level.

Mapping the field of “”behavioral business ethics”

In “Toward a Better Understanding of Behavioral Ethics in the Workplace,”  David De Cremer of the Business School, National University of Singapore, and Celia Moore of the Cambridge Judge Business School, review literature that is part of the growing area that they call “behavioral business ethics.” They use this formulation to “build a bridge between business ethics and behavioral ethics,” and they consider the various implications of “behavioral business ethics” research.

As their article is itself largely a compilation of summaries of various studies I won’t attempt to summarize it, but do note generally that the article considers the significance of this body of knowledge on three levels: intrapersonal, interpersonal and organizational. They “conclude by recommending future research opportunities relevant to behavioral business ethics and discuss its practical implications.”

For instance, they note that on an intrapersonal level, “understanding what drives people to act unethically is essential to the behavioral ethics approach. Behavioral business ethics helps us identify psychological processes that can be harnessed to ensure that employees and managers do not fall prey to basic human frailties that can derail one’s good behavior. One important practical goal of a behavioral business ethics approach is to gather evidence so managers can be trained to act more ethically themselves, and elicit more ethical behavior from their subordinates, as well as to refrain from moral licensing, where people give themselves credit for initial ethical behavior, allowing them to follow it up with unethical behavior ….”

The article is filled with useful and interesting information, and I do think the “behavioral business ethics” formulation works. And this also poses an appropriate occasion to take note of the formulation I have used in this blog and elsewhere – “behavioral ethics and compliance” – and the mapping (in this blog and elsewhere) relevant thereto.

In brief, behavioral ethics and compliance seeks to:

– Use the overarching message of behavioral business ethics that we are not as ethical as we think to persuade boards of directors and managers of the need for strong C&E programs.

– Use that same message to persuade governmental bodies of the need to adopt enforcement approaches that incent business organizations to develop and maintain effective programs.

– Provide C&E professionals with information that can be used to develop and utilize risk assessments, training, enforcement approaches and other C&E program elements in a behaviorally informed way.

– Provide a similar approach with respect to specific types  of wrongdoing, such as conflicts of interest and insider trading.

The current iteration of the map for this can be found here. I hope you find it interesting.  Finally, note that there is obviously a lot of overlap between the two fields. But hopefully having one specifically tied  to compliance is worthwhile, particularly for compliance personnel.

The gut as accomplice

A review of core behavioral ethics concepts (“Rule-breaking without Crime: Insights from Behavioral Ethics for the Study of  Everyday Deviancy” by Yuval Feldman, Benjamin van Rooij and  Melissa Rorie) noted: “Behavioral Ethics has shown that … people relying on System 1 cognition (characterized by intuitive and emotional decision making, more so than System 2’s deliberation and planning) are more likely to be unethical.”

For the past three years we have seen countless examples of President Trump relying on his gut in making decisions for the country – most recently in saying he would trust his instinct in deciding when to reopen the economy. More generally, as described in an article in The Atlantic ,“Trump’s Most Trusted Adviser Is His Own Gut. The president’s glandular instinct has become a substitute for all expertise and all nuance.”

Even if he loses the election in November, Trump’s triumph of instinct over reason will have caused lasting damage to the moral fabric of our country. To counteract that, we need to strengthen the moral imperative not just to be honest but also to be careful and deliberative, particularly when making decisions that will significantly impact others.  We should heed these words of  Samuel Johnson: “It is more from carelessness about truth than from intentionally lying that there is so much falsehood in the world.” And carelessness is obviously at the root of many other types of wrongdoing too.

One specific  example is suggested by a presentation – “Beyond Agency Theory: The Hidden and Heretofore Inaccessible Power of Integrity,” by Michael Jensen and Werner Erhard – discussed in this earlier post. The authors argue that honesty requires more than sincerity: “When giving their word, most people do not consider fully what it will take to keep that word.  That is, people do not do a cost/benefit analysis on giving their word.  In effect, when giving their word, most people are merely sincere (well-meaning) or placating someone, and don’t even think about what it will take to keep their word. This failure to do a cost/benefit analysis on giving one’s word is irresponsible.”

There are many other examples of how more deliberative thinking can lead to less gut-led actions.   Big picture: ultimately we need to get to a place where being  uncareful is broadly seen as unethical in the same way that being dishonest is. 

The oldest conflict of interest

Many years ago a client being vetted for a high-ranking post asked me if a question about prior ethical violations required him to disclose a long since concluded extramarital affair. I replied that this seemed beyond the scope of the question, and I would give the same answer if asked today. But a recent paper suggests a different way of looking at this area.

In “Personal infidelity and professional conduct in 4 settings”,  John M. Griffin and Samuel Kruger, both of the McCombs School of Business, University of Texas at Austin, and Gonzalo Maturana of the Goizueta Business School, Emory University: “study the connection between personal and professional behavior by introducing usage of a marital infidelity website as a measure of personal conduct. Police officers and financial advisors who use the infidelity website are significantly more likely to engage in professional misconduct. Results are similar for US Securities and Exchange Commission (SEC) defendants accused of white-collar crimes, and companies with chief executive officers (CEOs) or chief financial officers (CFOs) who use the website are more than twice as likely to engage in corporate misconduct. The relation is not explained by a wide range of regional, firm, executive and cultural variables. These findings suggest that personal and workplace behavior are closely related.”

The ramifications of these findings indeed  seem significant. Included is the negative implication for behavioral ethics: “our findings suggest that personal and professional lives are connected and cut against the common view that ethics are predominantly situational. This supports the classical view that virtues such as honesty and integrity influence a person’s thoughts and actions across diverse contexts and has potentially important implications for corporate recruiting and codes of conduct. A possible implication of our findings is that the recent focus on eliminating sexual misconduct in the workplace may have the auxiliary effect of reducing fraudulent workplace activity.”

For more on the connection between personal and professional ethics see this prior post.

The 2020 behavioral ethics and compliance index

While in the more than eight years of its existence the COI Blog  has been devoted primarily to examining conflicts of interest it has also run quite a few posts on what behavioral ethics might mean for corporate compliance and ethics programs. Below is an updated version of a topical  index to these latter posts.  Note that a) to keep this list to a reasonable length I’ve put each post under only one topic, but many in fact relate to multiple topics (particularly the risk assessment and communication ones); and b) there is some overlap between various of the posts.

INTRODUCTION 

– Business ethics research for your whole company (with Jon Haidt)

– Overview of the need for behavioral ethics and compliance

Behavioral ethics and compliance: strong and specific medicine

– Behavioral C&E and its limits

Another piece on limits

– Behavioral compliance: the will and the way

Behavioral ethics: back to school edition

A valuable behavioral ethics and compliance resource

Strengthening your C&E program through behavioral ethics

–  Ethics made easy

BEHAVIORAL ETHICS AND COMPLIANCE PROGRAM COMPONENTS

Risk assessment

–  Being rushed as a risk

–  Too big for ethical failure?

– “Inner controls”

– Is the Road to Risk Paved with Good Intentions?

– Slippery slopes

– Senior managers

– Long-term relationships

– How does your compliance and ethics program deal with “conformity bias”? 

– Money and morals: Can behavioral ethics help “Mister Green” behave himself? 

– Risk assessment and “morality science”

 Advanced tone at the top

 Sweating the small stuff

Communications and training

– “Point of risk” compliance

–  Publishing annual C&E reports

– Behavioral ethics and just-in-time communications

– Values, culture and effective compliance communications

– Behavioral ethics teaching and training

– Moral intuitionism and ethics training

Reverse behavioral ethics

The shockingly low price of virtue

Imagine the real

Behavioral ethics training for managers

Assessments

Behavioral ethics program assessments

Positioning the C&E office

– What can be done about “framing” risks

Compliance & ethics officers in the realm of bias

 Behavioral ethics, the board and C&E officers

 Lawyers as compliance officers: a behavioral ethics perspective

Accountability

– Behavioral Ethics and Management Accountability for Compliance and Ethics Failures

– Redrawing corporate fault lines using behavioral ethics

– The “inner voice” telling us that someone may be watching

–  The Wells Fargo case and behavioral ethics

Whistle-blowing

– Include me out: whistle-blowing and a “larger loyalty”

Incentives/personnel measures

– Hiring, promotions and other personnel measures for ethical organizations

Board oversight of compliance

– Behavioral ethics and C-Suite behavior

– Behavioral ethics and compliance: what the board of directors should ask

Corporate culture

– Is Wall Street a bad ethical neighborhood?

– Too close to the line: a convergence of culture, law and behavioral ethics

–  Ethical culture and ethical instincts

Values-based approach to C&E

 A core value for our behavioral age

– Values, structural compliance, behavioral ethics …and Dilbert

Appropriate responses to violations

– Exemplary ethical recoveries

BEHAVIORAL ETHICS AND SUBSTANTIVE AREAS OF COMPLIANCE RISK

Conflicts of interest/corruption

– Does disclosure really mitigate conflicts of interest?

– Disclosure and COIs (Part Two)

– Other people’s COI standards

– Gifts, entertainment and “soft-core” corruption

– The science of disclosure gets more interesting – and useful for C&E programs

– Gamblers, strippers, loss aversion and conflicts of interest

– COIs and “magical thinking”

– Inherent conflicts of interest

Inherent anti-conflicts of interest

Conflict of interest? Who decides?

Specialty bias

Disclosure’s two-edged sword

Nonmonetary conflicts of interest

Charitable contributions and behavioral ethics

More on conflicts of interest disclosure

Insider trading

– Insider trading, behavioral ethics and effective “inner controls” 

– Insider trading, private corruption and behavioral ethics

Legal ethics

– Using behavioral ethics to reduce legal ethics risks

OTHER POSTS ABOUT BEHAVIORAL ETHICS AND COMPLIANCE

– New proof that good ethics is good business

How ethically confident should we be?

– An ethical duty of open-mindedness?

– How many ways can behavioral ethics improve compliance?

– Meet “Homo Duplex” – a new ethics super-hero?

– Behavioral ethics and reality-based law

Was the Grand Inquisitor right (about compliance)?

Is ethics being short-changed by compliance?

 

Does compliance have a dark side?

Many years ago, the CEO of a client company told me that he wanted to fire another corporate officer there. I asked him what basis he had for this contemplated action and he said it was that the officer had failed to take mandatory compliance training. I responded by asking if he – the CEO – had taken the training, to which he replied (without a trace of irony)  that he had not. (The officer kept his job – for the moment.”)

In her draft book chapter “The Dark Side of Compliance,”  to be published in the forthcoming Cambridge Handbook on Compliance  – Prof. J. S. Nelson of Villanova Law School  writes: “Compliance systems …can be abused. The fact that the positive image of compliance justifies the establishment of tentacles throughout an organization, for example, enables surveillance and invasive monitoring of the workforce. It also allows management to push employees to cut corners, thereby creating conditions ripe for widespread corporate wrongdoing.”

Nelson also notes:

– “There must be control and obedience to rules. But, as we discover from social science literature, adherence to rules may actually be counter-productive in encouraging pro-social behavior. Ethics defined more broadly as doing the right thing by others can be at odds with control and measurement.”

– “Because specific-directive-based compliance seems to engender these problems, there is a new interest in broader tools of culture … But culture as part of compliance, if not tethered to explicitly ethical goals can also be dangerous. Indeed, compliance, with its roots in ‘comply’ can have an even more insidious implications in a cultural context. As cultural compliance is even more powerful at controlling behavior within groups than rule-based compliance, the danger of it suppressing and punishing non-conforming but helpful individual contributions may be greater.”

– “Workers should not merely be sent the message that they are to enhance management’s profits. Changing why that message is sent within corporations will have to be part of a broader movement to re-conceive corporate purpose as more focused on creating social value and respecting corporate stakeholders.”

This is an informative and persuasive piece and I encourage you to read the full chapter.

Some more specific thoughts:

First, I think that the concern regarding monitoring is more acutely felt in the financial services field than elsewhere  (at least in my experience). This is not to minimize it – it is indeed important – but readers from other business sectors should be cautioned as to the extent of its potential applicability to theirs. I also wonder whether many of the monitoring systems would still exist for various operational reasons , more or less, even in the absence of applicable compliance mandates. (E.g., a know-your-customer regime for a bank is not only necessary from a compliance perspective but as a business matter too. The same is true with sales training.)

I am also unclear on how much employees in fact object to monitoring. As noted in a prior post, in my nearly thirty years in the field I can’t recall learning of anything suggesting that the employees of client organizations wanted more choice when it comes to C&E-related matters. And, I have seen and heard much to the contrary, as countless individuals have praised their employer organizations for providing clear instructions – backed up by strict enforcement measures – on how to act when faced with C&E challenges. As one C&E practitioner said about what employees at his company asked from him: “They want me to tell them what to do.”

Second, the concern that “cultural compliance is even more powerful at controlling behavior within groups than rule-based compliance” is not one that I had previously heard in this context, and it makes sense to me as suggesting the possibility of a dark side. (This is particularly so when an organization’s culture is built around loyalty, which – ethically speaking – can operate as a two-edged sword.) However, for the most part of the benefits of cultural compliance should strongly outweigh the perils, given what a cultural approach to compliance generally entails. Still, her point is worth bearing in mind, so that compliance professionals can be aware of and seek to minimize unintended consequences of this sort.

Third, as to Nelson’s point about re-conceiving corporate purpose, she notes that “Such changes may slowly be coming.” Here, I may be more optimistic that she is – since I do think the grave environmental and other societal perils we increasingly face may make corporate ethics and compliance important to employees (and other corporate stakeholders} in a way that has never been the case before. Indeed, this potential to reach beyond the traditional boundaries of compliance with messages and methods for promoting good more broadly may be seen as the sunny side of compliance.

Finally, a thought about another possible type of dark side to compliance. That is, just as Churchill noted that (in wartime) “truth is so precious that she should always be attended by a bodyguard of lies,” protecting a lie (meaning wrongdoing) with a bodyguard of truth (meaning a seemingly strong compliance program) might be seen as an effective strategy for committing crimes while avoiding liability. I should add that this concern is based mostly on speculation – but not entirely.

 

Is ethics being short-changed by compliance?

In the beginning of this field there was ethics. But with the advent of the Sentencing Guidelines in 1991 compliance entered the picture and where there were once ethics programs now stand “compliance and ethics” ones.

Has ethics been short-changed in this transition?

In a recent posting in the Harvard Law School Forum on Corporate Governance and Financial Regulation  Veronica Root Martinez of Notre Dame Law School  – based on a forthcoming paper in the University of Chicago Law Review  – writes: “firms should implement specific and explicit ethical infrastructures within their compliance programs, which fall somewhere between the floor set by professional ethics and standards and the hazy ceiling found within moral philosophy as applied to business ethics. By which I mean, firms should attempt to create tangible policies, procedures, and programs that promote ethical behavior within their ranks. In doing so, I suggest firms look to the fields of behavioral ethics, social psychology, and organizational behavior to provide guiding principles when they attempt to craft tangible ethics policies. For my own contribution, I suggest that firms look to commit to adopting policies and procedures that (i) protect the dignity of, (ii) promote the flourishing of, and (iii) advance the interests of the various stakeholders of firms as a baseline to be used for establishing the ethics components of their ethics and compliance programs. Thus, ethics and compliance programs should ensure employees feel valued and are viewed as vested partners within the organizational enterprise and consider the ways the program might impact individuals both within and outside of the firm. Firms might choose to emphasize other attributes as part of their ethics programs, but the thrust of the Essay is that firms should more actively engage in thinking about the implementation of programs that go beyond rote compliance and focus equally on efforts targeted at creating strong ethics programs. That is not to suggest that creating ethical infrastructure will be easy, but the persistent scandals plaguing sophisticated organizations all across the globe suggest that it is time to at least experiment with creating More Meaningful Ethics within ethics and compliance programs at firms.”

I greatly agree with both her analysis and recommendations and think that this is an important article that all within the compliance and ethic field should read. However – and perhaps it is a matter of semantics more than substance – I am a bit concerned that compliance is being given somewhat of a bad rap.  That is, she argues that various prominent business scandals demonstrate that too much compliance and too little ethics can create risks of wrongdoing. That might be so, but these cases might also be examples of bad compliance programs. In that connection the importance of tone at the top is a fundamental ethics precept. But it is a pillar of compliance expectations as well.

She also suggests that firms rely should more on behavioral ethics for risk mitigation. I agree with that, too, but do think that behavioral ethics can support compliance approaches as well, as described in some of the posts collected here.

However, these are small points and there is much more that can be said in support of the author’s basic thesis that “firms should attempt to create tangible policies, procedures, and programs that promote ethical behavior within their ranks.”

In this vein, here are some other thoughts on connections between compliance and ethics in an article from  a few years back in Compliance and Ethics Professional:  Body and Soul: Points of Convergence between Ethics and Compliance (page 2 of PDF).

“First, companies should assess ethics, as well as compliance, risks.” This is extremely rare, and has the potential to be extremely valuable.

“Second, ethics should be prominently featured in training and communications. This means, among other things: providing true ethics training on methods for ethical decision making, using values-based communications, giving real-life (and ideally company-specific) examples that go beyond what the law requires/prohibits, and in otherwise deploying training and other communications to show that ethical action is attainable and desirable in business.”

“Third, following the old adage that what’s measured is what counts, companies should measure ethics-related, as well as compliance-related, conduct. Such conduct should be included in personnel evaluations, employee surveys, and program assessments (self or external).”

 

Sweating the small stuff

In Behavioral Ethics as Compliance  (Cambridge Handbook of Compliance (Van Rooij & Sokol Eds)) Yuval Feldman and Yotam Kaplan write:

“[C]urrent approaches to law enforcement and compliance tend to focus on “smoking guns” and extreme violations of the law as the core case and as the ultimate manifestation of the problem of illegality. This tendency is understandable, as it would seem most important to prevent wrongdoing in those cases where it produces the most harm. However, behavioral ethics findings challenge this prevailing wisdom. While devastating in their effects, extreme violations of the law are relatively rare as they are difficult for most people to ignore or justify. On the other hand, most people can, and very often do, ignore and justify “minor” violations, or acts of “ordinary unethicality:” supposedly small deviations from legal and ethical norms common in day-to-day activities. This means that acts of ordinary unethicality can be by far more common, and therefore by far more harmful in the aggregate. Ordinary unethicality can be found in all areas of the law, from contract breach and disregard for the property of others, to corruption in administrative law, corporate misconduct, or insensitive interpersonal behavior. Behavioral ethics research suggests that ‘minor’ wrongs are endemic, widespread and difficult to regulate and prevent.”

This analysis dovetails to some degree with the notion of “slippery slopes.” As noted in an earlier post :  “One of the most important facets of behavioral ethics research concerns slippery slopes. As described in a paper by Francesca Gino and Max Bazerman: “Four laboratory studies show that people are more likely to accept others’ unethical behavior when ethical degradation occurs slowly rather than in one abrupt shift. Participants served in the role of watchdogs charged with catching instances of cheating. The watchdogs in our studies were less likely to criticize the actions of others when their behavior eroded gradually, over time, rather than in one abrupt shift.”

Of course, the points that Feldman and Kaplan are making go beyond slippery slopes – and apply broadly to the overall approach to risk assessment that companies take. E.g., their article essentially suggests an inverse relationship between risk impact and risk likelihood.

What should C&E officers do with this information? Among other things, it should be used to train employees on the importance of not allowing seemingly trivial unethical acts to go unchecked, a particularly important point when dealing with busy business leaders who may believe that their attention should be saved for only “serious” infractions. This can be part of a general approach to training that presents “heightened ethical awareness” as a core leadership skill.

 

Behavioral ethics, the board and C&E officers

In Conflicts and Biases in the Boardroom, recently posted on the Harvard Law School Forum on Corporate Governance and Financial Regulation, Frank Glassner, of Veritas identifies five ways that cognitive bias can inhibit great governance:

– A board is reluctant to ask the right questions

– The group is unable to fully and effectively involve new board members

– Excessive deference is afforded to a few board members with a long company history

– Peer pressure and conformance minimize constructive dissent

– Inflexible adherence to tradition limits consideration of new initiatives.

He further writes: “Every board member must acknowledge that implicit biases impact his/her objectivity.”

Not surprisingly (given the focus of the COI Blog), I agree with this. But I also wonder if there is a place for the compliance  and ethics officer in helping to address this daunting area.

In an earlier post  I wrote: Ultimately, for a company to have not only a strong compliance program but also an ethics one, the CEO and other leaders would empower the C&E officer to identify and challenge decisions that may be based on bias. (Note that I don’t mean literally all such decisions, but those that are significant in potential impact and have a meaningful ethics/fairness dimension.) The leaders would do so because they would understand that being fair is not just a matter of good intentions; rather, it can also require expertise and effort – both of which the C&E officer can bring to a challenging set of circumstances.

Here is another prior post addressing the issue:  Behavioral ethics and compliance: what the board should ask..

Finally, here is an index of  behavioral ethics and compliance posts generally.

 

 

Extra compliance for high-risk-potential employees

In “The Power Few of Corporate Compliance,” 53 Georgia Law Review 128 (2018), Todd Haugh of Indiana University’s Kelley School of Business argues: “Corporate compliance in most companies is carried out under the assumption that unethical and illegal conduct occurs in a more or less predictable fashion. That is, although corporate leaders may not know precisely when, where, or how compliance failures will occur, they assume that unethical employee conduct will be sprinkled throughout the company in a roughly normal distribution, exposing the firm to compliance risk but in a controllable manner. This assumption underlies many of the common tools of compliance—standardized codes of conduct, firmwide compliance trainings, and uniform audit and monitoring practices. Because regulators also operate under this assumption, what is deemed an ‘effective’ compliance program often turns on the program’s breadth and consistent application. But compliance failures—lapses of ethical decision making that are the precursors to corporate crime—do not necessarily conform to this baseline assumption.”

I agree that in many – but certainly not all – companies there is too much emphasis on C&E breadth and too little on depth. Indeed, many years ago, Joe Murphy  – who can be justly called “the father of compliance” – cautioned against overreliance on employee compliance surveys with the memorable words “criminal conspiracies do not operate by majority rule.” I also recall a CEO advising me, as I set out to conduct a risk assessment of his company, “not to spread the peanut butter too thinly.” Moreover, compliance program evaluation standards recently issued by the Justice Department’s Criminal and Antitrust divisions  will likely cause more companies to make their respective programs risk based.

Haugh further argues that: “Extreme failures are more likely the result of small groups of individuals acting unethically or illegally, who by virtue of their social and organizational networks account for an outsized amount of bad conduct, and therefore harm. These individuals are the power few of corporate compliance…Companies seeking to improve compliance, and therefore corporate governance, should no longer focus indiscriminately on organizational culture writ large. Instead of designing compliance programs aimed generally at promoting ethical culture as suggested by the Organizational Sentencing Guidelines and adopted by regulators and compliance professionals, compliance should be approached from a behavioral ethics risk management paradigm. Compliance efforts should target those individuals within the company whose unethical decision-making pose the greatest risk according to behavioral and organizational factors such as job task, leadership role, propensity to rationalize wrongdoing, and social and organizational networks. This risk-based approach may be consistent with current compliance efforts to improve companies’ ‘tone at the top,’ assuming that is where the behavioral ethics risk lies. But it also recognizes that the focus of these efforts may correctly bypass the C-suite in order to lessen the significant compliance risk caused by the power few, wherever they may be within an organization.”

Being of the behavioral persuasion I generally agree with this too. But I do think there will always be a need for enterprise-wide compliance efforts, both as an operational and symbolic matter.

Finally, Haugh identifies other compliance program recommendations based on the “power few” theory including:

– “Identify employee ethics during the hiring stage.”

– “Identify the power few in the organization…Once identified, these employees are monitored for risk-taking behavior, and how they manage it factors into promotion and compensation decisions.”

– “To ensure unethical employee decision-making is properly targeted, companies ‘need to frame [their] training around . . . specific, risky job tasks ‘.”

– “Finally, as ethical employees advance in the company and become hubs of influence themselves, they should be leveraged as ‘behavioral compliance ambassadors.’”

These are generally sound ideas and to some extent are already in use (as Haugh notes), particularly the risk-based training one. Still, having what is in effect an employee integrity watch list may be a tough sell in many companies.