Edited by Jeff Kaplan
|
Moral Hazard and Bias
These two “cousins” of COIs – which are related in that they tend too fall outside of traditional COI analysis, but still can be harmful in ways similar to the harm caused by COIs – will be the source of relatively consistent focus in the blog, with each discussed under its respective tab below.
|
|
Many years ago, the CEO of a client company told me that he wanted to fire another corporate officer there. I asked him what basis he had for this contemplated action and he said it was that the officer had failed to take mandatory compliance training. I responded by asking if he – the CEO – had taken the training, to which he replied (without a trace of irony) that he had not. (The officer kept his job – for the moment.”)
In her draft book chapter “The Dark Side of Compliance,” to be published in the forthcoming Cambridge Handbook on Compliance – Prof. J. S. Nelson of Villanova Law School writes: “Compliance systems …can be abused. The fact that the positive image of compliance justifies the establishment of tentacles throughout an organization, for example, enables surveillance and invasive monitoring of the workforce. It also allows management to push employees to cut corners, thereby creating conditions ripe for widespread corporate wrongdoing.”
Nelson also notes:
– “There must be control and obedience to rules. But, as we discover from social science literature, adherence to rules may actually be counter-productive in encouraging pro-social behavior. Ethics defined more broadly as doing the right thing by others can be at odds with control and measurement.”
– “Because specific-directive-based compliance seems to engender these problems, there is a new interest in broader tools of culture … But culture as part of compliance, if not tethered to explicitly ethical goals can also be dangerous. Indeed, compliance, with its roots in ‘comply’ can have an even more insidious implications in a cultural context. As cultural compliance is even more powerful at controlling behavior within groups than rule-based compliance, the danger of it suppressing and punishing non-conforming but helpful individual contributions may be greater.”
– “Workers should not merely be sent the message that they are to enhance management’s profits. Changing why that message is sent within corporations will have to be part of a broader movement to re-conceive corporate purpose as more focused on creating social value and respecting corporate stakeholders.”
This is an informative and persuasive piece as stated by the personal injury attorneys Rundlett Law Firm, PLLC in Clinton, MS and I encourage you to read the full chapter.
Some more specific thoughts:
First, I think that the concern regarding monitoring is more acutely felt in the financial services field than elsewhere (at least in my experience). This is not to minimize it – it is indeed important – but readers from other business sectors should be cautioned as to the extent of its potential applicability to theirs. I also wonder whether many of the monitoring systems would still exist for various operational reasons , more or less, even in the absence of applicable compliance mandates. (E.g., a know-your-customer regime for a bank is not only necessary from a compliance perspective but as a business matter too. The same is true with sales training.)
I am also unclear on how much employees in fact object to monitoring. As noted in a prior post, in my nearly thirty years in the field I can’t recall learning of anything suggesting that the employees of client organizations wanted more choice when it comes to C&E-related matters. And, I have seen and heard much to the contrary, as countless individuals have praised their employer organizations for providing clear instructions – backed up by strict enforcement measures – on how to act when faced with C&E challenges. As one C&E practitioner said about what employees at his company asked from him: “They want me to tell them what to do.”
Second, the concern that “cultural compliance is even more powerful at controlling behavior within groups than rule-based compliance” is not one that I had previously heard in this context, and it makes sense to me as suggesting the possibility of a dark side. (This is particularly so when an organization’s culture is built around loyalty, which – ethically speaking – can operate as a two-edged sword.) However, for the most part of the benefits of cultural compliance should strongly outweigh the perils, given what a cultural approach to compliance generally entails. Still, her point is worth bearing in mind, so that compliance professionals can be aware of and seek to minimize unintended consequences of this sort.
Third, as to Nelson’s point about re-conceiving corporate purpose, she notes that “Such changes may slowly be coming.” Here, I may be more optimistic that she is – since I do think the grave environmental and other societal perils we increasingly face may make corporate ethics and compliance important to employees (and other corporate stakeholders} in a way that has never been the case before. Indeed, this potential to reach beyond the traditional boundaries of compliance with messages and methods for promoting good more broadly may be seen as the sunny side of compliance.
Finally, a thought about another possible type of dark side to compliance. That is, just as Churchill noted that (in wartime) “truth is so precious that she should always be attended by a bodyguard of lies,” protecting a lie (meaning wrongdoing) with a bodyguard of truth (meaning a seemingly strong compliance program) might be seen as an effective strategy for committing crimes while avoiding liability. I should add that this concern is based mostly on speculation – but not entirely.
|
|
|
|
In the beginning of this field there was ethics. But with the advent of the Sentencing Guidelines in 1991 compliance entered the picture and where there were once ethics programs now stand “compliance and ethics” ones.
Has ethics been short-changed in this transition?
In a recent posting in the Harvard Law School Forum on Corporate Governance and Financial Regulation Veronica Root Martinez of Notre Dame Law School – based on a forthcoming paper in the University of Chicago Law Review – writes: “firms should implement specific and explicit ethical infrastructures within their compliance programs, which fall somewhere between the floor set by professional ethics and standards and the hazy ceiling found within moral philosophy as applied to business ethics. By which I mean, firms should attempt to create tangible policies, procedures, and programs that promote ethical behavior within their ranks. In doing so, I suggest firms look to the fields of behavioral ethics, social psychology, and organizational behavior to provide guiding principles when they attempt to craft tangible ethics policies. For my own contribution, I suggest that firms look to commit to adopting policies and procedures that (i) protect the dignity of, (ii) promote the flourishing of, and (iii) advance the interests of the various stakeholders of firms as a baseline to be used for establishing the ethics components of their ethics and compliance programs. Thus, ethics and compliance programs should ensure employees feel valued and are viewed as vested partners within the organizational enterprise and consider the ways the program might impact individuals both within and outside of the firm. Firms might choose to emphasize other attributes as part of their ethics programs, but the thrust of the Essay is that firms should more actively engage in thinking about the implementation of programs that go beyond rote compliance and focus equally on efforts targeted at creating strong ethics programs. That is not to suggest that creating ethical infrastructure will be easy, but the persistent scandals plaguing sophisticated organizations all across the globe suggest that it is time to at least experiment with creating More Meaningful Ethics within ethics and compliance programs at firms.”
I greatly agree with both her analysis and recommendations and think that this is an important article that all within the compliance and ethic field should read. However – and perhaps it is a matter of semantics more than substance – I am a bit concerned that compliance is being given somewhat of a bad rap. That is, she argues that various prominent business scandals demonstrate that too much compliance and too little ethics can create risks of wrongdoing. That might be so, but these cases might also be examples of bad compliance programs. In that connection the importance of tone at the top is a fundamental ethics precept. But it is a pillar of compliance expectations as well.
She also suggests that firms rely should more on behavioral ethics for risk mitigation. I agree with that, too, but do think that behavioral ethics can support compliance approaches as well, as described in some of the posts collected here.
However, these are small points and there is much more that can be said in support of the author’s basic thesis that “firms should attempt to create tangible policies, procedures, and programs that promote ethical behavior within their ranks.”
In this vein, here are some other thoughts on connections between compliance and ethics in an article from a few years back in Compliance and Ethics Professional: Body and Soul: Points of Convergence between Ethics and Compliance (page 2 of PDF).
“First, companies should assess ethics, as well as compliance, risks.” This is extremely rare, and has the potential to be extremely valuable.
“Second, ethics should be prominently featured in training and communications. This means, among other things: providing true ethics training on methods for ethical decision making, using values-based communications, giving real-life (and ideally company-specific) examples that go beyond what the law requires/prohibits, and in otherwise deploying training and other communications to show that ethical action is attainable and desirable in business.”
“Third, following the old adage that what’s measured is what counts, companies should measure ethics-related, as well as compliance-related, conduct. Such conduct should be included in personnel evaluations, employee surveys, and program assessments (self or external).”
|
|
|
|
In Behavioral Ethics as Compliance (Cambridge Handbook of Compliance (Van Rooij & Sokol Eds)) Yuval Feldman and Yotam Kaplan write:
“[C]urrent approaches to law enforcement and compliance tend to focus on “smoking guns” and extreme violations of the law as the core case and as the ultimate manifestation of the problem of illegality. This tendency is understandable, as it would seem most important to prevent wrongdoing in those cases where it produces the most harm. However, behavioral ethics findings challenge this prevailing wisdom. While devastating in their effects, extreme violations of the law are relatively rare as they are difficult for most people to ignore or justify. On the other hand, most people can, and very often do, ignore and justify “minor” violations, or acts of “ordinary unethicality:” supposedly small deviations from legal and ethical norms common in day-to-day activities. This means that acts of ordinary unethicality can be by far more common, and therefore by far more harmful in the aggregate. Ordinary unethicality can be found in all areas of the law, from contract breach and disregard for the property of others, to corruption in administrative law, corporate misconduct, or insensitive interpersonal behavior. Behavioral ethics research suggests that ‘minor’ wrongs are endemic, widespread and difficult to regulate and prevent.”
This analysis dovetails to some degree with the notion of “slippery slopes.” As noted in an earlier post : “One of the most important facets of behavioral ethics research concerns slippery slopes. As described in a paper by Francesca Gino and Max Bazerman: “Four laboratory studies show that people are more likely to accept others’ unethical behavior when ethical degradation occurs slowly rather than in one abrupt shift. Participants served in the role of watchdogs charged with catching instances of cheating. The watchdogs in our studies were less likely to criticize the actions of others when their behavior eroded gradually, over time, rather than in one abrupt shift.”
Of course, the points that Feldman and Kaplan are making go beyond slippery slopes – and apply broadly to the overall approach to risk assessment that companies take. E.g., their article essentially suggests an inverse relationship between risk impact and risk likelihood.
What should C&E officers do with this information? Among other things, it should be used to train employees on the importance of not allowing seemingly trivial unethical acts to go unchecked, a particularly important point when dealing with busy business leaders who may believe that their attention should be saved for only “serious” infractions. This can be part of a general approach to training that presents “heightened ethical awareness” as a core leadership skill.
|
|
|
|
In Conflicts and Biases in the Boardroom, recently posted on the Harvard Law School Forum on Corporate Governance and Financial Regulation, Frank Glassner, of Veritas identifies five ways that cognitive bias can inhibit great governance:
– A board is reluctant to ask the right questions
– The group is unable to fully and effectively involve new board members
– Excessive deference is afforded to a few board members with a long company history
– Peer pressure and conformance minimize constructive dissent
– Inflexible adherence to tradition limits consideration of new initiatives.
He further writes: “Every board member must acknowledge that implicit biases impact his/her objectivity.”
Not surprisingly (given the focus of the COI Blog), I agree with this. But I also wonder if there is a place for the compliance and ethics officer in helping to address this daunting area.
In an earlier post I wrote: Ultimately, for a company to have not only a strong compliance program but also an ethics one, the CEO and other leaders would empower the C&E officer to identify and challenge decisions that may be based on bias. (Note that I don’t mean literally all such decisions, but those that are significant in potential impact and have a meaningful ethics/fairness dimension.) The leaders would do so because they would understand that being fair is not just a matter of good intentions; rather, it can also require expertise and effort – both of which the C&E officer can bring to a challenging set of circumstances.
Here is another prior post addressing the issue: Behavioral ethics and compliance: what the board should ask..
Finally, here is an index of behavioral ethics and compliance posts generally.
|
|
|
|
In “The Power Few of Corporate Compliance,” 53 Georgia Law Review 128 (2018), Todd Haugh of Indiana University’s Kelley School of Business argues: “Corporate compliance in most companies is carried out under the assumption that unethical and illegal conduct occurs in a more or less predictable fashion. That is, although corporate leaders may not know precisely when, where, or how compliance failures will occur, they assume that unethical employee conduct will be sprinkled throughout the company in a roughly normal distribution, exposing the firm to compliance risk but in a controllable manner. This assumption underlies many of the common tools of compliance—standardized codes of conduct, firmwide compliance trainings, and uniform audit and monitoring practices. Because regulators also operate under this assumption, what is deemed an ‘effective’ compliance program often turns on the program’s breadth and consistent application. But compliance failures—lapses of ethical decision making that are the precursors to corporate crime—do not necessarily conform to this baseline assumption.”
I agree that in many – but certainly not all – companies there is too much emphasis on C&E breadth and too little on depth. Indeed, many years ago, Joe Murphy – who can be justly called “the father of compliance” – cautioned against overreliance on employee compliance surveys with the memorable words “criminal conspiracies do not operate by majority rule.” I also recall a CEO advising me, as I set out to conduct a risk assessment of his company, “not to spread the peanut butter too thinly.” Moreover, compliance program evaluation standards recently issued by the Justice Department’s Criminal and Antitrust divisions will likely cause more companies to make their respective programs risk based.
Haugh further argues that: “Extreme failures are more likely the result of small groups of individuals acting unethically or illegally, who by virtue of their social and organizational networks account for an outsized amount of bad conduct, and therefore harm. These individuals are the power few of corporate compliance…Companies seeking to improve compliance, and therefore corporate governance, should no longer focus indiscriminately on organizational culture writ large. Instead of designing compliance programs aimed generally at promoting ethical culture as suggested by the Organizational Sentencing Guidelines and adopted by regulators and compliance professionals, compliance should be approached from a behavioral ethics risk management paradigm. Compliance efforts should target those individuals within the company whose unethical decision-making pose the greatest risk according to behavioral and organizational factors such as job task, leadership role, propensity to rationalize wrongdoing, and social and organizational networks. This risk-based approach may be consistent with current compliance efforts to improve companies’ ‘tone at the top,’ assuming that is where the behavioral ethics risk lies. But it also recognizes that the focus of these efforts may correctly bypass the C-suite in order to lessen the significant compliance risk caused by the power few, wherever they may be within an organization.”
Being of the behavioral persuasion I generally agree with this too. But I do think there will always be a need for enterprise-wide compliance efforts, both as an operational and symbolic matter.
Finally, Haugh identifies other compliance program recommendations based on the “power few” theory including:
– “Identify employee ethics during the hiring stage.”
– “Identify the power few in the organization…Once identified, these employees are monitored for risk-taking behavior, and how they manage it factors into promotion and compensation decisions.”
– “To ensure unethical employee decision-making is properly targeted, companies ‘need to frame [their] training around . . . specific, risky job tasks ‘.”
– “Finally, as ethical employees advance in the company and become hubs of influence themselves, they should be leveraged as ‘behavioral compliance ambassadors.’”
These are generally sound ideas and to some extent are already in use (as Haugh notes), particularly the risk-based training one. Still, having what is in effect an employee integrity watch list may be a tough sell in many companies.
–
|
|
|
|
What role do corporate lawyers play in preventing wrongdoing by executives in their client organizations? And how is this role impacted by behavioral ethics?
In “Behavioral Legal Ethics Lessons for Corporate Counsel,” to be published in the Case Western Reserve Law Review, Paula Schaefer of the University of Tennessee College of Law first examines “the corporate lawyer’s consciously held conceptions and misconceptions about duty owed to her corporate client when company executives propose a plan that will create substantial liability for the company—when and if it is caught.” As she shows, lawyers often have an unduly limited view of what that duty is.
Schaefer next “turns to behavioral science and highlights some of the key factors that corporate attorneys are unconsciously influenced by as they try to decide how (or if) to address client conduct that may amount to a crime or fraud.” Those factors are:
– Attorney self-interest. A key point on how to become a criminal defense lawyer is this: “Corporate advisors keep their jobs (as inside or outside counsel) when they keep executives happy; they do this by finding ways to implement corporate executives’ plans, and not by saying no.” Of course, on some level this is obvious but, based on the research of Tigran W. Eldred of New England Law School, she notes that lawyers are often not aware of the extent to which self-interest corrupts the professional conduct of attorneys vis a vis clients.
– Obedience Pressure. A key point here: “Obedience research explains the power an authority figure or colleagues have to influence bad advice.” The best-known study in this area is, of course, that conducted by Stanley Milgram, which measured the extent to which participants were willing to inflict shocks on apparent learners in the experiment when instructed to do so by an apparent authority figure and which demonstrated just how powerful obedience pressure could be. As Schaefer notes: “In the case of a corporate attorney addressing planned conduct that may be criminal or fraudulent, the authority figure is likely the corporate executive that the attorney reports to in the professional relationship.” And as she notes this is likely to create more pressure than the instruction of some man in a white coat in Milgram’s experiment.
– Conformity Pressure. Here, Schaefer describes experiments by Solomon Asch concerning the extent to which the participants gave knowingly incorrect answers to a question because of the fact that other participants did so. The results showed a high degree of such correlation. As she notes: “Asch’s research should be particularly concerning for lawyers. For Asch’s subjects, the stakes were low—the subjects likely did not know the other participants in the study and had no ongoing relationship with them. Further, the right answer was black and white, and they still felt pressured to choose the wrong answer selected by the majority. For a corporate lawyer addressing possibly fraudulent or criminal conduct, the group (with whom she feels pressure to conform) might be fellow attorneys or other decision makers at the corporation.”
– Partisan Bias. Schaefer writes: “The research reveals that partisanship makes it difficult for a lawyer to filter and interpret information objectively. One study found that students who participated in a moot court competition overwhelmingly perceived that their assigned side had the better case. In another study, subjects were asked to play the role of attorney for plaintiff or defendant in determining the settlement value of a case. Even though both sides received identical information, those who were randomly assigned to play the plaintiff predicted an award substantially higher than that predicted by the defendant.”
Schaefer next considers “interventions to combat a corporate attorney’s wrongful obedience and conformity.” All of these seem sound, but I don’t have space to discuss them here.
However, I do want to add that – although not the focus of Schaefer’s paper – the research may also be relevant to the longstanding debate about whether the general counsel or other member of the law department should serve as chief ethics and compliance officer (CECO) or if the individual in that role should be independent with respect to reporting purposes. At least to me, the research suggests that it may be more difficult for in-house attorneys to rise above the potential conflicts in this role than is generally thought.
Of course, even an independent CECO would be subject to the various biases described in this article. However, they would still – in my view – stand a better chance of ethical success since the notion of independence is truly foundational to their role, i.e., there is presumably not the same confusion about their duty than Schaefer found was the case with in-house attorneys.
Finally, note that I am not saying that this means that the General Counsel can never serve in a CECO role – only that the implications of this research should be considered along with various other factors in determining what approach makes the most sense for a given company.
For further reading:
– The Legal Ethics Blog
– An earlier post from the COI Blog with a different view on lawyers as compliance officers
|
|
|
|
We justly praise those who show true ethical heroism. But to protect business organizations and society generally from legal and ethical breaches we need to aim our efforts more broadly.
In “How to Design an Ethical Organization” in the May-June 2019 issue of the Harvard Business Review, Nicholas Epley, John Templeton Keller Professor of Behavioral Science at the University of Chicago Booth School of Business, and Amit Kumar, an assistant professor of marketing and psychology at the University of Texas at Austin, argue: few executives set out to achieve advantage by breaking the rules, and most companies have programs in place to prevent malfeasance at all levels. Yet recurring scandals show that we could do better. Interventions to encourage ethical behavior are often based on misperceptions of how transgressions occur, and thus are not as effective as they could be. Compliance programs increasingly take a legalistic approach to ethics that focuses on individual accountability. They’re designed to educate employees and then punish wrongdoing among the “bad apples” who misbehave. Yet a large body of behavioral science research suggests that even well-meaning and well-informed people are more ethically malleable than one might guess…Creating an ethical culture thus requires thinking about ethics not simply as a belief problem but also as a design problem. We have identified four critical features that need to be addressed when designing an ethical culture: explicit values, thoughts during judgment, incentives, and cultural norms.
The first of these is “explicit values.” Among the key points here are that:
– Strategies and practices should be anchored to clearly stated principles that can be widely shared within the organization. A well-crafted mission statement can help achieve this, as long as it is used correctly. Leaders can refer to it to guide the creation of any new strategy or initiative and note its connection to the company’s principles when addressing employees, thus reinforcing the broader ethical system.
– A mission statement should be simple, short, actionable, and emotionally resonant. Most corporate mission statements today are too long to remember, too obvious to need stating, too clearly tailored for regulators, or too distant from day-to-day practices to meaningfully guide employees.
The second design consideration is “thoughts during judgment.” Among the key points here are that:
– Most people have less difficulty knowing what’s right or wrong than they do keeping ethical considerations top of mind when making decisions. Ethical lapses can therefore be reduced in a culture where ethics are at the center of attention. … Behavior tends to be guided by what comes to mind immediately before engaging in an action, and those thoughts can be meaningfully affected by context.
– Several experiments make this point… In a large field experiment of approximately 18,000 U.S. government contractors, simply adding a box for filers to check certifying their honesty while reporting yielded $28.6 million more in sales tax revenue than did a condition that omitted the box.
The third consideration is incentives. Here the authors note: Along with earning an income, employees care about doing meaningful work, making a positive impact, and being respected or appreciated for their efforts… An ethical culture not only does good; it also feels good.
The final design consideration is cultural norms. Here the authors recount the results of several experiments showing the often underappreciated power of such norms in creating ethical risk.
The authors conclude the article with several helpful suggestions for putting ethical design into practice – including in the contexts of hiring, personnel evaluation, compensation.
Note that there is a lot more that could be said about how behavioral ethics can inform and fortify compliance programs. (See this index of prior posts on this subject.) But the ideas and information is this article are very helpful, and the overall point – that [o]rganizations should aim to design a system that makes being good as easy as possible – seems exactly right to me.
|
|
|
|
Rebecca Walker and I have an article in the Spring 2019 issue of Ethical Boardroom on behavioral ethics program assessments.
We hope you find it interesting.
|
|
|
