Moral Hazard and Bias

These two “cousins” of COIs – which are related in that they tend too fall outside of traditional COI analysis, but still can be harmful in ways similar to the harm caused by COIs – will be the source of relatively consistent focus in the blog, with each discussed under its respective tab below.

The oldest conflict of interest

Many years ago a client being vetted for a high-ranking post asked me if a question about prior ethical violations required him to disclose a long since concluded extramarital affair. I replied that this seemed beyond the scope of the question, and I would give the same answer if asked today. But a recent paper suggests a different way of looking at this area.

In “Personal infidelity and professional conduct in 4 settings”,  John M. Griffin and Samuel Kruger, both of the McCombs School of Business, University of Texas at Austin, and Gonzalo Maturana of the Goizueta Business School, Emory University: “study the connection between personal and professional behavior by introducing usage of a marital infidelity website as a measure of personal conduct. Police officers and financial advisors who use the infidelity website are significantly more likely to engage in professional misconduct. Results are similar for US Securities and Exchange Commission (SEC) defendants accused of white-collar crimes, and companies with chief executive officers (CEOs) or chief financial officers (CFOs) who use the website are more than twice as likely to engage in corporate misconduct. The relation is not explained by a wide range of regional, firm, executive and cultural variables. These findings suggest that personal and workplace behavior are closely related.”

The ramifications of these findings indeed  seem significant. Included is the negative implication for behavioral ethics: “our findings suggest that personal and professional lives are connected and cut against the common view that ethics are predominantly situational. This supports the classical view that virtues such as honesty and integrity influence a person’s thoughts and actions across diverse contexts and has potentially important implications for corporate recruiting and codes of conduct. A possible implication of our findings is that the recent focus on eliminating sexual misconduct in the workplace may have the auxiliary effect of reducing fraudulent workplace activity.”

For more on the connection between personal and professional ethics see this prior post.

The moral hazard moment

For governments, business organizations and even individuals every moment might have a “moral hazard” dimension. But it would be hard to find one as potentially consequential as that presented by the US general election. Does the compliance and ethics field have a role to play in addressing this?

The concept of moral hazard was used originally to refer to the phenomenon that providing insurance tended to promote risky behavior by insured parties.  Subsequently, the idea has been applied more generally to mean the provision of incentives that encourage unduly risky conduct by shifting the impact of a bad decision to a party other than the decision maker.

Most recently, moral hazard was seen as playing a major role in the economic crisis of 2008, as some of the individuals creating the risks at issue there evidently did not have interests sufficiently aligned with those jeopardized by their actions.  A perfect example of this can be found in an SEC report on ratings agencies quoting an e-mail between two analysts concerning their plans to give positive ratings to certain financial instruments that were, in fact, unworthy of such ratings: “Let’s hope we are all wealthy and retired by the time this house of cards falters.”

Notwithstanding its name, moral hazard is generally viewed as more of an economic phenomenon than a moral one.  Moreover, moral hazard risks are often seen as somewhat distinct from COIs, perhaps because the interests at issue in the former are not external or unknown to an affected organization.  (A typical COI concerns ownership of or compensation from an entity other than one’s employer, whereas a typical moral hazard risk is likely to be based on the employer’s own compensation scheme.) However, the two are similar in that both tend to diminish the fidelity of employees to their employers’ interests – a decidedly moral consideration in the traditional sense of the word.

Something similar concerning the misalignment of risks and incentives can be said about the political realm. Most importantly, with climate change those who are most likely to be affected by this unparalleled calamity are generally not the same as those who have the power to slow it down (and ultimately reverse it). The same phenomenon is at work with a host of other risks (including incurring dangerous levels of public debt) where the consequences will be borne by individuals who were not the primary causes of the risks.

Where does C&E fit into this picture?

The full promise of C&E programs goes beyond the business realm to nurturing habits of mind that can be helpful to addressing a wider range of challenges than traditional corporate law abidance and ethicality. Among other things, such habits could include thinking systemically about risk, having a deep appreciation for the interests of other individuals, insisting on transparency where it is reasonable to do so, embracing meaningful approaches to accountability for doing what is right and for stopping what is wrong and protecting truth telling at all costs. It should also – in my view – include identifying and addressing situations of moral hazard

None of these approaches were invented by C&E practitioners. But for many millions of Americans and others there is now a steady reminder through C&E programs of the importance of thinking in these and related ways – and this could provide a foundation for promoting greater ethicality in the broader societal realm, including addressing moral hazard.

There is a lot more that can be said about how ethical thinking in one realm can inspire and support such thinking elsewhere. See this prior post for the somewhat similar suggestion that ethical thinking in the private sphere can strengthen C&E  in the business world. It is not a new idea. But I doubt the importance of adopting a robust approach to moral hazard will ever be greater.

 

Program assessments and moral hazard

Rebecca Walker and I hope you enjoy this article from today’s edition of Corporate Compliance Insights.

The 2020 behavioral ethics and compliance index

While in the more than eight years of its existence the COI Blog  has been devoted primarily to examining conflicts of interest it has also run quite a few posts on what behavioral ethics might mean for corporate compliance and ethics programs. Below is an updated version of a topical  index to these latter posts.  Note that a) to keep this list to a reasonable length I’ve put each post under only one topic, but many in fact relate to multiple topics (particularly the risk assessment and communication ones); and b) there is some overlap between various of the posts.

INTRODUCTION 

– Business ethics research for your whole company (with Jon Haidt)

– Overview of the need for behavioral ethics and compliance

Behavioral ethics and compliance: strong and specific medicine

– Behavioral C&E and its limits

Another piece on limits

– Behavioral compliance: the will and the way

Behavioral ethics: back to school edition

A valuable behavioral ethics and compliance resource

Strengthening your C&E program through behavioral ethics

–  Ethics made easy

BEHAVIORAL ETHICS AND COMPLIANCE PROGRAM COMPONENTS

Risk assessment

–  Being rushed as a risk

–  Too big for ethical failure?

– “Inner controls”

– Is the Road to Risk Paved with Good Intentions?

– Slippery slopes

– Senior managers

– Long-term relationships

– How does your compliance and ethics program deal with “conformity bias”? 

– Money and morals: Can behavioral ethics help “Mister Green” behave himself? 

– Risk assessment and “morality science”

 Advanced tone at the top

 Sweating the small stuff

Communications and training

– “Point of risk” compliance

–  Publishing annual C&E reports

– Behavioral ethics and just-in-time communications

– Values, culture and effective compliance communications

– Behavioral ethics teaching and training

– Moral intuitionism and ethics training

Reverse behavioral ethics

The shockingly low price of virtue

Imagine the real

Behavioral ethics training for managers

Assessments

Behavioral ethics program assessments

Positioning the C&E office

– What can be done about “framing” risks

Compliance & ethics officers in the realm of bias

 Behavioral ethics, the board and C&E officers

 Lawyers as compliance officers: a behavioral ethics perspective

Accountability

– Behavioral Ethics and Management Accountability for Compliance and Ethics Failures

– Redrawing corporate fault lines using behavioral ethics

– The “inner voice” telling us that someone may be watching

–  The Wells Fargo case and behavioral ethics

Whistle-blowing

– Include me out: whistle-blowing and a “larger loyalty”

Incentives/personnel measures

– Hiring, promotions and other personnel measures for ethical organizations

Board oversight of compliance

– Behavioral ethics and C-Suite behavior

– Behavioral ethics and compliance: what the board of directors should ask

Corporate culture

– Is Wall Street a bad ethical neighborhood?

– Too close to the line: a convergence of culture, law and behavioral ethics

–  Ethical culture and ethical instincts

Values-based approach to C&E

 A core value for our behavioral age

– Values, structural compliance, behavioral ethics …and Dilbert

Appropriate responses to violations

– Exemplary ethical recoveries

BEHAVIORAL ETHICS AND SUBSTANTIVE AREAS OF COMPLIANCE RISK

Conflicts of interest/corruption

– Does disclosure really mitigate conflicts of interest?

– Disclosure and COIs (Part Two)

– Other people’s COI standards

– Gifts, entertainment and “soft-core” corruption

– The science of disclosure gets more interesting – and useful for C&E programs

– Gamblers, strippers, loss aversion and conflicts of interest

– COIs and “magical thinking”

– Inherent conflicts of interest

Inherent anti-conflicts of interest

Conflict of interest? Who decides?

Specialty bias

Disclosure’s two-edged sword

Nonmonetary conflicts of interest

Charitable contributions and behavioral ethics

More on conflicts of interest disclosure

Insider trading

– Insider trading, behavioral ethics and effective “inner controls” 

– Insider trading, private corruption and behavioral ethics

Legal ethics

– Using behavioral ethics to reduce legal ethics risks

OTHER POSTS ABOUT BEHAVIORAL ETHICS AND COMPLIANCE

– New proof that good ethics is good business

How ethically confident should we be?

– An ethical duty of open-mindedness?

– How many ways can behavioral ethics improve compliance?

– Meet “Homo Duplex” – a new ethics super-hero?

– Behavioral ethics and reality-based law

Was the Grand Inquisitor right (about compliance)?

Is ethics being short-changed by compliance?

 

Does compliance have a dark side?

Many years ago, the CEO of a client company told me that he wanted to fire another corporate officer there. I asked him what basis he had for this contemplated action and he said it was that the officer had failed to take mandatory compliance training. I responded by asking if he – the CEO – had taken the training, to which he replied (without a trace of irony)  that he had not. (The officer kept his job – for the moment.”)

In her draft book chapter “The Dark Side of Compliance,”  to be published in the forthcoming Cambridge Handbook on Compliance  – Prof. J. S. Nelson of Villanova Law School  writes: “Compliance systems …can be abused. The fact that the positive image of compliance justifies the establishment of tentacles throughout an organization, for example, enables surveillance and invasive monitoring of the workforce. It also allows management to push employees to cut corners, thereby creating conditions ripe for widespread corporate wrongdoing.”

Nelson also notes:

– “There must be control and obedience to rules. But, as we discover from social science literature, adherence to rules may actually be counter-productive in encouraging pro-social behavior. Ethics defined more broadly as doing the right thing by others can be at odds with control and measurement.”

– “Because specific-directive-based compliance seems to engender these problems, there is a new interest in broader tools of culture … But culture as part of compliance, if not tethered to explicitly ethical goals can also be dangerous. Indeed, compliance, with its roots in ‘comply’ can have an even more insidious implications in a cultural context. As cultural compliance is even more powerful at controlling behavior within groups than rule-based compliance, the danger of it suppressing and punishing non-conforming but helpful individual contributions may be greater.”

– “Workers should not merely be sent the message that they are to enhance management’s profits. Changing why that message is sent within corporations will have to be part of a broader movement to re-conceive corporate purpose as more focused on creating social value and respecting corporate stakeholders.”

This is an informative and persuasive piece and I encourage you to read the full chapter.

Some more specific thoughts:

First, I think that the concern regarding monitoring is more acutely felt in the financial services field than elsewhere  (at least in my experience). This is not to minimize it – it is indeed important – but readers from other business sectors should be cautioned as to the extent of its potential applicability to theirs. I also wonder whether many of the monitoring systems would still exist for various operational reasons , more or less, even in the absence of applicable compliance mandates. (E.g., a know-your-customer regime for a bank is not only necessary from a compliance perspective but as a business matter too. The same is true with sales training.)

I am also unclear on how much employees in fact object to monitoring. As noted in a prior post, in my nearly thirty years in the field I can’t recall learning of anything suggesting that the employees of client organizations wanted more choice when it comes to C&E-related matters. And, I have seen and heard much to the contrary, as countless individuals have praised their employer organizations for providing clear instructions – backed up by strict enforcement measures – on how to act when faced with C&E challenges. As one C&E practitioner said about what employees at his company asked from him: “They want me to tell them what to do.”

Second, the concern that “cultural compliance is even more powerful at controlling behavior within groups than rule-based compliance” is not one that I had previously heard in this context, and it makes sense to me as suggesting the possibility of a dark side. (This is particularly so when an organization’s culture is built around loyalty, which – ethically speaking – can operate as a two-edged sword.) However, for the most part of the benefits of cultural compliance should strongly outweigh the perils, given what a cultural approach to compliance generally entails. Still, her point is worth bearing in mind, so that compliance professionals can be aware of and seek to minimize unintended consequences of this sort.

Third, as to Nelson’s point about re-conceiving corporate purpose, she notes that “Such changes may slowly be coming.” Here, I may be more optimistic that she is – since I do think the grave environmental and other societal perils we increasingly face may make corporate ethics and compliance important to employees (and other corporate stakeholders} in a way that has never been the case before. Indeed, this potential to reach beyond the traditional boundaries of compliance with messages and methods for promoting good more broadly may be seen as the sunny side of compliance.

Finally, a thought about another possible type of dark side to compliance. That is, just as Churchill noted that (in wartime) “truth is so precious that she should always be attended by a bodyguard of lies,” protecting a lie (meaning wrongdoing) with a bodyguard of truth (meaning a seemingly strong compliance program) might be seen as an effective strategy for committing crimes while avoiding liability. I should add that this concern is based mostly on speculation – but not entirely.

 

Is ethics being short-changed by compliance?

In the beginning of this field there was ethics. But with the advent of the Sentencing Guidelines in 1991 compliance entered the picture and where there were once ethics programs now stand “compliance and ethics” ones.

Has ethics been short-changed in this transition?

In a recent posting in the Harvard Law School Forum on Corporate Governance and Financial Regulation  Veronica Root Martinez of Notre Dame Law School  – based on a forthcoming paper in the University of Chicago Law Review  – writes: “firms should implement specific and explicit ethical infrastructures within their compliance programs, which fall somewhere between the floor set by professional ethics and standards and the hazy ceiling found within moral philosophy as applied to business ethics. By which I mean, firms should attempt to create tangible policies, procedures, and programs that promote ethical behavior within their ranks. In doing so, I suggest firms look to the fields of behavioral ethics, social psychology, and organizational behavior to provide guiding principles when they attempt to craft tangible ethics policies. For my own contribution, I suggest that firms look to commit to adopting policies and procedures that (i) protect the dignity of, (ii) promote the flourishing of, and (iii) advance the interests of the various stakeholders of firms as a baseline to be used for establishing the ethics components of their ethics and compliance programs. Thus, ethics and compliance programs should ensure employees feel valued and are viewed as vested partners within the organizational enterprise and consider the ways the program might impact individuals both within and outside of the firm. Firms might choose to emphasize other attributes as part of their ethics programs, but the thrust of the Essay is that firms should more actively engage in thinking about the implementation of programs that go beyond rote compliance and focus equally on efforts targeted at creating strong ethics programs. That is not to suggest that creating ethical infrastructure will be easy, but the persistent scandals plaguing sophisticated organizations all across the globe suggest that it is time to at least experiment with creating More Meaningful Ethics within ethics and compliance programs at firms.”

I greatly agree with both her analysis and recommendations and think that this is an important article that all within the compliance and ethic field should read. However – and perhaps it is a matter of semantics more than substance – I am a bit concerned that compliance is being given somewhat of a bad rap.  That is, she argues that various prominent business scandals demonstrate that too much compliance and too little ethics can create risks of wrongdoing. That might be so, but these cases might also be examples of bad compliance programs. In that connection the importance of tone at the top is a fundamental ethics precept. But it is a pillar of compliance expectations as well.

She also suggests that firms rely should more on behavioral ethics for risk mitigation. I agree with that, too, but do think that behavioral ethics can support compliance approaches as well, as described in some of the posts collected here.

However, these are small points and there is much more that can be said in support of the author’s basic thesis that “firms should attempt to create tangible policies, procedures, and programs that promote ethical behavior within their ranks.”

In this vein, here are some other thoughts on connections between compliance and ethics in an article from  a few years back in Compliance and Ethics Professional:  Body and Soul: Points of Convergence between Ethics and Compliance (page 2 of PDF).

“First, companies should assess ethics, as well as compliance, risks.” This is extremely rare, and has the potential to be extremely valuable.

“Second, ethics should be prominently featured in training and communications. This means, among other things: providing true ethics training on methods for ethical decision making, using values-based communications, giving real-life (and ideally company-specific) examples that go beyond what the law requires/prohibits, and in otherwise deploying training and other communications to show that ethical action is attainable and desirable in business.”

“Third, following the old adage that what’s measured is what counts, companies should measure ethics-related, as well as compliance-related, conduct. Such conduct should be included in personnel evaluations, employee surveys, and program assessments (self or external).”

 

Sweating the small stuff

In Behavioral Ethics as Compliance  (Cambridge Handbook of Compliance (Van Rooij & Sokol Eds)) Yuval Feldman and Yotam Kaplan write:

“[C]urrent approaches to law enforcement and compliance tend to focus on “smoking guns” and extreme violations of the law as the core case and as the ultimate manifestation of the problem of illegality. This tendency is understandable, as it would seem most important to prevent wrongdoing in those cases where it produces the most harm. However, behavioral ethics findings challenge this prevailing wisdom. While devastating in their effects, extreme violations of the law are relatively rare as they are difficult for most people to ignore or justify. On the other hand, most people can, and very often do, ignore and justify “minor” violations, or acts of “ordinary unethicality:” supposedly small deviations from legal and ethical norms common in day-to-day activities. This means that acts of ordinary unethicality can be by far more common, and therefore by far more harmful in the aggregate. Ordinary unethicality can be found in all areas of the law, from contract breach and disregard for the property of others, to corruption in administrative law, corporate misconduct, or insensitive interpersonal behavior. Behavioral ethics research suggests that ‘minor’ wrongs are endemic, widespread and difficult to regulate and prevent.”

This analysis dovetails to some degree with the notion of “slippery slopes.” As noted in an earlier post :  “One of the most important facets of behavioral ethics research concerns slippery slopes. As described in a paper by Francesca Gino and Max Bazerman: “Four laboratory studies show that people are more likely to accept others’ unethical behavior when ethical degradation occurs slowly rather than in one abrupt shift. Participants served in the role of watchdogs charged with catching instances of cheating. The watchdogs in our studies were less likely to criticize the actions of others when their behavior eroded gradually, over time, rather than in one abrupt shift.”

Of course, the points that Feldman and Kaplan are making go beyond slippery slopes – and apply broadly to the overall approach to risk assessment that companies take. E.g., their article essentially suggests an inverse relationship between risk impact and risk likelihood.

What should C&E officers do with this information? Among other things, it should be used to train employees on the importance of not allowing seemingly trivial unethical acts to go unchecked, a particularly important point when dealing with busy business leaders who may believe that their attention should be saved for only “serious” infractions. This can be part of a general approach to training that presents “heightened ethical awareness” as a core leadership skill.

 

Behavioral ethics, the board and C&E officers

In Conflicts and Biases in the Boardroom, recently posted on the Harvard Law School Forum on Corporate Governance and Financial Regulation, Frank Glassner, of Veritas identifies five ways that cognitive bias can inhibit great governance:

– A board is reluctant to ask the right questions

– The group is unable to fully and effectively involve new board members

– Excessive deference is afforded to a few board members with a long company history

– Peer pressure and conformance minimize constructive dissent

– Inflexible adherence to tradition limits consideration of new initiatives.

He further writes: “Every board member must acknowledge that implicit biases impact his/her objectivity.”

Not surprisingly (given the focus of the COI Blog), I agree with this. But I also wonder if there is a place for the compliance  and ethics officer in helping to address this daunting area.

In an earlier post  I wrote: Ultimately, for a company to have not only a strong compliance program but also an ethics one, the CEO and other leaders would empower the C&E officer to identify and challenge decisions that may be based on bias. (Note that I don’t mean literally all such decisions, but those that are significant in potential impact and have a meaningful ethics/fairness dimension.) The leaders would do so because they would understand that being fair is not just a matter of good intentions; rather, it can also require expertise and effort – both of which the C&E officer can bring to a challenging set of circumstances.

Here is another prior post addressing the issue:  Behavioral ethics and compliance: what the board should ask..

Finally, here is an index of  behavioral ethics and compliance posts generally.

 

 

Strengthening your C&E program through behavioral ethics

A new post in the FCPA Blog.

I hope you find it useful.

Extra compliance for high-risk-potential employees

In “The Power Few of Corporate Compliance,” 53 Georgia Law Review 128 (2018), Todd Haugh of Indiana University’s Kelley School of Business argues: “Corporate compliance in most companies is carried out under the assumption that unethical and illegal conduct occurs in a more or less predictable fashion. That is, although corporate leaders may not know precisely when, where, or how compliance failures will occur, they assume that unethical employee conduct will be sprinkled throughout the company in a roughly normal distribution, exposing the firm to compliance risk but in a controllable manner. This assumption underlies many of the common tools of compliance—standardized codes of conduct, firmwide compliance trainings, and uniform audit and monitoring practices. Because regulators also operate under this assumption, what is deemed an ‘effective’ compliance program often turns on the program’s breadth and consistent application. But compliance failures—lapses of ethical decision making that are the precursors to corporate crime—do not necessarily conform to this baseline assumption.”

I agree that in many – but certainly not all – companies there is too much emphasis on C&E breadth and too little on depth. Indeed, many years ago, Joe Murphy  – who can be justly called “the father of compliance” – cautioned against overreliance on employee compliance surveys with the memorable words “criminal conspiracies do not operate by majority rule.” I also recall a CEO advising me, as I set out to conduct a risk assessment of his company, “not to spread the peanut butter too thinly.” Moreover, compliance program evaluation standards recently issued by the Justice Department’s Criminal and Antitrust divisions  will likely cause more companies to make their respective programs risk based.

Haugh further argues that: “Extreme failures are more likely the result of small groups of individuals acting unethically or illegally, who by virtue of their social and organizational networks account for an outsized amount of bad conduct, and therefore harm. These individuals are the power few of corporate compliance…Companies seeking to improve compliance, and therefore corporate governance, should no longer focus indiscriminately on organizational culture writ large. Instead of designing compliance programs aimed generally at promoting ethical culture as suggested by the Organizational Sentencing Guidelines and adopted by regulators and compliance professionals, compliance should be approached from a behavioral ethics risk management paradigm. Compliance efforts should target those individuals within the company whose unethical decision-making pose the greatest risk according to behavioral and organizational factors such as job task, leadership role, propensity to rationalize wrongdoing, and social and organizational networks. This risk-based approach may be consistent with current compliance efforts to improve companies’ ‘tone at the top,’ assuming that is where the behavioral ethics risk lies. But it also recognizes that the focus of these efforts may correctly bypass the C-suite in order to lessen the significant compliance risk caused by the power few, wherever they may be within an organization.”

Being of the behavioral persuasion I generally agree with this too. But I do think there will always be a need for enterprise-wide compliance efforts, both as an operational and symbolic matter.

Finally, Haugh identifies other compliance program recommendations based on the “power few” theory including:

– “Identify employee ethics during the hiring stage.”

– “Identify the power few in the organization…Once identified, these employees are monitored for risk-taking behavior, and how they manage it factors into promotion and compensation decisions.”

– “To ensure unethical employee decision-making is properly targeted, companies ‘need to frame [their] training around . . . specific, risky job tasks ‘.”

– “Finally, as ethical employees advance in the company and become hubs of influence themselves, they should be leveraged as ‘behavioral compliance ambassadors.’”

These are generally sound ideas and to some extent are already in use (as Haugh notes), particularly the risk-based training one. Still, having what is in effect an employee integrity watch list may be a tough sell in many companies.