Conflict of Interest Blog

The Spirit of Liberty – and Ethics

Learned Hand – considered by many to be the greatest of all US judges – once famously said:  “The spirit of liberty is the spirit which is not too sure that it is right.”   This is a spirit which sadly seems as distant from us today as it ever has been before.

Of course, Hand’s primary concern was the realm of politics/governance, not business ethics. But, as discussed in prior posts the various spheres in which ethics operates – not just political and business, but also personal –  can overlap with and support each other, at least to some degree. They can also undercut each other, when not done right.

I believe that – at least for some companies – humility should be a core value.  (I do see it at some companies, but not many.) As noted in an earlier post:

First, humility is a logical and arguably inevitable response to the vast body of behavioral ethics research showing “we are not as ethical as we think.”  Thinking and acting with humility is indeed a way of operationalizing behavioral ethics. (For a list of behavioral ethics and compliance posts click here l

Second, humility is well suited for addressing ethical challenges that are based not on the purposeful failure to be honest but on the less well-appreciated dangers of being careless.  Recognizing the limits of one’s abilities – which is part of being humble –  should help underscore the need for carefulness.

Third, humility has the potential to resonate deeply in our political, as well as business, culture. By this I mean humility can help form part of a broader mutually supporting relationship between business ethics and ethics in other realms.

Finally, humility can support relationships of  trust. As described in a recent post, such relationships can be an essential foundation for prosperity in many ways.

Measuring compliance measurement

 

In a book chapter from the recently published Measuring Compliance: The Challenges in Assessing and Understanding the Interaction between Law and Organizational Misconduct,  Benjamin van Rooij,   University of California, Irvine School of Law, University of Amsterdam;, Faculty of Law; Melissa Rorie, University of Nevada, Las Vegas write:

“A major question in corporate compliance research and practice is how to establish the effectiveness of compliance programs and policies on promoting desirable outcomes. To assess such effectiveness requires proper measurement. This chapter, …, discusses the trade-offs involved in using different quantitative and qualitative approaches to measure corporate compliance and its predictors. It assesses the strengths and weaknesses of different research strategies in terms of their validity in capturing behavioral responses, their ability to establish causality, their precision in showing complexity, their generalizability, and their feasibility and cost-effectiveness.”

It would be impractical of me to try to summarize what is already a summary (and a dense one at that), but I thought readers might like to see the list of measurement methodologies that the authors address, as an enticement to download the chapter, which is free, or to buy the whole book   (Also note that some of these methodologies are aimed more at use by scholars than practitioners.)

– Self reported surveys

– Randomized experiments

– Corporate outcome data

– Risk analysis proxies

– Government audit data

– Aggregate outcome data

– Mixed methods-Systematic reviews and meta analysis

– Data simulation

I hope you find it useful!

Trust and the compliance officer’s remit

Trust has always played a vital role in developing and maintaining civilizations and other organized groups  – large and small  – of humans.  But it seems like trust in business is as important now as it has been before.

As described in the Harvard corporate governance blog by PwC’s Paul DeNicola: “Confidence in the institutions that form the bedrock of society is perilously low. Surveys show that many people have lost faith in government, the media, and the police, among other institutions. Meanwhile, corporations have emerged as leaders. They’re now the most trusted institution in the US according to the Edelman Trust Barometer. Maintaining this trust, and seizing the opportunities it presents, should be a priority for every company.”

Another important development in this area is the recent publication of “Why Trust Matters: An Economist’s Guide to the Ties That Bind Us” by Benjamin Ho of Vassar College .   In this very useful and enjoyable book he examines the economics and history of trust in a wide variety of settings  Further, he focuses on various aspects of trusting institutions that are known for expertise (a subject of particular relevance to the present) and how we can do more to trust one another  generally.

DeNicola suggests ways companies can indeed make trustworthiness a priority, focusing on corporate culture, human capital and social action.  To this I would add – to the extent it has not already been done – expanding the remit of the chief ethics and compliance officer (“CECO”) promoting trustworthiness at the organization.

Companies should consider including trust issues in the CECO’s job description, risk assessment, training/communications, personnel evaluations and board reporting.  These and other commonsense  measures can help strengthen a company’s trustworthiness.

 

 

The $5800 bottle of booze

According to recent media accounts The State Department is looking into the whereabouts of a $5,800 bottle of Japanese whiskey that was gifted to former Secretary of State Mike Pompeo, according to State Department filings in the federal register. The government of Japan gifted the whiskey to Pompeo in 2019, the document says. But it is unclear if Pompeo himself received the whiskey or if a staff  accepted it. Pompeo said Thursday that he never received the bottle of whiskey and that he had ‘no idea’” it was missing, nor what happened to the gift.”

Time will tell what happened here – or maybe not. My best guess is that he did get the bottle – for the presumably simple reason that none of his subordinates would want to risk hiding it from him.

In the meantime this is a good occasion  to revisit the  COI fraught area of gifts and entertainment.

Consider these two two items.

First, there is the issue of double standards.  I once asked students in an executive MBA ethics class if they thought that their employer organizations should have restrictive policies on gift receiving.  Nearly all said that such policies were unnecessary – as the students were certain that they would not be corrupted by receipt of gifts from suppliers or customers.  I then asked if the school should allow teachers to receive gifts and entertainment from students. As you can imagine, the response was very different.

Note that double standards aren’t always a bad thing. But they often are.

Second, there is the argument that the recipient wouldn’t sell himself for  relatively small amounts of money or goods  This issue was raised several years ago in a particularly grim way (as described in this article in MarketWatch) by a study which “found that both deaths from opioid overdose and opioid prescriptions rose in areas of the country where physicians received more opioid-related marketing from pharmaceutical companies, such as consulting fees and free meals,…”

Another study “showed that the receipt of a single industry-sponsored meal, with a mean value of less than $20, was associated with prescription of the promoted brand-name drug at significantly higher rates to Medicare beneficiaries.”

Note that while these studies took place in the life sciences area they are potentially relevant to promoting compliance in conflicts/gifts in industries of all kind.

Finally, a study by Julian Zlatev and Todd Rogers  contributed in a potentially important way to our knowledge of what makes giving gifts and providing entertainment effective    (Returnable Reciprocity: When Optional Gifts Increase Compliance, Harvard Faculty Research Working Paper Series  They found – somewhat surprisingly – that providing the recipient with an opportunity to return a gift increased the likelihood that she would respond positively to whatever the giver was seeking to have her do.

This is a phenomenon they call “returnable reciprocity” and it may work by triggering feelings of guilt in recipients who  have the opportunity to but do not return the gift.

None of this proves Pompeo’s guilt in the whiskey affair.  But it suggests that the affair might be seen as part of a larger tawdry picture.

 

Risk assessment and attorney-client privilege: when and how

My latest column in CEP.

I hope you find it useful.

Asking a good question

The late Nobel Laureate in physics Isidor I. Rabi once said: ”My mother made me a scientist without ever intending it. Every other Jewish mother in Brooklyn would ask her child after school: ‘So? Did you learn anything today?’ But not my mother. She always asked me a different question. ‘Izzy,’ she would say, ‘did you ask a good question today?’ That difference – asking good questions – made me become a scientist!”

Asking good questions can also help companies promote compliance and ethics.

In The Road to Character, David Brooks notes that he once met an employer  who asked every job applicant: “’Describe a time when you told the truth and it hurt you.’”  This is, to my mind, a good C&E-related question, as it can help identify those who practice, as well as preach, ethical behavior. It also reminds those asking the questions about the importance of C&E to the organization. A frequently used variation on this question is: “Describe an ethical challenge you’ve faced and how you dealt with it?”

Of course, employment interviews are not the only setting in which it is important to ask good C&E-related questions. Another is employee engagement surveys, in which one commonly sees questions about relative comfort in reporting violations and perceptions of the ethicality of the organization’s management.

These are good topics for questions, and I think every company that fields an employee engagement survey should use them. But my favorite question of this sort  comes from a survey conducted by the Economist which measured respondents’ perception of the need for ethical flexibility to advance one’s career within an organization.  What I particularly like about this question is the focus on flexibility – which may be easier for respondents to admit to than asking outright about their engaging in  ethical transgressions.

Yet another setting for asking C&E questions is the compliance audit. While most of what is done in C&E audits revolves around document reviews, interviewing employees can be part of the picture as well. Among the topics that should be considered for such questioning: Does the interviewee think that the company’s training is effective? In addition to producing useful information about training itself, posing this question may make it easier for employees to identify concerns about risks and actual violations. I.e., like the question above about ethical “flexibility,” questions about C&E training may offer a “soft” way of approaching a “hard” topic.

Moreover, questions about training can be asked  not only in audits but as part of (and typically at the end of) the training itself.  One possibility here is to ask whether after the training the employee now feels that she understands how the company’s compliance program applies to her job – again, a variation on the “soft” question approach.

Finding the right question can also be important in developing a C&E-component to a company’s exit interview template. Options include general culture questions, such as how do you rate our company as a values and ethics driven employer – with an opportunity to say why; specific questions about key aspects of the program, such as whether the departing employee understood all the options for reporting concerns; and, of course, asking whether the employee was aware of any unreported concerns.

I should stress that this post is not intended to cover the whole world of asking C&E-related questions.  Among the areas not addressed: the importance of Q&A in codes of conduct and approaches to asking questions in risk assessments.

Finally, to an extraordinary degree, boards of directors can have the power to impact a C&E program simply by asking the right questions. Here (on page 2 of the PDF) is an article which offers not actual questions but topics that boards can turn into questions in overseeing their respective companies’ C&E programs

The risk of good intentions

As noted  in an earlier posting, we are entering an era of unprecedented Environmental, Social and Governance (“ESG”) imperatives, which will hopefully) be beneficial to millions of people in many ways. But those involved in ESG efforts (and others who “do good”)  must also be aware of the dangers  of “moral licensing.”

As described in Rational Wiki: “Moral licensing or self licensing is a cognitive bias that occurs when a person uses their prior ‘good’  behavior to justify later bad behavior, often without explicitly using that logic. The effect has been demonstrated in numerous psychological studies.[1]

For instance, as noted in  an article in the Irish Times: “One experimental study found people ‘are more likely to cheat and steal’ after purchasing green products than after purchasing conventional products.”

According to another piece on moral licensing: “In a set of pioneering studies, participants who established their racial non-prejudiced attitudes by endorsing President Obama or through selecting a black person for a consulting firm job were subsequently more likely to make pro-white decisions. In one test, after subjects were given a chance to condemn sexist statements, they were found to be subsequently more likely to support hiring a man in a male-dominated profession. One study on consumer behavior suggested that shoppers who brought their own bags felt licensed to buy more junk food.”

Interesting stuff.

However,  I caution, that not all moral licensing results have been replicated. Still there is an obvious  logic to thus line of reasoning, at least enough of one to consider the effects of moral licensing on compliance.

I also caution that moral licensing is not a reason to do less when it comes to ESG  and other pro-social efforts.  Rather, it is a reason to up one’s compliance game.

More specifically, moral licensing should be made part of risk assessment processes. It can  also  be worth mentioning in training and other communications.

Finally, moral licensing can be  be particularly relevant not only to ESG-related work but also to the work of governmental bodies, charities and other non-profits. Indeed, organizations of this sort – particularly charities tend to have relatively weak compliance and ethics programs need to understand and address this variety of risk.

 

 

Training managers in conflicts of interest

While  COI risks can exist at any level of an organization, as a general matter the risks increase (often sharply) as one proceeds up the org chart.  Most obviously, this is because a) senior managers tend to have greater opportunities for COI-fraught relationships and activities than do other employees; and b) COIs at higher levels of an organization are likely to be more harmful than are lower-level conflicts.    Given these  and other factors, training managers on COIs can be an essential risk mitigant for many organizations.

COI training for managers can (and often should) be part of broader C&E training covering other significant areas of risk, as well as the roles of managers in the operation of the C&E program.  Such training typically has two dimensions: an individual one – to help managers avoid having COIs themselves, and an organizational one – to assist managers in preventing//detecting/addressing COIs by colleagues and third parties.

More specifically, one might i) start the COI part of the training with an attention-getting hypothetical (or actual) case, perhaps showing how harmful even well-meant COIs can be; ii) identify generally the types of COIs most relevant to the entity (individual COIs for all, organizational ones for some), as well as any special COI issues (such as, for certain types of entities, the need to avoid contributing to a COI by a third party); iii) describe the legal and business imperatives for strong C&E efforts in these areas; iv) discuss how employee perceptions of COIs by managers can undermine faith in the C&E program as a whole (an aspect of “normative compliance,” v) review applicable company policies and procedures regarding COIs, perhaps using a hypothetical case or cases to illustrate how they should work – and what the risks of familiar might be; vi) examine particular compliance challenges for this risk area, including the tendency of individuals to rationalize conflicts-driven decision making (a facet of behavioral ethics) and the frequent difficulty of challenging individuals on matters that have a sensitive personal dimension (which COIs often do); vii) explain what a manager’s specific role is to ensure COI-related compliance; viii) identify COI-related “red flags” to help them meet those responsibilities; and ix) connect COI issues to other risk areas of significance – such as corruption, fraud and insider trading/confidential information.

A 30-year experiment in ethics and compliance

In his 2008 book Experiments in Ethics, Anthony Appiah made a strong and important case that behavioral science ideas and information should be used to address ethical challenges. But for me the most compelling ethics-related experiment of modern times comes from the realm of political – rather than behavioral – science: the experiment that began in 1991 with the advent of the Federal Sentencing Guidelines for Organizations and which continues to this day.

Although we have become accustomed to living in an “Age of Compliance,” the Guidelines were initially considered “developmental,” as the then Chair of the Sentencing Commission put it. The notion of government providing businesses with incentives for C&E programs and direction on how to make such programs effective was largely new and untested at the time. Of interesting historical note to behavioral ethics aficionados: before the Sentencing Commission chose its current C&E-program-based approach to preventing corporate crime it considered applying an “Optimal Penalties” strategy.  The Commission’s ultimate rejection of that approach – which was premised on a hyper-rational (“Chicago School”) view of how business crime occurs – in favor of one that promotes strong C&E programs can be seen as an early (albeit presumably intuitive) official endorsement of the behavioral science based view of human nature.

Thirty years later, it is fair to ask: has the  Guidelines experiment been a success?

It would be hard to prove or disprove success using traditional tools of measurement, since the Guidelines are, of course, a policy interacting with a wide range of real-world factors in an uncontrolled way, not a true self-contained experiment. But if the results were not positive to a significant degree then it is hard to imagine that other governmental bodies – in the U.S. and increasingly around the world  – would have followed suit to the significant degree that they have. While “success breeds imitation” is not an iron-clad rule, it is a pretty good description of what happens much of the time including, I think, in this instance.

Another way to think about success here is to imagine a “counterfactual” world where C&E wasn’t as important as it has become under the Guidelines approach. Would we be better off with little or no sexual harassment training or protection of whistleblowers in corporations? Would we want to work for or do business with a company that made little or no effort to prevent its employees and agents from engaging in corruption, bid rigging or fraud? Indeed, one doesn’t have to strain one’s imagination to picture these counterfactual possibilities: they are the way things used to be before the Guidelines, at least in many companies.

Looking forward, while a compliance-based strategy to business crime prevention no longer faces a serious threat from the Optimal Penalties view of the world, one does hear what are occasional critiques of the C&E approach from a behavioral science perspective (which is somewhat ironic, given the above-described history). The argument goes that C&E programs – by treating employees with suspicion, and thereby making employees resentful – can actually spawn wrongdoing.

As described in an earlier post, this does not ring true to me, at least not insofar as it concerns serious offenses. Although there is no question that some companies engage in overkill with aspects of their C&E programs, employees should not (and I think do not) feel resentful that their employers try to help keep them safe from the risk of being sent to prison and having their careers destroyed. And even if there is some resentment, that is presumably a small price to pay for preventing serious harm to company, employees and others.

Finally, I am very aware that my musings are themselves not scientific, and hope that the next 30 years  scholars and practitioners will find ways of assessing the efficacy of the many different strategies and tools for having C&E programs. There is lots of room for improvement in this area – and experimentation. At least to me, that’s much of what makes the field exciting to be part of.

But as to the basic notion of C&E  itself – I think that’s here to stay, not so much as a matter of proof but of logic. On this point I give the last word to Joe Murphy – the visionary lawyer who (together with Jay Sigler of Rutgers) first wrote about what was ultimately to become the Guidelines approach: “For those who ask ‘does compliance work,’ my response is to ask them, ‘does management work?’ One question makes as much sense as the other. C&E is a management commitment to do the right thing and management steps to make that happen. If you do not use management steps to do something in an organization, how on earth do you do so?”

 

 

Self assessing your conflict of interest compliance program

C&E program assessments sometimes have a general scope and sometimes are focused on a single substantive risk area – such as corruption or competition law. (Still others have elements of both approaches, i.e., general assessments and deep dives.)

For some companies it makes sense to do such a targeted/deep dive assessment for conflicts of interests. This is particularly so for those responding to a significant COI violation or “near miss,” but it is also the case where the likelihood of COI risks is heightened due to geographic, organizational or industry cultural considerations.

The scope and approach of such assessments for any given company at any given time should vary based on a variety of circumstances.  However, for many companies the effort should not be time consuming or intrusive.

What does one look for in a COI program assessment? Hopefully, the following questions/comments could be helpful to some organizations seeking to determine whether/how to go down this road – and if so, how far.

– Risk Assessment. Has the company assessed COI risk? If so, has it done so in a documented way? Has it used the results of the assessment(s) in designing and implementing other aspects of the COI program? Beyond this, does the company have a good sense of its areas of jeopardy from what might be called “the risk assessment of everyday life”?

– Governance. Have the respective COI oversight roles of the board of directors and senior management been formalized? Do they receive appropriate reports of COI program activity? Are there sufficient escalation provisions regarding COIs?

– Culture. Are COI rules truly followed or are there double standards? What is the sense of “organizational justice” vis a vis COIs? Same question re: the “tone at the top.” Do employees – particularly senior ones –  understand the harm that COIs could cause the company?

– Policies. Presumably nearly every business organization has a COI provision in its code of conduct. But there are also many that need but do not have a standalone policy as well. Is your company in this category? Also, is your COI policy well known and readily accessible? Is it reviewed periodically by the C&E officer?

– Procedures. Are disclosure and related COI procedures clear, easy to use and well known? Do those tasked with reviewing COIs have enough knowledge and independence for the job? Are the reviews sufficiently documented?

– Training/other communication. Is there enough training given relevant COI risks (which tend to be high for senior managers/board members and in certain functions, like procurement)? Is training reinforced through other communications, particularly from senior managers?  Does the training/other communication use the learning from “actual cases”?

– Auditing and monitoring. Are the COI disclosure practice and other aspects of the program audited? Same question for monitoring (of conditionally approved COIs).

– Responding to allegations/request for guidance. Do employees feel comfortable seeking guidance on possible COIs? Are investigations truly independent? Are violations of the COI policy treated with sufficient seriousness? Does the company conduct a “lessons learned” analysis of significant COI failures?

Of course, there is much more that could be included in a COI self-assessment (and I encourage you to browse the blog for ideas in this regard). But hopefully the above will be a useful foundation for starting.