Conflict of Interest Blog

Expert product reviews

In Expert Product Reviews and Conflict of InterestTom Hamami  writes: “Many firms that produce expert product reviews have a vested interest in increased consumption of the products they review. The classic example is the Michelin Guide, which reviews restaurants, originally conceived to stimulate usage of automobiles and therefore also demand for automobile-related goods and services. The result is a conflict of interest; such firms have financial incentive to give better reviews than products merit… [Hamami] compare[d] video game reviews from two sources: one a video game magazine owned by a game retailer and the other a game website that does not sell games. The goal of the research is to evaluate to what extent, if any, the retailer-owned outlet inflates its reviews in order to boost sales. …, [Hamami indeed found] some evidence of increased inflation in periods shortly following the release of a game’s corresponding piece of hardware. Other literature on this industry finds that reviews have the largest effect on the sales of low-quality games, and [indeed he finds] evidence of review inflation for [such] games. These results are consistent with theoretical predictions for a firm that optimizes the trade-off between sales revenue and the reputational costs associated with biasing reviews.” On the other hand, “somewhat surprisingly, [he finds] no evidence of seasonal variation despite the increased demand for video games in the fourth quarter of the year.”

So, a mixed picture – and one that is indeed consistent with the author’s review of relevant literature on COIs of this sort. E.g., one study finds “evidence of a strong positive influence of advertising on media coverage in the fashion journalism industry…” But another finds “minimal differences between the reviews of two wine publications, one of which accepts advertising and one of which does not…”

How much does this matter?

Assuming that the COI is disclosed or is otherwise apparent – as I imagine is so  in the great majority of cases – there is evidently no “information deficiency,” a key factor in evaluating both the likelihood and impact of a COI.  Nor do the COIs reviewed by Hamami seem to be of the sort that the average buyer cannot evaluate on her own (as might be true, for example, of pharmaceutical or complex financial products). Indeed, the very focus on “reputational costs” suggests that consumers do appreciate and take into account the negative impact of a COI on the publisher of product reviews.

But even disclosed and understood COIs generally do have a pernicious effect on our society, as they can contribute to the cynicism that many feel about the press and business world. I don t know how to weigh that against the other factors mentioned above, but it is certainly part of the picture.

 

20 best practices in conducting risk assessment

A new whitepaper published by Syntrio.

I hope you find it useful.

DOJ Issues New Compliance Program Evaluation Standards

My latest column in Compliance & Ethics Professional.

I hope you find it useful.

Extra compliance for high-risk-potential employees

In “The Power Few of Corporate Compliance,” 53 Georgia Law Review 128 (2018), Todd Haugh of Indiana University’s Kelley School of Business argues: “Corporate compliance in most companies is carried out under the assumption that unethical and illegal conduct occurs in a more or less predictable fashion. That is, although corporate leaders may not know precisely when, where, or how compliance failures will occur, they assume that unethical employee conduct will be sprinkled throughout the company in a roughly normal distribution, exposing the firm to compliance risk but in a controllable manner. This assumption underlies many of the common tools of compliance—standardized codes of conduct, firmwide compliance trainings, and uniform audit and monitoring practices. Because regulators also operate under this assumption, what is deemed an ‘effective’ compliance program often turns on the program’s breadth and consistent application. But compliance failures—lapses of ethical decision making that are the precursors to corporate crime—do not necessarily conform to this baseline assumption.”

I agree that in many – but certainly not all – companies there is too much emphasis on C&E breadth and too little on depth. Indeed, many years ago, Joe Murphy  – who can be justly called “the father of compliance” – cautioned against overreliance on employee compliance surveys with the memorable words “criminal conspiracies do not operate by majority rule.” I also recall a CEO advising me, as I set out to conduct a risk assessment of his company, “not to spread the peanut butter too thinly.” Moreover, compliance program evaluation standards recently issued by the Justice Department’s Criminal and Antitrust divisions  will likely cause more companies to make their respective programs risk based.

Haugh further argues that: “Extreme failures are more likely the result of small groups of individuals acting unethically or illegally, who by virtue of their social and organizational networks account for an outsized amount of bad conduct, and therefore harm. These individuals are the power few of corporate compliance…Companies seeking to improve compliance, and therefore corporate governance, should no longer focus indiscriminately on organizational culture writ large. Instead of designing compliance programs aimed generally at promoting ethical culture as suggested by the Organizational Sentencing Guidelines and adopted by regulators and compliance professionals, compliance should be approached from a behavioral ethics risk management paradigm. Compliance efforts should target those individuals within the company whose unethical decision-making pose the greatest risk according to behavioral and organizational factors such as job task, leadership role, propensity to rationalize wrongdoing, and social and organizational networks. This risk-based approach may be consistent with current compliance efforts to improve companies’ ‘tone at the top,’ assuming that is where the behavioral ethics risk lies. But it also recognizes that the focus of these efforts may correctly bypass the C-suite in order to lessen the significant compliance risk caused by the power few, wherever they may be within an organization.”

Being of the behavioral persuasion I generally agree with this too. But I do think there will always be a need for enterprise-wide compliance efforts, both as an operational and symbolic matter.

Finally, Haugh identifies other compliance program recommendations based on the “power few” theory including:

– “Identify employee ethics during the hiring stage.”

– “Identify the power few in the organization…Once identified, these employees are monitored for risk-taking behavior, and how they manage it factors into promotion and compensation decisions.”

– “To ensure unethical employee decision-making is properly targeted, companies ‘need to frame [their] training around . . . specific, risky job tasks ‘.”

– “Finally, as ethical employees advance in the company and become hubs of influence themselves, they should be leveraged as ‘behavioral compliance ambassadors.’”

These are generally sound ideas and to some extent are already in use (as Haugh notes), particularly the risk-based training one. Still, having what is in effect an employee integrity watch list may be a tough sell in many companies.

Summer compliance reading for boards of directors

A recent post by attorneys at the Sullivan & Cromwell law firm on the blog of the Harvard Law School Forum on Corporate Governance and Financial Regulation examined an important decision issued last month by the Delaware Supreme Court which “reversed the dismissal of a stockholder derivative lawsuit against the members of the board of directors and two officers of Blue Bell Creameries USA, Inc., a leading manufacturer of ice cream products. The lawsuit arose out of a serious food contamination incident in 2015 that resulted in widespread product recalls and was linked to three deaths. The Delaware Supreme Court, applying the ‘duty to monitor’ doctrine enunciated in In re Caremark International, Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), and noting the very high hurdle to claims under it, nonetheless ruled that the plaintiff had adequately alleged the requisite bad faith by the members of the Blue Bell board. Plaintiff did so by… show[ing] facts supporting their contention that the Company did not have in place ‘a reasonable board-level system of monitoring and reporting’ with respect to food safety, which the Court deemed to be ‘a compliance issue intrinsically critical to the company’s business.’ …[t]he Supreme Court ruled that bad faith was adequately pled by alleging ‘that no board-level system of monitoring or reporting on food safety existed.’ The Court thus declined to dismiss a claim that the directors breached their duty of loyalty, potentially exposing directors to non-exculpated (and potentially not indemnifiable) monetary damages.”

The facts of the Blue Bell case do seem somewhat extreme. Presumably there are not many companies that have zero board oversight for compliance with areas of very high risk. But the case is worth directors’ attention as a reminder that the prospect of personal liability for directors arising from compliance failures is real. Among other things, directors may want to use the occasion of this case being published to review their respective boards’ procedures for monitoring compliance issues.

Also worth reading by directors and others is the Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations published last week by the US Department of Justice. This document contains an exhaustive list of questions and considerations that the Antitrust Division will use in evaluating compliance programs in investigations, including the following: “Who has overall responsibility for the antitrust compliance program? Is there a chief compliance officer or executive within the company responsible for antitrust compliance? If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body? How often does the compliance officer or executive meet with the Board, audit committee, or other governing body? How does the company ensure the independence of its compliance personnel?” The Antitrust Division will also ask: “Does [compliance] training include senior management/supervisors and the Board of Directors?”

None of these are trick questions. But some companies would need trick answers if their antitrust compliance program was evaluated by the Justice Department in the context of an investigation. So, this is another reason for a compliance “check up” for prudent boards of directors.

Lawyers as compliance officers: a behavioral ethics perspective

What role do corporate lawyers play in preventing wrongdoing by executives in their client organizations? And how is this role impacted by behavioral ethics?

In “Behavioral Legal Ethics Lessons for Corporate Counsel,” to be published in the Case Western Reserve Law Review, Paula Schaefer of the University of Tennessee College of Law  first examines “the corporate lawyer’s consciously held conceptions and misconceptions about duty owed to her corporate client when company executives propose a plan that will create substantial liability for the company—when and if it is caught.” As she shows, lawyers often have an unduly limited view of what that duty is.

Schaefer next “turns to behavioral science and highlights some of the key factors that corporate attorneys are unconsciously influenced by as they try to decide how (or if) to address client conduct that may amount to a crime or fraud.” Those factors are:

Attorney self-interest. A key point on this: “Corporate advisors keep their jobs (as inside or outside counsel) when they keep executives happy; they do this by finding ways to implement corporate executives’ plans, and not by saying no.” Of course, on some level this is obvious but, based on the research of Tigran W. Eldred of New England Law School,  she notes that lawyers are often not aware of the extent to which self-interest corrupts the professional conduct of attorneys vis a vis clients.

Obedience Pressure. A key point here: “Obedience research explains the power an authority figure or colleagues have to influence bad advice.” The best-known study in this area is, of course, that conducted by Stanley Milgram, which measured the extent to which participants were willing to inflict shocks on apparent learners in the experiment when instructed to do so by an apparent authority figure and which demonstrated just how powerful obedience pressure could be. As Schaefer notes: “In the case of a corporate attorney addressing planned conduct that may be criminal or fraudulent, the authority figure is likely the corporate executive that the attorney reports to in the professional relationship.” And as she notes this is likely to create more pressure than the instruction of some man in a white coat in Milgram’s experiment.

Conformity Pressure. Here, Schaefer describes experiments by Solomon Asch concerning the extent to which the participants gave knowingly incorrect answers to a question because of the fact that other participants did so. The results showed a high degree of such correlation. As she notes: “Asch’s research should be particularly concerning for lawyers. For Asch’s subjects, the stakes were low—the subjects likely did not know the other participants in the study and had no ongoing relationship with them. Further, the right answer was black and white, and they still felt pressured to choose the wrong answer selected by the majority. For a corporate lawyer addressing possibly fraudulent or criminal conduct, the group (with whom she feels pressure to conform) might be fellow attorneys or other decision makers at the corporation.”

Partisan Bias. Schaefer writes: “The research reveals that partisanship makes it difficult for a lawyer to filter and interpret information objectively. One study found that students who participated in a moot court competition overwhelmingly perceived that their assigned side had the better case. In another study, subjects were asked to play the role of attorney for plaintiff or defendant in determining the settlement value of a case. Even though both sides received identical information, those who were randomly assigned to play the plaintiff predicted an award substantially higher than that predicted by the defendant.”

Schaefer next considers “interventions to combat a corporate attorney’s wrongful obedience and conformity.” All of these seem sound, but I don’t have space to discuss them here.

However, I do want to add that – although not the focus of Schaefer’s paper – the research may also be relevant to the longstanding debate about whether the general counsel or other member of the law department should serve as chief ethics and compliance officer (CECO)  or if the individual in that role should be independent with respect to reporting purposes. At least to me, the research suggests that it may be more difficult for in-house attorneys to rise above the potential conflicts in this role than is generally thought.

Of course, even an independent CECO would be subject to the various biases described in this article. However, they would still – in my view – stand a better chance of ethical success since the notion of independence is truly foundational to their role, i.e., there is presumably not the same confusion about their duty than Schaefer found was the case with in-house attorneys.

Finally, note that I am not saying that this means that the General Counsel can never serve in a CECO role – only that the implications of this research should be considered along with various other factors in determining what approach makes the most sense for a given company.

For further reading:

– The Legal Ethics Blog

– An earlier post from the COI Blog with a different view on lawyers as compliance officers

Ethics made easy

We justly praise those who show true ethical heroism.  But to protect business organizations  and society generally from legal and ethical breaches we need to aim our efforts more broadly.

In “How to Design an Ethical Organization” in the May-June 2019 issue of the Harvard Business Review, Nicholas Epley, John Templeton Keller Professor of Behavioral Science at the University of Chicago Booth School of Business, and Amit Kumar, an assistant professor of marketing and psychology at the University of Texas at Austin, argue: few executives set out to achieve advantage by breaking the rules, and most companies have programs in place to prevent malfeasance at all levels. Yet recurring scandals show that we could do better. Interventions to encourage ethical behavior are often based on misperceptions of how transgressions occur, and thus are not as effective as they could be. Compliance programs increasingly take a legalistic approach to ethics that focuses on individual accountability. They’re designed to educate employees and then punish wrongdoing among the “bad apples” who misbehave. Yet a large body of behavioral science research suggests that even well-meaning and well-informed people are more ethically malleable than one might guess…Creating an ethical culture thus requires thinking about ethics not simply as a belief problem but also as a design problem. We have identified four critical features that need to be addressed when designing an ethical culture: explicit values, thoughts during judgment, incentives, and cultural norms.

The first of these is “explicit values.” Among the key points here are that:

Strategies and practices should be anchored to clearly stated principles that can be widely shared within the organization. A well-crafted mission statement can help achieve this, as long as it is used correctly. Leaders can refer to it to guide the creation of any new strategy or initiative and note its connection to the company’s principles when addressing employees, thus reinforcing the broader ethical system.

A mission statement should be simple, short, actionable, and emotionally resonant. Most corporate mission statements today are too long to remember, too obvious to need stating, too clearly tailored for regulators, or too distant from day-to-day practices to meaningfully guide employees.

The second design consideration is “thoughts during judgment.” Among the key points here are that:

– Most people have less difficulty knowing what’s right or wrong than they do keeping ethical considerations top of mind when making decisions. Ethical lapses can therefore be reduced in a culture where ethics are at the center of attention. … Behavior tends to be guided by what comes to mind immediately before engaging in an action, and those thoughts can be meaningfully affected by context.

– Several experiments make this point… In a large field experiment of approximately 18,000 U.S. government contractors, simply adding a box for filers to check certifying their honesty while reporting yielded $28.6 million more in sales tax revenue than did a condition that omitted the box.

The third consideration is incentives. Here the authors note: Along with earning an income, employees care about doing meaningful work, making a positive impact, and being respected or appreciated for their efforts… An ethical culture not only does good; it also feels good.

The final design consideration is cultural norms. Here the authors recount the results of several experiments showing the often underappreciated power of such norms in creating ethical risk.

The authors conclude the article with several helpful suggestions for putting ethical design into practice – including in the contexts of hiring, personnel evaluation, compensation.

Note that there is a lot more that could be said about how behavioral ethics can inform and fortify compliance programs. (See this index of prior posts on this subject.) But the ideas and information is this article are very helpful, and the overall point – that [o]rganizations should aim to design a system that makes being good as easy as possible – seems exactly right to me.

Trump’s hotel

As noted in the Washington Post last month: President Trump recently released financial disclosure forms which “show that the Trump International Hotel produced $41 million in revenue, which, according to CNN, brings to more than $80 million the total amount he has made from the property during his presidency. The hotel accounted for almost a tenth of his company’s revenue last year. High demand on the part of Republicans, lobbyists and foreign governments helps explain the hotel’s success. T-Mobile executives spent nearly $200,000 there as they sought approval for a merger with Sprint. A variety of foreign countries have held events at Trump International. The Trump Organization says it donates all the profits it makes from foreign governments. But the president, who has refused to divest from his company, undoubtedly still benefits from high, price-driving demand at his landmark property, not to mention the profits domestic lobbyists produce. For those seeking to influence the Trump administration, padding the president’s wallet with conspicuous spending at his hotel must seem like a viable strategy.”

But could a man apparently worth billions be influenced by a mere $200,000? When reading this story I was reminded of a study  from 2016 on the impact on prescription writing of pharma companies buying meals for doctors. One of the results was stunning: “As compared with the receipt of no industry-sponsored meals, we found that receipt of a single industry-sponsored meal, with a mean value of less than $20, was associated with prescription of the promoted brand-name drug at significantly higher rates to Medicare beneficiaries.” (Emphasis added.)

The last (for now) word on this subject goes to this timeless exchange: George Bernard Shaw: Madam, would you sleep with me for a million pounds? Actress: My goodness, Well, I’d certainly think about it. Shaw: Would you sleep with me for a pound? Actress: Certainly not! What kind of woman do you think I am?! Shaw: Madam, we’ve already established that. Now we are haggling about the price.

 

Point-of-risk compliance

Here is my latest column from C&E Professional – on  “point-of-risk compliance.”

I hope you find it useful.

The toll at the top

As recently reported by NPR: For decades, the main reason chief executives were ousted from their jobs was the firm’s financial performance. In 2018, that all changed. Misconduct and ethical lapses occurring in the #MeToo era are now the biggest driver behind a chief executive falling from the top. That’s according to a new study from the consulting division of PwC, one the nation’s largest auditing firms. It is the first time since the group began tracking executive turnover 19 years ago that scandals over bad behavior rather than poor financial performance was the leading cause of leadership dismissals among the world’s 2,500 largest public companies… Thirty-nine percent of the 89 CEOs who departed in 2018 left for reasons related to unethical behavior stemming from allegations of sexual misconduct or ethical lapses connected to things like fraud, bribery and insider trading, the study found…”Employees are starting to say, ‘how can you enforce a policy on us without holding CEOs accountable?’ ” said Bill George, a senior fellow at Harvard Business School and former chief executive of Medtronic, who has served on the boards of Goldman Sachs and Exxon Mobil. “The CEO’s behavior has to be beyond reproach. Boards are aware of this and are really feeling pressure around that now.”

But what exactly should boards do to respond to this pressure? As noted in an earlier post in the COI Blog:

In recent months, the unprecedented sexual misconduct allegations against (among others) high ranking officials in prominent businesses has brought unprecedented attention to the need to prevent and detect such wrongdoing using high-level solutions. For instance, writing recently in the Harvard Law School corporate governance blog, Subodh Mishra, Executive Director at Institutional Shareholder Services, Inc., identifies the following five components of an effective sexual misconduct risk management policy:

– Sexual misconduct risk is specifically enumerated and oversight assigned to a board committee.

– The board has expertise in workplace and employee issues.

– Material penalties are in place for perpetrators and abettors.

– Executive compensation structures—at a minimum—contain incentives for creating a safe and equitable workplace.

– The company models the behavior it seeks to promote.

These seem like generally sound observations, but the point of my post is not to add to the conversation on this particular area of risk but rather to suggest that ideas of this sort can and should be applied to compliance risks more broadly.

Certainly, assigning a board-level committee compliance  responsibility with an emphasis on risks (such as corruption or antitrust ones) at the top, would be a sound measure generally for companies to take.  And the board having expertise regarding compliance issues is compelling for the same reason that having such expertise in workplace/employment issues is – though for both areas expertise can (in my view) sometimes be provided by access to an outsider adviser rather than appointment to a seat on the board.

Moreover, I certainly think that the emphasis on penalties for those engaged in misconduct is important to preventing wrongdoing of various kinds at the top, particularly the suggestion that “These policies may also be extended to any individuals that willfully concealed violations or engaged in retaliation against whistleblowers.” And, on the other side of the coin, reflecting compliance success generally in executive compensation structure makes sense just as it does for promoting diversity (part of Mishra’s recommendations), although doing so with the former may be more methodologically challenging than it is with the latter. Still, it can be done.

Finally, the point about modeling behavior is every bit as important to promoting compliance generally as it is to preventing harassment and discrimination in particular. For a board committee overseeing compliance at the top, this aspect of effective risk management has implications for a wide range of conduct – both substantive (e.g., how conflicts of interest are dealt with by senior managers) and procedural (such as ensuring that managers take the required training).

Cross references:

CEOs’ ethical standards and the limits of compliance

Catching up on CEOs’ COIs.

CEOs’ ethics: what’s new