Conflict of Interest Blog

Risk assessment for the little guy

For larger companies or those in highly regulated areas of business, there is often a lot to do in assessing compliance and ethics risk.

But for many other organizations, risk assessment can be done with relatively little cost or disruption, as described in this article from the most recent issue of Compliance & Ethics Professional magazine (p2 of PDF).

A core value for our behavioral age

Groucho Marx famously said: “Those are my principles, and if you don’t like them… well, I have others.” When it comes to companies committing to follow key principles to guide their behavior – what are often called “core values” – there is clearly no shortage of options. Indeed, this posting on the Threads web site offers 500 ideas for those in the market for values.

One value that I see occasionally (but not frequently) selected for “core” status is humility. Kellogg, for instance, includes humility among several other core values.  Humility is not principally about ethics – Kellogg embraces an integrity value too (as is the case with a large number of companies). But I do see humility as having an important role to play in promoting compliance and ethics in business organizations, in several ways.

First, humility is a logical and arguably inevitable response to the vast body of behavioral ethics research showing “we are not as ethical as we think.”  Thinking and acting with humility is indeed a way of operationalizing behavioral ethics. (For a list of behavioral ethics and compliance posts click here. Also, please see this recent article in the NY Times on behavioral ethics and the notion of “servant leadership.”)

Second, humility is well suited for addressing ethical challenges that are based not on the purposeful failure to be honest but on the less well-appreciated dangers of being careless. (For a post on that click here.) Recognizing the limits of one’s abilities – which is part of being humble –  should help underscore the need for carefulness.

Finally, humility has the potential to resonate deeply in our political, as well as business, culture. By this I mean humility can help form part of a broader mutually supporting relationship between business ethics and what might be called societal ethics of the sort described in other posts.

From a professional viewpoint the benefits to the business side are of most immediate interest to me, but as a citizen (hopefully in the broad sense) I know that the societal dimension is of greater importance. So, let me close by quoting what is one of the best (albeit largely forgotten) expressions of humility’s role in societal ethics, which  can be found in Learned Hand’s “Spirit of Liberty” speech: “The spirit of liberty is the spirit that is not too sure that it is right [and] which seeks to understand the minds of other men and women…”  Delivered in 1944 – when the US and other democracies were engaged in a truly existential battle for survival – these words have never been more compelling than they are today.

Moral hazard: the final compliance frontier?

Moral hazard exists when there is a gap between the interests of those who can create risks and those who bear the consequences of risk taking. Moral hazard is not the same as conflict of interest, but is conflict like. As described in various prior posts,  C&E programs need to take moral hazard into account in identifying and mitigating risk.

This week, the Society of Corporate Compliance & Ethics  published the results of a survey which showed that “despite the importance of compensation in affecting risk compliance [personnel] rarely play[] a role in evaluating incentive programs” at their respective companies.  The report noted: “just 23% report reviewing the plan prior to the plan’s approval. Just 8% do so after it is approved, and 52% report that the compliance team never reviews the plan. The balance did not know whether the incentive plan is reviewed.”

While disappointing, these numbers are not surprising. Indeed, based on what I have seen at many companies, I would have expected that the percentage of those who reviewed an incentive plan prior to its approval to be even lower than the survey results.

But practices in this key area could change, given – as the SCCE survey notes – the recent publication of  the Department of Justice’s compliance program evaluation guidance document which suggests that prosecutors assessing programs ask (among other questions):  How has the company considered the potential negative compliance implications of its incentives and rewards? Of course, the question does not necessarily mean that compliance professionals need to be part of this determination. But surely the consideration would be seen by the government as more serious (and more informed) if they were involved.

As well, involving the compliance staff in this determination can be seen as empowering them. Such involvement – if made known throughout the company, as it should be – enhances Compliance’s “clout,” which has long been viewed by Justice as fundamental to an effective C&E program.

Also,, note that there are many other ways that C&E can be incented – as described in this post from the FCPA Blog. But all companies, in my view, should involve Compliance in reviewing incentive plans.

Finally, I recently suggested that ethical thinking from the business realm can fortify ethics at the societal level. Understanding the pernicious effects of moral hazard in the two  highly consequential areas of climate change and irresponsible fiscal policies may be a way in which such fortification can work. (For a related post on “Two conflicts of the apocalypse” click here.) Indeed, while the notion of moral hazard being a final frontier has one meaning in terms of C&E program practices, it has a more urgent significance when thought of in terms of these risks.

Compliance stays in the game

Last week the Ethics & Compliance Initiative (the ECI) held its annual conference and marked the 25th anniversary of the founding meeting of one of the group’s predecessor entities – the Ethics Officer Association (the EOA). The conference covered a wide range of topics (Mark Snyderman and I discussed the ECI conflict of interest benchmarking research that was the subject of a prior post) but the clear highlight of the event was the keynote address by Attorney General Jeff Sessions.

Based upon some of what he has said and done outside the C&E realm I’ve not been a big fan of the AG, but I was relieved by two aspects of his message to the hundreds of C&E officers in the room and many thousands who were not present. First, he said that the government “will continue to strongly enforce the Foreign Corrupt Practices Act and other anti-corruption laws.”  This is important not only because corruption is an incredibly harmful phenomenon which must be relentlessly combatted but also because the internal controls provision of the FCPA effectively requires compliance measures beyond those that are purely anticorruption focused. Second, he said: “when we make charging decisions, we will continue to take into account whether companies have good compliance programs.” This is important because enforcement-related incentives such as this are a big part of what persuades companies to develop strong C&E programs. (Indeed, it is no coincidence that the EOA was founded shortly after the legal standards inaugurating this policy approach – the Federal Sentencing Guidelines for Organizations – went into effect.)

Of course, the AG’s positions presumably would be viewed by many people as simply a matter of  common sense . But in other areas – such as climate change and fiscal responsibility – the Trump administration has seemingly abandoned reason. So, when counting our blessings in these times, nothing should be taken for granted. And, the government’s continuing to support C&E (through enforcement policy) is indeed a blessing, even if its logic is obvious.

At the founding EOA meeting in 1992 there were fewer than twenty ethics officers present. Since then C&E programs have spread throughout the world, playing a key role in preventing and detecting not only corruption but also terrorism, collusion, fraud, conflicts of interest, pollution, harassment, discrimination, human trafficking, labor law transgressions, privacy violations, unsafe products and unhealthy working conditions, among other things.  These programs are, of course, imperfect in many ways. But a vast number  of people are better for their now being part of the business mainstream.

Ultimately, the full promise of C&E programs goes beyond the business realm to nurturing habits of mind that can be helpful to addressing a wider range of challenges than corporate law abidance and ethicality. Among other things, such habits could include thinking systemically about risk, having a deep appreciation for the interests of other individuals, insisting on transparency where it is reasonable to do so, embracing meaningful approaches to accountability for doing what is right and for stopping what is wrong and protecting truth telling at all costs. None of these were invented by C&E practitioners. But for many millions of Americans and others there is now a steady reminder through C&E programs of the importance of thinking in these and related ways – and this could provide a foundation for promoting greater ethicality in the  broader societal realm. (See this prior post for the somewhat similar suggestion that ethical thinking in the private sphere can strengthen C&E  in the business world.)

So, hats off to the AG (at least for the moment). And, full speed ahead with the C&E movement.

Treating suppliers ethically

Just as (according to Dostoyevsky) “[t]he degree of civilization in a society can be judged by entering its prisons…” so can the degree of ethicality in a company be judged – at least in part – by assessing how it treats its vendors. While not as vulnerable as prisoners, of course, vendors do tend to be an easier target of abusive treatment than are other classes of a company’s stakeholders. Indeed, this vulnerability was part of the reason for the widespread revulsion at press accounts of Donald Trump’s not paying many of his company’s vendors, as described in this story last year in USA Today.

However, at least based on my experience, the ethical treatment of vendors is often not on the radar screen of C&E programs, at least not to a meaningful degree. In that respect the issue is a bit like corporate tax practices, a hugely important area for ethical consideration  that is rarely treated as within the scope of a C&E program (as discussed in page 27 of this e-book).

Earlier this month a law went into effect in the United Kingdom requiring large companies to disclose certain information about payment practices regarding suppliers. The specifics of the law can be found in this article by the Pillsbury Winthrop law firm and, needless to say, companies doing business in the UK should understand and take whatever steps are necessary to comply with the law – aspects of which do sound somewhat tricky.   My point in alerting readers of the COI Blog to this development, however,  is somewhat different: to suggest that the law provides a welcome occasion for C&E officers to urge their companies to think broadly about C&E issues regarding the treatment of a company’s suppliers, if they have not already done so. Hopefully, this can lead to greater emphasis in risk assessment, training and other parts of a C&E program on doing right by suppliers.

This is important principally because it is the ethical thing to do. However, it is compelling  as a matter of compliance logic as well. In that regard, I can recall from client experience two instances of the mistreatment of suppliers (in particular, lying) causing those suppliers to confer with each other in a defensive but potentially harmful and unlawful  manner. Doubtless there are many other examples of this kind too – and I hope the spirit of the UK law can reach beyond the area of payments and lead to better compliance and ethics generally in the relationships between customers and suppliers.

Mozart’s timeless question

In the film Amadeus, the Emperor tells Mozart: “Your work is ingenious. It’s quality work. And there are simply too many notes, that’s all. Cut a few and it will be perfect.” The composer responds: “Which few did you have in mind, Majesty?” This exchange was brought to mind by an essay in Stanford Law Review On Line by Todd Hough, who teaches at Indiana University’s business school, “Cadillac Compliance” Breakdown.

Hough argues that “Corporate America wants—and believes it is getting—top notch compliance programs. But instead of the Cadillac, companies are ending up with a Chevy. Why is this? My research suggests the answer stems from two interrelated phenomena. First, corporate compliance is becoming increasingly ‘criminalized’; that is, corporations are now approaching compliance primarily through a criminal law lens. Second, as compliance programs become more criminalized they impose unintended behavioral consequences on corporate employees by creating opportunities for them to rationalize their unethical and illegal acts. Understanding these phenomena provides insight into the current failures of corporate compliance, but also how companies can best devise effective means of combating future corporate wrongdoing.”

I am generally sympathetic with his point of view, and indeed view Hough’s article as valuable for the C&E field. But still I have two concerns.

First, I think it is incorrect  to suggest that compliance programs are becoming criminalized. In fact, they have been that way from the beginning – which, most C&E practitioners would say, was the advent of the distinctly criminal Corporate Sentencing Guidelines in 1991. The notion of a golden age of truly voluntary compliance is essentially a myth, as noted in this prior post (although I should stress Hough does not put it that way).

Moreover, the fact that compliance programs are driven by criminal law does not mean that they are shaped by criminal law. The various components of compliance programs (such as risk assessment or auditing) are, in my view, based on ideas and experience involving management more so than law.

Second, his principal  recommendation for enhancing compliance programs is to build on the learnings of the behavioral ethics field. I certainly don’t disagree with this. It is indeed a point I have been making for many years in this blog and elsewhere and which has informed my advisory work for companies for even longer. Moreover, his particular suggestions in this regard  – concerning training, incentives and other C&E program elements  – seem sound.

Note that while the recommendations do seem useful, having developed similar approaches for corporate clients I don’t see behavioral ethics as transforming corporate compliance in profound ways. A personal metric on this point: in a typical 100-page compliance assessment report I draft, on average only two of those pages will be devoted to behavioral ethics. (If there was more to say I would definitely say it.)

Moreover, Hough argues that conventional compliance programs can essentially contribute to wrongdoing. There are various aspects to this, and I won’t try to address them all here,  but in large measure they come down to the view that too much emphasis on controls combined with the very large capacity to rationalize that we all have  delegitimizes compliance programs and thereby contributes to wrongdoing.   In an earlier post regarding a similar argument made by another scholar (whose work Hough indeed cites) I questioned whether this is really what happens in cases of corporate crime:   “According to his paper, laboratory experiments have shown that assuming a distrustful attitude toward individuals (which controls inherently do) causes those individuals to act in a less compliant/ethical manner. I have not read the research that he cites, but question whether anything done in a laboratory can sufficiently replicate the effect of the real-world conditions – particularly the pressures and risks, both of which can be extreme – that business people face when it comes to dealing with corruption. Indeed, in my – concededly anecdotal – experience, many business people welcome controls, as controls can help minimize the prospect of going to prison for making a wrong decision or having one’s employer economically ruined based on a colleague’s malfeasance. (This is particularly true with risk areas involving complex, often non-obvious rules – such as corruption, and also competition law and export controls.) Viewed in this light, having anti-corruption controls is no more disrespectful than is going to a doctor for an annual checkup.”

Coming back to where we started, for those would propose major cutbacks on controls, I’d respond with Mozart’s question: Which ones?

Finally, and at the risk of being redundant, I should stress that I found Hough’s article very helpful and I encourage you to read it.  And, I don’t want to diminish the curiosity practitioners may have for the behavioral ethics field. Rather, my goal is purely one of expectations management.

Cross references:

Behavioral ethics: the will and the way

In search of “Goldilocks compliance”

Welcome to Conflict of Interest World!

How can conflicts of interest harm individuals, organizations and society?

My latest column in Compliance & Ethics Professional (page 2 of attached PDF) counts the ways.

I hope you find it interesting.

Do stock options discourage whistleblowing?

Paying hush money is big business, and hardly a day goes by without some press account of a company or powerful individual buying the silence of those with knowledge of wrongdoing. Sometimes this involves settling individual claims with confidentiality provisions – such as today’s story in the NY Times about the various settlements Fox News has paid to silence individuals who claimed they were sexually harassed by that organization’s Bill O’Reilly.  But of perhaps of greater interest to C&E personnel (or at least to me) are what could be considered structural inhibitions on whistleblowing.

Andrew Call, Simi Kedia and Shivaram Rajgopal recently published research they conducted on the relationship between companies issuing stock grants to their employees and employees at such organizations reporting fraud. As described on HBR.org, the possible connection between receiving stock options and deciding to blow the whistle is twofold. First, “the value of stock options is directly tied to the value of the firm’s stock, and … whistleblowing allegations result in an immediate decline in the firm’s stock price, [so] employees stand to lose financially when they blow the whistle. In addition, employee stock options typically have vesting terms that require employees to wait a few years before they can exercise their options, which may act as a disincentive to blowing the whistle before they’re able to exercise their options.”

Their research approach and findings were as follows:

“Using a Stanford Law School database, we identified a sample of 663 firms that were alleged to have engaged in financial misreporting and were subject to class action shareholder litigation in U.S. federal court from 1996–2011. We examined the number of stock options granted to rank-and-file employees during the period of alleged misreporting, and we found that these firms granted more stock options during the misreporting period than did a benchmark sample of 663 similar firms that were not being investigated for financial misreporting. Option grants by these misreporting firms varied over time. Specifically, misreporting firms granted 14% more stock options to rank-and-file employees when they were allegedly misreporting their financials, but the number of options they granted decreased by 32% after they appeared to stop misreporting. These findings suggest that these firms granted additional stock options strategically during periods of alleged misreporting. We also found that these efforts are effective. Misreporting firms that granted more stock options to rank-and-file employees were less likely to be exposed by a whistleblower. Approximately 10% of the firms in our sample were subject to a whistleblowing allegation. Firms that avoided a whistleblower granted 78% more stock options than these firms did not.”

 These are certainly interesting findings, although one wonders if the results would be similar with a study of exclusively post Dodd-Frank cases, given how that 2010 law has greatly enhanced the incentives for whistleblowing in public companies. I also have a hard time picturing a meeting of senior executives and human resources personnel agreeing to a strategy of using stock options to buy employee silence. I’m not saying this never happens but doubt it happens a lot – given the personal risks that participating in such a scheme would create for those involved. However, I can definitely see how this would happen in the poorly lit realm of what is understood but not spoken.

Regardless of how this incentive manifests itself, I think C&E professionals should be aware of it in assessing and responding to the challenge of encouraging employees to internally report wrongdoing in their organizations. For some companies the key will be in increasing disincentives for not reporting, such as imposing serious economic penalties for senior managers on whose watch the wrongdoing occurred regardless of fault by such individuals. For other companies, softer incentives might be what is needed – such as the appeal to a “larger loyalty” described in this previous post on behavioral ethics and whistleblowing. For still others, having a point of risk” communication strategy  around the granting of the option – also a behavioral ethics inspired approach – might be what is called for.

Finally, the study also raises a different issue: should C&E personnel receive stock options? I know of no research on this issue, but this post – which  explores the related area of incentive compensation for “governance monitors” (general counsel and internal auditors)  – may be of interest to readers facing this issue in their organizations.

Other people’s risks

As described in a recent issue of The Economist:  “Moral hazard is a problem that crops up often in economics. People behave differently if they do not face the full costs or risks of their actions: deposit insurance makes customers less careful about picking their bank, for example. Moral hazard can also be second-hand. Take medicine. A patient with private insurance may be happy to sit through extra tests, and a doctor may be happy to order them. Doctors might be more reluctant to order tests if they know that the patient would bear the full cost. A newly published paper sets out to test this secondary problem by examining a common-enough situation—taking a taxi ride in a strange city. The authors, a trio of academics at the University of Innsbruck, sent researchers on 400 taxi rides, covering 11 different routes, in Athens, Greece. In all cases, the researchers indicated they were not familiar with the city. But in half the cases, the researchers indicated that their employers would be reimbursing them for the journey. The researchers in the latter group were 17% more likely to be overcharged for their trip and paid a fare that was, on average, 7% higher.”

The verdict: a clear case of “second-degree moral hazard.”

Moral hazard has been a subject of various other posts here.  It is like conflicts of interest and behavioral ethics – the two principal topics in this blog – in that all reflect some type of impairment in ethical decision making. But, each obviously is different from the other; indeed, there is arguably a tension between behavioral ethics and moral hazard, in that the former can be seen as a partial repudiation of the notion of homo economicus (humans as highly rational economic actors) whereas the latter suggests we have not gone far enough to understand how that semi-mythical creature really operates, as further discussed here.

All three frameworks are important in understanding risks.  But, at least in compliance and ethics circles, moral hazard has gotten less attention than have its two related types of impairment, which was why I was happy to see this article.

The taxi overcharging study indeed  seems to be an important contribution to the moral hazard field (although I hasten to add  that I’m relying here entirely on The Economist summary of it). Just as Samuel Johnson once said that a certain individual was not only dull but the cause of dullness in others, so this study has shown that moral hazard can be the cause of unethical action by others beyond the obvious subjects. That is useful knowledge because it helps demonstrate – at least in a general way – the power of moral hazard.

Does this have any practical implications for compliance & ethics programs? Maybe it does in the area of risk assessment, but for the most part, probably not.

Thinking more broadly, however, moral hazard imperils our ability to deal with climate change, debt and various other threats where future generations will bear the consequences of present-day decision making. And, understanding moral hazard – as well as COI and behavioral ethics – can help E&C professionals and others contribute to the crucial dialogue  on those challenges.

What is the opposite of right?

In one of my all-time favorite Doonesbury strips, convicted financier Phil Slackmeyer is asked by a prison minister, as part of ethics training: “What is the opposite of wrong?” His response: “Poor.”

But I wouldn’t say the opposite of right is “rich.” More often, it is “rushed.”

The connection between being rushed and being wrong was powerfully established in a famous experiment conducted in the 1970s, in which seminarians on their way to an appointment for which they were operating under different degrees of supposed time urgency were confronted by an individual seemingly in distress. As described here: “Researchers were interested in determining if their imposed time pressure affected the seminarians’ response to a distressed stranger. Remarkably, only 10% of the students in the high-hurry situation stopped to help the victim. 45% of the students in the intermediate-hurry and 63% of the students in the low-hurry situations helped the victim.”

The notion of rushing a decision to override ethical considerations will be familiar to both  C&E officers and criminal lawyers. It is also part of the realm of political decision making, as is currently being illustrated by the attempt in Congress to push through the passage of health care law revisions so hurriedly that there is no time to consider the impact of these on the well-being of millions of men, women and children.

As citizens, we should resist attempts to rush through legislation that hinders ethical consideration in the way that being in the “high hurry” category did for the seminarians. And as C&E professionals, we should understand and seek to address rush as a form of risk.

Among other things, this entails:

– taking rushed conditions into account when constructing and implementing risk assessments;

– addressing in training and other communications the ethical peril of hurried decision making; and

– attempting to build due deliberation into key decision making structures – which can often be done by making the decisions group, as opposed to individual, matters.

Finally, companies should make sure the C&E officer has a “seat at the table” for important business decisions, from which – to shift metaphors mid-sentence – she can serve as a “brakeman” for situations where ethical considerations are likely to collide with the supposed urgency of the moment.