Conflict of Interest Blog

What does the “E” in your C&E program stand for?

My latest column in C&E Professional.

I hope you find it useful

I was recently interviewed as part of the Pioneers in Business Ethics project.

You can find the text here.

I hope you find it interesing.


An important ethics warning for corporate counsel

From an article in the ABA Journal last week :   “As a way to undermine discovery, Google directs employees to add attorneys and seek legal advice in writing for ‘ordinary-course business communications,’ according to a March 21 sanctions motion filed by the U.S. Department of Justice, which is suing the company for alleged antitrust violations.  Known as the Communicate With Care program, it began in 2016, according to the U.S. District Court for the District of Columbia filing. ‘Often, knowing the game, the in-house counsel included in these Communicate With Care emails does not respond at all, according to the motion. A Google spokesperson told Reuters that the government has more than 4 million documents from the company, and the ‘teams have conscientiously worked for years to provide responses.  The motion asks the court to sanction Google for misusing attorney-client privilege and order that all documents be released in instances in which an attorney was included in the communication but did not reply.’”

This is not a new issue. DOJ had – years earlier – investigated whether some tobacco industry lawyers had improperly tried to hide routine business communications behind the privilege (although no charges were brought on this theory).  Indeed, my law partner Rebecca Walker and I have spoken at several PLI and SCCE compliance conferences on the need to avoid misuse of the privilege in this way.

Regardless of how the Google motion is ultimately resolved, in-house counsel should take appropriate measures to ensure that “over-privileging” is not done in their respective companies.  The same is true of outside counsel, although presumably the danger with the latter is less than it is with the former.

At a minimum this should involve some education – whether it be a memo from the general counsel, comments at a law department meeting or both.  For higher risk situations, some follow-up contact or other forms of monitoring may be warranted.

Finally, I should make clear that I am not suggesting that this is a “red alert” for corporate counsel. But it is a good opportunity to ask: Am I basically okay?


Analyzing conflicts of interest – where to start

A conflict of interest (“COI “) analysis of any situation should generally start with an identification of the relevant duty (or duties), which sometimes (but not always) are legal in nature.  Sources of such duties typically include the following.

First, there can be express contractual provisions mandating that employees, agents and others conduct themselves in a conflict-free (or conflict-disclosed) way.  An employment agreement would typically have a provision of this sort.  So would agency or retainer agreements.

Second, a code of conduct or other internal policy document could create a contractual COI obligation – either because it has been formally agreed to by employees or under an “implied contract” theory in the absence of such explicit agreement.  Of course, some codes disclaim any intent to create a contractual obligation, but their COI provisions could still help to create (or prove) an ethical duty.

Third, another important source of duties are statutes and regulations addressing COIs in a variety of contexts. These include types of employment (e.g., for government employees); regulated businesses (e.g., healthcare, financial services); or other settings.

Fourth is the fiduciary duty of loyalty, which serves as a “default” under common law. That is, it specifies loyalty-related obligations for directors, employees and other agents even in the absence of a contract or statute.

Note, however, that in some circumstances a party might “contract out” of such an obligation or limit its scope, although doing so would not always be effective as a matter of law. As a general matter, being able to contract out of or otherwise limit a duty of loyalty is more likely when the relationship is between parties of relatively equal bargaining power and sophistication.

Finally, there are duty-related standards of conduct for certain professions. Some may be enforced by various legal regimes (as in the case of rules of professional responsibility for attorneys), the violation of which can lead to discipline.  But such aren’t always present (as in the case of journalists, where  – to my knowledge –  there is no such regime).

This is only a very general framework, and more information about COIs and duties can be found throughout this blog.

Compliance “moot courts” for CEOs?

The CEO of a client company once told me that he wanted to fire another corporate officer there. I asked him what basis he had for this contemplated action and he said it was that the officer had failed to take mandatory compliance training. I responded by asking if he – the CEO – had taken the training, to which he replied (without a trace of irony or shame) that he had not.

Several years ago, unrelated to my encounter with the CEO, I ran a blog post proposing that in certain circumstances “moot courts” be held to determine what, if any, accountability members of a board of directors should bear for the consequences of a compliance-related breach.  In  today’s post I ask: Should such an idea be tried with CEOs?

There is indeed precedent for this sort of exercise. My law partner Rebecca Walker and I have held compliance moot courts at an industry conference.  We are also aware of something similar being conducted elsewhere,

Of course, a C&E moot court can be seen as essentially just another form of assessment, However, the advantage of a compliance moot court is that, by its nature, it can focus the CEO’s mind (and that of other senior executives) on the need for strong C&E in a way that traditional compliance assessments might not.  And the need for such focus has never been greater.

In a speech delivered earlier this month, Assistant Attorney General Kenneth A. Polite Jr. said at the ABA Institute on White Collar Crime:

When you are asked about remedial action, and you’re asked about corporate leadership and personnel, we are doing so to ensure individual accountability. For example, even if there is not any evidence that a CEO personally committed a crime, upon discovery of a crime, a corporation should examine whether a change in leadership is necessary, not for change’s sake, but because he modeled poor ethical behavior for the workforce, or fostered a climate in which subordinates committed wrongdoing with intent to benefit the company, or permitted weak

In my view, this somewhat enhanced focus on CEOs as a source of risk calls on companies to up their game on mitigation.

All that should be covered in a CEO assessment is beyond the scope of this post, but a few of the many such topics are:

– How the CEO makes the C&E program a true strategic imperative.

– How the CEO ensures that the Program has sufficient resources, reach, autonomy and clout.

– What messaging the CEO sends to employees about C&E.

– How C&E effects compensation, promotion and related matters at the Company.

Finally note that moot courts need not involve an actual examination of the CEO. It should generally be sufficient to have the CECO “testify” about the CEOs role in the program.


Handling undue pressure: the role of the compliance and ethics office

One of the most important business ethics experiments ever took place in the early 1970s in Princeton NJ.  In it, interview subjects were asked to travel from one place to another, but some were told that they had to hurry and others were not told this. Along the way, all saw an individual in apparent distress. Individuals put under time pressure were about six times more likely to engage in unethical conduct (not helping the individual in distress) than were those not under such pressure.

This was an incredible result. It – along with other subsequent behavioral ethics experiments – has led to an understanding of wrongdoing that places greater emphasis on the situation facing an individual and less on that individual’s character.  This, in turn, helps make the case for strong C&E efforts.

Turning from the world of research to that of the courtroom and prosecutors’ offices,  the corrupting influence of high-pressure is an oft-told tale. In recent years the most prominent case of this sort involved Wells Fargo, where a toxic corporate culture pressured many employees to engage in serious legal and ethical transgressions.

So, what is to be done about this potentially perilous risk?

At the outset, I note that C&E programs are not expected to eliminate all pressure to perform. That would be impossible and indeed undesirable.  But what a C&E officer can and should do is to mitigate undue pressure.

One part of such an effort is risk assessment. Based on a variety of factors – both internal (e.g., employee surveys) and external market conditions (e.g., hyper competitiveness) – the risks of undue pressure can be identified.

Of course, the fact that risky conditions exist at one company does not necessarily mean that they also exist at a competitor. But it can suggest a line of inquiry both as to risk and to the efficacy of mitigation that should be explored.

Another approach is having the managers’ duties section of the code of conduct address the issue of avoiding undue pressure. That is, the code and related documents (policies, charters, among other things) should spell out that a manager is responsible for addressing pressure that might lead their subordinates to cross a legal or ethical line.

Yet another available measure is having the CEO speak at an all-company or other major event about the need to avoid undue pressure  – particularly at key times (such as near the end of a financial reporting period). One should also cascade the message down through the ranks of management (both operations and staff).

In a related vein one might develop pressure-related scenarios for use in training and other communications.  This would seem to be an obvious compliance measure, but my belief is that too few companies go this route.

Less obvious still, one should consider including undue pressure in audits.  By this I mean that some audit interviews should seek to determine whether pressure at the company is unduly risky. Note that I am not suggesting that this be an extensive effort.  A single question asked of individuals in high-risk positions (e.g., sales) and locations should be sufficient in many audits.

Investigations and discipline have a key role in this aspect of compliance.  Both in how one conducts an investigation and in related discipline one should make sure that those responsible for undue pressure are held accountable. One practical measure to ensure that this happens is to speak to this issue in the company’s investigations manual.

One should, as well,  consider addressing the issue in performance evaluations. By this I mean including in evaluations the extent to which a manager projects undue pressure onto their subordinates – or shields them from it.

Finally, one should ensure the board of directors (typically via the audit committee) is alert to undue pressure risks. They have the ultimate power in a company to mitigate those risks.

Of course, not every company needs to do all of these. And some will address the issue of undue pressure in other ways.  But all should be actively engaged on this risky area.

A free podcast on the history and future of compliance

from SCCE Here is an introduction from SCCE’s Adam Turteltaub:

For most of us, it’s hard to imagine a time before the US Federal sentencing Guidelines came into being and set the direction for compliance and ethics programs.

Jeff Kaplan, partner at the law firm Kaplan & Walker and longtime compliance leader remembers those pre-Guidelines times and in this podcast we discuss the changes that have come, didn’t happen and may yet occur with compliance programs.

Even after thirty years he reports that, in many ways, we are still getting started. While many organizations have developed robust compliance programs, a large number are still at the starting gate. In addition, many business people, particularly in management, tend to think of compliance as something less than sales, marketing or other departments, and not worthy of the investment.

A related challenge is what he called the “mission accomplished phenomenon”, which he defines as a tendency to see compliance as an event rather than an ongoing program.

Still, he sees the glass as something more than half filled and creating new challenges. For more developed programs, he believes, now is the time to maintain a sense of urgency and improve performance.

Click here to listen to the pod cast.

The third rail in American compliance

An article by Rebecca Walker and me in Compliance and Ethics Professional  on when and how a chief ethics and compliance officer should report to the general counsel.

We hope you find it useful.

Loyalty as an ethics risk

Movie mogul Samuel Goldwyn famously said: “I’ll take fifty percent efficiency to get one hundred percent loyalty.”  But too much loyalty can be bad for reasons that go beyond inefficiency, as shown by ex-President Trump’s call for then FBI director Comey to be loyal to him personally. On the other hand, a world with too little loyalty could be highly dysfunctional and even hellish.

In a piece in Forbes several years ago Rob Asgar made the following important  points  (among others) about loyalty:

The “loyalty bind,” as some psychologists call it, keeps the members of an organization from being able to see tumors metastasizing in their midst. It’s what leads to scandals and cover-ups in churches, city halls, companies and ideological movements.

The challenge is to move organizations away from the notion of loyalty to persons and toward the notion of loyalty toward first principles. These principles include transparency, integrity, accountability and a constant readiness to reform in whatever way necessary—no matter whose personal interests may be affected. This isn’t easy, because humans are tribal—we evolved to be in the society of other humans and to instinctively sacrifice our own safety in order to defend them against outside threats. The notion of defending shared principles came later, and it still hasn’t taken root fully. 

The point about humans being tribal is, of course, key.  When behavior is truly instinctive it is hard (and sometimes impossible) to prevent/modify.

C&E practitioners have, of course, long looked for ways to do just that.  Sometimes this involves appealing to shared values, as noted above.  But it can also entail  drawing on loyalty to other persons.

For instance, years ago I helped to develop a short C&E training video that sought to evoke feelings of a “larger loyalty” by showing the faces of colleagues laid off in the wake of an accounting scandal that could have been, but wasn’t, stopped in the early stages by a potential whistleblower.  Another video focused on the harm to the wrongdoer’s family members when he went to jail for his crime against the company.

In addition to training, other forms of communication should be used to address the downsides of misdirected loyalty. Among other things, senior officials at the company. (particularly the CEO) should speak to it in town halls and/or emails to all employees.

Risk assessment also has a role to play in addressing loyalty-related risks. In  Ethics for Adversaries,    Arthur Isak Applbaum describes how many of the adversary systems with which we live – law, politics, and others – seem to license wrongdoing that would not be countenanced if done in other settings.  As he notes, “[A]dversaries act for by acting against,” and this leads to a purported “division of moral labor” – with the expectation that some sort of equilibrium will arise therefrom.   But, he says, acts that ordinarily would be morally forbidden – such as deception – should not be considered permissible merely because they are performed in a political or professional role.  

Finally, audit has a role to play too. Among other things, it can focus audits on a company’s facility that has been managed for a long time by a particular executive.

Compliance officers as “ministers for the future.”

In The Ministry for the Future   science fiction writer Kim Stanley Robinson draws a truly harrowing picture of the cataclysmic harm that climate change could inflict on our planet in the not-so-distant future.

His tale is also about how a newly conceived UN ministry might try to save the day.  The ministry is tasked with advocating “for the world’s future generations of citizens, whose rights, as defined in the Universal Declaration of Human Rights, are as valid as our own…”

Might compliance and ethics (C&E) officers play a part in advocating for the future?

At the outset, I should stress that I’m not arguing that C&E officers in companies and other otherizations should become professional futurologists.  That would be impractical and undesirable for various reasons.

But there is a role for C&E officers to ensure that their company advocates for future generations.  That role begins with consideration of moral hazard.

Notwithstanding its name, the concept of moral hazard originally had little to do with morality. Rather, it referred to the phenomenon that providing insurance tended to promote risky behavior by insured parties. Subsequently, moral hazard has been applied to a wide range of circumstances where incentives encourage unduly risky conduct by shifting the impact of a bad decision to a party other than the decision-maker.  Much of the debate over COVID-19 has involved moral hazard issues.

Moral hazard is not the same as conflicts of interest (COIs) or corruption. COIs and corruption generally require a breach of a duty of loyalty, whereas moral hazard does not. But they all involve conflicting interests having an adverse effect on ethical decision making and are close enough to each other to be considered “cousins.”

Of course, the “mother of all” moral hazards is climate change.  Additionally, the field of Environmental Social and Corporate Governance is built, in part, on moral hazard considerations.

But there are many other situations where the future generations need to be protected. And advocating for such interests is a good role for C&E officers, in part because of their experience in dealing with COI and corruption.

For this reason, it makes sense to consider that the C&E officer’s role regarding the rights of future generations could be to:

– Identify the types or activities at their organization that could cause significant harm to future generations (i.e., a form of risk assessment). This is a function both of the inherent riskiness of the activities in question and also the lack of advocacy for future generations.

– Identify or propose appropriate mitigation measures. This would include some degree of setting standards and delivering training/communications, among other things.

– Report to appropriate parties in the company on the measures taken and to be taken.

This is, needless to say, very general and addressing the needs of the future effectively would mean different things for different organizations. But hopefully it is a nudge the right direction.