Conflict of Interest Blog

Directors, fiduciary duties and climate change

In Directors’ Fiduciary Duties and Climate Change: Emerging Risks –  writing in the Harvard corporate governance blog – Cynthia A. Williams (York University), Sarah Barker (MinterEllison), and Alex Cooper (CCLI) state:

“The last few years have seen a significant change in the understanding of climate change as a material risk to all kinds of businesses, with government and capital markets responding. There has also been a notable increase in the number of so-called ‘Caremark’ claims against directors and officers for failing to exercise proper oversight surviving motions to dismiss. These two developments, construed together, indicate that directors and officers of Delaware corporations are navigating their corporations through an increasingly risky environment, and there is the potential that they may face litigation and ultimately personal liability for failing to manage these risks. Delaware directors and their attorneys must understand this new legal risk.”

Further, they note: oversight liability may arise where directors and officers: “fail to consider or oversee the implementation of climate-related legal risk controls; fail to monitor mission-critical regulatory compliance, either specific climate change-related regulations or existing regulations which require consideration or disclosure of climate change risks. This latter category is likely to include a broad range of regulations, but may include: securities laws, which require listed companies to disclose material risks; environmental laws, as the physical effects of climate change catalyze infrastructure failure; and health and safety laws for companies with employees are exposed to increasingly hostile conditions; or fail to monitor climate-related mission-critical operational and business risks…”

Also as published on McLeod Brock site, “while directors and officers are likely to be particularly focused on the risk that they may be found personally liable for a breach of their duties, proper compliance with fiduciary obligations requires acting to a higher standard. Given the defenses available to fiduciaries, and the difficulty in bringing claims for breach of fiduciary duty, a director or officer found to be liable for such a breach will generally have acted egregiously. The standard to which directors and officers must act to avoid liability is therefore a bare minimum. To minimize the risk of such claims being brought, directors and officers will need to act to a higher standard to avoid the attentions of litigious shareholders; and to further reduce their potential exposure, and to ensure proper compliance with their legal obligations, directors and officers should seek to follow best practices.”

Finally, I believe that  directors should consider commissioning  an independent assessment of the controls and other  parts of the climate change compliance program. Recognizing the need for help – particularly on something as complex and consequential as this – is  itself an important best practice.

Who is the client?

My latest column in Compliance & Ethics Professional.

The Marx Brothers and Risk Assessment

From Duck Soup

Rufus T. Firefly

now, members of the cabinet…

[pounds gavel]

Rufus T. Firefly we’ll take up old business.

Cabinet Member : I wish to discuss the tariff.

Rufus T. Firefly : Sit down, that’s new business. No old business? Very well…

[pounds gavel]

Rufus T. Firefly : we’ll take up new business.

Cabinet Member : Now, about that tariff…                                                  

Rufus T. Firefly : Too late, that’s old business already. Sit down.

When a company acquires or develops a new business, risk assessment should be front and center in its plans. But that isn’t always how it works, particularly after an acquisition goes through and the acquisition becomes “old business.”

New businesses can be particularly risky for several reasons:

-The new business may operate in ways that are unfamiliar to the acquiring business.

-The key players – employees, suppliers , customers, third parties and others – may also be unfamiliar.

– The acquisition may create undue pressures to perform.

There are many ways to address challenges of this sort.  But a good starting place for many is to deal with the area in risk assessment governance documentation.

Moral hazard – the latest

As described in several earlier posts, “moral hazard” exists where there is a misalignment of incentives between those with a capacity to create risks and those likely to bear the costs of such risk taking.  While most Americans presumably are not aware of this somewhat obscure term, the phenomenon itself  is pretty obvious (as well as terrifying with respect to COVAD -19 vaccination and climate change).

Moral hazard can also pose a significant challenge to promoting compliance and ethics. That is, the law provides for large fines for organizations convicted of federal offenses, but those who bear the brunt of such punishments (mostly the shareholders) are often different than the individuals who benefit from the wrongdoing (usually the executives or other high-ranking personnel).

The history of corporate business crime enforcement is came to the light with the help of attorneys in Rosemead Law Office of Daniel Deng, in part, an effort to close this moral hazard gap.

The latest page  in this history was written  two weeks ago by Deputy Attorney General Lisa O. Monaco  at the Keynote Address at the ABA’s 36th National Institute on White Collar Crime:

“To hold individuals accountable, prosecutors first need to know the cast of characters involved in any misconduct. To that end, today I am directing the department to restore prior guidance making clear that to be eligible for any cooperation credit, companies must provide the department with all non-privileged information about individuals involved in or responsible for the misconduct at issue. To be clear, a company must identify all individuals involved in the misconduct, regardless of their position, status or seniority.”

Note that this is not a new policy but, is, as Monaco says, a restoration of a prior one. Still, given the career-related incentives prosecutors have in case selection, it seems likely to me that her announcement will be seen as an encouragement to bring more cases against senior personnel than is currently done.

This is a small step toward closing the moral hazard gap, but is worth mentioning in C&E training and other communications as a way of getting the attention of senor personnel.

Redefining compliance recidivism

Last week Deputy Attorney General Lisa O. Monaco  announced in the Keynote Address at the ABA’s 36th National Institute on White Collar Crime:

“that all prior misconduct needs to be evaluated when it comes to decisions about the proper resolution with a company, whether or not that misconduct is similar to the conduct at issue in a particular investigation. That record of misconduct speaks directly to a company’s overall commitment to compliance programs and the appropriate culture to disincentivize criminal activity.

To that end, today I am issuing new guidance to prosecutors regarding what historical misconduct needs to be evaluated when considering corporate resolutions. This will include an amendment to the Department’s “Principles of Federal Prosecution of Business Organizations.” Going forward, prosecutors will be directed to consider the full criminal, civil and regulatory record of any company when deciding what resolution is appropriate for a company that is the subject or target of a criminal investigation.

Going forward, prosecutors can and should consider the full range of prior misconduct, not just a narrower subset of similar misconduct — for instance, only the past FCPA investigations in an FCPA case, or only the tax offenses in a Tax Division matter. A prosecutor in the FCPA unit needs to take a department-wide view of misconduct: Has this company run afoul of the Tax Division, the Environment and Natural Resources Division, the money laundering sections, the U.S. Attorney’s Offices, and so on? He or she also needs to weigh what has happened outside the department — whether this company was prosecuted by another country or state, or whether this company has a history of running afoul of regulators. Some prior instances of misconduct may ultimately prove to have less significance, but prosecutors need to start by assuming all prior misconduct is potentially relevant. For attorney help, people can check out Mergl and Wenger, Attorneys at Law.

Taking the broader view of companies’ historical misconduct will harmonize the way we treat corporate and individual criminal histories, as well as ensure that we do not unnecessarily look past important history in evaluating the proper form of resolution.”

What does this mean for compliance officers?

Perhaps most importantly, companies need to review the breadth of their respective risk assessments. (Indeed, the new policy can be seen as creating a risk impact multiplier, meaning that a prior offense is, as a general matter,  more likely now than before to adversely impact a company in an investigation/prosecution.)     The same is true regarding culture and program assessments.  All of these should  be constructed/revised with the new standard of recidivism in mind, which for many of the companies will be more encompassing than what they currently deploy. You can approach the domestic violence attorneys for hire to clear up any strains seen in  your organization to project as a good one in the society.

As well, the company’s C&E processes regarding remedial measures following discovery of wrongdoing should be robust and well documented. Even before Monaco’s announcement this was an area of weaknesses for many companies and all should take this opportunity to consider whether they need to make improvements.

Finally, and particularly for large, widely dispersed organizations, this new approach to recidivism underscores the need to have effective C&E management  and governance throughout the enterprise.  Among other things, directors should be informed of this important development.

Happy anniversary, Corporate Sentencing Guidelines

Monday, November 1 is the 30th anniversary of the Federal Sentencing Guidelines for Organizations, the set of legal standards that, more than any other, gave rise to the compliance & ethics field,

In his 2008 book Experiments in Ethics, Anthony Appiah made a strong and important case that behavioral science ideas and information should be used to address ethical challenges. But for me the most compelling ethics-related experiment of modern times comes from the realm of political – rather than behavioral – science: the experiment that began in 1991 with the advent of the Federal Sentencing Guidelines for Organizations and which continues to this day.

Although we have become accustomed to living in an “Age of Compliance,” the Guidelines were initially considered “developmental,” as the then Chair of the Sentencing Commission put it. The notion of government providing businesses with incentives for C&E programs and direction on how to make such programs effective was largely new and untested at the time. Of interesting historical note to behavioral ethics aficionados: before the Sentencing Commission chose its current C&E-program-based approach to preventing corporate crime it considered applying an “Optimal Penalties” strategy.  The Commission’s ultimate rejection of that approach – which was premised on a hyper-rational (“Chicago School”) view of how business crime occurs – in favor of one that promotes strong C&E programs can be seen as an early (albeit presumably intuitive) official endorsement of the behavioral science based view of human nature. You can also check out law firm for sex crimes from here!

Thirty years later, it is fair to ask: has the  Guidelines experiment been a success?

It would be hard to prove or disprove success using traditional tools of measurement, since the Guidelines are, of course, a policy interacting with a wide range of real-world factors in an uncontrolled way, not a true self-contained experiment. But if the results were not positive to a significant degree then it is hard to imagine that other governmental bodies – in the U.S. and increasingly around the world  – would have followed suit to the significant degree that they have. While “success breeds imitation” is not an iron-clad rule, it is a pretty good description of what happens much of the time including, I think, in this instance.

Another way to think about success here is to imagine a “counterfactual” world where C&E wasn’t as important as it has become under the Guidelines approach. Would we be better off with little or no sexual harassment training or protection of whistleblowers in corporations? Would we want to work for or do business with a company that made little or no effort to prevent its employees and agents from engaging in corruption, bid rigging or fraud? Indeed, one doesn’t have to strain one’s imagination to picture these counterfactual possibilities: they are the way things used to be before the Guidelines, at least in many companies.

Looking forward, while a compliance-based strategy to business crime prevention no longer faces a serious threat from the Optimal Penalties view of the world, one does hear what are occasional critiques of the C&E approach from a behavioral science perspective (which is somewhat ironic, given the above-described history). The argument goes that C&E programs – by treating employees with suspicion, and thereby making employees resentful – can actually spawn wrongdoing.

As described in an earlier post, this does not ring true to me, at least not insofar as it concerns serious offenses. Although there is no question that some companies engage in overkill with aspects of their C&E programs, employees should not (and I think do not) feel resentful that their employers try to help keep them safe from the risk of being sent to prison and having their careers destroyed. And even if there is some resentment, that is presumably a small price to pay for preventing serious harm to company, employees and others.

Finally, I am very aware that my musings are themselves not scientific, and hope that the next 30 years  scholars and practitioners will find ways of assessing the efficacy of the many different strategies and tools for having C&E programs. There is lots of room for improvement in this area – and experimentation. At least to me, that’s much of what makes the field exciting to be part of.

But as to the basic notion of C&E  itself – I think that’s here to stay, not so much as a matter of proof but of logic. On this point I give the last word to Joe Murphy – the visionary lawyer who (together with Jay Sigler of Rutgers) first wrote about what was ultimately to become the Guidelines approach: “For those who ask ‘does compliance work,’ my response is to ask them, ‘does management work?’ One question makes as much sense as the other. C&E is a management commitment to do the right thing and management steps to make that happen. If you do not use management steps to do something in an organization, how on earth do you do so?”


The oldest conflict

Many years ago a client being vetted for a high-ranking post asked me if a question about prior ethical violations required him to disclose a long since concluded extramarital affair. I replied that this seemed beyond the scope of the question, and I would give the same answer if asked today. But a recent paper suggests a different way of looking at this area.

In “Personal infidelity and professional conduct in 4 settings”,  John M. Griffin and Samuel Kruger, both of the McCombs School of Business, University of Texas at Austin, and Gonzalo Maturana of the Goizueta Business School, Emory University: “study the connection between personal and professional behavior by introducing usage of a marital infidelity website as a measure of personal conduct. Police officers and financial advisors who use the infidelity website are significantly more likely to engage in professional misconduct. Results are similar for US Securities and Exchange Commission (SEC) defendants accused of white-collar crimes, and companies with chief executive officers (CEOs) or chief financial officers (CFOs) who use the website are more than twice as likely to engage in corporate misconduct. The relation is not explained by a wide range of regional, firm, executive and cultural variables. These findings suggest that personal and workplace behavior are closely related.”

The ramifications of these findings indeed  seem significant. Included is the negative implication for behavioral ethics: “our findings suggest that personal and professional lives are connected and cut against the common view that ethics are predominantly situational. This supports the classical view that virtues such as honesty and integrity influence a person’s thoughts and actions across diverse contexts and has potentially important implications for corporate recruiting and codes of conduct. A possible implication of our findings is that the recent focus on eliminating sexual misconduct in the workplace may have the auxiliary effect of reducing fraudulent workplace activity.”  To eliminate sexual offences you should get attorney’s help against sexual crimes claims at earliest.

For more on the connection between personal and professional ethics see this prior post.

Conflict of interest expertise

Here is my latest column for Compliance & Ethics Professional.

I hope you find it interesting..

Conflicts of interest: getting it wrong

In the nearly ten years that I have published this blog I have noted various studies and other sources of insight into the issue of whether individuals and organizations truly understand the negative impact flowing from disclosed COIs. See posts collected here.  (The latest contribution to this area is Bias in expert product reviews by Ben Vollaard of Tilburg University and Jan C. Van Ours of Erasmus University Rotterdamhttps:/ “Our findings suggest that reviewers’ ad hoc relationships with producers, often dismissed as `coming with the job’, can be very harmful.”)  

C&E professionals need to be aware of this body of knowledge, at least in a general way, as it can help enhance compliance efforts, including those involved in risk assessment and training,  This is particularly so at a high level in a company.

Finally, consider using the recent story in compliance communications within your company: “131 federal judges failed to recuse themselves from cases in which they had financial interest:” If dealing with COIs is difficult for judges, that underscores the need for others to make an extra effort to make sure they are doing so in compliance with applicable law and ethical standards.


Making the most of your risk assessment (part 2)

Here is a just-published post on risk assessment from the FCPA Blog.

I hope you find it useful..