Compliance stays in the game

Last week the Ethics & Compliance Initiative (the ECI) held its annual conference and marked the 25th anniversary of the founding meeting of one of the group’s predecessor entities – the Ethics Officer Association (the EOA). The conference covered a wide range of topics (Mark Snyderman and I discussed the ECI conflict of interest benchmarking research that was the subject of a prior post) but the clear highlight of the event was the keynote address by Attorney General Jeff Sessions.

Based upon some of what he has said or done outside the C&E realm I’ve not been a big fan of the AG, but was relieved by two aspects of his message to the hundreds of C&E officers in the room and many thousands who were not present. First, he said that the government “will continue to strongly enforce the Foreign Corrupt Practices Act and other anti-corruption laws.”  This is important not only because corruption is an incredibly harmful phenomenon but also because the internal controls provision of the FCPA effectively requires compliance measures beyond those that are purely anticorruption focused. Second, he said: “when we make charging decisions, we will continue to take into account whether companies have good compliance programs.” This is important because enforcement-related incentives such as this are a big part of what persuades companies to develop strong C&E programs. (Indeed, it is no coincidence that the EOA was founded shortly after the legal standards inaugurating this policy approach – the Federal Sentencing Guidelines for Organizations – went into effect.)

Of course, the AG’s positions presumably would be viewed by many people as a matter of  common sense . But in other areas – such as climate change and fiscal responsibility – the Trump administration has seemingly abandoned reason. So, when counting our blessings in these perilous times nothing should be taken for granted. And, the government’s continuing to support C&E (through enforcement policy) is indeed a blessing, even if its logic is obvious.

At the founding EOA meeting 25 years ago there were fewer than twenty ethics officers present (as well as some outside speakers, including yours truly). Since then C&E programs have spread throughout the world, playing a key role in preventing and detecting not only corruption but also terrorism, collusion, fraud, conflicts of interest, pollution, harassment, unsafe products and unhealthy working conditions, among other “horribles.” These programs are, of course, imperfect in many ways. But millions of people are better for their now being part of the business mainstream.

Ultimately, the full promise of C&E programs goes beyond the business realm to nurturing habits of mind that can be helpful to addressing a wider range of challenges than corporate law abidance and ethicality. Among other things, such habits could include thinking systemically about risk and mitigation, having a deep appreciation for the interests of other individuals and embracing meaningful approaches to accountability for doing what is right and stopping what is wrong. None of these were invented by C&E practitioners. But for many millions of Americans and others there is now a steady reminder through C&E programs of the importance of thinking in these and related ways – and this could provide a foundation for promoting greater ethicality in the societal realm.

So, hats off to the AG (at least for the moment). And, full speed ahead with the C&E movement.

Treating suppliers ethically

Just as (according to Dostoyevsky) “[t]he degree of civilization in a society can be judged by entering its prisons…” so can the degree of ethicality in a company be judged – at least in part – by assessing how it treats its vendors. While not as vulnerable as prisoners, of course, vendors do tend to be an easier target of abusive treatment than are other classes of a company’s stakeholders. Indeed, this vulnerability was part of the reason for the widespread revulsion at press accounts of Donald Trump’s not paying many of his company’s vendors, as described in this story last year in USA Today.

However, at least based on my experience, the ethical treatment of vendors is often not on the radar screen of C&E programs, at least not to a meaningful degree. In that respect the issue is a bit like corporate tax practices, a hugely important area for ethical consideration  that is rarely treated as within the scope of a C&E program (as discussed in page 27 of this e-book).

Earlier this month a law went into effect in the United Kingdom requiring large companies to disclose certain information about payment practices regarding suppliers. The specifics of the law can be found in this article by the Pillsbury Winthrop law firm and, needless to say, companies doing business in the UK should understand and take whatever steps are necessary to comply with the law – aspects of which do sound somewhat tricky.   My point in alerting readers of the COI Blog to this development, however,  is somewhat different: to suggest that the law provides a welcome occasion for C&E officers to urge their companies to think broadly about C&E issues regarding the treatment of a company’s suppliers, if they have not already done so. Hopefully, this can lead to greater emphasis in risk assessment, training and other parts of a C&E program on doing right by suppliers.

This is important principally because it is the ethical thing to do. However, it is compelling  as a matter of compliance logic as well. In that regard, I can recall from client experience two instances of the mistreatment of suppliers (in particular, lying) causing those suppliers to confer with each other in a defensive but potentially harmful and unlawful  manner. Doubtless there are many other examples of this kind too – and I hope the spirit of the UK law can reach beyond the area of payments and lead to better compliance and ethics generally in the relationships between customers and suppliers.

Mozart’s timeless question

In the film Amadeus, the Emperor tells Mozart: “Your work is ingenious. It’s quality work. And there are simply too many notes, that’s all. Cut a few and it will be perfect.” The composer responds: “Which few did you have in mind, Majesty?” This exchange was brought to mind by an essay in Stanford Law Review On Line by Todd Hough, who teaches at Indiana University’s business school, “Cadillac Compliance” Breakdown.

Hough argues that “Corporate America wants—and believes it is getting—top notch compliance programs. But instead of the Cadillac, companies are ending up with a Chevy. Why is this? My research suggests the answer stems from two interrelated phenomena. First, corporate compliance is becoming increasingly ‘criminalized’; that is, corporations are now approaching compliance primarily through a criminal law lens. Second, as compliance programs become more criminalized they impose unintended behavioral consequences on corporate employees by creating opportunities for them to rationalize their unethical and illegal acts. Understanding these phenomena provides insight into the current failures of corporate compliance, but also how companies can best devise effective means of combating future corporate wrongdoing.”

I am generally sympathetic with his point of view, and indeed view Hough’s article as valuable for the C&E field. But still I have two concerns.

First, I think it is incorrect  to suggest that compliance programs are becoming criminalized. In fact, they have been that way from the beginning – which, most C&E practitioners would say, was the advent of the distinctly criminal Corporate Sentencing Guidelines in 1991. The notion of a golden age of truly voluntary compliance is essentially a myth, as noted in this prior post (although I should stress Hough does not put it that way).

Moreover, the fact that compliance programs are driven by criminal law does not mean that they are shaped by criminal law. The various components of compliance programs (such as risk assessment or auditing) are, in my view, based on ideas and experience involving management more so than law.

Second, his principal  recommendation for enhancing compliance programs is to build on the learnings of the behavioral ethics field. I certainly don’t disagree with this. It is indeed a point I have been making for many years in this blog and elsewhere and which has informed my advisory work for companies for even longer. Moreover, his particular suggestions in this regard  – concerning training, incentives and other C&E program elements  – seem sound.

Note that while the recommendations do seem useful, having developed similar approaches for corporate clients I don’t see behavioral ethics as transforming corporate compliance in profound ways. A personal metric on this point: in a typical 100-page compliance assessment report I draft, on average only two of those pages will be devoted to behavioral ethics. (If there was more to say I would definitely say it.)

Moreover, Hough argues that conventional compliance programs can essentially contribute to wrongdoing. There are various aspects to this, and I won’t try to address them all here,  but in large measure they come down to the view that too much emphasis on controls combined with the very large capacity to rationalize that we all have  delegitimizes compliance programs and thereby contributes to wrongdoing.   In an earlier post regarding a similar argument made by another scholar (whose work Hough indeed cites) I questioned whether this is really what happens in cases of corporate crime:   “According to his paper, laboratory experiments have shown that assuming a distrustful attitude toward individuals (which controls inherently do) causes those individuals to act in a less compliant/ethical manner. I have not read the research that he cites, but question whether anything done in a laboratory can sufficiently replicate the effect of the real-world conditions – particularly the pressures and risks, both of which can be extreme – that business people face when it comes to dealing with corruption. Indeed, in my – concededly anecdotal – experience, many business people welcome controls, as controls can help minimize the prospect of going to prison for making a wrong decision or having one’s employer economically ruined based on a colleague’s malfeasance. (This is particularly true with risk areas involving complex, often non-obvious rules – such as corruption, and also competition law and export controls.) Viewed in this light, having anti-corruption controls is no more disrespectful than is going to a doctor for an annual checkup.”

Coming back to where we started, for those would propose major cutbacks on controls, I’d respond with Mozart’s question: Which ones?

Finally, and at the risk of being redundant, I should stress that I found Hough’s article very helpful and I encourage you to read it.  And, I don’t want to diminish the curiosity practitioners may have for the behavioral ethics field. Rather, my goal is purely one of expectations management.

Cross references:

Behavioral ethics: the will and the way

In search of “Goldilocks compliance”

Welcome to Conflict of Interest World!

How can conflicts of interest harm individuals, organizations and society?

My latest column in Compliance & Ethics Professional (page 2 of attached PDF) counts the ways.

I hope you find it interesting.

Do stock options discourage whistleblowing?

Paying hush money is big business, and hardly a day goes by without some press account of a company or powerful individual buying the silence of those with knowledge of wrongdoing. Sometimes this involves settling individual claims with confidentiality provisions – such as today’s story in the NY Times about the various settlements Fox News has paid to silence individuals who claimed they were sexually harassed by that organization’s Bill O’Reilly.  But of perhaps of greater interest to C&E personnel (or at least to me) are what could be considered structural inhibitions on whistleblowing.

Andrew Call, Simi Kedia and Shivaram Rajgopal recently published research they conducted on the relationship between companies issuing stock grants to their employees and employees at such organizations reporting fraud. As described on HBR.org, the possible connection between receiving stock options and deciding to blow the whistle is twofold. First, “the value of stock options is directly tied to the value of the firm’s stock, and … whistleblowing allegations result in an immediate decline in the firm’s stock price, [so] employees stand to lose financially when they blow the whistle. In addition, employee stock options typically have vesting terms that require employees to wait a few years before they can exercise their options, which may act as a disincentive to blowing the whistle before they’re able to exercise their options.”

Their research approach and findings were as follows:

“Using a Stanford Law School database, we identified a sample of 663 firms that were alleged to have engaged in financial misreporting and were subject to class action shareholder litigation in U.S. federal court from 1996–2011. We examined the number of stock options granted to rank-and-file employees during the period of alleged misreporting, and we found that these firms granted more stock options during the misreporting period than did a benchmark sample of 663 similar firms that were not being investigated for financial misreporting. Option grants by these misreporting firms varied over time. Specifically, misreporting firms granted 14% more stock options to rank-and-file employees when they were allegedly misreporting their financials, but the number of options they granted decreased by 32% after they appeared to stop misreporting. These findings suggest that these firms granted additional stock options strategically during periods of alleged misreporting. We also found that these efforts are effective. Misreporting firms that granted more stock options to rank-and-file employees were less likely to be exposed by a whistleblower. Approximately 10% of the firms in our sample were subject to a whistleblowing allegation. Firms that avoided a whistleblower granted 78% more stock options than these firms did not.”

 These are certainly interesting findings, although one wonders if the results would be similar with a study of exclusively post Dodd-Frank cases, given how that 2010 law has greatly enhanced the incentives for whistleblowing in public companies. I also have a hard time picturing a meeting of senior executives and human resources personnel agreeing to a strategy of using stock options to buy employee silence. I’m not saying this never happens but doubt it happens a lot – given the personal risks that participating in such a scheme would create for those involved. However, I can definitely see how this would happen in the poorly lit realm of what is understood but not spoken.

Regardless of how this incentive manifests itself, I think C&E professionals should be aware of it in assessing and responding to the challenge of encouraging employees to internally report wrongdoing in their organizations. For some companies the key will be in increasing disincentives for not reporting, such as imposing serious economic penalties for senior managers on whose watch the wrongdoing occurred regardless of fault by such individuals. For other companies, softer incentives might be what is needed – such as the appeal to a “larger loyalty” described in this previous post on behavioral ethics and whistleblowing. For still others, having a point of risk” communication strategy  around the granting of the option – also a behavioral ethics inspired approach – might be what is called for.

Finally, the study also raises a different issue: should C&E personnel receive stock options? I know of no research on this issue, but this post – which  explores the related area of incentive compensation for “governance monitors” (general counsel and internal auditors)  – may be of interest to readers facing this issue in their organizations.

Other people’s risks

As described in a recent issue of The Economist:  “Moral hazard is a problem that crops up often in economics. People behave differently if they do not face the full costs or risks of their actions: deposit insurance makes customers less careful about picking their bank, for example. Moral hazard can also be second-hand. Take medicine. A patient with private insurance may be happy to sit through extra tests, and a doctor may be happy to order them. Doctors might be more reluctant to order tests if they know that the patient would bear the full cost. A newly published paper sets out to test this secondary problem by examining a common-enough situation—taking a taxi ride in a strange city. The authors, a trio of academics at the University of Innsbruck, sent researchers on 400 taxi rides, covering 11 different routes, in Athens, Greece. In all cases, the researchers indicated they were not familiar with the city. But in half the cases, the researchers indicated that their employers would be reimbursing them for the journey. The researchers in the latter group were 17% more likely to be overcharged for their trip and paid a fare that was, on average, 7% higher.”

The verdict: a clear case of “second-degree moral hazard.”

Moral hazard has been a subject of various other posts here.  It is like conflicts of interest and behavioral ethics – the two principal topics in this blog – in that all reflect some type of impairment in ethical decision making. But, each obviously is different from the other; indeed, there is arguably a tension between behavioral ethics and moral hazard, in that the former can be seen as a partial repudiation of the notion of homo economicus (humans as highly rational economic actors) whereas the latter suggests we have not gone far enough to understand how that semi-mythical creature really operates, as further discussed here.

All three frameworks are important in understanding risks.  But, at least in compliance and ethics circles, moral hazard has gotten less attention than have its two related types of impairment, which was why I was happy to see this article.

The taxi overcharging study indeed  seems to be an important contribution to the moral hazard field (although I hasten to add  that I’m relying here entirely on The Economist summary of it). Just as Samuel Johnson once said that a certain individual was not only dull but the cause of dullness in others, so this study has shown that moral hazard can be the cause of unethical action by others beyond the obvious subjects. That is useful knowledge because it helps demonstrate – at least in a general way – the power of moral hazard.

Does this have any practical implications for compliance & ethics programs? Maybe it does in the area of risk assessment, but for the most part, probably not.

Thinking more broadly, however, moral hazard imperils our ability to deal with climate change, debt and various other threats where future generations will bear the consequences of present-day decision making. And, understanding moral hazard – as well as COI and behavioral ethics – can help E&C professionals and others contribute to the crucial dialogue  on those challenges.

What is the opposite of right?

In one of my all-time favorite Doonesbury strips, convicted financier Phil Slackmeyer is asked by a prison minister, as part of ethics training: “What is the opposite of wrong?” His response: “Poor.”

But I wouldn’t say the opposite of right is “rich.” More often, it is “rushed.”

The connection between being rushed and being wrong was powerfully established in a famous experiment conducted in the 1970s, in which seminarians on their way to an appointment for which they were operating under different degrees of supposed time urgency were confronted by an individual seemingly in distress. As described here: “Researchers were interested in determining if their imposed time pressure affected the seminarians’ response to a distressed stranger. Remarkably, only 10% of the students in the high-hurry situation stopped to help the victim. 45% of the students in the intermediate-hurry and 63% of the students in the low-hurry situations helped the victim.”

The notion of rushing a decision to override ethical considerations will be familiar to both  C&E officers and criminal lawyers. It is also part of the realm of political decision making, as is currently being illustrated by the attempt in Congress to push through the passage of health care law revisions so hurriedly that there is no time to consider the impact of these on the well-being of millions of men, women and children.

As citizens, we should resist attempts to rush through legislation that hinders ethical consideration in the way that being in the “high hurry” category did for the seminarians. And as C&E professionals, we should understand and seek to address rush as a form of risk.

Among other things, this entails:

– taking rushed conditions into account when constructing and implementing risk assessments;

– addressing in training and other communications the ethical peril of hurried decision making; and

– attempting to build due deliberation into key decision making structures – which can often be done by making the decisions group, as opposed to individual, matters.

Finally, companies should make sure the C&E officer has a “seat at the table” for important business decisions, from which – to shift metaphors mid-sentence – she can serve as a “brakeman” for situations where ethical considerations are likely to collide with the supposed urgency of the moment.

Recusal on my mind

In a classic Doonesbury strip, an ill-informed character – upon learning that a government official had recused himself from involvement in a particular matter – exclaimed, “Oh, gross!” While most readers of this blog will presumably have a more positive view of recusals than is implied by this (fictional) reaction, the decision this past week by Attorney General Jeff Sessions to recuse himself from any investigation relating to the Trump campaign’s connection with the Russian government provides an opportunity to offer some quick thoughts about this somewhat rarely used form of COI mitigation.

To begin, one must be alert to the danger of a phony recusal. Such a ploy is at the center of one of the plot lines in the Showtime series Billions (I’m a big fan), in which a prosecutor purportedly recuses himself regarding an investigation of his wife’s employer but still secretly calls the shots in that matter.  And a real-life example was reported on several years ago in the NYTimes, and summarized in this blog: “a Port Authority matter came before the chair [of that organization] in which a client of [the chair’s law] firm had a clear interest and, while the chair apparently recused himself from voting on the matter, according to sources in the Times story, he evidently still ‘made his support for the plan [at issue] known to his fellow commissioners and was involved in planning’ relating to the matter.” In short, recusal is a promise – not a condition, and attention must be paid to ensure the promise is kept.

A different issue is what the standard for recusal should be. Fairly obvious are situations where the conduct of the individual is within the scope of the investigation or where the interests of a close friend or family member could be impacted by the inquiry. Both of these would present clear-cut conflicts of interest. But a more nuanced view of the impediments to ethical decision-making would also include situations involving the potential for “motivated blindness,” a key behavioral ethics concept which is discussed in this earlier post.

Of course, the ramifications of applying such a standard are potentially broad. But, unlike various other COI mitigation measures, recusals are typically not costly or disruptive. Indeed, the act of recusal should be seen as making a positive general statement  about the ethical standards of the individuals and organization(s) involved – as well as providing a teachable moment regarding motivated blindness,

A final point, which is that behavioral ethics research has also shown – somewhat paradoxically – that an individual’s disclosing a COI can free  her to make a conflict-driven decision that would not be made if the COI hadn’t been disclosed, as discussed here.  While the research didn’t involve the investigative context, it still suggests a possibly underappreciated danger in forgoing recusal once the issue has been raised.

This research also suggests that those presented with a conflict involving a possible decision maker on a matter might need support in persuading such individual to recuse herself. For this reason it may be useful for organizations that have not already done so to draft a written investigations policy that addresses recusals (among other things).  Such a policy (and related training) can help ensure that a recusal request – should the issue ever arise –  isn’t seen as “gross.”

When NOT lobbying suggests a conflict of interest

“It could probably be shown by facts and figures that there is no distinctly native American criminal class except Congress,” Mark Twain famously wrote. Providing some of those facts and figures, Aaron D. Hill, Jason W. Ridge and Amy Ingram – in an article published yesterday in the Harvard Business Review – describe a growing conflict-of-interest problem in the US Congress, an important topic that these days is largely overshadowed by the COIs involving the President.

The authors set the stage by showing that there is now widespread ownership of stock by members of Congress: “the average S&P 500 firm in [their]  sample has about seven members of Congress holding its stock. Some companies have closer to 100 members holding stock, and many firms have 50 or more in a given year.” They next show that “firms where a greater percentage of lawmakers invest have significantly higher performance in the subsequent year — with each percentage of congressional membership owning stock worth about a 1% improvement in” return on assets. “This suggests  that politicians may be privy to nonpublic information about future regulatory or legislative actions that may prove helpful to these companies. It’s also possible that members of Congress use their influence to benefit the firms in which they invest. This finding dovetails with prior research that shows members of the House and Senate generate abnormally higher returns on their investments.”

Hmmm. Perhaps just a coincidence. (As Twain once noted in a different context: “What a delightful thing a coincidence is.”) But wait, there is more.

The authors also show that “firms are taking note of congressional investments in a couple of ways … paying close attention to public disclosure laws that require members of Congress to report their stock holdings annually… [and] also hiring private companies that specialize in a unique business: identifying who owns firms’ stock (among other political intelligence activities). Firms can use information about which members of Congress own their stock to minimize the intensity of their lobbying activity,… [b]ecause owning stock aligns the interests of the firms with those of their stock-holding lawmakers …companies that have congressional stockholders no longer need to spend as much money on lobbying to influence opinion.” One example of this:  a “nearly three-quarter increase in members of Congress who held Apple stock from 2007 (22 people) to 2008 (38) was followed by a nearly 50% reduction in lobbying intensity the following year (2009).”

This is one of the most interesting use of facts and figures to show COIs that I’ve seen in a long time. Indeed, I think that, as a general matter,  more needs to be done to understand not only the incentives that COIs can create but also the disincentives, as discussed in this recent post.

And, there is more still to what Hill,  Ridge and Ingram have to say about Congressional COIs – both their consequences and also mitigation approaches. But for that you’ll need to read the original article, which I hope you’ll do.


Compliance in the service of ethics

Years ago, I was hired to conduct a C&E training “needs analysis” for an investment bank, and ran into an interesting problem with the ethics side of the project: my client contact explained that if I did identify any actual ethics issue at the bank, a new compliance policy would immediately be issued to address it. While I understood the logic of this approach (particularly in the financial services arena, given the degree and impact of regulation there), it certainly didn’t leave much breathing room for an ethics perspective. Since then, I’ve been fascinated by the connections (or lack thereof) between compliance and ethics – and the opportunities often presented to have one help elevate the other.

In a recent article in the Harvard Business Review,  Christopher McLaverty and Annie McKee make a number of important suggestions on “What You Can Do to Improve Ethics at Your Company.” They note that research by McLaverty  shows that “in contrast to what corporate compliance officers would like us to believe, their organizations’ codes of conduct and ethics training wasn’t particularly helpful when it came to managing ethical dilemmas.”

I completely agree that in many business organizations C&E  codes and training often don’t help employees resolve the sort of ethical dilemmas they are likely to face. I concur, too, with the authors’ various suggestions for gauging the ethical well-being of a company and with the finding from McLaverty’s study that “the most useful resource that leaders have when faced with an ethical dilemma is their own personal network. This provides an informal sounding board and can highlight options and choices that the leader may not have considered.”

But I do think more should be said on behalf of the role that compliance can have in promoting ethics in organizations.  A different way to look at the issue is how being exposed to the full range of C&E program measures at a company over the course of years can be helpful preparation for the moment when an ethics-related quandary  is presented.

From my perspective, codes and training aren’t the main story here, and never have been. They are, after all, mere preaching. More likely to be impactful are such measures as risk assessment, monitoring, auditing, use of metrics and various other accountability-related practices and procedures  – at least, when these are done in a serious, results-oriented way.

But what do they have to do with ethics? While each is a  traditional compliance activity, they can also be seen as part of a broader commitment to doing what is right – particularly by the many members of the workforce who don’t distinguish between C and E.  And, I believe that the beneficial habits of mind – i.e., “inner controls” – that should, over time, come with being in a company with a strong approach to  compliance can help lift a company’s ethics performance, including preparing managers for dealing with an ethics issue that is not addressed in the training or code.

I should emphasize that I’m not suggesting that every true ethical quandary is easier to resolve by those who work in companies with rigorous C&E programs. “Right versus right” dilemmas, in particular, may be outside the scope of what I’m describing. However,  there are doubtless many other sorts of workplace ethical challenges – particularly having to do with summoning the will, not finding the way – for which having a well-engrained habit of doing what is right could make a real difference.

A final thought: if what I’m saying is true it should work both ways. That is, a well-engrained habit of acting ethically should make compliance stronger in companies and individuals.