Uncategorized

Point-of-risk compliance

Here is my latest column from C&E Professional – on  “point-of-risk compliance.”

I hope you find it useful.

E-book on compliance & ethics risk assessment

I am pleased that Corporate Compliance Insights has just published a revised and expanded edition of my e-book on risk assessment: Compliance & Ethics Risk Assessment: Concepts, Methods and New Directions.

You can get a free download here.

Risk assessment expectations under DOJ C&E program evaluation criteria

A column in Corporate Compliance Insights.

I hope you find it interesting.

Preventing investigative failures

It is too soon to know how history will judge the efficacy of the Mueller special counsel investigation. But there is no shortage of clear investigative failures in the private sector, such as in the Wells Fargo debacle.

In Complex Compliance Investigations – a soon-to-be-published article in the Columbia Law Review – Professor Veronica Root Martinez of Notre Dame Law School argues that many recent compliance failures “within organizations might have been avoided if more robust processes –  meaning the actions, practices, and routines that firms can employ to communicate and analyze information  – had been in place to ensure investigations were conducted in a manner that allowed the firm to analyze information from diverse areas within the firm.” She further notes: “The task of creating effective compliance programs has been made more challenging, however, by the shift from small, discrete organizations to complex ones. The challenge for complex organizations is, quite simply, more complicated than what’s faced by those with a smaller footprint and reach.”

She makes the following recommendations for addressing these challenges:

Track Similar Unlawful Behavior within the Firm. She suggests this because “[w]hen firms focus on policing and structural components of a compliance program, they sometimes focus too heavily on particular compliance areas, when they might otherwise benefit from assessing certain types of behavior.”

Engage in Consistent Compliance Assessments. Specifically, “Complex organizations could choose to develop formal, prospective processes in an effort to ensure that members throughout their organizations engage in similar investigative methods when misconduct is detected.”

Aggregate Potential Compliance Concerns. As she notes: “sometimes a seemingly innocuous or isolated event is actually an indication of a larger problem within the firm,…”

However, she also notes that: “ The promise of process is, however, limited in that for it to be effective it requires a firm to have (i) a strong organizational structure (ii) free from a corrupt culture.”

There is far more to Professor Martinez’s very fine article than I have space to address here. I encourage you to read all of it.

Additionally, for more information about making investigations effective please see this post in the Compliance Program Assessment Blog.

False allegations of conflicts of interest

Over the course of the nearly two years that Robert Mueller served as Special Counsel, President Trump complained that Mueller had conflicts of interest that should have prevented him from being  in that role. One of these concerned Mueller’s having supposedly been turned down for a job as Trump’s FBI chief. Another was based on Mueller’s former law firm  having done legal work  for certain Trump family members. A third alleged COI arose out of a purported dispute regarding a membership fee paid by Mueller at a Trump golf club.

The specifics of each are not particularly interesting. What is noteworthy is that – for legal or factual reasons – each of them is utterly without merit, as described in this piece from FactCheck.Org.

Making false accusations of conflicts of interest is not the worst thing that Trump has done as president. Indeed, probably is not  in the top 100.

But – at least from the perspective of this blog – such accusations are particularly pernicious as they can make it difficult for companies and individuals to identify and address genuine COIs.

I should stress that I am not suggesting that companies adopt “zero tolerance” for inaccurate reports of conflict of interest. Doing so would undoubtedly discourage reporting of accurate – as well as inaccurate – COIs pursuant to companies’ compliance & ethics programs.

But when a COI accusation is made not to protect an organization and/or individuals from unethical conduct but rather as part of a campaign of falsehoods being pursued for personal and political reasons that is another matter. As Oliver Wendell Holmes Jr. famously said: “Even a dog knows the difference between being kicked and being stumbled over.”

A webcast on effective COI compliance programs

https://www.pli.edu/programs/effective-conflict-of-interest-program

Rebecca Walker and I hope you can attend.

Designing compliance incentives

A new article from SCCE’s  Compliance & Ethics Professional on an always challenging area.

I hope you find it interesting.

Shifting Perspectives on COI in the Modern Workforce

An article by Rebecca Walker and me on the Navex Global website.

We hope you find it interesting.

“Just-in-time” risk assessment

In 1994 I spoke at a meeting of a company’s executives that took place shortly before the end of the company’s financial quarter, and in the same session the CEO made the point that the executives needed to be vigilant against any mischief designed to dress up the quarter. This was my first exposure to “just-in-time” training/communication. And although more companies time their compliance measures in this sort of way now than did then (mostly because there are more measures to time), it is an area where many organizations can and should up their respective games.

The basic idea of just-in-time communications (also sometimes called “point of risk” communications) – as described in this post – is that compliance communications are most likely to have the desired impact if delivered shortly before exposure to the risk in question. As noted in that post, this mechanism could be used to address a wide range of risks: “anti-corruption – before interactions with government officials and third-party intermediaries; competition law – before meetings with competitors (e.g., at trade association events); insider trading/Reg FD – during key transactions, before preparing earnings reports; protection of confidential information – when receiving such information from third parties pursuant to an NDA; … accuracy of sales/marketing – in connection with developing advertising, making pitches; and employment law – while conducting performance reviews…”

To his discussion I would like to add the notion of a just-in-time risk assessment.  Specifically, when conducting risk (or program) assessment interviews or surveys, compliance personnel should inquire a) for any given area or risk, whether there is a need for just-in-time training/communications; and b) if so, what the specifics of such training/communications should be.

Finally, the need to look for opportunities of this sort can be added to lists of managers’ C&E duties (e.g., those set forth in the code of conduct, training for new managers, and perhaps personnel evaluations). This will not only help companies develop more “just-in-time” communications but will raise the level of managers’ C&E knowledge and commitment generally.

Socialism and conflicts of interest

There was a time in my life when I might have embraced the cause of socialism, but that was many years ago and today I proudly march under the banner of centrism. And the current  flirtation with socialism in the US has me worried – at least a little bit.

My concern is not that the US will become a fully socialist country (already having been a partly socialist one for many years, mostly in a benign way). If that didn’t happen in the 1890’s and 1930’s it seems unlikely to happen now.

Rather, my worry is that the prospect of socialism could lead to a powerful counter push to the right.

What – if any – is the relevance of COIs to this prospect?

As I have argued in this blog on occasion, a strong and healthy approach to COIs can be immensely beneficial to many aspects of our society. Conversely, a world without such an approach could be one of “needlessly diminished lives, resources and opportunities.”   In such a society, the case for socialism can indeed be seen as compelling. If private parties don’t live up to their ethical duties then government will fill the vacuum.

A strong and healthy approach to COIs means, of course, enforcement of COI-related laws, rules and norms.  See, e.g., this recent piece  on underenforcement of the fiduciary duty of loyalty.

But more important than enforcement is having a broad view of COIs – one that takes into account the phenomenon of “moral hazard.” As noted in an earlier post, both in the areas of climate change and public debt the wellbeing of the young is being sacrificed to conflicting interests of others – with likely calamitous effects. And of course there are many other areas where intergenerational COIs pose grave  threats to our society.

Addressing this sort of COI will be a considerable task. But the alternative may be a political, economic and social order based on an extremist ideology.