Uncategorized

The oldest conflict

Many years ago a client being vetted for a high-ranking post asked me if a question about prior ethical violations required him to disclose a long since concluded extramarital affair. I replied that this seemed beyond the scope of the question, and I would give the same answer if asked today. But a recent paper suggests a different way of looking at this area.

In “Personal infidelity and professional conduct in 4 settings”,  John M. Griffin and Samuel Kruger, both of the McCombs School of Business, University of Texas at Austin, and Gonzalo Maturana of the Goizueta Business School, Emory University: “study the connection between personal and professional behavior by introducing usage of a marital infidelity website as a measure of personal conduct. Police officers and financial advisors who use the infidelity website are significantly more likely to engage in professional misconduct. Results are similar for US Securities and Exchange Commission (SEC) defendants accused of white-collar crimes, and companies with chief executive officers (CEOs) or chief financial officers (CFOs) who use the website are more than twice as likely to engage in corporate misconduct. The relation is not explained by a wide range of regional, firm, executive and cultural variables. These findings suggest that personal and workplace behavior are closely related.”

The ramifications of these findings indeed  seem significant. Included is the negative implication for behavioral ethics: “our findings suggest that personal and professional lives are connected and cut against the common view that ethics are predominantly situational. This supports the classical view that virtues such as honesty and integrity influence a person’s thoughts and actions across diverse contexts and has potentially important implications for corporate recruiting and codes of conduct. A possible implication of our findings is that the recent focus on eliminating sexual misconduct in the workplace may have the auxiliary effect of reducing fraudulent workplace activity.”

For more on the connection between personal and professional ethics see this prior post.

Conflict of interest expertise

Here is my latest column for Compliance & Ethics Professional.

I hope you find it interesting..

Conflicts of interest: getting it wrong

In the nearly ten years that I have published this blog I have noted various studies and other sources of insight into the issue of whether individuals and organizations truly understand the negative impact flowing from disclosed COIs. See posts collected here.  (The latest contribution to this area is Bias in expert product reviews by Ben Vollaard of Tilburg University and Jan C. Van Ours of Erasmus University Rotterdamhttps:/ “Our findings suggest that reviewers’ ad hoc relationships with producers, often dismissed as `coming with the job’, can be very harmful.”)  https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3847682  

C&E professionals need to be aware of this body of knowledge, at least in a general way, as it can help enhance compliance efforts, including those involved in risk assessment and training,  This is particularly so at a high level in a company.

Finally, consider using the recent story in compliance communications within your company: “131 federal judges failed to recuse themselves from cases in which they had financial interest:” If dealing with COIs is difficult for judges, that underscores the need for others to make an extra effort to make sure they are doing so in compliance with applicable law and ethical standards.

 

Making the most of your risk assessment (part 2)

Here is a just-published post on risk assessment from the FCPA Blog.

I hope you find it useful..

 

Combining COI program and risk assessments

COI risk assessments and program assessments are two different things. But they can overlap to some degree and so it makes sense to consider how/how much they should fit under “one roof.” This is particularly so when both procedures are based principally on employee interviews, with some danger of duplication.

Beyond this, any risk assessment needs to consider the efficacy of mitigation (i.e., a program assessment component) and any program assessment need to take into account various risk factors. So, in determining how/how much the two processes can be combined, it makes sense to start with an analysis of a company’s need for specific information regarding each.

Risk assessments

Conflicts of interest have long been seen as an area of significant risk. But that does not always translate into the conduct of meaningful risk assessments.

Part of the reason for this disconnect is a widespread belief that COI risks are already well known. Certainly every C&E professional knows that the major types of COI for most business organizations involve employees a) having financial ties to competitors and third parties that do or seek to do business with the organization, and b) hiring family and friends into the organization. Similarly, the basics of the other two major COI categories – organizational and gatekeeper COIs – are generally understood by C&E professionals working in fields where risks of such conflicts are significant.

But understanding the general risks regarding COI may not be enough to generate the type of information that an effective risk assessment process requires, which is information that will help design or modify all the risk-sensitive elements of a program to mitigate COIs. These are policies, training  and other communications,  auditing and accountability. (Note the other main program elements – e.g., helplines, investigations,  incentives, discipline  – are obviously important too, but tend not to vary by risk area.)

Each assessment will vary in substance. But here are some areas of inquiry that may be useful to companies just starting out.

– Any relevant COI history at the organization – violations, near misses and inquiries.

– Any relevant COI history at competitors or otherwise comparable organizations, to the extent known.

– Same inquiry regarding customers, suppliers and other third parties with which one does business.

– COI standards that are not fully understood or appreciated.

– Weakness in “inner controls” (where – due to factors described in behavioral ethics research – moral constraints against wrongdoing are of diminished efficacy).

– Instances or prospects of prosocial COIs (“right v. right” risks).

– Industry-related risks.

– Cultural-related factors.

– Efficacy of process controls (particularly around COI disclosure/approval regimes).  This is an area where the  overlap between the two types of assessment is particularly strong.

Note that in some instances the inquiry can be done on an enterprise-wide basis but for others it should be granular (e.g., region, business line, function) too.

Program assessments

C&E program assessments sometimes have a general scope and sometimes are focused on a single substantive risk area – such as corruption or competition law. (Still others have elements of both approaches, i.e., general assessments and deep dives.)

For some companies it makes sense to do such a targeted/deep dive assessment for conflicts of interests. This is particularly so for those responding to a significant COI violation or “near miss,” but it is also the case where the likelihood of COI risks is heightened due to geographic, organizational or industry cultural considerations.

More generally, what does one look for in a COI program assessment? Hopefully, the following questions/comments could be helpful to some organizations seeking to determine whether/how to go down this road – and if so, how far.

– Risk Assessment. Has the company assessed COI risk? If so, has it done so in a documented way? Has it used the results of the assessment(s) in designing and implementing other aspects of the COI program? Beyond this, does the company have a good sense of its areas of jeopardy from what might be called “the risk assessment of everyday life”?

– Governance. Have the respective COI oversight roles of the board of directors and senior management been formalized? Do they receive appropriate reports of COI program activity? Are there sufficient escalation provisions regarding COIs?

– Culture. Are COI rules truly followed or are there double standards? What is the sense of “organizational justice” vis a vis COIs? Same question re: the “tone at the top.” Do employees – particularly senior ones –  understand the harm that COIs could cause the company?

– Policies. Presumably nearly every business organization has a COI provision in its code of conduct. But there are also many that need but do not have a standalone policy as well. Is your company in this category? Also, is your COI policy well known and readily accessible? Is it reviewed periodically by the C&E officer?

– Procedures. Are disclosure and related COI procedures clear, easy to use and well known? Do those tasked with reviewing COIs have enough knowledge and independence for the job? Are the reviews sufficiently documented?

– Training/other communication. Is there enough training given relevant COI risks (which tend to be high for senior managers/board members and in certain functions, like procurement)? Is training reinforced through other communications, particularly from senior managers?  Does the training/other communication use the learning from “actual cases”?

– Auditing and monitoring. Are the COI disclosure practice and other aspects of the program audited? Same question for monitoring (e.g., conditionally approved COIs).

– Responding to allegations/request for guidance. Do employees feel comfortable seeking guidance on possible COIs? Are investigations truly independent? Are violations of the COI policy treated with sufficient seriousness? Does the company conduct a “lessons learned” analysis of significant COI failures?

Of course, there is much more that could be included in a COI program assessment (and I encourage you to browse the blog for ideas in this regard). But hopefully the above will be a useful foundation for starting.

The same point should be made with respect to risk assessments – what I have provided above is a starter list – not the last word.

The Spirit of Liberty – and Ethics

Learned Hand – considered by many to be the greatest of all US judges – once famously said:  “The spirit of liberty is the spirit which is not too sure that it is right.”   This is a spirit which sadly seems as distant from us today as it ever has been before.

Of course, Hand’s primary concern was the realm of politics/governance, not business ethics. But, as discussed in prior posts the various spheres in which ethics operates – not just political and business, but also personal –  can overlap with and support each other, at least to some degree. They can also undercut each other, when not done right.

I believe that – at least for some companies – humility should be a core value.  (I do see it at some companies, but not many.) As noted in an earlier post:

First, humility is a logical and arguably inevitable response to the vast body of behavioral ethics research showing “we are not as ethical as we think.”  Thinking and acting with humility is indeed a way of operationalizing behavioral ethics. (For a list of behavioral ethics and compliance posts click here l

Second, humility is well suited for addressing ethical challenges that are based not on the purposeful failure to be honest but on the less well-appreciated dangers of being careless.  Recognizing the limits of one’s abilities – which is part of being humble –  should help underscore the need for carefulness.

Third, humility has the potential to resonate deeply in our political, as well as business, culture. By this I mean humility can help form part of a broader mutually supporting relationship between business ethics and ethics in other realms.

Finally, humility can support relationships of  trust. As described in a recent post, such relationships can be an essential foundation for prosperity in many ways.

Measuring compliance measurement

 

In a book chapter from the recently published Measuring Compliance: The Challenges in Assessing and Understanding the Interaction between Law and Organizational Misconduct,  Benjamin van Rooij,   University of California, Irvine School of Law, University of Amsterdam;, Faculty of Law; Melissa Rorie, University of Nevada, Las Vegas write:

“A major question in corporate compliance research and practice is how to establish the effectiveness of compliance programs and policies on promoting desirable outcomes. To assess such effectiveness requires proper measurement. This chapter, …, discusses the trade-offs involved in using different quantitative and qualitative approaches to measure corporate compliance and its predictors. It assesses the strengths and weaknesses of different research strategies in terms of their validity in capturing behavioral responses, their ability to establish causality, their precision in showing complexity, their generalizability, and their feasibility and cost-effectiveness.”

It would be impractical of me to try to summarize what is already a summary (and a dense one at that), but I thought readers might like to see the list of measurement methodologies that the authors address, as an enticement to download the chapter, which is free, or to buy the whole book   (Also note that some of these methodologies are aimed more at use by scholars than practitioners.)

– Self reported surveys

– Randomized experiments

– Corporate outcome data

– Risk analysis proxies

– Government audit data

– Aggregate outcome data

– Mixed methods-Systematic reviews and meta analysis

– Data simulation

I hope you find it useful!

Trust and the compliance officer’s remit

Trust has always played a vital role in developing and maintaining civilizations and other organized groups  – large and small  – of humans.  But it seems like trust in business is as important now as it has been before.

As described in the Harvard corporate governance blog by PwC’s Paul DeNicola: “Confidence in the institutions that form the bedrock of society is perilously low. Surveys show that many people have lost faith in government, the media, and the police, among other institutions. Meanwhile, corporations have emerged as leaders. They’re now the most trusted institution in the US according to the Edelman Trust Barometer. Maintaining this trust, and seizing the opportunities it presents, should be a priority for every company.”

Another important development in this area is the recent publication of “Why Trust Matters: An Economist’s Guide to the Ties That Bind Us” by Benjamin Ho of Vassar College .   In this very useful and enjoyable book he examines the economics and history of trust in a wide variety of settings  Further, he focuses on various aspects of trusting institutions that are known for expertise (a subject of particular relevance to the present) and how we can do more to trust one another  generally.

DeNicola suggests ways companies can indeed make trustworthiness a priority, focusing on corporate culture, human capital and social action.  To this I would add – to the extent it has not already been done – expanding the remit of the chief ethics and compliance officer (“CECO”) promoting trustworthiness at the organization.

Companies should consider including trust issues in the CECO’s job description, risk assessment, training/communications, personnel evaluations and board reporting.  These and other commonsense  measures can help strengthen a company’s trustworthiness.

 

 

The $5800 bottle of booze

According to recent media accounts The State Department is looking into the whereabouts of a $5,800 bottle of Japanese whiskey that was gifted to former Secretary of State Mike Pompeo, according to State Department filings in the federal register. The government of Japan gifted the whiskey to Pompeo in 2019, the document says. But it is unclear if Pompeo himself received the whiskey or if a staff  accepted it. Pompeo said Thursday that he never received the bottle of whiskey and that he had ‘no idea’” it was missing, nor what happened to the gift.”

Time will tell what happened here – or maybe not. My best guess is that he did get the bottle – for the presumably simple reason that none of his subordinates would want to risk hiding it from him.

In the meantime this is a good occasion  to revisit the  COI fraught area of gifts and entertainment.

Consider these two two items.

First, there is the issue of double standards.  I once asked students in an executive MBA ethics class if they thought that their employer organizations should have restrictive policies on gift receiving.  Nearly all said that such policies were unnecessary – as the students were certain that they would not be corrupted by receipt of gifts from suppliers or customers.  I then asked if the school should allow teachers to receive gifts and entertainment from students. As you can imagine, the response was very different.

Note that double standards aren’t always a bad thing. But they often are.

Second, there is the argument that the recipient wouldn’t sell himself for  relatively small amounts of money or goods  This issue was raised several years ago in a particularly grim way (as described in this article in MarketWatch) by a study which “found that both deaths from opioid overdose and opioid prescriptions rose in areas of the country where physicians received more opioid-related marketing from pharmaceutical companies, such as consulting fees and free meals,…”

Another study “showed that the receipt of a single industry-sponsored meal, with a mean value of less than $20, was associated with prescription of the promoted brand-name drug at significantly higher rates to Medicare beneficiaries.”

Note that while these studies took place in the life sciences area they are potentially relevant to promoting compliance in conflicts/gifts in industries of all kind.

Finally, a study by Julian Zlatev and Todd Rogers  contributed in a potentially important way to our knowledge of what makes giving gifts and providing entertainment effective    (Returnable Reciprocity: When Optional Gifts Increase Compliance, Harvard Faculty Research Working Paper Series  They found – somewhat surprisingly – that providing the recipient with an opportunity to return a gift increased the likelihood that she would respond positively to whatever the giver was seeking to have her do.

This is a phenomenon they call “returnable reciprocity” and it may work by triggering feelings of guilt in recipients who  have the opportunity to but do not return the gift.

None of this proves Pompeo’s guilt in the whiskey affair.  But it suggests that the affair might be seen as part of a larger tawdry picture.

 

Risk assessment and attorney-client privilege: when and how

My latest column in CEP.

I hope you find it useful.