Conflict of Interest Certifications

There’s one way to find out if a man is honest – ask him.  If he says, “Yes,” you know he is a crook.  Groucho Marx

There is, of course, something to this bit of Marxist logic. But, on balance, the benefits of “asking” in a C&E program can be considerable, and one asking-based tool that has existed for many years is the certification.

Should an organization require employees to execute on a periodic basis certifications regarding actual or apparent COIs?  If so, what should be the content of the certifications? And should an entire employee population receive them?

We will consider the first and third questions in this post and the other in the next post.

While not advisable for every entity, this type of process can, I believe, be useful for reminding employees (in a way that a terse general code of conduct certification  typically does not do) of the organization’s specific COI standards and requirements.  Certifications indeed often will surface  COIs that have not otherwise arisen through other C&E processes.  While they might elicit denials regarding  truly illicit behavior (Groucho’s thesis), that is less true of many other, less nefarious sorts of COIs.  As one  reader of the Blog wrote to us yesterday, “employees are often confused about  COIs and don’t think they have one when they do or at least when there is an  appearance of a possible conflict. [Certifications] seem to be a good way to help employees focus on specific activities that can present a conflict.”

However, certifications  are clearly not for everyone. Whether an organization should undertake this  sort of effort – which can require a substantial time commitment – depends on a variety of factors.  In effect, this is a form of risk assessment, which should typically include the following considerations:

Likelihood:  How likely is the process to uncover an  otherwise unidentified COI?  And, how likely is a certification to prevent an otherwise undeterred  COI?

Impact:  How harmful could such a COI be – meaning one that would likely be deterred or detected and addressed by the certification process but not other ways?

Other benefits:  Are there other high-risk activities (e.g.,“sensitive payments,” contacts with competitors) that should be added to a COI certification, and, if so, what does a likelihood and impact assessment of those topics add to the analysis?

Capacity:  Does your organization have the resources to follow-up on all “yes” answers or failures to respond?  (This is a deal breaker for many companies.)

Finally, this analysis should not necessarily be performed on an all-or-nothing basis.  Even if it does not make sense to require all employees to execute certifications – as, in my experience, is frequently the case – there may still reason to do so for managers and others in sensitive positions (e.g., procurement; “control” functions – such as law, finance, human resources and audit; and, in some organizations, sales).

To be continued…