Conflict of Interest Risk Assessments – Part 4: Capacities

Risk assessment is generally seen to be the most important – and often the most challenging – aspect of any compliance program, and for this reason we are exploring COI risk assessment in a six-part series in the Blog. The first two postings in this series addressed legal expectations regarding COI risk assessments and the C&E program uses to which information derived from a COI risk assessment should be put.   The third posting began the discussion of methodology by addressing one of three principal risk assessment dimensions – “reasons.”  In this posting, we examine the “capacities” dimension of COI risk assessment (and after this we’ll explore measuring the impact of COI risks).

“Capacities” – in the compliance risk analysis context – means a party’s ability to engage in harmful behavior.  In some industries, such capacities for harmful conflicts-based conduct are widespread.  An obvious example is the financial services industry.  Indeed, as noted several years ago by the SEC’s then Chief of Enforcement :  “Conflicts of interest are inherent in the financial services business. When you are paid to act as an intermediary, like a broker, or as another’s fiduciary, like an investment adviser, the groundwork for conflict between investment professional and customer is laid.”  More recently, and as described in a recent posting, there is a vast array of capacities for COIs in private equity firms that have been identified as of  possible concern to the Securities and Exchange Commission.  

Turning from client conflicts in the financial services field to internal ones in organizations of all kind, a key consideration for this aspect of risk assessment is the extent to which an individual exercises discretion over matters that could involve COIs.  Most obviously in this category are individuals in management or procurement positions.  But there are also many other, less obvious, functions that could have COI-risk creating capacities.

For instance, in a government contractor, HR could be seen as having the capacity to violate COI rules concerning hiring government personnel.  Or, in some companies, “corporate opportunities” will present real COI risks — e.g., particularly investment-related ones – for some employees (or agents) but not others.  (This type of COI – which will be the topic of future postings – refers to situations where as part of her work a director or employee identifies a business opportunity and takes advantage of it without making sure the employer has first had the opportunity to consider it.)  Similarly, for insider trading – which is partly COI-related – a capacities analysis would embrace the extent to which various individuals had access to material, non-public information from their employer.

Of course, a COI risk tends to be highest for individuals or functions where both “reasons” and “capacities” are significant, and in such instances companies should consider deploying a full range of C&E mitigation measures, e.g., targeted training, auditing and other controls.  The same is true with regard to COI risks for which only one of these dimensions is significant but the potential impact of a COI (to be addressed in the next post) is high.

.