Conflict of Interest Blog

Handling undue pressure: the role of the compliance and ethics office

One of the most important business ethics experiments ever took place in the early 1970s in Princeton NJ.  In it, interview subjects were asked to travel from one place to another, but some were told that they had to hurry and others were not told this. Along the way, all saw an individual in apparent distress. Individuals put under time pressure were about six times more likely to engage in unethical conduct (not helping the individual in distress) than were those not under such pressure.

This was an incredible result. It – along with other subsequent behavioral ethics experiments – has led to an understanding of wrongdoing that places greater emphasis on the situation facing an individual and less on that individual’s character.  This, in turn, helps make the case for strong C&E efforts.

Turning from the world of research to that of the courtroom and prosecutors’ offices,  the corrupting influence of high-pressure is an oft-told tale. In recent years the most prominent case of this sort involved Wells Fargo, where a toxic corporate culture pressured many employees to engage in serious legal and ethical transgressions.

So, what is to be done about this potentially perilous risk?

At the outset, I note that C&E programs are not expected to eliminate all pressure to perform. That would be impossible and indeed undesirable.  But what a C&E officer can and should do is to mitigate undue pressure.

One part of such an effort is risk assessment. Based on a variety of factors – both internal (e.g., employee surveys) and external market conditions (e.g., hyper competitiveness) – the risks of undue pressure can be identified.

Of course, the fact that risky conditions exist at one company does not necessarily mean that they also exist at a competitor. But it can suggest a line of inquiry both as to risk and to the efficacy of mitigation that should be explored.

Another approach is having the managers’ duties section of the code of conduct address the issue of avoiding undue pressure. That is, the code and related documents (policies, charters, among other things) should spell out that a manager is responsible for addressing pressure that might lead their subordinates to cross a legal or ethical line.

Yet another available measure is having the CEO speak at an all-company or other major event about the need to avoid undue pressure  – particularly at key times (such as near the end of a financial reporting period). One should also cascade the message down through the ranks of management (both operations and staff).

In a related vein one might develop pressure-related scenarios for use in training and other communications.  This would seem to be an obvious compliance measure, but my belief is that too few companies go this route.

Less obvious still, one should consider including undue pressure in audits.  By this I mean that some audit interviews should seek to determine whether pressure at the company is unduly risky. Note that I am not suggesting that this be an extensive effort.  A single question asked of individuals in high-risk positions (e.g., sales) and locations should be sufficient in many audits.

Investigations and discipline have a key role in this aspect of compliance.  Both in how one conducts an investigation and in related discipline one should make sure that those responsible for undue pressure are held accountable. One practical measure to ensure that this happens is to speak to this issue in the company’s investigations manual.

One should, as well,  consider addressing the issue in performance evaluations. By this I mean including in evaluations the extent to which a manager projects undue pressure onto their subordinates – or shields them from it.

Finally, one should ensure the board of directors (typically via the audit committee) is alert to undue pressure risks. They have the ultimate power in a company to mitigate those risks.

Of course, not every company needs to do all of these. And some will address the issue of undue pressure in other ways.  But all should be actively engaged on this risky area.

A free podcast on the history and future of compliance

from SCCE Here is an introduction from SCCE’s Adam Turteltaub:

For most of us, it’s hard to imagine a time before the US Federal sentencing Guidelines came into being and set the direction for compliance and ethics programs.

Jeff Kaplan, partner at the law firm Kaplan & Walker and longtime compliance leader remembers those pre-Guidelines times and in this podcast we discuss the changes that have come, didn’t happen and may yet occur with compliance programs.

Even after thirty years he reports that, in many ways, we are still getting started. While many organizations have developed robust compliance programs, a large number are still at the starting gate. In addition, many business people, particularly in management, tend to think of compliance as something less than sales, marketing or other departments, and not worthy of the investment.

A related challenge is what he called the “mission accomplished phenomenon”, which he defines as a tendency to see compliance as an event rather than an ongoing program.

Still, he sees the glass as something more than half filled and creating new challenges. For more developed programs, he believes, now is the time to maintain a sense of urgency and improve performance.

Click here to listen to the pod cast.

The third rail in American compliance

An article by Rebecca Walker and me in Compliance and Ethics Professional  on when and how a chief ethics and compliance officer should report to the general counsel.

We hope you find it useful.

Loyalty as an ethics risk

Movie mogul Samuel Goldwyn famously said: “I’ll take fifty percent efficiency to get one hundred percent loyalty.”  But too much loyalty can be bad for reasons that go beyond inefficiency, as shown by ex-President Trump’s call for then FBI director Comey to be loyal to him personally. On the other hand, a world with too little loyalty could be highly dysfunctional and even hellish.

In a piece in Forbes several years ago Rob Asgar made the following important  points  (among others) about loyalty:

The “loyalty bind,” as some psychologists call it, keeps the members of an organization from being able to see tumors metastasizing in their midst. It’s what leads to scandals and cover-ups in churches, city halls, companies and ideological movements.

The challenge is to move organizations away from the notion of loyalty to persons and toward the notion of loyalty toward first principles. These principles include transparency, integrity, accountability and a constant readiness to reform in whatever way necessary—no matter whose personal interests may be affected. This isn’t easy, because humans are tribal—we evolved to be in the society of other humans and to instinctively sacrifice our own safety in order to defend them against outside threats. The notion of defending shared principles came later, and it still hasn’t taken root fully. 

The point about humans being tribal is, of course, key.  When behavior is truly instinctive it is hard (and sometimes impossible) to prevent/modify.

C&E practitioners have, of course, long looked for ways to do just that.  Sometimes this involves appealing to shared values, as noted above.  But it can also entail  drawing on loyalty to other persons.

For instance, years ago I helped to develop a short C&E training video that sought to evoke feelings of a “larger loyalty” by showing the faces of colleagues laid off in the wake of an accounting scandal that could have been, but wasn’t, stopped in the early stages by a potential whistleblower.  Another video focused on the harm to the wrongdoer’s family members when he went to jail for his crime against the company.

In addition to training, other forms of communication should be used to address the downsides of misdirected loyalty. Among other things, senior officials at the company. (particularly the CEO) should speak to it in town halls and/or emails to all employees.

Risk assessment also has a role to play in addressing loyalty-related risks. In  Ethics for Adversaries,    Arthur Isak Applbaum describes how many of the adversary systems with which we live – law, politics, and others – seem to license wrongdoing that would not be countenanced if done in other settings.  As he notes, “[A]dversaries act for by acting against,” and this leads to a purported “division of moral labor” – with the expectation that some sort of equilibrium will arise therefrom.   But, he says, acts that ordinarily would be morally forbidden – such as deception – should not be considered permissible merely because they are performed in a political or professional role.  

Finally, audit has a role to play too. Among other things, it can focus audits on a company’s facility that has been managed for a long time by a particular executive.

Compliance officers as “ministers for the future.”

In The Ministry for the Future   science fiction writer Kim Stanley Robinson draws a truly harrowing picture of the cataclysmic harm that climate change could inflict on our planet in the not-so-distant future.

His tale is also about how a newly conceived UN ministry might try to save the day.  The ministry is tasked with advocating “for the world’s future generations of citizens, whose rights, as defined in the Universal Declaration of Human Rights, are as valid as our own…”

Might compliance and ethics (C&E) officers play a part in advocating for the future?

At the outset, I should stress that I’m not arguing that C&E officers in companies and other otherizations should become professional futurologists.  That would be impractical and undesirable for various reasons.

But there is a role for C&E officers to ensure that their company advocates for future generations.  That role begins with consideration of moral hazard.

Notwithstanding its name, the concept of moral hazard originally had little to do with morality. Rather, it referred to the phenomenon that providing insurance tended to promote risky behavior by insured parties. Subsequently, moral hazard has been applied to a wide range of circumstances where incentives encourage unduly risky conduct by shifting the impact of a bad decision to a party other than the decision-maker.  Much of the debate over COVID-19 has involved moral hazard issues.

Moral hazard is not the same as conflicts of interest (COIs) or corruption. COIs and corruption generally require a breach of a duty of loyalty, whereas moral hazard does not. But they all involve conflicting interests having an adverse effect on ethical decision making and are close enough to each other to be considered “cousins.”

Of course, the “mother of all” moral hazards is climate change.  Additionally, the field of Environmental Social and Corporate Governance is built, in part, on moral hazard considerations.

But there are many other situations where the future generations need to be protected. And advocating for such interests is a good role for C&E officers, in part because of their experience in dealing with COI and corruption.

For this reason, it makes sense to consider that the C&E officer’s role regarding the rights of future generations could be to:

– Identify the types or activities at their organization that could cause significant harm to future generations (i.e., a form of risk assessment). This is a function both of the inherent riskiness of the activities in question and also the lack of advocacy for future generations.

– Identify or propose appropriate mitigation measures. This would include some degree of setting standards and delivering training/communications, among other things.

– Report to appropriate parties in the company on the measures taken and to be taken.

This is, needless to say, very general and addressing the needs of the future effectively would mean different things for different organizations. But hopefully it is a nudge the right direction.

Behavioral Ethics and Whistleblowing

In A Behavioral Economics Perspective on Compliance, https://research-portal.uea.ac.uk/en/publications/a-behavioural-economics-perspective-on-compliance Shahryar Banuri (University of East Anglia) “reviews the behavioural economics perspective on compliance with rules (broadly) and with whistle-blowing and antitrust compliance (more specifically) culminating in a series of recommendations for organizations seeking to improve compliance and detection of potential infringements of the law. [He focuses] on four main points:
“First, is the importance of voluntary compliance (as opposed to enforced compliance). This is important because it carries a broader set of actions than enforced compliance (which typically pertains to behaviour that is observable). Highlighting non-pecuniary rewards, such as benefits to society, reputational gains, and career impacts, are critical.”
The point about career impacts is particularly noteworthy. Too few business people fully grasp what a violation or, conversely, good deed, can do to one’s career. Making up this knowledge gap should be part of a C&E officer’s remit.
“”Second, is the importance of perceptions and beliefs. Focusing on whistleblower protections and correcting beliefs regarding the risks (and potential losses) associated with reporting are critical.”
This too is quite important, and I believe should be the focus of all C&E programs – meaning continuous education around these issues through training and communication. Among other things, using accounts of real events can lead to better understanding of what the risks really are.
“Third, beliefs are typically the result of social norms: shared expectations of behaviour. Collecting information on norms and correcting misperceptions is an important way to increase compliance.”
The analysis is similar to that concerning and correcting employee beliefs. But I would also add that risk/culture assessments can be used for these purposes.
“Fourth, selecting the right workers: Selecting workers with strong preferences for compliance (those that are more pro-socially motivated) allows for increases in compliance without the need of strong monetary incentives.”
The importance of this goes beyond whistleblower protection – and indeed as the subject of last week’s post

Ethics questions in employment interviews

In some companies hiring interviews include a C&E component. A typical question of this sort is to ask the interviewee to describe a C&E challenge that she faced and how she addressed it.  Of  course, in doing this the questioner should make it clear that she is not asking for confidential information about any other company. Another approach is to present the interviewee with a hypothetical ethics quandary and to ask how she would deal with it.

This practice has several benefits:

– It helps the employer determine whether ethics is a strength or weakness for the candidate, which could impact the decision of whether to hire her.

– It sends a message to employment candidates that C&E is important to the company, which hopefully they will remember if they get the job.

– It sends a message within the company generally – and particularly to those who conduct interviews  – that C&E is important to the company. ,.

In my view this is a good practice. I also believe it should be a two-way street, meaning employees should also ask questions of their prospective employers.

This might be a question about the C&E program generally: Is it strong?  Is the tone at the top healthy?  Or, how does the workforce generally view C&E?

Another approach is to ask about risks of misconduct in the company’s industry.  Even where a company seems ethical, one might want to do extra due diligence if  the company’s competitors as well as others with whom they deal (customers, suppliers and others)  are routinely engaging in corrupt dealings.

Also, note that that the questions – whether posed by the candidate or employer – should vary by position, at least for higher-ups.  Certainly this would be true with interviews of board members, and maybe others near “the top.”

Finally,  there are many other topics the candidates might ask about but one should not be seen as conducting an investigation. A balance should be struck.

 

 

 

Auditing the auditors

My latest column in Compliance & Ethics Professional.

I hope you find it useful.

Effective communications: notes from the field

The area of other C&E communications (meaning other than training) covers a lot of ground. It is also utterly indispensable to  C&E.

Certainly it matters to the Department of Justice (the DOJ).  Notably, in 2012 DOJ declined to prosecute a prominent investment bank for FCPA violations due, in part, to the strong anti-corruption communications plan the bank had put in place prior to the offense at issue. And, in the 2020 C&E program evaluation standards DOJ emphasized the importance of communications.

Given how vast this territory is  I can’t catalogue all the good (and not-so-good) practices from my 30 years in the field.  But hopefully some of these “field notes” will be useful to practitioners, particularly those who are new to C&E.

Governance

For many reasons it may be important to have a C&E communications committee. Such a committee can help both in keeping the communications current and in disseminating them.     A typical approach regarding membership would be to have the committee co-chaired by the CECO and a high-ranking person in HR – with others as associate members or just as-needed attendees.

Communications plans

Companies should have written compliance communications plans. Such a plan typically covers anywhere from one year to three years, with longer being generally better for various reasons.

Such a plan will typically list by month the communications to be delivered; who is to receive the communication – by position, location, etc.; who is in charge of preparing/acquiring  and delivering the communication; and any other pertinent requirements or impediments (such as the need for translations).

Types of communication

One of the most common forms of communication is to have a senior manager speak to employees at a town hall or other meeting about the importance of C&E to the company. When done right this can be a very effective way of setting the “tone at the top.”  And, when “cascaded” downward – i.e., where managers deliver the message to their subordinates,  – it can be a highly effective means of communication.

Another form of C&E communication is sending an email to all or some employees. This can come from senior managers or compliance personnel. The former have the advantage of “clout,” which is obviously important.  The advantage of the latter is that it can serve as a reminder about the availability of the C&E department, which some employees tend to forget.

Other vehicles for C&E communications include newsletters, intranet sites, internal TV networks, posters and  computer screens that can be locked where an employee has not taken their required training.

Finally, companies should consider requiring that all meetings begin with an “ethics moment.”  These can be combined with “safety moments,” where applicable.

Strategies

For some topics a single communication is not enough. For those instances one should design and deploy a C&E marketing campaign.

Another approach is to package key company documents (such as the code of conduct and the speak-up policy) for distribution to managers as a C&E “toolkit.”

Timing

Companies should consider deploying “just-in-time” communications, issuing relevant communications at the “point of risk.”  See this post  

Metrics and self assessment

A prevalent form of metric of communications is the frequency of receipt of communications by employees (i.e., the number of views of a compliance article, newsletter, etc.)  A related metric is the number of reports to the concerns line after a speak-up communications campaign.

Also worth considering is surveying employees on what type of company communications they think are most helpful in promoting compliance. This sort of effort may become more important with the passage of time, as “compliance fatigue” sets in.

Like I said, not close to being an exhaustive exploration of this vast topic. But hopefully helpful.

 

Behavioral ethics and “middle-aged” compliance programs

In my latest column in the FCPA Blog  I consider  how behavioral ethics can re-energize “middle-aged” compliance programs.

I hope you find it useful.