Jeffrey M. Kaplan/ Kaplan & Walker LLP ECOA Annual Conference - October 2012

 Based on ◦ Nearly 30 years of dealing with COIs as a criminal lawyer and a C&E advisor ◦ More than a decade of teaching business ethics at NYU ◦ Ten months of writing for the COI Blog (More information/links to topics discussed today can be found at  Will look ◦ Briefly at why COIs matter so much, and at developments in law and social science ◦ Mostly at effective C&E program measures  For most topics, will ask: what do you do in your companies – and what seems to work?

 Often the most ◦ Pervasive C&E issue of substance in an organization ◦ Troubling kind to resolve, given  Their personal nature  No unified governing area of law  The link to C&E programs generally ◦ “Organizational justice”/overall program efficacy ◦ Can provide great occasions for general C&E awareness raising  Because easy to relate to issues  Question: have you seen organizational justice/COI issues at your companies?

 Where law and ethics meet ◦ Fiduciary relationships require more than “the morals of the marketplace” ◦ S-Ox COI provisions ◦ Can use to show connection between compliance and ethics  Link to other important risk areas: ◦ fraud ◦ corruption ◦ use of company resources ◦ insider trading

 Frequent, due to increasing multiplicities of roles/parties  Harmful, due to increasing complexity of many aspects of modern business life ◦ The more complex, the more we need to rely on trust  Harshly punished, due to increasing intolerance of corruption and fraud ◦ New focus on commercial bribery with UKBA

 The winner is ….Chesapeake Energy ◦ Issues  Corporate opportunities  Particular importance of monitoring at high level  Shows that some COIs might not be manageable  Impact of COIs in falling stock price ◦ Useful for training directors  More on this later

 Wal-Mart’s FCPA matter ◦ Shows how damaging COI in internal investigation can be  Cases showing courts’ low tolerance for COIs ◦ Goldman Sachs case # 1 - El Paso purchase ◦ Goldman Sachs case # 2 - False claims of ethicality can lead to legal liability ◦ Southern Copper Corporation case  Question: have there been any public COI cases that you have used for training at your companies?

 Don’t count on disclosure too much to mitigate COIs because of: ◦ “Moral licensing” ◦ Recipients often  don’t appreciate information, or  are reluctant to act on it ◦ Implications for C&E programs: institute strong requirements around approvals  Strength in numbers  More on this later  Generally: COI as a good entry point into emerging areas of “behavioral ethics”

 Studies involving dentists and lawyers  COIs and compensation committees – research from the UK  The revolving door research  Question: is behavioral ethics being applied at your companies?

 Misalignment of incentives with risks ◦ More attention to this since financial meltdown  Similar but potentially broader focus than COI one  Risk assessment implications – look closely at compensation  Monitoring implications  Question: is this on the radar screen of your company’s risk assessment? Otherwise?

 Not a stand-alone process for most companies ◦ Financial services and health care are different  Structure ◦ Reasons  Motivations  Misunderstandings ◦ Capacities  E.g., not just purchasing but HR (and law) ◦ Impact – emphasis on reputational ◦ Special issues involving third parties  Use in all aspects of program design/deployment

 Use in all aspects of program design/deployment ◦ Not just training/communications and auditing ◦ Focus on “local”/granular  The promise of “nano compliance”  This is not just COI-specific  Questions ◦ How is COI risk assessed in your companies? ◦ How is information used?

 Types of COIs ◦ Employment (of oneself or family members) with or consulting for an entity doing or seeking to do business with or competing against the company ◦ Holding a financial interest in such organizations ◦ Service on another entity’s board (of directors or advisors) ◦ Employment/supervision of relatives at the company ◦ Corporate opportunities ◦ Receiving/providing things of value (e.g., gifts, entertainment and travel) involving any person or entity doing or seeking to do business with the company ◦ Dealings with government officials

 Any other outside employment or consulting (i.e., regardless of whether it involves a competitor, supplier, etc.)  Gifts between employees  Other anti-corruption requirements – e.g., union officials  Charitable contributions ◦ By company ◦ Solicitations by employees  Purchases, sales or leases of property involving the company  Holding government office (presumably on a part- time basis)  Relationships with the company’s external auditors

 A practical suggestion: review prohibitions with key stakeholders before implementing ◦ Danger of unintended consequence ◦ E.g., case regarding holding shares of competitor stocks  Questions: ◦ What are key COI topics in your companies? ◦ What is your approach to certification?

 Threshold issue: who approves ◦ Benefits of staff (rather than line) approach  Expertise  Minimize adverse effects noted by behavioral ethics research  If allow supervisors to approve: ◦ Require that any approvals be in writing and sought before engaging in a conflict-based transactions ◦ Provide and publicize avenues for supervisors to ask questions of the C&E function when performing COI review

◦ Include the issue of COI reviews in supervisor training – or, if this is impractical, providing written guidance (e.g., FAQs) regarding such reviews ◦ Check on the supervisors’ actions in reviewing or approving COIs, such as through audits  Questions: ◦ How does your company review COIs? ◦ Is there anything about it you’d like to improve?

 Behavioral ethics research suggests one should exercise caution in permitting COIs subject to monitoring ◦ And if do, should be done by independent persons in the company, with relevant expertise ◦ Keeping track can be difficult  A potentially good role for technology  Questions: ◦ What has been your companies’ experience with this? ◦ Do you use technology? Has it helped?

 Not stand-alone, but part of general broad training.  Topics could include ◦ Personal COI risks, meaning conflicts involving the directors themselves., e.g.  “Corporate opportunities”  Using company confidential information for personal benefit – such as in insider trading (e.g., the allegation in the Gupta/Galleon case  Use of other resources (including company’s name, contacts and reputation)

 Understanding the need to monitor COIs of senior executives ◦ The Chesapeake Energy case ◦ “Related party” transactions are relevant to both this area of awareness and that concerning board members’ own COIs  Consistent with a board’s Caremark duty, train on compliance measures regarding any high-risk conflict areas – so that they can ask informed questions about such measures  Show the potentially devastating legal and other costs of COIs

 Start with an attention-getting hypothetical (or actual) case, perhaps showing how harmful even well-meant COIs can be  Identify generally the types of COIs most relevant to the entity ◦ Individual COIs for all, organizational ones for some) ◦ Any special COI issues (such as, for certain types of entities, the need to avoid contributing to a COI by a third party)  Describe the legal and business imperatives for strong C&E efforts in these areas  Discuss how employee perceptions of COIs by managers can undermine faith in the C&E program as a whole (“organizational justice”)

 Review applicable company policies and procedures regarding COIs, perhaps using a hypothetical case to illustrate how they should work;  Examine particular compliance challenges for this risk area, including the tendency of individuals to rationalize conflicts-driven decision making and the frequent difficulty of challenging individuals on matters that have a sensitive personal dimension  Explain what a manager’s specific role is to ensure COI- related compliance  Identify COI-related “red flags” to help them meet those responsibilities  Connect COI issues to other risk areas of significance – such as corruption, fraud, use of company resources and insider trading/confidential information

 Code of conduct training should generally include some COI component  For higher risk employees consider ◦ Stand-alone training ◦ Creating/acquiring role based COI training  Questions How does your company provide COI training to: ◦ Boards? ◦ Managers? ◦ Others?

 Should be regularly featured in annual communications plan ◦ Possibly with extra attention for managers ◦ And should connect to relevant policies and procedures  Look for opportunities based on news  Make it interactive ◦ One example: COI quizzes – as a way of getting employees not only to understand the “what” but also the the “why” of COI compliance requirements  Question: how does your company communicate about COIs?

 One type: auditing for violations of the policy ◦ Cross checking employee and vendor data ◦ Review expenditures  T&E receipts for sensitive procurement areas ◦ May wish to seek information from third parties  Some companies ask suppliers to confirm that payments have not been made/gifts not given to employees (a variation on the annual holiday letter to suppliers)

 Other meaning: auditing for implementation of the policy ◦ Employees have received and signed certifications attesting that they received conflicts policy ◦ Employees participated in conflicts training ◦ Employees' awareness of internal reporting mechanisms ◦ Waivers/prohibitions applied in consistent way Question: what does you company do to audit around COIs?

 Consider employee ◦ Focus group questions ◦ Survey questions ◦ Both not stand-alone, but as part of larger efforts (Look for perceptions of double-standards)  Review overall process – and whether it meets the company’s current risk profile ◦ Are lessons learned from individual COI cases being applied to keep this aspect of the program current?

 What are COI challenges that we haven’t yet discussed? Thank you for participating!