Jeffrey M. Kaplan/ Kaplan & Walker LLP ECOA Annual Conference - October 2012
Based on ◦ Nearly 30 years of dealing with COIs as a criminal lawyer and a C&E advisor ◦ More than a decade of teaching business ethics at NYU ◦ Ten months of writing for the COI Blog (More information/links to topics discussed today can be found at Will look ◦ Briefly at why COIs matter so much, and at developments in law and social science ◦ Mostly at effective C&E program measures For most topics, will ask: what do you do in your companies – and what seems to work?
Often the most ◦ Pervasive C&E issue of substance in an organization ◦ Troubling kind to resolve, given Their personal nature No unified governing area of law The link to C&E programs generally ◦ “Organizational justice”/overall program efficacy ◦ Can provide great occasions for general C&E awareness raising Because easy to relate to issues Question: have you seen organizational justice/COI issues at your companies?
Where law and ethics meet ◦ Fiduciary relationships require more than “the morals of the marketplace” ◦ S-Ox COI provisions ◦ Can use to show connection between compliance and ethics Link to other important risk areas: ◦ fraud ◦ corruption ◦ use of company resources ◦ insider trading
Frequent, due to increasing multiplicities of roles/parties Harmful, due to increasing complexity of many aspects of modern business life ◦ The more complex, the more we need to rely on trust Harshly punished, due to increasing intolerance of corruption and fraud ◦ New focus on commercial bribery with UKBA
The winner is ….Chesapeake Energy ◦ Issues Corporate opportunities Particular importance of monitoring at high level Shows that some COIs might not be manageable Impact of COIs in falling stock price ◦ Useful for training directors More on this later
Wal-Mart’s FCPA matter ◦ Shows how damaging COI in internal investigation can be Cases showing courts’ low tolerance for COIs ◦ Goldman Sachs case # 1 - El Paso purchase ◦ Goldman Sachs case # 2 - False claims of ethicality can lead to legal liability ◦ Southern Copper Corporation case Question: have there been any public COI cases that you have used for training at your companies?
Don’t count on disclosure too much to mitigate COIs because of: ◦ “Moral licensing” ◦ Recipients often don’t appreciate information, or are reluctant to act on it ◦ Implications for C&E programs: institute strong requirements around approvals Strength in numbers More on this later Generally: COI as a good entry point into emerging areas of “behavioral ethics”
Studies involving dentists and lawyers COIs and compensation committees – research from the UK The revolving door research Question: is behavioral ethics being applied at your companies?
Misalignment of incentives with risks ◦ More attention to this since financial meltdown Similar but potentially broader focus than COI one Risk assessment implications – look closely at compensation Monitoring implications Question: is this on the radar screen of your company’s risk assessment? Otherwise?
Not a stand-alone process for most companies ◦ Financial services and health care are different Structure ◦ Reasons Motivations Misunderstandings ◦ Capacities E.g., not just purchasing but HR (and law) ◦ Impact – emphasis on reputational ◦ Special issues involving third parties Use in all aspects of program design/deployment
Use in all aspects of program design/deployment ◦ Not just training/communications and auditing ◦ Focus on “local”/granular The promise of “nano compliance” This is not just COI-specific Questions ◦ How is COI risk assessed in your companies? ◦ How is information used?
Types of COIs ◦ Employment (of oneself or family members) with or consulting for an entity doing or seeking to do business with or competing against the company ◦ Holding a financial interest in such organizations ◦ Service on another entity’s board (of directors or advisors) ◦ Employment/supervision of relatives at the company ◦ Corporate opportunities ◦ Receiving/providing things of value (e.g., gifts, entertainment and travel) involving any person or entity doing or seeking to do business with the company ◦ Dealings with government officials
Any other outside employment or consulting (i.e., regardless of whether it involves a competitor, supplier, etc.) Gifts between employees Other anti-corruption requirements – e.g., union officials Charitable contributions ◦ By company ◦ Solicitations by employees Purchases, sales or leases of property involving the company Holding government office (presumably on a part- time basis) Relationships with the company’s external auditors
A practical suggestion: review prohibitions with key stakeholders before implementing ◦ Danger of unintended consequence ◦ E.g., case regarding holding shares of competitor stocks Questions: ◦ What are key COI topics in your companies? ◦ What is your approach to certification?
Threshold issue: who approves ◦ Benefits of staff (rather than line) approach Expertise Minimize adverse effects noted by behavioral ethics research If allow supervisors to approve: ◦ Require that any approvals be in writing and sought before engaging in a conflict-based transactions ◦ Provide and publicize avenues for supervisors to ask questions of the C&E function when performing COI review
◦ Include the issue of COI reviews in supervisor training – or, if this is impractical, providing written guidance (e.g., FAQs) regarding such reviews ◦ Check on the supervisors’ actions in reviewing or approving COIs, such as through audits Questions: ◦ How does your company review COIs? ◦ Is there anything about it you’d like to improve?
Behavioral ethics research suggests one should exercise caution in permitting COIs subject to monitoring ◦ And if do, should be done by independent persons in the company, with relevant expertise ◦ Keeping track can be difficult A potentially good role for technology Questions: ◦ What has been your companies’ experience with this? ◦ Do you use technology? Has it helped?
Not stand-alone, but part of general broad training. Topics could include ◦ Personal COI risks, meaning conflicts involving the directors themselves., e.g. “Corporate opportunities” Using company confidential information for personal benefit – such as in insider trading (e.g., the allegation in the Gupta/Galleon case Use of other resources (including company’s name, contacts and reputation)
Understanding the need to monitor COIs of senior executives ◦ The Chesapeake Energy case ◦ “Related party” transactions are relevant to both this area of awareness and that concerning board members’ own COIs Consistent with a board’s Caremark duty, train on compliance measures regarding any high-risk conflict areas – so that they can ask informed questions about such measures Show the potentially devastating legal and other costs of COIs
Start with an attention-getting hypothetical (or actual) case, perhaps showing how harmful even well-meant COIs can be Identify generally the types of COIs most relevant to the entity ◦ Individual COIs for all, organizational ones for some) ◦ Any special COI issues (such as, for certain types of entities, the need to avoid contributing to a COI by a third party) Describe the legal and business imperatives for strong C&E efforts in these areas Discuss how employee perceptions of COIs by managers can undermine faith in the C&E program as a whole (“organizational justice”)
Review applicable company policies and procedures regarding COIs, perhaps using a hypothetical case to illustrate how they should work; Examine particular compliance challenges for this risk area, including the tendency of individuals to rationalize conflicts-driven decision making and the frequent difficulty of challenging individuals on matters that have a sensitive personal dimension Explain what a manager’s specific role is to ensure COI- related compliance Identify COI-related “red flags” to help them meet those responsibilities Connect COI issues to other risk areas of significance – such as corruption, fraud, use of company resources and insider trading/confidential information
Code of conduct training should generally include some COI component For higher risk employees consider ◦ Stand-alone training ◦ Creating/acquiring role based COI training Questions How does your company provide COI training to: ◦ Boards? ◦ Managers? ◦ Others?
Should be regularly featured in annual communications plan ◦ Possibly with extra attention for managers ◦ And should connect to relevant policies and procedures Look for opportunities based on news Make it interactive ◦ One example: COI quizzes – as a way of getting employees not only to understand the “what” but also the the “why” of COI compliance requirements Question: how does your company communicate about COIs?
One type: auditing for violations of the policy ◦ Cross checking employee and vendor data ◦ Review expenditures T&E receipts for sensitive procurement areas ◦ May wish to seek information from third parties Some companies ask suppliers to confirm that payments have not been made/gifts not given to employees (a variation on the annual holiday letter to suppliers)
Other meaning: auditing for implementation of the policy ◦ Employees have received and signed certifications attesting that they received conflicts policy ◦ Employees participated in conflicts training ◦ Employees' awareness of internal reporting mechanisms ◦ Waivers/prohibitions applied in consistent way Question: what does you company do to audit around COIs?
Consider employee ◦ Focus group questions ◦ Survey questions ◦ Both not stand-alone, but as part of larger efforts (Look for perceptions of double-standards) Review overall process – and whether it meets the company’s current risk profile ◦ Are lessons learned from individual COI cases being applied to keep this aspect of the program current?
What are COI challenges that we haven’t yet discussed? Thank you for participating!