Table of Contents
Patty Houser (PLHouser@landolakes.com) is Compliance Counsel at Land O’Lakes, Inc. in Arden Hills, MN.
Conflicts of interest—these tricky shape shifters of the compliance world are never far from the headlines. Springing up in a multitude of contexts, they corrode ethical cultures, ruin reputations, and destroy trust.
But even with the amount of damage they can inflict, they can be difficult to anticipate and identify. Not surprisingly, the best defense includes a strong compliance program centered on a well-thought-out conflicts of interest (COI) policy. This article will explore how to either create your first stand-alone policy and disclosure process or how to update your current one, no matter your budget.
A conflict of interest arises when an employee’s personal interests conflict, or appear to conflict, with the company’s best interests. In other words, someone is, or is perceived to be, acting in way that benefits themself, or someone close to them, at the expense of the company.
Employees up and down the ladder can face conflicts of interests in a wide range of business settings. From accepting a bribe to ordering pizzas from your brother’s company, from improper use of insider information to personal use of office supplies, conflicts of interest wear many masks. Often, conflicts are personal in nature, which can make it difficult for employees to recognize them and for companies to address them.[1] And, while a conflict of interest increases the risk of poor judgment, the existence of a conflict doesn’t necessarily mean that anyone did anything wrong.
Personal interest bias
Adding to this complexity, most people believe that if faced with a conflict, they could be fair and objective. Research, however, suggests otherwise. The brain’s wiring does not allow people to easily separate personal interests from professional duties.[2] All people are subject to a bias (often unconscious) to act in a way that serves their personal goals.[3] Therefore, even if an employee honestly believes they have acted objectively, it is likely their judgment was influenced by a personal interest.
But, even if an employee could act fairly when faced with a conflict of interest, an apparent conflict—the appearance that they are acting in their own best interest—is just as destructive. A company or its employees have an apparent conflict of interest if a reasonable person would believe that, given the circumstances, the person’s business judgment would likely be compromised.[4]
For example, an employee, who accepts lavish entertainment from a vendor and then later chooses that same vendor for a lucrative contract, will inevitably have their motivations questioned—even if the vendor was the best choice. Externally, the company’s reputation likely will be tarnished, because others will perceive that business was not conducted on the basis of merit. Internally, other employees likely will take notice, resulting in the erosion of the company’s ethical culture, which in turn will lead to loss of morale. Even if the vendor was the best choice, tremendous damage can be done.
Policy development
Without question, conflicts of interest pose a tricky compliance landscape. However, a thoughtful and comprehensive COI policy can guard against many of these pitfalls.
Whether you are looking to create a stand-alone policy, or update your current one, first consider the purpose of the policy. Your policy’s purpose is your “why?” Why do you have a COI policy? What is your intention? What are you trying to achieve? A simple, but meaningful, purpose could be to protect and further the company’s ethical reputation by helping employees avoid situations where their conduct or motivations could be questioned due to real or apparent conflicts of interest. This type of purpose statement sets an important tone. It reinforces and reiterates that the company is known for ethical behavior and informs the employees that the COI policy is there to help them steer clear of trouble.
Next, consider the scope of the policy. The “scope” refers to whom the policy will apply. Will it apply to all of your employees? Will it apply to employees of subsidiaries or employees outside of the United States? Because these different groups could face different pressures and different conflicts, it is important to decide exactly to whom this policy will apply.
Risk analysis
Once you are clear on your purpose (what you are trying to accomplish) and the population of employees within your scope, you are ready to turn to your risk analysis. Although a risk analysis is often the first step in tackling a compliance issue, if you first consider your purpose and your employee population, you will have a strong framework in which to conduct your assessment.
Because no single, uniform law applies to conflicts of interest, a risk assessment is an important step. Even if you do not have the resources to hire an outside expert, you can conduct a comprehensive assessment. The key is to think creatively and to gather diverse information. To begin, consider your industry, because conflicts of interest can vary from industry to industry. Benchmark with other similar companies within your industry to determine which conflicts of interest they have identified, but don’t stop there. Think creatively about what may have been overlooked by those in your industry. It will also be helpful to benchmark with similar companies outside of your industry to get a different perspective.
Second, consider your company. When you think of your employee population, which employees are placed in positions of trust? What conflicts might they face? Are there pockets of employees that you should interview to glean their thoughts? Consider what issues have surfaced in the past. These are likely issues that will need to be addressed. (Keep track of these real-life issues, because they will be helpful when it is time to put together teaching scenarios.)
Third, consider if any of these common types of conflicts of interest apply to your company and how they might present themselves:
-
Family and romantic relationships (e.g., supervising or doing business with)
-
Taking advantage of company opportunities
-
Insider trading
-
Using or sharing confidential information
-
Outside employment
-
Working for competitors
-
Serving on a board of directors
-
Improper use of company time and assets
-
Personal financial interests
-
Gifts and business entertainment
-
Vendor relationships
-
Charitable relationships
Fourth, consider what conflicts of interest have recently made headlines. Could any of those situations ever apply to your company? Are there any lessons that can be learned?
Finally, consider if any laws could apply or may affect your assessment. Do any fiduciary laws apply? Or, should you take into account any labor laws, collective bargaining agreements, or laws outside of the United States (e.g., privacy laws)?
Categorize conflicts of interest
After you complete your risk assessment, the next step is to review your list of possible conflicts and bucket them into three categories—conflicts never allowed; conflicts requiring guardrails (e.g., monetary limits and/or disclosure); and items that are immaterial. Exactly how you categorize your conflicts will depend on your industry and your company’s risk profile. For example, a retail company might choose to never allow gifts from vendors; however, a life sciences company focused on sales might allow gifts up to a certain threshold.
When categorizing your list, first consider which conflicts are simply never allowed. For example, any conflicts prohibited by law, such as insider trading, should be placed in this category. Also included in this bucket are those conflicts where the employee is working against the company’s best interest, such as taking advantage of a company’s opportunity, using or sharing confidential information, or engaging in substantial outside employment that interferes with job performance. Finally, be sure to include those conflicts where fairness and objectively likely could not be restored through disclosure and management (e.g., direct supervision of close family members). Your industry will also dictate which conflicts of interest cannot be cured via disclosure and management (e.g., vendor gifts to a retail company).
The second category includes those conflicts requiring guardrails. These are conflicts that can be managed either through the use of guidelines and/or disclosure. For example, if gifts and entertainment are allowed, the use of monetary thresholds can help guard against the appearance of bias. If gifts and entertainment exceed those thresholds, they could be prohibited or disclosed for further review. Depending on your industry, there may be good reasons for going above the thresholds and a review—as opposed to zero tolerance—would be appropriate.
Also on this list are those conflicts that should be surfaced for further review. For example, your company may allow serving on another company’s board of directors, but may want to review those first. Also, you may want employees to disclose if they, or a family member, work for a competitor or do business with your company, so you can further evaluate the relationship.
The final category includes any items that made your list but, after further review, are deemed immaterial. Whether or not any identified items are immaterial would depend on your industry and your company’s risk profile. You also may determine that certain aspects of a conflict are immaterial. For example, perhaps you have decided that employees should disclose financial information, but ownership in a mutual fund is immaterial. Or, employees should disclose board membership, but not membership on non-profit boards. By carefully deciding exactly where the conflict lies, and by cutting out any immaterial aspects, you will save your program valuable resources when reviewing disclosures.
Disclosure of conflicts
Now that you have categorized your conflicts and determined which need disclosure, the next step is creating or reviewing your disclosure process. When it comes to disclosure, you will need to consider when employees need to disclose, how will they disclose, and to whom.
Many companies require employees to complete an annual COI disclosure form. Employees either disclose the required conflicts or attest that they have nothing to disclose. In addition to annual disclosures, some companies also allow for “real-time” disclosures where employees are able to disclose a conflict when it happens, as opposed to waiting for the yearly attestation process. Real-time disclosure allows the conflict to be surfaced at the exact time it needs to be managed. If employees must wait for a yearly attestation process, the window for management and mitigation may have passed.
If you include a yearly attestation process, carefully consider if yearly re-disclosure should be required. For example, if an employee discloses a conflict, if no facts have changed, would that employee need to re-disclose that conflict year after year? Although there may be reasons to require repeated, yearly disclosure, consider carefully if there is any value in the re-disclosure. If not, simply make clear that re-disclosure is not required and save yourself the duplicative review.
Next, consider how employees will disclose. Your company may have a policy management platform that will allow for such disclosures. But, if not, and if not in your budget, consider what other technology you might be able to use. For example, could existing software be configured to allow for disclosures? You may also find that email and DocuSign can be leveraged for annual disclosures. If your company has a learning management system, could you build a “training” document that would allow employees to answer yes or no and fill in disclosures? Or, if you have none of the above, could you set up an email address? Not all compliance programs have the option to start at “perfect,” but an important step is to just to start—wherever you can with whatever you have, and then continuously improve from there.
Finally, consider to whom employees will disclose. When you look back over the list of conflicts that require disclosure, who would be the best person to review that conflict? Is it an objective member of the compliance or legal team? Can some conflicts be cleared by a vice president? Do some conflicts need CEO review? Can you use either a policy management platform or other workflow software to create an online disclosure system that would allow for electronic disclosure? An electronic system is often easier for the employee while allowing you to document the disclosure and any mitigation.
If employees will be disclosing to their managers, be sure to consider if managers themselves might have a conflict. For example, if an employee is looking to provide lavish entertainment to an important potential customer, would their manager be an objective reviewer? Because the manager would benefit from this sale (his team’s success is tied to his success), could the manager be objective—or appear to be objective? Likely not.
Finally, if employees are to disclose to anyone outside of an electronic process, be sure to train those individuals regarding review of the conflict, documentation, and when to reach out to compliance or legal.
Refresh your policy
After determining your purpose and scope, conducting a risk assessment, categorizing your conflicts, and deciding on the details of your disclosure system, you are ready to move to drafting or updating your policy. The following sections are recommended for inclusion in your policy:
-
Purpose
-
Scope
-
Definitions, and
-
Policy
The good news is, the first two sections have already been drafted. Formalize and polish your thoughts and add them to your policy. As for the definitions section, review your categories of conflicts and decide what terms need to be defined. For example, if you prohibit certain activities with “family members,” the term will need to be defined. It may even need to be broken down into “immediate family” and “extended family.” You may also want to define the term “conflict of interest.”
Regarding the policy section, now is the time to set forth your general policy statement, which should echo the policy’s purpose and set forth specific expectations for employees. For example:
-
Echo the policy’s purpose (e.g., help employees avoid conflicts);
-
State that employees are expected to act in the company’s best interest by making fair, objective decisions that put the company first;
-
Require employees to avoid relationships or activities that might impair—or appear to impair—their ability to make objective and fair decisions on behalf of the company; and
-
Require employees to disclose actual or potential conflicts of interest or activities that might create a perception of conflicts of interest.
Next, the policy section should list the individually identified conflicts of interest in a user friendly manner. Consider using a numbered list, and if a conflict needs to be disclosed, include in each section the disclosure information (and, if possible, a link to the disclosure form). However, be sure to give the caveat that an exhaustive list of all conflicts of interest is not possible, and employees should reach out if they have questions.
Also consider if charts or tables would be helpful. For example, if employees must disclose certain financial interests, what financial interests are at issue? What requires disclosure and what does not? Does title or seniority matter? For conflicts such as this, a chart may be helpful. Also consider if some categories should have their own policy. For example, given your company and industry, does it make sense to have a separate gifts, travel, and entertainment policy?
Finally, include a way for employees to contact help if they have questions. Also, consider creating a separate document regarding frequently asked questions. This FAQ document will allow you to anticipate any questions that might arise (e.g., Why is this change happening now—did something happen?). It will also allow you to provide examples to promote employee understanding. Because the FAQ is not an official component of the policy, you will have more flexibility to update it as necessary.
Whether real or apparent, conflicts of interest are undoubtedly tricky. Both elusive and destructive, they present complex compliance challenges. However, with careful consideration and creativity, a well-thought-out COI policy and disclosure process can provide a solid footing on otherwise rocky terrain.