An introduction to managing conflicts of interest
An essential component of contemporary compliance practice focuses on the issue of conflicts of interest, or situations where the individual concerns of employees or other stakeholders conflict with overall organizational goals. Conflicts of interest assume many forms, including but not limited to, financial conflicts of interest and personal conflicts of interest, the former of which involves any actual or potential pecuniary advantage that would inure to an individual to the overall detriment of the company. Often, these conflicts take the form of outside employment or involvement in a profit-making endeavor that might undermine an employee’s implicit duty of loyalty to an employer. Conversely, personal conflicts of interest often involve matters like nepotism, workplace relationships, and involvement in non-work activities that might conflict with an organization’s core values. Regardless of the form, organizations should have both a coherent strategy and explicit policy in place to handle conflicts of interest that arise in the ordinary course of business.
A basic framework for managing conflicts of interest
Left unmanaged, conflicts of interest can completely undermine an organization’s broader commitment to ethical conduct in its business operations. In organizations that lack a coherent strategy for managing COI risks, nepotism and favoritism are often rampant, and business decisions are made based on relationships rather than economics. If unaddressed, these risks can eventually materialize into substantial financial losses for the organization, thereby imperiling its very existence as a going business concern. Conflicts of interest can also constitute legal challenges for organizations exposed to public procurement activities. Under the regulations of many jurisdictions, it is patently illegal to contract or subcontract with an individual or entity solely on the basis of a pre-existing personal or business relationship. At a more fundamental level, conflicts of interest implicate broader issues of good faith and fair dealing that should inform decisions made by an organization’s rank-and-file personnel.
Managing conflicts of interest involves both identifying and mitigating actual COI risks. The process of identification requires that an organization have a mechanism for its employees to make periodic, mandatory disclosures of any activity that might influence the employee to make decisions contrary to the best interests of the organization. Often, organizations require all of its various employees—including its board of directors and senior management—to make COI disclosures on an annual basis, and to update the legal and compliance function should additional conflicts arise before the next periodic disclosure. These conflicts are then analyzed by the legal and compliance function based on the actual potential of the conflict to interfere with an employee’s specific obligations to the company. Where the actual risk is negligible, the organization can waive the conflict altogether, or ask the employee to take additional steps aimed at reducing the likelihood that the conflict will untowardly influence his or her decision-making. In the most extreme cases, an organization can prohibit an employee from engaging in certain conduct or participating in activities as a condition of continued employment.
It is important to note that not all outside activities constitute a conflict of interest. Generally speaking, a conflict of interest arises only when an employee’s duty to the organization is compromised by virtue of an independent or intervening motive. Thus, an employee’s participation in recreational activities, most forms of political activism, and even unrelated employment (to the extent that employment does not prevent the employee from fulfilling his or her responsibilities to the company) are not likely to rise to the level of an actual conflict of interest. Nonetheless, employees should be encouraged to liberally disclose all potential conflicts so that the organization maximizes its visibility into this critical area of risk management. Moreover, what may be acceptable for one organization may not be acceptable for another. In this vein, the organization is encouraged to develop a coherent and practical conflicts of interest policy that addresses what activities are permissible and what activities are not. The promulgation of a conflicts of interest policy should be a core priority of the legal and compliance functions of the organization, second only to the development of a code of conduct.
After issuing a conflicts of interest policy, both initial and recurrent training and consistent, clear communication of compliance program expectations are required. While conflicts of interest can be addressed in the context of broader ethics and compliance training, organizations should ensure that sufficient time and attention is devoted to discussing the organization’s COI expectations. In a similar vein, organizations should employ concrete examples of conflicts of interest and invite real-time discussion of those examples to enhance employee understanding and ensure greater retention. Finally, to the extent that conflicts of interest arise that are not disclosed, the organization should equip its employees with a mechanism for reporting the potential conflict to the appropriate organizational function. Utilization of the organization’s anonymous reporting hotline is a particularly useful method for eliciting information on a confidential basis from a company’s employees. Of course, it goes without saying that the compliance team should emphasize that all reports of potential conflicts made earnestly and in good faith will not be retaliated against.
Third parties and conflicts of interest
A major area of concern for all organizations should be the extent to which its contractual counterparties, customers, vendors, suppliers, service providers, agents and other intermediaries have personal or professional affiliations with the contracting organization’s employees. As statistics repeatedly demonstrate, malfeasance involving third parties selected by an organization based on inappropriate considerations is on the rise. Consequently, organizations have a duty to ensure that its employees adhere strictly to a code of conduct or ethics, and refrain from utilizing or otherwise diverting organizational resources for the benefit of third parties. Ensuring that an organization adopts basic internal accounting controls—for example, the strict segregation of financial duties, the review of purchase orders by multiple authorized managers, and the routine inspection of invoices against records of actual expenditures—is likely to deter employees from attempting to misuse an organization’s assets for the benefit of a third party to begin with. To ensure that the organization remains vigilant about the potential for malfeasance implicating its employees and third party partners, full disclosure of an employee’s material business relationships and investments, as well as risk-based third party due diligence of all prospective business partners, are required. An integral component of a standard due diligence questionnaire should be whether any of the third party’s owners, principal officials or representatives are related to, or otherwise connected with, an employee in the contracting organization. Where such relationships are identified, the contracting organization should prohibit its employees from managing or otherwise influencing the business relationship in question. Violation of a company’s directives in this regard should be considered grounds for employee discipline—up to and including termination.
The bottom line for compliance professionals
Like any other risk factors facing an organization, conflicts of interest can be effectively managed if identified and addressed before an actual conflict materializes. To that end, organizations are encouraged to develop COI policies and procedures that encourage disclosure, promote candor, and maximize transparency into employee relationships and affiliations with outside parties. Tangible threats to the interests of the organization as a whole should be addressed in a decisive and swift manner, while other more amorphous threats are prioritized for periodic monitoring and re-evaluation. In the end, the compliance professional can and should play a critical role in identifying and mitigating these risks with the buy-in and support of senior management and the organization’s board of directors.