Many legal and compliance departments have faced reductions in resources, staff, and budgets, and compliance officers continue to look for ways to streamline processes while maintaining strong compliance programmes. Conflicts of Interest (COI) remain a top organisational risk in many industries, and failing to manage COI is simply not an option. Tracking and maintaining COI disclosures can be overwhelming, but automating the programme can help organisations avoid reputational and financial harm more efficiently – it’s a quick win for legal and compliance teams.
Defining and disclosing a conflict of interest
Many organisations make only a slight distinction between actual and perceived COI. However, one of the key elements that makes a COI a problem is lack of disclosure. The fact that employees make a potential conflict apparent to their manager, or the compliance team, is a sign of goodwill and these types of conflict can generally be amicably resolved. Identifying undisclosed COI is where things can become problematic and expensive. Tackling disclosed, versus undisclosed, conflicts takes different approaches, and companies need to be well-equipped to handle disclosures from employees and third parties.
The term “conflict of interest” means different things to different industries or groups of people. At the heart of a conflict of interest is a situation in which someone’s private interests run counter to that person’s responsibilities to other people or an organisation. Simply put, a conflict of interest exists when a person serves one interest at the expense of another. Conflicts of interest may be personal or financial, subtle or blatant, and they pose some level of risk to an organisation. While an actual COI may not exist, even the appearance or perception of a conflict can result in ambiguity or distrust and can lead others to conclude that judgment or results are unfairly influenced. Implications include reputational harm to an employee or a company, termination of employment, loss of contracts, fines, litigation, harm to shareholders, and undesirable cultural effects within an organisation.
Managing the COI disclosures across an entire company can be a monumental logistical task, let alone a compliance task. To be aligned with best practices, companies should collect a COI statement from 100 percent of the workforce, which could mean tens of thousands of records in just a few years. There have been horror stories of companies that try to manage this with hard-copy documents in boxes, filing cabinets and the chief compliance officer’s desk drawers. This leads to records getting lost, difficulty in locating records and a treacherous audit trail if misconduct is discovered. Most compliance programmes these days at least have electronic records and even more companies are starting to see the efficiencies of an automated COI disclosure process.
Who needs to report COIs and when?
At a minimum, both employees and board members should be required to report potential or actual conflicts of interest on at least an annual basis, even if only to report no potential conflicts. Organisations may also collect COI disclosures from third parties, such as vendors, researchers, faculty, distributors or independent contractors. Companies should encourage respondents to report a potential conflict of interest whenever it may arise, not only during annual surveys or disclosures. All declarations should be reviewed, mitigated, tracked and managed by the organisation in a way that doesn’t unnecessarily distract the compliance team from more high-risk issues.
Board of directors
Board members have a fiduciary obligation to the organisations they serve – they must always act in the organisation’s best interests. Board members are more likely than employees to encounter a COI at some point during their tenure. A COI exists when a board member or a family member (or other related party) stands to benefit by a specific action of the board or organisation, such as the award of a contract to an immediate or related family member. The onus of declaring potential or actual conflicts of interest is on the individual and should be discussed as far prior to the relevant matter as possible. The potential conflict should be assessed and, if possible, mitigated by the board. If there is any doubt, or if it is impossible to mitigate the conflict, the board should remove the director from decision making in relation to the matter. Though these matters should be discussed by the board, if a potential conflict arises between quarterly or bi-annual board meetings, the board needs access to a reporting and disclosure mechanism that is trackable, reportable and auditable.
Common COI in the technology industry
A technology provider may employ hundreds or even thousands of software developers and engineers, a number of which may have “side-jobs”, whether as a hobby or as a means of additional income. For instance, a developer may perform coding at home in his or her spare time with no financial benefit to the employee. However, during the course of those activities, the developer may publish source code obtained from his or her full-time job, which others may then use for financial gain. As the code was written as part of the developer’s employment it belongs to his or her employer and is the intellectual property of the company and should not be released to the public. Though it may have been an inadvertent action that did not provide a financial benefit to the employee, a conflict of interest still exists.
Another common scenario in the technology industry is where a software engineer, through the course of his or her employment, is on site for a long-term project with a client. As the project is coming to an end, the client asks the engineer to work directly with them on a separate project while paying the engineer directly. The fact is, if not for the engineer’s current employment, she would not have been presented with such an opportunity, and therefore, there is a loss of potential income to the employer and a clear conflict of interest. With countless other possible scenario’s, technology providers require more frequent routine COI disclosures from employees. But managing disclosures from thousands of employees via a paper or email-based programme is impractical and inefficient.
Build a robust, but flexible, conflicts of interest programme – not just a policy
Organisations should design a separate COI programme, rather than only posting a policy or adding COI language to the code of conduct. A policy is important, but if it is the only element of the programme, the company will be guilty of having a “paper programme”, in other words one that doesn’t exist in the actions and culture of the company. Government regulators have warned time and again about this kind of programme being dangerous from an enforcement perspective as it leaves the company vulnerable to real COIs.
If a COI framework already exists, make sure it is realistic and effective prior to implementing an automated technology solution. Automating a broken or out-of-date process will mean redesigning it later, which can erode trust in the process and waste time and resources. A COI programme should be specifically tailored to an organisation and effectively address the risks inherent to the industry and the geographical locations it operates. It should also be scalable and flexible enough to allow for policy changes or improvements, as well as changes in organisational structure or the business model.
A COI programme framework should include, at a minimum, the following components:
- Policy and procedure to define conflicts of interest and set company expectations, including:
- Examples of realistic scenarios of a variety of COI
- An easy-to-follow decision tree of conflicts that:
- are allowed
- are prohibited
- require review
- A statement concerning the impact of conflicts of interest on individuals and the company
- COI statement for board members and directors (which also should be addressed in the organisation’s by-laws)
- A consistent plan and method for addressing potential or actual conflicts that is communicated clearly and is regularly reviewed and updated as needed
- Ongoing training and communication that:
- Describes steps employees can take to avoid and/or report potential conflicts
- Encourages employees to raise concerns
- Offers examples of typical red flags and COI
- Offers tailored training for employees in higher-risk roles
- A disclosure and reporting mechanism
- A conflicts review team or committee
Challenges of managing conflicts of interests
In looking at the challenges, it is important to think about the root causes of these issues. Often, it is a lack of interconnectivity between platforms or lack of employee training and education. Some of this can be remedied, in part, with an automated tool that can trigger announcements, new certifications or remediation activities. Tracking and managing conflicts can be challenging for a variety of reasons:
- Employees are unclear when conflicts of interest occur
- Changes in the organisational structure or business model (mergers or acquisitions) may alter conflicts of interests
- Changes in roles or duties may alter conflicts of interest
- Inconsistent laws and regulations relating to companies involved in more than one line of business or in different countries
- Conflict of interest disclosures are stored in disparate systems – emails, hotline management systems, hard copies, databases, electronic folders – possibly across many regions and departments
Using technology to manage COI
Technology is more than just a time-saver; it can help an organisation prevent the sometimes-devastating impact of conflicts that may never be reported, may be overlooked, or may not be addressed at all. A conflict of interest disclosure may be as simple as certifying to a declaration of no conflicts or as comprehensive as a full disclosure survey. A disclosure survey or questionnaire is preferable in most cases, as a statement cannot cover every possible situation or may leave room for subjectivity or error.
One of the most important aspects of automation is the first step – choosing the solution best suited for an organisation’s COI programme. Organisations should bring up the following benefits when trying to convince others in the organisation about the need for an automated COI system.
Benefits of automation
- It is scalable to allow for changes in the business
- It offers a single repository for disclosures
- There is an electronic audit trail
- There are links to other compliance programme components (third-party management, training, policies)
- It allows users to effectively receive, track, mitigate, and manage actual or perceived COI
- It is separate from hotline or traditional ethics and compliance-related reporting mechanisms which may intimidate respondents or curtail reporting
- There can be multiple templates for different groups within an organisation – as certain types of conflicts may be more likely or present in specific areas
- It frees up valuable resources for other compliance programme elements and requirements
There are a variety of software solutions on the market but there needs to be a careful vetting of which ones most closely match a company’s compliance programme and COI processes. The COI process can be relatively straightforward if a company operates in one market or with a small employee base. However, organisations which have complex structures, operate globally, engage in different types of business, have complicated approval and disclosure requirements, or lack a central hub for their COI management process require customisation when automating their COI process. Companies should expect their tools to fit their programmes, not vice versa. Check to see if the automated COI programme has these elements and whether each fits your needs:
- Support for multiple languages in user interface and templates
- Unlimited survey or disclosure templates
- Customisation of survey or disclosure templates
- Accessible to internal and external users
- Allows respondents to update prior disclosure statements based on new circumstances
- Delegation or escalation of approval
- Configurable workflows for rules and approval levels
- Automated approval for disclosures where no potential COIs are indicated
- Configurable and easily adjustable to a company’s risk types, level and appetite
- Allows for inclusion of links to external documents (policies, examples or scenarios, code of conduct)
- Allows for variations in reviewer access by region or business focus
- Advanced and custom reporting capabilities
- Export of reports in a variety of formats
- Automated tracking and reminders
- Single sign-on and HR feed capabilities
It is important to ensure that employees and third parties understand that a potential or actual COI will not always result in prohibition, termination or other negative outcomes. To retain good employees and avoid restricting the use of qualified third parties or independent contractors, organisations will make efforts to mitigate conflicts of interest. In many situations, it may be as simple as removing an employee from the decision-making process for a single transaction or project. The ultimate goal is to get the potential conflicts reported, mitigated and resolved. This goal is much more easily achieved with an automated COI solution in place.