Lesson 14. The Possibility of Being Too Ethical

Table of Contents

In 2014, former FBI Director James B. Comey gave the keynote speech at our Compliance & Ethics Institute in Chicago. When introducing him, I said that I believed the FBI had one of the best compliance programs of any government agency. Comey thought so too, stating that the FBI was very proud of their compliance program.

Comey went on to speak about cybersecurity, and how to deal with cyber threats. He said that these threats don’t always come from outside a company, they often come from inside—contractors, employees, system administrators―people with a grudge or some problem with someone or something in the company. Comey also spoke about the importance of building a culture where people care about one another and the security of the company. If this kind of culture exists, then employees feel safe sharing anything they notice that could harm the business.

That was the second time I had met Comey. On both occasions he was very impressive. However, shortly after this presentation, all heck broke loose at the FBI. Here’s a little recap of what happened, and how Comey broke with FBI policy in 2016 in regard to the investigation of Hillary Clinton’s use of private servers and email system for government work while secretary of state.

Comey’s Decisions

On July 5, 2016, while the investigation was still ongoing, Comey called a press conference to give a public update on the FBI’s findings so far. The Department of Justice (DOJ) has a policy that: “Any communication by DOJ personnel with a member of the media relating to a pending investigation or case must be approved in advance by the appropriate United States Attorney or Assistant Attorney General, except in emergency circumstances,” and that the “DOJ generally will not confirm the existence of or otherwise comment about ongoing investigations.”[1]

Yet, Comey broke these policies for this particular case. He noted in his press conference that his update was unusual in a few ways, saying: “First, I am going to include more detail about our process than I ordinarily would, because I think the American people deserve those details in a case of intense public interest. And second, I have not coordinated this statement or reviewed it in any way with the Department of Justice or any other part of the government. They do not know what I am about to say.”[2] Comey did not consult with Attorney General Loretta Lynch or Deputy Attorney General Sally Yates about the public announcement. I am not entirely sure of the reason why he did not consult with them, other than some speculation about a conflict of interest created by a meeting between the attorney general and the subject of the investigation’s husband, former President Bill Clinton.

During the press conference, Comey stated that the FBI did not find evidence that Clinton intended to violate laws about the handling of classified information, but rather found that she and her colleagues were extremely careless in how they handled the emails.

A few months later, on October 28, Comey sent a letter to Congress stating that more of Clinton’s emails had been found while investigating another case. He stated that the FBI was going to investigate these emails. Then on November 6, Comey sent another letter to Congress stating that after reviewing the additional emails, there were no changes to the FBI’s conclusions.

The DOJ’s Compliance Report

At the request of Congress, Inspector General Michael E. Horowitz announced the DOJ would investigate Comey’s actions and possible misconduct regarding the investigation of Clinton’s emails. Horowitz is basically the compliance officer for the DOJ. He’s also someone I know well, as he is a former SCCE advisory board member. Horowitz is better at unbiased investigations than anyone I have ever met. I desperately don’t want to get into the politics related to the trouble Comey got into as director of the FBI; instead I’ll refer to Horowitz’s report about the compliance issues at question.

In part, the main compliance question was: should Comey have shared information about an ongoing FBI investigation with the public? In June 2018, the Office of the Inspector General issued its findings. The summary of the report stated that:

We determined that Comey’s decision to make this statement was the result of his belief that only he had the ability to credibly and authoritatively convey the rationale for the decision to not seek charges against Clinton, and that he needed to hold the press conference to protect the FBI and the Department from the extraordinary harm that he believed would have resulted had he failed to do so. While we found no evidence that Comey’s statement was the result of bias or an effort to influence the election, we did not find his justifications for issuing the statement to be reasonable or persuasive.

We concluded that Comey’s unilateral announcement was inconsistent with Department policy and violated long-standing Department practice and protocol by, among other things, criticizing Clinton’s uncharged conduct. We also found that Comey usurped the authority of the Attorney General, and inadequately and incompletely described the legal position of Department prosecutors.[3]

It went on to state that although Comey “’believe[d] very strongly that [the FBI’s] rule should be, we don’t comment on pending investigations’ and that it was a ‘very important norm’ for the Department to avoid taking actions that could impact an imminent election, he felt he had an obligation to update Congress [on October 28] because the email discovery was potentially very significant and it made his prior testimony no longer true.”[4]

The DOJ “found that in making this decision, Comey engaged in ad hoc decisionmaking based on his personal views even if it meant rejecting longstanding Department policy or practice . . . [and that his] description of his choice as being between ‘two doors,’ one labeled ‘speak’ and one labeled ‘conceal,’ was a false dichotomy. The two doors were actually labeled ‘follow policy/practice’ and ‘depart from policy/practice.’ Although we acknowledge that Comey faced a difficult situation with unattractive choices, in proceeding as he did, we concluded that Comey made a serious error of judgment.”[5]

Extreme Integrity

I want to just focus on one aspect of this: What was Comey’s overarching reason for breaking a long-standing DOJ policy that he supported? As Horowitz said in his report, Comey decided that he was faced with an ethical dilemma of choosing between two doors: one labeled “conceal” and the other labeled “speak.” Horowitz thought this was a false choice: Comey actually chose between following policy or not. Comey as much tells us that ethics drove him to define the two doors in the way he did. So did ethics cause this problem?

I think this is what happens when people overreach ethically. It’s like we can’t see straight when we become hyper-ethical. Comey even named his book: A Higher Loyalty. The higher loyalty he is referring to is ethical leadership. The irony here is he broke long-standing rules of the organization where he worked in the name of being an ethical leader.

Roy’s Rule: Beware of becoming “hyper-ethical.” Anything taken to its extreme can become problematic.

I believe Comey is a man of very high integrity, and that the pressure of the situation caused his integrity to escalate to a point that was beyond helpful. I believe Comey felt that the situation called for extreme integrity, and he felt that he had so much integrity that he could break policy. Comey felt that he and only he could get this right. Is it possible he had too much integrity? Sounds ridiculous, but personally, I think it’s entirely possible. My concern is that it could happen to any of us. I bring this all up to say that we must be conscious of this risk.

Did Comey make a mistake? I will let you be the judge of that. Is it possible to think you are so ethical that it justifies breaking company policies? Is that right to do so? I have had compliance professionals call me up ranting about their terrible, unethical companies. They talked endlessly about their company’s mistakes and essentially told me that they should decide every ethical question the organization asks. Everyone else’s views didn’t matter. No one was going to influence their decisions. They would not consult anyone―and anyone who disagreed with them was unethical. They were the epitome of self-righteousness based on ethics.

We all run the risk of rationalizing our policy-breaking actions with our ethical principles. It may not be too often, but I think it does happen. As is the case with many things, there is a spectrum of ethical reactions to a problem―going from unethical to just about right to too ethical. Anything in excess can be troublesome. I just think that as compliance professionals we have to be careful of this, because being too ethical is almost a job hazard.

Roy-ism: We often think about the risk of being unethical, but rarely talk about the risk of being hyper-ethical.

 
2 James Comey, “FBI Director James Comey FULL STATEMENT on Hillary Clinton Email Investigation (C-SPAN),” July 5, 2016, YouTube, video, 0:48-1:10, http://bit.ly/2GA8cUB.
3 Office of the Inspector General, A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election, (Washington, DC: US Department of Justice, June 2018), vi. http://bit.ly/2uwhCcC
4 Office of the Inspector General, A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election, (Washington, DC: US Department of Justice, June 2018), x. http://bit.ly/2uwhCcC
5 Office of the Inspector General, A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election, (Washington, DC: US Department of Justice, June 2018), x. http://bit.ly/2uwhCcC
1 Department of Justice, “1-7.000 - CONFIDENTIALITY AND MEDIA CONTACTS POLICY,” Justice Manual, last modified April 2018, http://bit.ly/2SIH789 (section 1-7.400).

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings