Jonathan Turner (j.turner@zoll.com) is the Chief Compliance and Privacy Officer for ZOLL Medical Corporation, and he is a frequent speaker and author on ethics and compliance topics. Julie Cole (jcole@zoll.com) leads the Compliance Operations team within ZOLL’s Compliance, Privacy & Governance function. This article reflects their personal views on the topic.
Conflicts of interest—actual, potential, or even just perceived—exist at all levels within every organization. Most organizations are aware potential conflicts exist but often do not also see opportunity beyond just mitigating risk. Some organizations focus mostly (or even only) on the disclosure aspect, putting themselves in a reactive state. Others can miss the forest for the trees by accepting that something so individually distributed across an organization must be endured, not cured.
If approached more holistically, conflicts-of-interest programs can be leveraged to provide a wide range of tools that affect culture. They can help an organization shift from being reactive and investigative to an empowering and preventive posture. No matter where your organization is on the rules-based to values-based evolution scale, reexamining your approach to managing conflicts of interest can add value to the entire organization.
Opportunities to manage risk more effectively
There is a possible lesson we can draw from criminology, specifically around the broken windows theory,[1] which suggests that when small issues are not addressed, it encourages larger issues to arise. The idea being that when a building slides into disrepair, the environment sends a message that encourages a range of crimes to take place. Applying this idea to human behavior in the workplace, it makes sense that if people see the company tolerating self-interest, it not only encourages others to act improperly, but could be perceived as supporting other kinds of bad acts.
To mitigate these risks, nearly all organizations have policies around conflicts of interest and most require some form of disclosure. The question is how many go further by embedding “why it matters” into their program materials. How many organizations leverage the information in the disclosures to enhance the training, investigation, management, and monitoring aspects of their programs? And of those, how many use these levers to help shape the culture of the organization—reinforcing the positive elements of who they are and helping to steer their colleagues away from more destructive activities? There are some lessons that can be drawn from the debate, and here are our top picks.
Importance of disclosure
People can be incredibly interconnected. This can be summarized in the parlor game Six Degrees of Kevin Bacon, where nearly everyone in entertainment can be connected to Kevin Bacon in six or fewer steps. The most effective way to identify relevant human connections (i.e., actual, possible, and perceived conflicts of interest) is by asking people to self-disclose. Unfortunately, this has been oversimplified to the creation of a disclosure statement without the discussion of all the connections—they just get graded as “good” or “bad.”
The real value of disclosure is not the form. It is not even what is recorded on the from. It is getting people to think about what they do, how they present themselves, and, in the best instances, why they should or should not do certain things. That is the activity we are really trying to facilitate—not just a disclosure, but actual risk mitigation. So, the “why” of the disclosure process is much deeper than just the words; it is an opportunity to shape the culture of the organization. This can be very successful if done correctly, and can lead to significant consequences for both organizations and individuals if not.
Internal process for capturing
Seeing value beyond the form means we need multiple avenues employees can use to start the discussion. We want employees (and others, depending on the organization) to self-disclose. This requires a combination of people, processes, and technology. The people involved all need to be trained; the processes need to be clear, documented, and understood; and technology should be leveraged wherever possible. One starting place is your code of conduct. What does it say about conflicts of interest? Does it mostly contain “though shall nots,” or does it provide meaningful guidance of what should be done? This single document likely sets the tone for the effectiveness of your program. On the people side, many organizations suggest (or instruct) employees to raise possible conflicts to their manager, human resources, or compliance, but do those people know how to have appropriate discussions on this topic? Some organizations, fearing that the answer is no, remove people from the conversation. The better answer is to train more people. Just like the Kevin Bacon game, the more people know the process, the more likely the information gets where it needs to quickly. And of course, every company should have employees fill out a conflict disclosure statement annually.
The conflict disclosure statement should be as simple as possible. There are some very effective one-page questionnaires asking yes/no questions regarding the kinds of relationships that could present a conflict.
Set the expectation early by incorporating ethical expectations, the conflicts-of-interest discussion, and the disclosure form into the hiring process. The answers to these questions can help hiring managers and human resources determine whether a candidate shares the company’s ethical views, has any potential conflicts with the specific role, and, where necessary, what type of mitigation is appropriate. Once hired, the process continues and should be repeated when employees change roles and on a periodic basis.
These types of statements are also useful reminders. Beyond creating an opportunity for employees to self-disclose any changes, they also reinforce your training on ethical interactions. With all the time people spend at work and with colleagues, sometimes personal lives can be embedded in their work life, making it harder for them to notice when a conflict is present. Incorporating such statements into your annual training can further reinforce this connection.
Whether it is verbally disclosed, written on a statement, or submitted through another process, potential conflicts should be reviewed consistently and objectively. The review could be straightforward or require a deeper conversation with the employee to understand their specific situation. Even if there is no conflict now, the report should be tracked and documented for future reference as roles and responsibilities change.
Training
Conflicts of interest–related topics should be embedded across a range of training so that employees feel empowered knowing they have the tools needed to identify and resolve these kinds of issues. To reach the empowerment stage, the seeds of knowledge must be planted broadly. Since everyone learns differently, it is important to use different types of training to engage the range of learning styles. Get creative! Think about involving your sales training, learning management, marketing, or human resources colleagues to make the information engaging.
You can use the same content but apply it in various formats (e.g., live, virtual, self-directed, recorded). Use what works best for your organization, your teaching style, and your audience. Consider if a version that is optimized for use on a phone would be best for remote and field-based colleagues. Other times, you may find that embedding these concepts in scenario-based live training resonates best. The goal of the training is for the attendees to leave fully able to execute what they learned.
The basic content of the training should reflect the ethical expectations contained in your code of conduct, your view of conflicts, how to resolve them, and be integrated with any other relevant policies. Topics should include how potential conflicts are identified, how to recognize these situations before they arise, what to do when you recognize one (in yourself or others), what steps are taken to review and mitigate, and, most importantly, why all this matters to the company. Keep it fun and interactive. This is about managing the realities of life, not criticizing people for having relationships.
You can develop your own content or use a commercially available learning library. The advantage to home-grown training is that it fits your organization and culture perfectly. The advantage to subscribing to a library is that there is often a wide range of content, supported in many languages, which is kept up to date by the provider. These providers often offer customization to fit the look and feel of your company’s brand and sometimes even allow you to add in your own specific examples. We are not suggesting that one approach is better than the other, but rather that you should evaluate each to find the best solution for your organization.
Training should conclude with employees affirming their commitment to ethical conduct and responsibility for escalating potential issues. This is one of the key steps that can sometimes be missed. Putting it into policy is not enough. Putting it into training is not enough. Gaining buy-in and commitment is where training transitions information into a real cultural impact.
Takeaways from the training can be a powerful resource. Focus on the “why.” Make it matter to people. Show them how it affects their ability to be successful. Give them tools to identify and self-solve these kinds of problems. Make reporting not into a corrective activity but rather a collaborative problem-solving step. Consider the difference between a slide titled “How to report” that lists the hotline, manager, human resources, and compliance officer and a slide titled “Ways to resolve” that provides examples of how the representative situations have turned into win-wins. Of course, you still want to have traditional tools like frequently asked questions on your intranet site. Just don’t limit yourself to them.
Conflicts-of-interest training must be fresh to be relevant, so this is not a check-the-box area; it should be built into your training life cycle. The cadence of the training should be determined by your reporting trends, not the calendar. What do your trends tell you about how the employees are learning and acting on the appropriate content? Fine-tune your training to align with those results.
Reinforcing/managing the process
The heart of managing a conflicts-of-interest process are tools, education, and accountability. With these three combined, you have the foundation to minimize issues before they arise. We have already talked about tools and education, but what about accountability? Accountability starts with each of us owning our role in the process. Managers should be encouraged to have open and honest conversation with their employees, reinforcing the company’s ethical expectations. These conversations open the lines of communication, so the employee knows whom to go to with questions surrounding conflicts and allow the manager to provide real-time feedback when appropriate. Of course, people can reach out to compliance with questions, but making it part of the overall environment makes it more likely that people will raise questions, issues, or concerns. Requiring employees call compliance—while sometimes necessary—can be perceived as being corrective and not supportive.
If done poorly, this can lead to the compliance team being viewed in a negative way. One way the compliance team can overcome the negative stigma is by presenting itself as a partner to the business. This means working to transition from being the team of “no” or the “dream killers” to a group that provides empowering answers, seeks solutions, and understands the needs of the business. The difference is nearly always in the way the question is answered, not the content of the answer.
If the conflicts-of-interest process is constructed with compliance granting permission, it sets up a dynamic where people can try to test the limits. In contrast, if the process is collaborative, it sets people up to find mutually owned solutions. Changing the model in relatively small ways can have a significant impact of the output. For example, an employee self-discloses their healthcare provider spouse relocated to a facility in their sales territory. Trained and empowered teams should recognize the risk, allowing them to escalate the issue as well as propose a solution. This approach drives ownership of the risk deeper into the organization. It shifts the perception of reporting from “you’re in trouble” to how the groups work together to remediate the issue and keep all parties safe. When ethics becomes part of daily conversations, it drives self-accountability and shows how ethical actions are supported by, rather than enforced by, the compliance team.
Investigating and addressing
The best case is when an individual self-discloses. This confirms the training was impactful and the individual understands the importance of the process. For self-disclosures, a conversation with the person who reported is your first, and perhaps only, stop. Your goal is to understand the relationship better—who are the parties, when did the relationship start, geographical location of the parties—which will give you the information needed to assist in determining the appropriate next steps.
There will always be issues that fall outside of the processes and recommendations discussed earlier—either because of gaps in understanding, intentional choices, or other reasons. Those outliers will need a different approach, as collaboration is only possible with mutually willing participants. When a conflict is discovered through a routine process or audit, or reported by a third party (peer, customer, or manager), it is an indication that the process is not working. Why didn’t the individual self-disclose? Did they not feel empowered? Did they not know how? This situation should also start with a conversation. But this time it would be with the person who is part of the conflict, not the reporter. This conversation should be like the one described earlier, but it should also go deeper into the reason they did not self-disclose. Their responses will be needed to help improve your training and internal processes.
From either reporting channel, the conversation regarding the outcome should not come from compliance alone. It should be a group effort with your core business partnership team: management, legal, and human resources. Collective decision-making drives ownership and accountability across the organization. The outcome of this investigation can vary and could include conversation, realignment of job duties, employee discipline, or termination. And as usual, any investigation should follow standard policies and be fully documented in the relevant employee’s records.
Monitoring
It should be no surprise that we recommend adding your conflicts-of-interest processes to your annual monitoring schedule. Engage people in your organization who would have any ties to this process and could offer insights. This can include the results of the pre-hire statements, the yearly disclosure forms, self-disclosing, and third-party disclosing. The trends found in reports can help you assess how well the process is working. Does the report show low levels of self-disclosure? Does it show third-party reporting trends in a certain part of the company or geographical location are higher than others? Work your process upstream to see where it can be improved. Consider adding periodic communications, reinforcing messages, or changing the timing of your training to ensure your message is getting through. Conflicts of interest, unlike other types of risk, should be spread broadly across the organization. We all have relatives, and people change roles on a regular basis. So, monitoring your communication channels, reporting processes, and investigation results can be a good way to assess the health of your conflicts-of-interest processes.