No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Assessing Conflict of Interest Compliance Programs

Most Companies' COI Protections Aren’t Robust Enough

by Jeff Kaplan and Rebecca Walker
June 3, 2020
in Compliance, Featured
conflict of interest concept, 2 businessmen with red and green arrows against each other

How recently has your organization evaluated its guardrails to protect against conflicts of interest? Most companies need work in this area. Jeff Kaplan and Rebecca Walker cover how to conduct a conflict of interest assessment.

Many compliance and ethics (C&E) program assessments are of what might be considered a general scope – meaning they are not focused on a particular area of risk. Other assessments are – in whole or in part – directed at specific risk areas. These occur particularly frequently with respect to anti-corruption compliance, but also in the areas of competition law, government contracting, export control and others.

However, too few companies assess their conflict of interest (COI) compliance measures, either as part of a general program assessment or on a standalone basis. Here, we explore what organizations can do in this regard.

Why Conduct a COI Program Assessment?

First, more so than with other risk areas, COIs have a personal dimension (e.g., an employee hiring a family member or making a personal investment). This can make it more difficult for the relevant employee to be objective in addressing the issue.

The personal aspect of COIs necessitates stronger policies, procedures and other program controls that can withstand powerful pressures in the heat of a dispute. An assessment can help provide assurance that sufficient controls are in place and that they are working effectively.

A second reason for a COI assessment is that COIs are relevant to a wide variety of other risk areas, such as misuse of company resources, corruption, gifts and entertainment, insider trading and others. Because of this, COI can be seen as a sort of super risk area (or perhaps an ethical foundation for other areas) – with correspondingly heightened assessment needs.

Third, addressing cultural dimensions of C&E is increasingly important to enforcement personnel, boards of directors and others who – in one context or another – might have occasion to do their own assessment of a program. How a company handles COIs can play a major role in shaping its ethical culture, providing further reasons to do an assessment in this area.

Finally, as noted above, COI program assessments do not have be conducted on a standalone basis; rather, they can be built into a general assessment. Thus, cost and employee time needed should usually not be an impediment to assessing COI compliance measures.

What to Assess

First, a good place to start is with a COI risk assessment – evaluating how the COI risk assessment is being conducted. The need for this step may not seem obvious since the main types of COI risks are generally well-known. For most organizations, they are economic relationships (e.g., ownership, employment, receipt of gifts) involving customers, competitors and suppliers and family employment issues. However, a risk assessment helps a company understand not only the “what” but also the “who,” “when,” “where,” “why” and “how” of particular COI risks, which can be key to deploying mitigation efforts in an efficient and effective way.

Second, written policies and procedures are – as one might expect – critically important in this area. All codes of conduct should have COI provisions, and some companies also have standalone policies in this field. In assessing whether the latter is indicated for any given organization, one should consider whether the likelihood or impact of a COI could be great. Also relevant to this issue – and to determining the efficacy of policies and procedures generally – is if the likely COI issues at a company are particularly tricky or complex. This part of an assessment should also consider if the policies are clear and understandable; if they are available in relevant languages and are easily accessible; if they are periodically distributed; and how frequently they are accessed.

Third, certification/disclosure process is another key part of a COI program. The threshold assessment issue here is who should be required to execute certifications. Depending on the results of the risk assessment, these can be required (a) for either some or all employees (depending on their respective risk profiles) and (b) either on a standalone basis or part of a broader (i.e., multi-risk) process. The risk assessment should also determine whether to have detailed certification provisions (e.g., listing all the major areas of COIs) or to address this aspect of certification in a broader way.

Note that most companies seem to do these annually; that is, in our view, generally advisable. However, a less frequent cycle may be acceptable for some – assuming the company communicates that employees must disclose on a timely basis any meaningful changes since the most recent prior certification. Among other things, the assessment should consider the extent to which such disclosures are made.

Also note that companies should consider some transaction testing of reviews of disclosures as part of the assessment. How many transactions should be tested will vary based on a variety of factors, with one option being conducting a small number of these to start and, based on the results of that initial effort, determining whether more is needed. Depending on the scope of the assessment, one might also do transaction testing on gifts and entertainment compliance.

Training and communications are another necessary part of an effective COI compliance program. In assessing this aspect of a COI program, one should first review the type and amount of COI training that a company requires of its employees. For low-risk employees, it may generally be enough to devote a module of the general code of conduct e-learning course to COIs. But higher-risk employees should generally also get in-person training on COIs (which can be part of a broader compliance training session). Additionally, managers need to receive guidance — through training or otherwise – on how to handle COIs disclosed to them by their subordinates. At some organizations, this is part of general compliance training for supervisors.

For this part of the assessment, one should also determine whether the training material is impactful and conveys the dangers of COIs and related compliance challenges. A discussion of behavioral ethics can be helpful in this regard.

Another issue in creating a COI compliance program is who decides if a disclosed COI may be allowed to continue (with or without mitigating conditions). This needs to be established and included in pertinent compliance governance documentation (such as a compliance program charter). There are various possibilities here, but if line management is given the ultimate call, they should at least be required to consult on the matter with (depending on the company) legal, HR and/or compliance. An assessment should consider the efficacy of the approval procedures and the relevant governance documentation.

Finally, the compliance program should be subject to auditing. The assessment should review both audit protocols and actual audits on COI.

Also, for higher risk COI areas, monitoring — which can take many forms —should be considered as well. As with other parts of the program, the specifics of these elements should be dictated at least in part by the risk assessment. (For instance, one might — depending on the results of the risk assessment — allow an employee to serve on a board conditioned on monitoring the board service to make sure nothing has changed to alter the COI risk calculus permitting service.) Based on our experience, COI assessments often find room for improvement with respect to monitoring.


Tags: Board of DirectorsCulture of EthicsMonitoringRisk Assessment
Previous Post

Compliance Investigations in the Time of Coronavirus

Next Post

Effective Auditing and Monitoring: Evaluating Internal Controls at “CAMP”

Jeff Kaplan and Rebecca Walker

Jeff Kaplan and Rebecca Walker

Jeffrey M. Kaplan is a partner in the Princeton, New Jersey office of Kaplan & Walker LLP. He has specialized since the early 1990s in the practice of compliance- and ethics-related law, including assisting numerous companies in developing, implementing and reviewing C&E programs and conducting C&E risk assessments. He has also reviewed programs for many official bodies in connection with settlements of enforcement actions. He is the co-author of a C&E legal treatise, author of several e-books -- including "Compliance & Ethics Risk Assessment" -- and book chapters and many articles on C&E, a frequent speaker at C&E conferences, editor of the Conflict of Interest Blog and formerly an Adjunct Professor of Business Ethics at NYU’s Stern School of Business.
Rebecca Walker is a partner in the law firm of Kaplan & Walker LLP, a firm that specializes in corporate compliance and governance located in Santa Monica, California, and Princeton, New Jersey. For over 20 years, Rebecca has specialized in advising clients on the development and implementation of compliance programs. She has also served as a monitor for the Department of the Air Force and as an independent consultant, reviewing programs for the U.S. Securities and Exchange Commission. Rebecca is the author of "Conflicts of Interest in Business and the Professions: Law and Compliance," published by Thomson West, as well as numerous articles and studies. She chairs the Practising Law Institute's Compliance and Ethics Essentials Institute in New York and the Advanced Compliance and Ethics Workshop in San Francisco and serves on the Advisory Board of "Compliance and Ethics Professional" magazine. Rebecca received her B.A. from Georgetown University and her J.D. from Harvard Law School.

Related Posts

risk reporting concepts

The ‘So What?’ Problem With Board Risk Reporting

by Jim DeLoach
June 24, 2025

10 modern principles for transforming risk communication from compliance exercise to strategic dialogue in uncertain times

board of directors meeting table

Before You Say Yes to That Board Seat: A Director’s Due Diligence Checklist

by Chase Cole and Sidney Edgar
June 24, 2025

Public company directors face scrutiny from Wall Street, Congress, the SEC and beyond — comprehensive preparation is essential for business...

slippery slope ice mountain

The Slippery Slope & Your Culture of Integrity

by Mary Shirley
June 23, 2025

Small transgressions and unanswered questions create pathways to major misconduct — and compliance teams need strategies beyond punishment

low battery on iphone warning

Ethics Fatigue: The Burnout That’s Putting Your Organization at Risk

by Nick Gallo
June 20, 2025

The psychology behind why ethics professionals are exhausted and what companies risk when they let it go unchecked

Next Post
compliance monitoring and assistance program with silhouette of forest at bottom of image

Effective Auditing and Monitoring: Evaluating Internal Controls at “CAMP”

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights