a practical guide to addressing conflicts of interest june ... · scce higher education compliance...
TRANSCRIPT
SCCE Higher Education Compliance Conference
1
MADONNA DOUGHERTYE T H I C S O F F I C E R
J O H N S H O P K I N S U N I V E R S I T Y
A P P L I E D P H Y S I C S L A B O R A T O R Y
A Practical Guide to Addressing Conflicts of Interest
June 1, 20151
• Finance Industry– Dual roles – lobbying– Fiduciary duties
• Healthcare– Advising patients– Research affiliations
• Media– Issues that affect media itself
– Advertising• Murdock example• Less investigative journalism
Types of COI…..• Universities
– Publications /Research
– Mandatory Book requirements
– Romancing students
• Legal Firms– Opposing clients
– Advising clients
• Stockbrokers– Concealment
– Dis‐Information
– “Pump & Dump”2
SCCE Higher Education Compliance Conference
2
Why it matters……
Lockheed Martin CEO‐to‐be resigns over affairChristopher Kubasik, 51, had been in line to become CEO
3
Trends
4
SCCE Higher Education Compliance Conference
3
• Guidance?
– No one area of law for reference
• SOX, EEO, OSHA, RICO, Anti‐trust, FAR,
the list goes on…………
– Definition of COI is often
broken down even further
• Variety of everyday activities can lead
to a COI, no one type of activity to track
• COI can be both Personal or Organizational
– Personal is just that, thus easy to conceal
– Organizational is across the organization,
and/or with other orgs, can be hard to reign in or detect
Guidance
5
• Define/Identify COI for YOUR organization– Industry variations– Company culture – Fiduciary Duties– Professional Credos/Oaths– External Organizations
• Regulators? • Auditors? • Industry Analysts?
– Management Levels• Varies according to job duties (opportunity, motivations, incentives)
• Varies according to position (the higher the level, the higher the exposure/risk)
Identifying COI/Risk Assessment
6
SCCE Higher Education Compliance Conference
4
• Eliminating COI is not always possible or desirable– Cost effectiveness / Shared resources– Reach back to technical expertise– Productivity/Positive motivations
• Varies according to position (the higher the level, the higher the exposure/risk)
• Covered by Policies in Place/Code of Ethics and Conduct?
• Mitigation possible?• Discipline? • Authority over review?
– Ethics Office– Legal Office– HR Specialist
Management
7
• Usually starts with Code of Ethics and Conduct/SOX §406
• Financial COI ($$)– Outside activities
• Moonlighting/Volunteerism/Public Service– Outside Interests
• Stocks / Ownership of competitor or supplier– Inside interest (joint venture, partnership, or other business with your company)
– Acceptance of Gifts/Gratuities/Entertainment
• Personal Relationships– Familial / Nepotism– Same‐sex relationships– Romantic relationships
• Regulatory requirements specific to your industry/company
Policies
8
SCCE Higher Education Compliance Conference
5
• Common area of perceived COI– Define based on your industry
• Regulated? – Certain industries are so regulated your policies are practically written for you
• Government contracting• Stock brokerages
• Fair and Consistent application of policy• Reporting?
– Every instance? Under defined conditions?
• Tracking– Every instance? Under defined conditions? – Administrative costs v benefits?
Gifts, Gratuities
9
• Avoid entirely, e.g. blind trusts, prohibitions (on accepting gifts, on relationships, etc.)
• Disclosure Requirements
• Certifications
• Waivers / Pre‐approvals
• Recusal
• 3rd Party Evaluators / Multi‐Party Contributors
• Monitoring (not audit of your COI program but monitoring of approved situations)
• Regulatory requirements
• Training and awareness are important, don’t rely on just one method ,e.g. annual compliance training, use varied media (live briefings, company articles, COI surveys, etc)
Controls/Mitigation
10
SCCE Higher Education Compliance Conference
6
• Personal COI: employee vs. company interests, looking to avoid conflict
with company’s business interests or avoid risk of favoritism/discrimination allegations
• OCI: company and 3rd party interests
– Customers
– Clients
– Government: federal contractors must adhere to Federal Acquisition Regulations (FAR) §9.5, as well as revolving door (former gov’t officials) and acquisition functions (trusted advisor support)requirements
PCOI vs. OCI
Both PCOI and OCI mitigation should address even a perception of COI
11
• Mitigating familial or other relationship type COI– Policy decision on what will or will not be permitted
• Define to what degree (cousins? romantic? “close”?, etc) • Prohibit relationships? Allow for mitigation? Waivers for unique situations?
– If permitted, document mitigation: • the relationship should not influence or appear to influence hiring, performance appraisals, salary, promotions, discipline, task assignments, or other work‐related activities
• employees in a relationship should not occupy a position with the authority or opportunity to affect the other’s career
• Firewall, no access to, personnel files or information of the other• Management chain available, to report or resolve issues, that does not include related employee
• Mitigating outside interests or activities– Depends on type of interest/activity but should consider use of:
• Nondisclosure agreements• Restriction of licensing or other rights• Organizational/Management Chain isolation• Controlled Access to certain company information or facilities
PCOI Policies/Mitigation
12Approvals and execution by all parties recommended
SCCE Higher Education Compliance Conference
7
• Inability or potential inability to render impartial services, where objectivity may be perceived impaired, or the contractor has an unfair competitive advantage.
• In USA/UK/NATO, there are 3 types of OCI (in USA per GAO decisions):– Unequal Access to Information: nonpublic information during
performance of a contract (e.g. proprietary or financial data of the government or a competitor) which may yield an unfair competitive advantage
– Biased Ground Rules: establishing the “critical baseline” for a contract that your company may compete for (e.g. writing or advising on the SOW, specifications, evaluation criteria, proposal development, etc.)
– Impaired Objectivity: contractor placed in a situation of providing assessment and evaluation over work performed or products provided by the same contractor
OCI: Government Contracting
13
NIH COI Guidance
14
SCCE Higher Education Compliance Conference
8
NIH COI Guidance
15
NIH COI Guidance
16
• Certifying COI– Each NIH peer reviewer must certify, under penalty of perjury
(US Code Title 18 chapter 47 section 1001), that to the best of his or her knowledge he/she has disclosed all conflicts of interest that he or she may have with the applications or R&D contract proposals; he or she fully understands the confidential nature of the review process and agrees:
– (1) to destroy or return all materials related to it; – (2) not to disclose or discuss the materials associated with the
review, the evaluation, or the review meeting with any other individual except as authorized by the Scientific Review Officer (SRO) or other designated NIH official;
– (3) not to disclose procurement information prior to the award of a contract; and
– (4) to refer all inquiries concerning the review to the SRO or other designated NIH official.
SCCE Higher Education Compliance Conference
9
• OCI Plans: must meet FAR/Agency requirements – Description of the OCI Situation/Analysis: often left out yet is an
integral element of any mitigation, “why is this Plan necessary”? – Organizational Isolation and Controlled Access to program
facilities – “Firewalls” (Key Principle); includes IT network isolation as required
– Special document handling and storage (information protection)– Employee awareness and training on both OCI generally and on
the specifics related to the OCI Plan– Limitation on personnel transfers, if applicable
• Use this judiciously , restrictions affect individual employee’s ability to work or transfer and can have significant impact on their personal lives
– Flow down of all OCI requirements to subcontractors– Audits
• Many US government agencies now have checklists with required Plan elements
OCI Mitigation Plans
17
• Institution vs. Directors & Officers
– Business Judgment Rule: presumption that directors act on an informed basis, in good faith, in the honest belief that action is in the best interest of the company
– Duty of Loyalty : directors owe duty of loyalty to institution
• Breach of duty? A “Self‐dealing” transaction is not automatically void if the underlying COI is removed by showing the transaction is substantively fair
–Was it procedurally fair, did other directors know and tainted director recuse themselves? OR was transaction substantively fair to the company?
• §8B of Sentencing Guidelines, do you have a monitored, bona fide and effective ethics & compliance program?
Defending the Institution
18
SCCE Higher Education Compliance Conference
10
• Annual Certification Tools
– “One & done”
– Unstructured
– Limited to interval /leaves time gap
• Dynamic COI Database
– Can be real‐time
– Provides historical/repository reporting
– can breakdown COI data by department, by COI type, etc
– Improves organizational justice
– Provides transparency19
Tracking and Managing COI
• Rely on Self‐Disclosure?
– Confidential reporting
– Anonymous hotlines
• Ensure a feedback mechanism
– Possible gaps
• Require affirmative disclosures
– From all?
– Situational?
20
Disclosure Requirements
SCCE Higher Education Compliance Conference
11
• Communication Plan is key– Foster a “we are in this together” need to protect reputation of institution
– Choose words wisely• Use “disclose”, not report• Use “save” , not submit• Use “cleared”, not accept/reject• Use “disclose & manage” , not investigate & sanction
– Ensure confidentiality of disclosed data, explain this is similar to other employee data integrity, e.g. HR data, Medical data, payroll data
21
Privacy Concerns
COI is an increasing area of risk for institutions, start with identifying COI for your organization
Robust Ethics & Compliance program which creates awareness a must
Develop ways to mitigate COI to address the risk yet allow maximum use of resources
Take Away ……..
22