Compliance and Ethics: Ideas & Answers. Edition 30

Dear friends,

Welcome to the 30th edition of Compliance and Ethics: Ideas & Answers!

Today, we start with an article from Steve Oneto on the brighter side of mystery shopping. After that we have an interesting piece from Jeff Kaplan on compliance incentives, risk assessment and moral hazard. Finally we wrap with Adam Balfour 's piece on better ways to manage risks than attaching your organization’s code of conduct to your contracts with third parties.

And as always, there's more content on our website so please do?visit us there?to read our other articles.

Thank you, Joe.

The brighter side of mystery shopping

by Steve Oneto

Whether you administer your own program or hire a professional mystery shopping company to work on your behalf, the importance of a robust mystery shopping program can’t be understated. The shoppers may visit your organization in person posing as customers, or they may be using the telephone or computer to conduct their shop. Sometimes they have specific questions to ask, specific areas to visit, or other tasks depending on your fact-finding goals. Mystery shoppers don’t have a dog in the race, so they give an honest, objective picture of what’s really happening at your company. Let’s face it, any time a customer encounters your product or your employees, it is a sales opportunity, and whether we want to admit it or not, we are all in sales, even if we are simply selling ourselves as representatives of our brand.

However, mystery shops that are focused on adherence to compliance policies rather than sales objectives tend to focus on the negative. “Ken didn’t follow the script provided by Legal.” “Barbie wasn’t able to overcome that objection to using the new vendor onboarding form.” “Allan didn’t follow the appropriate credit card procedure.” Whatever it is. What we sometimes fail to recognize is that Ken was warm and caring. Barbie stopped working on the inventory count her boss told her was crucial, to help with a vendor negotiation. Allan is painfully shy but overcame that shyness to give the customer a tour of the place.

Think back to the last compliment you received. Remember how it made you feel? Did you have a little extra bounce in your step that day? Did you smile more? Did you compliment someone else on the job they’re doing? Sure, you did! That’s what we are saying here – mystery shopping has plenty of “Gotcha!” moments by its sheer nature, but that’s not the end of the story. It also tells us when our team is doing things right. It lets you know that policies are being followed. It tells you when everyone was paying attention in that training class you put together in the Fall. There can also be some inspiring and creative take-aways from experienced shoppers for better product placement and more attention-grabbing ways of promoting new products. They can also inspire means of turning more attention in the back-of-the-house to the company’s helpline.

Read the full article on our website

Compliance incentives, risk assessment and moral hazard

by Jeff Kaplan

As recounted by Joe Murphy, under Department of Justice (DOJ) policy “[i]ncentives need to be part of your compliance program…”?But this is not just because the government says so. Equally important, a compliance and ethics program needs to address incentives if it truly is intended to be effective. Ignoring incentives is a sign that a company is in reality indifferent to compliance? .

One important tool for examining your company’s system of incentives and rewards it to draw in select ways from the field of “moral hazard.”

What is moral hazard?

Moral hazard exists where there is a misalignment of incentives between those with a capacity to create risks and those likely to bear the costs of such risks. ?Moral hazard was initially applied in the insurance business but has been applied in other settings as well. Where this misalignment exists the company is effectively encouraging crime and misconduct through its incentive system.? Compliance and ethics needs to be in position to raise these concerns to ensure the moral hazard risk is effectively addressed.? These risks can be dealt with by changing or reducing the incentives and/or by an appropriately robust system of controls.

Importantly for our purposes, moral hazard has also played a significant role in the prosecution of corporate crime in the US (although this has not always been done using moral hazard terminology). ?That is, the law (most notably the above-referenced DOJ policy) provides for large fines (and other punishment) for organizations convicted of federal offenses, but also recognizes that those who bear the brunt of such punishment (mostly the shareholders) are often different from the individuals who benefit from the wrongdoing in question (usually the executives or other high-ranking personnel).? There is thus a push from DOJ to target penalties toward those actually in position to benefit from the wrongdoing – the responsible executives.

There are many possible ramifications to moral hazard for C&E programs.

Risk assessment – process

How does a company assess moral hazard risk?

In some instances utilizing a standalone risk assessment framework may be useful to identifying and addressing moral hazard – instances where rewards accrue to those who would avoid the risks. ?In other settings moral hazard can be part of the general risk assessment.

The latter makes sense mostly in cases where moral hazard risks are likely to be high or complicated.

Read the full article on our website

There are better ways to manage risks than attaching your organization’s code of conduct to your contracts with third parties

By Adam Balfour

I often hear of people, usually with good intentions, trying to attach their organization’s Code of Conduct to contracts with third parties as a way of trying to reduce compliance risks. I’m not a fan of this practice and this #SundayMorningComplianceTip explains why.

Your organization’s Code of Conduct is designed for your organization and employees. While it might have some sections that address the parties you work with and how to interact with them, the primary audience for your Code is internal to your organization. You are not doing much from a practical standpoint by simply attaching your Code of Conduct as an exhibit to a contract and expecting the other party and their employees to comply with it.

Will anyone from the other side read your Code of Conduct? Probably not - and even if someone from the other side does read your Code, they might only be involved in the contract review stage and not involved in the performance of the contract. Is attaching a Supplier Code of Conduct better? It is slightly better since it at least attempts to target the audience more, but even then the Supplier Code might be very broad and not address specific risks or situations.

Rather than adding your Code of Conduct as an unread exhibit, think about what ethics and compliance risks the relationship could present (including based on due diligence findings), and then craft and talk through the relevant provisions for a written contract that address those risks. And if you have audit rights in a contract, use them - there is no point in spending a whole bunch of time negotiating audit provisions and then never actually using them. If you use a contract management system, you can often leverage those systems to provide reminders about following up on relevant contract provisions to ensure they are being complied with.

Third parties can and do present compliance risks and those risks need to be managed. However, you need to be smart at how you address those risks and not simply throw in your organization’s Code of Conduct as a contract exhibit and think that’s going to add value or mitigate risk.

Read the full article on our website

I hope you found today's journal valuable and, if you would like more analysis and insight?please visit and bookmark our website.