CEOs’ Ethical Standards and the Limits of Compliance

[This essay was originally posted on The Conflict of Interest Blog.]

I’m not one who sees ethics and compliance as operating in wholly distinct spheres, and have long felt that they closely complement each other. (For more on the general relationship between the two see this piece from the SCCE’s C&E journal.) But, of course, they are not the same thing, and to some extent each has reach that the other doesn’t.

More specifically, for any given organization, the boundaries of compliance are – to a significant extent – defined by risk assessment. Compliance-related risk assessment can and should be done in an expansive and innovative manner (as discussed in this complimentary e-book) but it is ultimately finite in ways that are less applicable to true ethical standards. And when it comes to CEOs – who have near infinite capacity for engaging in mischief in their companies – the latter form of protection can be particularly important.

To take the example of conflicts of interest, a prior post described how CEO COIs can be different than those faced by the rest of us and a NY Times story last week seems to illustrate that point. It concerns a company (Questcor Pharmaceuticals) which appears to have timed various corporate announcements with an eye toward boosting its stock price in advance of sales by the CEO pursuant to a “10b5-1” plan (which is an automated procedure to sell stock at specified future dates based on prior instructions). I should stress that the case for the CEO’s stock sales being the motivation for the scheduling of the announcements in question is wholly circumstantial. Still, a commentator from Bloomberg who set out to debunk the case ran the numbers and ended up essentially “rebunking” it – i.e., supporting by statistical analysis, at least to some degree, what the Times suspects.

Not being statistically adept, I have nothing to add about the specifics of this case (other than to say I hope the company’s board conducts an independent inquiry of the matter). Rather, I mention the story because I have to believe that this sort of conflict of interest – assuming, for the purposes of discussion here, that the theory of wrongdoing is well founded – is unlikely to show up in most risk assessments, and thus this illustrates the earlier point about the limits of compliance. But from an ethics perspective, no CEO (or board member or “gatekeeper”) could reasonably believe that gaming a 10b5-1 plan in this way was okay, as it would involve using the company’s resources for purely private purposes (clearly an ethical breach – but perhaps less easily shown to be a legal one).

Indeed, it is precisely because a COI like this is so unpredictable – the Times story seemed to suggest that it was indeed something new under the sun – that it is potentially harmful. That is, when an unforeseeable COI emerges it raises the question: If the CEO is capable of doing this, what other mischief is he or she up to?

What this means is that the primary damage to the shareholders is not whatever costs can be directly traced back to timing corporate announcements for the personal benefit of a executive – an exercise that would likely be too speculative to be meaningful; and, even if the costs were measurable, they would likely end up being a small amount. Rather, the harm flows from a general loss of trust by shareholders from learning that a CEO puts their interests second and – because a CEO can influence her company in so many ways – not being able to monitor all the avenues of possible betrayal that might exist.

Understanding that sort of more general harm is one of the important ways an ethical perspective can supplement a more narrow compliance-based one. And it is part of the reason that boards and senior executives need to understand the importance of truly operating pursuant with high ethical – as well as compliance-related – standards.

Finally, for those who’d like to read more related to this topic please see Scott Killingsworth’s excellent paper on C-Suite behavior, discussed and linked to in this earlier post.