Another Refresher on Conflicts of Interest

Managing conflicts of interest is a big part of any corporate compliance officer’s job. Today we have a fascinating glimpse of how complicated that work can be, courtesy of the Wall Street Journal and its detailed account of how the now-former Kohl’s CEO Ashley Buchanan sent company business to his girlfriend.

You probably remember the original story, which first hit the headlines on May 1. That was the day the $16 billion retail chain fired Buchanan, who had arrived as CEO only four months earlier, because Buchanan had “directed the company to engage in vendor transactions that involved undisclosed conflicts of interest.” It soon became clear that the conflict was Buchanan steering consulting and business contracts to Chandra Holt — a former colleague from Walmart, an accomplished business executive in her own right, and Buchanan’s romantic partner for years.

Lots of people in the ethics and compliance community have praised Kohl’s board for its commitment to good business practices, and rightly so; sacking a brand new CEO is difficult under any circumstance. This week the Wall Street Journal published a chronology of Buchanan and Holt’s long-running relationship. It’s a convoluted tale, with Buchanan and Holt zig-zagging through each other’s lives both professionally and romantically for nearly a decade, generating numerous potential conflicts of interest along the way. 

The article is also well worth a compliance officer’s time to read since it gives so many reminders of how conflicts of interest come to exist and why “COIs” can be so pernicious to corporate culture. From there, we can derive a few important points about the policies, tools, and procedures compliance officers should have to manage conflicts of interest — and about how, even with all that compliance program apparatus, some COIs will still drive us crazy.

It’s All About Disclosure

What struck me most while reading the WSJ article about Buchanan and Holt was the sheer amount of hiding that allegedly went on. They hid their relationship from the chairman of Kohl’s, who had known both of them for years and helped recruit Buchanan to the Kohl’s CEO job. They hid their relationship from Buchanan’s previous employer, the craft store Michaels, which had tried to recruit Holt to a senior role there in 2020. (She didn’t take the job.)

While Buchanan was CEO at Michaels, he hid his relationship with Holt from the store’s merchant buyers, who were deciding whether to buy products from Incredibrew, a coffee business Holt ran. Buchanan kept quiet again in his brief tenure at Kohl’s, never telling buyers there that he and Holt were romantically involved even as he supposedly steered a huge contract with “unusual” payment terms to Incredibrew.

Kohl’s also determined that Buchanan steered a consulting contract to Boston Consulting Group, where Holt was a senior adviser. She kept her relationship with Buchanan hidden from BCG. Because of that failure to disclose, BCG has since fired her. We should also note that Buchanan and Holt were both married to other people when they first met, and both filed for divorce in 2020. We have no idea how much hiding happened there. 

My point isn’t just to regurgitate all the salaction allegations here. It’s to underline the fundamental point that conflicts of interest are ethics and compliance issues when someone fails to disclose the conflict. 

That is, in most instances, simply having a conflict of interest is not an ethical failure unto itself. People date and marry their coworkers. They become friends with vendors and business partners. They recommend friends and relatives for jobs. That’s just life, and it happens every day.

Keeping the conflict hidden is what causes ethics and compliance trouble.

That decision to keep quiet — by a CEO, a manager, or really any employee — dupes people. They believe you are making a decision according to one set of motivations or principles; but in fact you’re making a decision according to other, clandestine motives. At the most fundamental and abstract level, that’s why COIs are so corrosive to corporate culture (and why they can bring so much litigation and enforcement risk, once the conflict comes to light).

The proper way to avoid all that grief, of course, is simply to disclose the conflict. Once it’s there, visible for everyone to see, the organization can try to manage the conflict through some process of additional reviews or oversight. That won’t necessarily be easy, but the process will be rooted in transparency — and that transparency fosters trust, which is what organizations need to survive.

Most compliance officers know this already. I just want to dissect all the theory first, because that theory guides the mechanics of how a successful COI program needs to work.

Crafting a Careful COI System

The first step will be to draft a COI policy — but that policy should not prohibit conflicts of interest outright, because as soon as you prohibit conflicts people will worry that they’re doing something wrong and default to keeping quiet. 

Instead, your policy should use language emphasizing the importance of disclosing potential conflicts of interest, so those issues can be assessed and managed. (I know numerous compliance officers who insist that these policies should be labeled as “potential COIs” rather than “COIs” alone, for this very reason.) The goal here is to make employees feel comfortable speaking up and seeking guidance on how to behave ethically. 

Once that objective is declared, the rest of the policy should walk through a few more mechanical steps:

• Define what potential conflicts should be disclosed, ideally with a few examples.
• Explain how employees submit a disclosure, either in writing (if you’re a weirdo who loves manual processes) or through some disclosure tool (if you’re a modern compliance officer who uses IT).
• Explain who will review the potential disclosure, and what criteria that person(s) will use.
• Explain how an actual conflict will be managed, such as by re-assigning certain duties to other employees or requiring the employee to recuse him or herself from certain decisions.
• Remind everyone that disclosing potential COIs is mandatory, and that retaliation against someone who makes a good-faith disclosure is prohibited. 

(I even asked ChatGPT to draft a prototype conflicts of interest policy, available to download. It did a decent job at generating raw material you could fine-tune for your own organization.)

There are some natural limits to this. For example, the higher up the employee is, the more difficult it can be to recuse him or her from crucial decisions. For CEOs in particular, it might be impossible for them to be recused, because everyone in the org chart eventually reports into the CEO. Then again, they do get paid the big bucks to set a higher standard of ethical conduct for the rest of us to follow. Being lonely at the top is part of that job.

But even for CEOs, plenty of potential conflicts can be resolved. That’s the other thing that struck me as I read about Buchanan and Holt’s personal and professional entanglements: so much of this probably could have been avoided, if they had simply been honest and told the right people the truth.