Conflict of Interest Primer

Notable events and regulations that have shaped Conflict of Interest.


You’ve heard it before, but compliance is key. Here’s a quick look at some of the drivers behind healthcare compliance trends as well as the requirements governing them, and why so many industries are digging deep to meet—or more often, beat—standards.

Compliance within the Healthcare Industry
It’s hard to think of another industry which guards so much detailed private information about so many people. That’s exactly why it’s so pertinent that medical providers and insurers ensure that people with access to that information—not to mention patients—are a known entity. Any possible conflicts of interest must be disclosed in a way that ensures that the people that need to be aware of them, are.

1996 Health Insurance Portability and Accountability Act:
HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) establishes national standards for the protection of certain health information.

HIPAA Security Rule (Security Standards for the Protection of Electronic Protected Health Information) establishes a national set of security standards related to protecting certain health information that is held or transferred electronically, and defines the technical safeguards required to satisfy the Privacy Rule. “Covered entities” include: health plans, health care clearinghouses and any health care provider who transmits health information electronically.

Covered entities must maintain reasonable and appropriate administrative, technical and physical safeguards for protecting e-PHI. They must (1) ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit, (2) identify and protect against reasonably anticipated threats to the security or integrity of the information, (3) protect against reasonably anticipated, impermissible uses or disclosures and (4) ensure compliance by their workforce.

DRIVER: HIPAA is expansive—Covered entities include everyone from the smallest local medical provider, to major multi-state health plans. If you touch medical records—or deal with patients—you are legally bound to comply.

The (Physicians Payments) Sunshine Act:
Passed in 2010 as part of the Affordable Care Act, the Sunshine Act is designed to increase transparency with regard to the financial relationships between physicians, teaching hospitals and manufacturers of drugs, medical devices and biologics. The Center for Medicare & Medicaid Services (CMS) fulfills the law’s mandate through the Open Payments Program.

Manufacturers must submit annual data on payment and transfers made to covered recipients. Physicians have 45 days to review their Open Payments data and dispute errors before public release.

DRIVER: The Sunshine Act governs relationships—specifically the financial activities between organizations doing business together within the health care sector. Annual data reporting is required, and partners must share identical information.

National Institutes of Health (NIH):
As the “steward of medical and behavioral research for the nation” and governed by HHS, NIH provides significant federal funding and grant dollars to health care providers and research institutions. But all awards are subject to a series of terms and conditions.

NIH’s mission is accomplished through the “conduct and support of biomedical and behavioral research, research training, research infrastructure and communications,” both intramurally and extramurally, “through grants, cooperative agreements and contracts awarded to institutions of higher education, governmental organizations, non-profit research organizations, for-profit organizations and individuals.”

DRIVER: As a Federal grantor, NIH is responsible to both Congress and taxpayers for carrying out its mission in a manner that not only facilitates research, but does so cost-effectively and in compliance with applicable rules and regulations. NIH relies on a system of checks and balances and separation of responsibilities within its own staff, and maintains a similar set of expectations for recipient organizations.

To maintain eligibility for NIH funding, compliance requirements must be met—and information shared related to expenditures.


You’ve heard it before, but compliance is key. Here’s a quick look at some of the drivers behind fiduciary compliance trends as well as the requirements governing them, and why so many industries are digging deep to meet—or more often, beat—standards.

Compliance within the Fiduciary Industry
Tracking conflicts of interest and ensuring that all employees are following federal regulations are mainstays in the financial industry. When big money is at stake, it pays to make sure you and your company are protected from accusations of impropriety.

The Securities Exchange Commission (SEC):
The mission of the SEC is “to protect investors; maintain fair, orderly, and efficient markets and facilitate capital formation.” The SEC “strives to promote a market environment that is worthy of the public’s trust.”

According to Carlo di Florio, Director of the Office of Compliance Inspections and Examinations, the SEC’s examination program (formally known as the National Exam Program), has adopted a “risk-based strategy,” and has identified COI as a key area for risk analysis: “This is based on the long experience of our exam program that conflicts of interest, when not eliminated or properly mitigated, are a leading indicator of significant regulatory issues for individual firms, and sometimes even systemic risk for the entire financial system.”

NEP priorities include:

  • Compensation-Related Conflicts and Incentives
  • Portfolio Management-Related Conflicts
  • Affiliations between Investment Advisers and Broker-dealers
  • Valuation
  • Transfer Agent Conflicts
  • Exchange Conflicts

This means that the SEC particularly focuses on COI as part of their assessment, using that to inform their decision about who to “go after/explore/audit.” They tend to hone in on COI related to confidential information received through investment banking and business operations.

SEC Risk Alerts: When the NEP identifies conduct that may create new risks for the industry, the SEC shares its concerns to senior management, compliance and risk managers via Risk Alerts. The program was begun in 2011 to not only inform, but prompt action—and so that execs can’t blame ignorance after the fact.

Di Florio, on the SEC’s COI perspective: “[COI] are a particularly important challenge for large and complex financial institutions, which can have affiliations that lead to a host of potential conflicts of interest. If these are not carefully managed, this then leads to failure to protect the client’s interests, with attendant regulatory and reputational risks that could be disastrous. Just as important, these businesses are highly dynamic, as new products, activities and trading strategies constantly evolve to meet changing client needs and market conditions. This means that new conflicts are constantly arising, and so these firms need to be very disciplined in continually searching for new conflicts and working through how to address them.”

Financial Industry Regulation Authority (FINRA): Has a self-described mandate to “protect investors and promote market integrity” among brokers within securities firms. This regulating body conducts regular sweeps—In 2012, they targeted corporate approaches toward identifying and mitigating COI under the guise of “better understanding industry practices.”

The 2008 Financial Crisis: Exposed COI in many areas, particularly in the production and sale of mortgage-backed securities, and among credit rating agencies that rated these instruments.

The 2001 Internet Bubble Burst: Exposed problems with conflicted research analysts who appeared to be influenced by their firms’ investment banking interests. This led to the development of new research-related regulations by FINRA and to provisions in the Sarbanes-Oxley Act dealing with research analyst conflicts of interest. In 2003, the SEC found that “the use of brokerage commissions to facilitate the sales of fund shares [was] widespread among funds that rely on broker-dealers to sell fund shares, resulting in the adoption of new rules to prohibit funds from this practice.”

Employee Retirement Income Security Act (ERISA):
The Department of Labor changed the rules governing retirement investment advice, effectively bringing ERISA into the 21st Century and in step with modern financial plans.

But these evolving regulations also increased retirement plan sponsors’ fiduciary and compliance responsibilities. All plans are now required to meet a variety of IRS-enforced compliance requirements, and even though fiduciary requirements enforced by DOL apply to ERISA plans, parallel state fiduciary laws and industry “best practices” often mean that meeting them is appropriate for sponsors of all types of plans.

Although the loopholes and gaps currently pose significant risks related to COI, the new rule applies a fix, establishing the “types of relationships that must exist for such recommendations to give rise to fiduciary investment advice responsibilities.” The DOL also outlines the types of communication which can constitute investment advice.

As part of the Best Interest Contract Exemption, a financial institution is required to “acknowledge fiduciary status for itself and its Advisers… and receive no more than reasonable compensation.” Each financial institution must also “adopt policies and procedures reasonably designed to mitigate any harmful impact of conflicts of interest, and disclose basic information about their conflicts of interest and the cost of their advice.” In-place policies, procedures and COI mitigation strategies must also be displayed on that institution’s website.

ERISA: The new regulations require conflict of interest reporting, and the penalties for noncompliance can be heavy.

June 7, 2016 – Rule went into effect.
April 10, 2017 – Phase 1 compliance required.
January 1, 2018 – Full compliance required.

Publicly Traded Companies

You’ve heard it before, but compliance is key. Here’s a quick look at some of the drivers behind business compliance trends as well as the requirements governing them, and why so many industries are digging deep to meet—or more often, beat—standards.

Compliance for Publicly Traded Companies
Publicly-owned companies are subject to detailed disclosure laws about their financial condition, operating results and management compensation. While these disclosure obligations are primarily linked with large publicly-traded companies, many smaller companies choose to raise capital by making company shares available to investors. In these instances, small businesses are subject to most of the same disclosure laws that apply to large firms.

Disclosure laws and regulations are monitored and enforced by the SEC.

Sarbanes-Oxley Act:
Following the Enron scandal (which came to light in 2001), the SOX Act was established to require companies to more broadly disclose transactions to investors and employees. It significantly changed SEC disclosure requirements.

SOX guides the 1) reform of auditing and accounting procedures, including internal controls, 2) the oversight responsibilities of corporate directors and officers and regulation of conflicts of interest, insider dealings, and the disclosure of special compensation and bonuses, 3) conflicts of interest by stock analysts, 4) earlier and more complete disclosure of information on anything that directly and indirectly influences or might influence financial results, 5) criminalization of fraudulent handling of documents, interference with investigations, and violation of disclosure rules, and 6) requiring chief executives to certify financial results personally and to sign federal income tax documents.

DRIVER: This is simple—publicly-traded companies are legally bound by SOX, which also places formalized liabilities/responsibilities upon chief executives.

Privately Held Companies

You’ve heard it before, but compliance is key. Here’s a quick look at some of the drivers behind business compliance trends as well as the requirements governing them, and why so many industries are digging deep to meet—or more often, beat—standards.

Compliance for Privately Held Companies
Investors and shareholders alike need the peace of mind that each person involved in their investment—from the ground up—is on the “up-and-up,” and that any potential conflicts are resolved before they can present a problem, or imply impropriety.

Sarbanes-Oxley Act:
It’s a common misconception, but SOX is often perceived as only applying to publicly-held companies. That’s not true, as there are some provisions that apply to privately-held companies, and lenders, investors and potential business partners widely consider SOX corporate governance requirements as “best practices.” It also deserves mentioning that a failure to comply with SOX requirements can impede a sale to a public company.

One provision worth mentioning (and bearing severe penalties), is the fact that liabilities for violations of federal and state securities laws are not dischargeable in bankruptcy, including liabilities for fraud related to the private placement of securities.

Legal penalties are probably the most significant drivers, but best practices, fueled by the following questions, are important as well:

  • Does the Company have a current form NDA with potential business partners, including state of the art provisions related to electronic media?
  • Does the Company have a standard form contract with effective provisions regarding confidentiality and assignment of inventions for employees and independent contractors?
  • Do the Company’s standard agreements have provisions adequately limiting the liability of the Company?


You’ve heard it before, but compliance is key. Here’s a quick look at some of the drivers behind business compliance trends as well as the requirements governing them, and why so many industries are digging deep to meet—or more often, beat—standards. 

Compliance for Non-profits
Although corporate compliance is relatively new to many nonprofit service providers, organizations that receive direct or indirect federal funds must conform to corporate compliance standards.

For non-profits, compliance is about two things: (1) demands for transparency, and (2) the receipt of grant, federal and donation funding. It can even be put more simply: Ethics is inherently tied to COI.