Disclosure is the beginning of conflict management, not its conclusion. What happens after disclosure is what determines whether the framework actually works.
The conflict of interest framework that has invested heavily in disclosure design — the periodic declaration, the event-triggered process, the accessible standing mechanism — and has invested comparatively little in what happens after a disclosure is received has built the front end of the process and left the back end unspecified. The result is a system that captures conflicts and then handles them inconsistently, disproportionately, or not at all — which teaches the organisation, through experience, that disclosure leads to uncertainty and unpredictability, and that the safest response to a potential conflict is to avoid disclosing it.
The post-disclosure process has four components that must be designed explicitly: the initial assessment, the management measures, the monitoring and review, and the documentation. Each serves a different purpose, and the absence of any one of them creates a gap that will eventually be visible — either in an enforcement context, where the absence of documentation is the evidence of inadequate management, or in the organisation's culture, where the inconsistency of responses to disclosures erodes the credibility of the entire framework.
The most important principle in post-disclosure management is proportionality. The response to a disclosed conflict should be calibrated to the nature and significance of the conflict — to the actual or potential influence the personal interest could have on professional decisions, and to the seriousness of the consequences if that influence were to materialise. An over-response to a minor conflict — an immediate removal from role, a formal investigation, a disciplinary process — teaches the organisation that disclosure leads to disproportionate consequences and discourages future disclosures. An under-response to a significant conflict teaches a different lesson: that the framework is not serious.
Not all disclosed interests are conflicts. Not all conflicts require the same response.
The initial assessment of a disclosed interest should determine three things. First: does the disclosed interest constitute a conflict of interest within the framework's definition — that is, could it improperly influence, or could it reasonably be perceived to improperly influence, the individual's exercise of professional judgment? Second: if it does constitute a conflict, what is its nature — actual, potential, or apparent — and what is the significance of the potential influence? Third: what management measures are proportionate to the nature and significance of the conflict?
The assessment should be conducted promptly — not so quickly that it is superficial, but quickly enough that the individual who has disclosed is not left in an unresolved situation that creates anxiety and uncertainty about their position. A clear commitment to an initial assessment within a defined timeframe — five to ten working days for most situations, with a shorter timeframe for situations that are time-sensitive because a relevant decision is imminent — communicates that the compliance function takes disclosures seriously and manages them with the individual's interests as well as the organisation's interests in mind.
The assessment should be conducted by someone with sufficient authority and knowledge to make the judgment the process requires. For disclosures by employees below senior management level, the compliance function is usually the appropriate body. For disclosures by senior executives or board members, the assessment should involve the governance body or designated governance committee responsible for senior-level conflicts, as discussed in the earlier article in this series.
The management measures: what is available and when each is appropriateRecusal, enhanced oversight, divestment, role restructuring, and in rare cases, role change.
Recusal is the exclusion of the conflicted individual from specific decisions, processes, or relationships affected by the conflict. It is the most commonly applied management measure and the most operationally straightforward — the individual continues in their role in all other respects and is simply excluded from the specific category of decision where the conflict is present. Recusal requires clear definition: which decisions, which processes, which relationships, implemented through which mechanism, with documentation of each instance where the recusal is applied.
Enhanced oversight places an additional layer of review on decisions affected by the conflict, without removing the individual from the decision-making process. It is appropriate where the individual's involvement is operationally important and where a genuine, independent review of the decision and its basis provides sufficient protection. Enhanced oversight is only effective if the review is substantive — if the reviewer is genuinely independent, has the information needed to evaluate the decision, and applies real scrutiny rather than pro forma approval.
Divestment — the disposal of a financial interest that creates a conflict — is appropriate where the conflict arises from a financial holding and where the interest can be disposed of without undue personal cost to the individual. Divestment eliminates the conflict at its source rather than managing its consequences, and is therefore the cleanest resolution in cases where it is practically available. The timeline for divestment should be reasonable — sufficient to allow orderly disposal without creating an obligation to accept an unfavourable price — and should be documented as a condition of the management framework.
The management measure that is most commonly under-specified is the monitoring and review component: the process through which the compliance function confirms, at defined intervals, that the management measures are being applied in practice and that the conflict has not evolved in ways that require a revised response. A conflict assessed and managed at the time of disclosure but never reviewed thereafter is a conflict that may have grown, changed character, or generated new decision points that the original management framework did not contemplate. Monitoring is what turns a one-time assessment into a living management process.
A conflict that was managed but not documented was not managed, from a compliance perspective.
The documentation of the conflict of interest management process is not primarily an administrative requirement. It is the evidence that, in an enforcement context or a governance review, demonstrates that the organisation exercised the judgment it was required to exercise: that the conflict was identified, that it was assessed competently, that proportionate management measures were implemented, and that those measures were applied consistently for as long as the conflict existed.
The documentation record for each disclosed conflict should contain: the disclosure itself, dated and attributed; the assessment, documenting the analysis and the conclusions; the management measures determined, with the basis for the proportionality judgment; the implementation record, showing that the measures were actually applied; any monitoring reviews conducted during the period the conflict was active; and the closure record, documenting when and why the conflict was resolved.
This documentation serves the compliance function in two directions simultaneously. In the direction of enforcement or investigation, it is the evidence that protects the organisation from the allegation that it failed to manage a known conflict. In the direction of culture, it is the record that the compliance function can draw on when demonstrating — to governance bodies, to external stakeholders, to the organisation's own employees — that the framework functions consistently and fairly. Neither use is possible without documentation that is complete, accurate, and retained for an appropriate period.
This article reflects the compliance advisory perspective of Compliance House and is intended for informational purposes. It does not constitute legal advice. Organisations seeking specific guidance should consult qualified legal counsel in the relevant jurisdiction.
Download this article
Save a PDF copy for offline reading, or share it with a colleague who might find it useful.