It is difficult to keep a company on the path of legal compliance and to maintain its reputation especially since following the law does not necessarily protect an organization’s reputation.
Recently, AT&T and Novartis experienced the pain a bad decision can have on reputation and financial value. The CEO’s for both Novartis and AT&T gave mea culpas for hiring Michael Cohen, Donald J. Trump’s former lawyer.
Novartis’ chief executive explained that it was a bad decision for his company to pay Michael Cohen $1.2 million dollars to consult on how the Trump administration would approach policy decisions related to the Affordable Care Act.
Likewise, AT&T’s CEO said that “Hiring Michael Cohen as a political consultant was a big mistake." Cohen was going to advise AT&T on the key players in the Trump administration; on those key players’ priorities; and on “how they think,” including the administration’s approach on AT&T’s proposed merger with Time-Warner.
To be clear, according to both companies, their decisions to hire Cohen were legal since hiring someone to provide a corporation with insight into an administration in itself is not a crime.
In fact, Cohen is not the first person to sell his knowledge or experience with a particular administration. Many who have held government positions or who have unique access and knowledge about the government are hired as “consultants” or “lobbyists.” And, this is not just a U.S. thing. Most businesses that work internationally know that retaining a former government official, in almost any country, to consult on how the government operates and to make introductions facilitates developing business.
But, with this benefit comes risk. Consultant and lobbyists—whether in the U.S. or outside of the U.S—who have access to government officials or former government officials, or who otherwise have “inside” government information, although capable of providing valuable political strategy to a company, may also, intentionally or unintentionally, expose a company and its employees to reputational damage and to criminal behavior such as bribery, conflicts of interest, and a whole host of other crimes.
As a result, when an organization decides to hire a consultant is connected, like Cohen is, the organization should proceed with caution. First, conducting due diligence on the consult is a must so you can know who their family members and business partners are, where they are invested, what they did in the past, what they will do with the money you pay them, etc.
Second, an organization needs to make sure that leadership, including its lawyers, know a consultant with ties to the government is going to be hired, this includes the fees to be paid to the consultant, and the scope of the work.
The CEO’s for both AT&T and Novartis admit their mistake in hiring Cohen was a result of “moving too fast” and a lack of due diligence. More precisely, Novartis’ CEO said he really did not even know who Cohen was and, very soon after signing the agreement with Cohen to provide policy advice, it became clear to Novartis that Cohen had oversold his ability to advise on health policy.
As for AT&T, apparently AT&T’s government affairs group hired Cohen; and according to AT&T’s CEO, Cohen was not adequately vetted. In the wake of this matter, the leader of AT&T’s government affairs group will retire; and, going forward, AT&T’s government affairs team will report to AT&T’s lawyers.
AT&T’s decision to place the responsibility and authority to hire political consultants in the hands of its lawyers is one way of mitigating the risk of the reputational damage it and Novartis suffered. But not the only way, because at Novartis, the lawyers were involved, yet Cohen was still hired. Novartis’ general counsel resigned over the matter.
The facts that are known about how AT&T and Novartis decided to hire Cohen demonstrate why it is vital to define who within an organization has responsibility and authority to make decisions that have the legal and reputational implications that hiring Cohen had.
An effective way to clearly define responsibility and authority, essentially who owns a decision, in an organization is through a well-configured “matrix of authority.”
A matrix of authority broadly identifies the decisions a company regularly makes, for example retaining political consultants, leasing factory or office space, merging or acquiring another company. Once the decisions are listed, each decision should then map to the role/function/title within the organization that has authority and responsibility to make the decision. The role/function/title listed as the “decider” should have the necessary clout, experience and knowledge depending on the type of decision. For example, a decision to re-brand the company would sit with the CEO but also an organization’s marketing leader. Or, a decision to re-finance debt, depending on how much debt, may rest with the CFO or the CFO’s designee.
The AT&T and Novartis situations further demonstrate how a matrix of authority should be designed and how it may blunt legal and reputational damage.
As a result of the Cohen hire, going forward AT&T lawyers now own the decision on whether to retain political consultants. Theoretically, the lawyers should know the legal requirements that apply to working with political consultants who have government ties – for example lobbying, ethics and corruption laws. With this knowledge, the lawyers should be able to assess the legal and reputational risks of the decision; advise leaders on these risks; and advise on steps to manage these risks.
However, for political consultants with Cohen’s connections and profile, the lawyers should not have the final say. Rather, the matrix of authority should assign final authority and responsibility to the AT&T CEO and possibly its board, informed by the lawyers.
If, for example, the Novartis CEO had been clearly identified as the individual with the final authority and responsibility to retain political consultants like Cohen, then the CEO would know it was his obligation to make sure he is satisfied that the hiring decision complies with the law and is in the best interest of the company. Rather, than having to explain his company’s decision after the “writ” has already hit the fan.
The matrix of authority also relieves leaders of having to review every decision. For example, if a company wants to hire a political consultant to advise on a state’s approach on public-private partnerships and the consultant is a professor focusing on public-private partnerships with no government relationships, the final authority and responsibility may rest with more junior lawyers and managers. Thus, leaders are not burdened with these less risky decisions. For, I can assure you, many an organization develops procedures and policies to blunt some risk, only to find it has gridlocked itself with some onerous review and approval process which ties up leadership with decisions they don't need to make. This ends up making everyone in the decision chain frustrated; and, slows business decisions without necessarily mitigating risk.
Without defining who has responsibility for decisions, organizations risk exposing themselves to decisions being made without adequate facts; without adequate subject matter advice; and without the judgment and knowledge of leadership. A matrix of authority provides clear definition to both employees and leaders on who owns decisions; and, as a result fosters more thoughtful decisions. Because, for most of us, when we know we have the responsibility, we act with more diligence and thought. So, had the AT&T and Novartis CEOs knew of their organizations’ decisions to hire Cohen, they may have thought through the implications and may not have found themselves having to explain their mistakes.
"It is hard to imagine a more stupid or more dangerous way of making decisions than by putting those decisions in the hands of people who pay no price for being wrong." Thomas Sowell
Margaret Cassidy is principal at Cassidy Law. Learn more about the firm’s capabilities by clicking here.