Your best employee might be your biggest conflict of interest

Key insights:

• • • Conflict of interest doesn’t start with bad intent — Often, conflict of interest starts with tenure, trust, and relationships that slowly blur the line between good judgment and personal interest.

    • The real exposure isn’t the fraud itself — The real damage from conflict of interest can be years of skewed vendor decisions, above-market pricing, and lost competitive ground.

    • Companies shouldn’t treat conflict of interest as a disclosure problem — Companies would do well to remember that often conflict of interest is really a data and systems problem.

---

His access logs were clean, so it took weeks to find out what actually happened. He had been borrowing colleagues’ IT logins, who had handed them over without much thought, even though they knew it broke policy. They just didn’t think it mattered. He used those logins to steer million-dollar contracts to selected vendors who were paying him kickbacks.

The company’s conflict of interest policy existed, and people had signed it. Yet, nobody checked whether anyone followed it. And this scheme wasn’t even caught internally. Fortunately, someone outside found it.

This gap between knowing something is wrong and believing it matters — that’s where conflict of interest lives.

The financial exposure goes well beyond the kickback itself

The kickback that was paid to an insider is not the real cost to the company. The real cost is what happens while nobody is looking. As a result of this fraud, this company didn’t even know they were experiencing years of sourcing decisions that were shaped by hidden interests, vendors who never got a fair shot, and pricing that stayed above market price because the person managing the relationship had a reason to keep it there.

Throughout many industries, the numbers back this up. The 2024 Report to the Nations from the Association of Certified Fraud Examiners (ACFE) found corruption in almost half (48%) of all fraud cases. Median loss for corruption schemes was around $200,000, and the average scheme run for about 12 months before anyone catches on. Not surprisingly, 87% of conflict-of-interest fraud perpetrators had no prior criminal record. Indeed, they were trusted employees, not career criminals.

What makes this worse is that most organizations have no reliable way to catch it. Across industry guidance, compliance publications, and professional forums, a consistent picture emerges: The majority of organizations rely entirely on disclosure forms and self-reporting to manage conflicts of interest. Leading compliance expert, Rebecca Walker has publicly admitted that the profession has not solved this problem — and even though the tools exist, almost nobody is using them.

The statistics, however, only capture what gets caught. The psychology of how it starts is harder to measure — and more important to understand. Conflict of interest rarely begins with a plan to steal. Rather, it starts with tenure, trust, and relationships that make someone hard to replace. Over time, the line between good judgment and personal interest doesn’t get crossed, it just disappears.

Taking a more structured approach

Most companies rely on disclosure forms, ethics training, and a code of conduct. They want to tell people what a conflict looks like, ask them to report it, and assume they will. Too often, they won’t.

Disclosure forms ask employees to self-report behavior they often don’t recognize as problematic, and those who do recognize it worry they’ll be investigated or treated unfairly themselves. They’ve watched junior staff held to strict standards while senior leaders get a pass. Unfortunately, that teaches everyone the same lesson: Stay quiet. When 85% of companies with a code of conduct still have fraud at this scale, the problem is not what people know, rather it’s how the program is built.

These failures point to three specific gaps in how most organizations approach conflict of interest: i) how they gather information; ii) how they monitor risk; and iii) how they receive reports. A structured framework — one based on concepts of design, detect, and deploy — can address each one of these gaps directly, with each component being measurable in financial terms.

Design: Are you collecting facts or asking people to confess?

Take a look at how you approach employees around conflict-of-interest issues. Are you seeking information or just generally hoping the employee admits wrongdoing, even inadvertently. A better approach could be to ask specific questions: How long has the employee worked with this vendor? Can the employee award contracts to them? Does the employee have any ownership stake in a company on the approved vendor list?

Let the employee give the facts and then let the system make the call. When you separate sharing information from being judged for it, people actually share and you get better data. And better data means better procurement decisions. That is not a compliance win — that’s a business win.

Detect: Are you looking for conflicts or hoping someone speaks up?

Run your vendor list against your employee records and flag matching addresses, phone numbers, and bank accounts. Check public registries for shared directors between your staff and your suppliers. Look at who has been awarding contracts in the same role for years without rotating, and managers who keep hiring from former employers.

Any company with an ERP system and an HR database can run these checks quarterly. And ACFE data underscores the value in taking the proactive approach: On average, companies using automated transaction monitoring catch fraud within six months and lose about $83,000; and companies that wait for law enforcement to alert them to the fraud take 24 months and lose $675,000.

Deploy: Is your hotline a business tool or a poster on a wall?

Tips catch 43% of all fraud — more than audits, management reviews, and law enforcement combined. Companies with hotlines lose $100,000 in median fraud; but companies without them lose $200,000. A working tips hotline can cut your losses in half.

However, most hotlines are not functioning as intended. They exist on paper without the visibility, trust, or independence required to generate reliable reports. For example, a senior executive was steering contracts to his own associates. And even though a company hotline existed, the executive actually sat on the committee that received the reports. The tool was built to catch misconduct and was working properly, yet it was controlled by the person committing the fraud. The matter had to be escalated outside normal channels, and the senior executive was eventually fired for cause.

Almost half (46%) of employees who report misconduct face retaliation, according to the 2023 Global Business Ethics Survey, from the nonprofit Ethics and Compliance Initiative. When that is the outcome, silence becomes the rational choice. If you want your hotline to work, promote it every quarter. Show people what was reported and what happened because of it. Make sure no single person can block or read a report before it reaches the right people. Being that proactive around your hotline will give employees proof that the system protects them.

Is it worth the investment?

Of course, the question is not whether your company has a conflict-of-interest policy, it most likely does. Rather, the question is whether you would know if someone were breaking it right now.

Companies that design better fact-gathering, detect through monitoring, and deploy trusted reporting can do more than catch fraud early. They can buy from better vendors, compete on fairer pricing, protect their board from liability, and build a culture in which raising a red flag is seen as protecting the business.

If the honest answer is that you would not know if someone was violating your company’s conflict of interest policy, then business case for being more proactive has already been made.

---

You can find more about how companies can best manage business fraud here