In general, conspiracy theorists are hardly pleasant subject matter for discussion on corporate ethics and compliance. For better or worse, however, the recent travails of Alex Jones and his website Infowars.com, make him an ideal vehicle to discuss emerging pressures around third-party risks and corporate values.
What happened? Since mid-August, Jones has been banned from a number of social media platforms. First were Facebook, Apple, YouTube, Pinterest, and Spotify; all dropped Jones after CNN aired a report showing many instances of Jones’ posts violating their terms-of-use policies.
Twitter let Jones linger until early September, when he confronted the CNN reporter who broadcasted the original story while both were at a congressional hearing in Washington – and, naturally, Jones streamed his entire 10-minute diatribe on Twitter. Thus Jones departed Twitter, too.
For a media personality who depends on social media to disseminate his product, the bans were a heavy blow. Traffic to his website has fallen by half since this started.
Critics would say that’s precisely the point. Jones is unhinged, they say. On the other hand, are people not defending Jones himself, but still uncomfortable with what happened to him. Was this honorable corporate ethics, or shrewd corporate executives avoiding online mob justice? Or both?
My point in this post is not to discuss opinions on Jones or his company Infowars per se. Rather, compliance professionals need to acknowledge that in our era of hyper-transparency, their companies need to have opinions and policies for the Jones’ of their world.
Companies are no longer judged solely by the work that they do, but also who they do that work with. And it goes beyond business practices; the things your third parties say, believe, and support are reflected upon your brand.
Register for Webinar: State of Third Party Risk Management in 2018
Ethics, Politics, & Risk
What’s striking is that if Jones were guilty of any other misconduct – if he were a money-launderer, a harasser, a corrupt intermediary – we wouldn’t be having this conversation. Those are ethical offenses and illegal acts, so dropping him as a business partner would be an easy corporate compliance response.
This is different. Jones’ antics are offensive, but not illegal. So a company’s decision to part ways with him is based on its ethical values alone.
The problem: in our deeply polarized world, political allegiances have become a proxy for ethical values, and vice-versa. So someone can’t hold a political opinion different from yours without you classifying him or her as also unethical — and therefore, that political opponent must be exiled. It’s the ethical thing to do.
The actions a company takes, including its choice of business partners, is indicative of the ethical values the company has.
Is that line of thinking healthy for society? Probably not, although I’ll leave the philosophers to sort out its full implications. It does, however, put enormous strains on corporations looking to embrace ethics in the actions they take — including the choice of business partners — while remaining apolitical in the values they have, so you can court as many customers as possible.
More and more people won’t accept that dodge-and-weave. The actions a company takes, including its choice of business partners, is indicative of the ethical values the company has.
Yes, that’s always been true in some sense. Today, however, with social media allowing different constituencies to emerge and speak in unison like never before, customers and consumers can hold companies’ feet to the ethical fire with brutal efficiency. That’s why Jones was exiled by so many, so quickly.
Build Your Ethics Infrastructure
That’s the why of what’s happening with third-party risk today. How do corporate compliance officers respond?
A thoughtful acceptable use policy (AUP) is a good place to start, especially if you are in high-profile consumer sectors (as the media companies that exiled Jones are) where people use a service you manage.
The National Education Association has a model “AUP” with six recommended elements:
- Preamble
- Definition section
- Policy statement
- Acceptable uses section
- Unacceptable uses section
- A violations/sanctions section
The second, fourth, and fifth elements will be the trickiest ones to articulate, since they require a company to define what its ethical values look like in practice – the specific actions that would qualify as disrespectful or offensive, and why.
For businesses that don’t interact extensively with consumers, and therefore don’t need an AUP in the same sense, increasingly you will need to embed similar concepts in your contract language anyway, because other stakeholder groups increasingly judge you on the company you keep.
That is, even if you are a business-to-business company, where consumers can’t boycott your products because you sell them to unprincipled business customers – our company could face the same pressures from employees, investors, suppliers, or even regulators.
For example, the social media apps that dumped Jones so quickly weren’t only scared of how consumers might react to them; they wondered how Apple might react to them, since Apple owns the platform that distributes their products. If you allow someone to use your product in ways people might judge unethical, might some other business partner then cut ties with you?
Conversely, if one of your business partners allows its customers to use the product in ways that your stakeholders deem unethical, would you want to cut ties with that business partner? Would you have the legal means to do that, through contract language or an acceptable use policy?
That’s a convoluted chain of third-party risk today – and as I said above, it may not be one healthy for society as a whole. But it is where we are, and companies need to develop a response to it. Ethics and compliance officers will ultimately play a big role in that.
Register for Webinar: State of Third Party Risk Management in 2018
