Conflict-of-Interest Disclosure Manager: From Disclosure to Documented Management Plan
Let employees disclose conflicts of interest, route each one to an ethics reviewer for an adjudication, record the management plan, capture the employee's acknowledgment, and run annual re-disclosure — with a human approving every determination before it's recorded as resolved.
A web tool where employees disclose conflicts (outside jobs, board seats, family ties, financial interests, vendor relationships), each disclosure routes to an ethics reviewer who adjudicates it (no conflict / manage with conditions / prohibited) and writes a management plan, the employee acknowledges the plan, the tool schedules annual re-disclosure and sends Resend reminders, and you export a complete COI register with every determination.
Before you start
- A Supabase account (free)
- A Vercel account (free)
- A Resend account (free)
- Your current COI disclosure form fields (the questions you ask today)
- Your list of employees / disclosers (a CSV is fine)
- Claude Code or any AI coding agent
The problem this kills
Conflict-of-interest disclosures are the part of ethics work that quietly falls apart in a shared inbox. An employee emails that their spouse just took a job at a vendor, or that they joined a nonprofit board, or that they have a financial stake in a startup the company might acquire. You read it, you think about it, you maybe reply with some conditions — and then it lives in a thread, a sticky note, and a spreadsheet tab nobody can find at audit time. Did anyone actually decide whether this was a conflict? Did the employee agree to the conditions? When is it due to be reviewed again? Who can see the sensitive details?
A yes/no attestation campaign doesn't fix this — that just tells you who clicked "I have nothing to disclose." The hard work is the actual disclosures: capturing the messy detail, getting a real adjudication on the record, writing down the management plan, and proving the employee acknowledged it. You don't need a six-figure GRC platform and you don't need to be a developer to run this properly.
What you'll build
A simple internal web tool. An employee logs in and discloses a conflict — the type (outside employment, board/advisory seat, family relationship, financial interest, vendor/supplier tie, gift, or your own categories), who and what is involved, and the details. The disclosure routes to an ethics reviewer, who reads it, asks for more if needed, and records an adjudication: no conflict, manage with conditions, or prohibited — along with a management plan (recusal from certain decisions, divestment, a screen, reporting-line changes, whatever applies). Nothing is marked resolved until the reviewer approves the determination. The employee then acknowledges the plan, putting their agreement on the record. The tool schedules annual re-disclosure, sends Resend reminders when something is coming due or sitting unreviewed, keeps the sensitive details access-restricted, and lets you export the full COI register — every person, disclosure, determination, and condition — for your board, your auditors, or your regulator.
What's inside the Implementation Plan
The downloadable plan is a step-by-step file you paste into an AI coding agent. It opens by interviewing you about your business — your current disclosure categories and form questions, who reviews and on what authority, your determination labels and what conditions you typically impose, your re-disclosure cadence, who is allowed to see disclosure detail, and your messy edge cases — and then it tailors the data model, the routing, and every later step to your answers. This is not a generic template; the agent reflects a short spec back to you and waits for your thumbs-up before it builds anything. From there it walks the agent through the disclosure form, the reviewer queue, the adjudication-and-approve gate, the employee acknowledgment, the annual re-disclosure scheduler with reminders, and the register export — each step with a ready-to-copy prompt. There's also a fallback so you can build and run the whole thing today even with no integration to your HR system: import an employee CSV and export a clean register CSV.
The governance it includes (this is the point)
This is sensitive ethics tooling, so it ships with the controls a compliance function needs: login so only your people can use it, row-level security so disclosure detail is access-restricted and an employee only ever sees their own disclosures while reviewers see only what their role permits, a complete audit trail of who disclosed, reviewed, adjudicated, approved, and acknowledged what and when, a hard human-in-the-loop approval gate so no disclosure is recorded as resolved until a reviewer signs off on the determination and plan, and duplicate guards keyed on person + disclosure so the same disclosure can't be processed twice.
Who it's for
Ethics and compliance officers, general counsel, and HR partners who must capture and manage real, disclosed conflicts of interest — not just collect annual yes/no attestations — and who need to prove to a board or auditor that every disclosure was reviewed, decided, and acknowledged. If you can describe how your organization decides what's a conflict and what to do about it, you can build this.
You've got this — start with the plan, paste the first prompt, answer the interview, and you'll watch your first disclosure flow from submission to a documented, acknowledged management plan the same afternoon.