Corporate compliance is becoming increasingly criminalized.
What began as a means of industry self-regulation has morphed into a multibillion dollar effort to avoid government intervention in business, specifically criminal and quasi-criminal investigations and prosecutions.
In order to avoid application of the criminal law, companies have adopted compliance programs that are motivated by and mimic that law, using the precepts of criminal legislation, enforcement, and adjudication to advance their compliance goals.
That’s the take of Todd Haugh, an Assistant Professor of Business Law and Ethics at Indiana University’s Kelley School of Business.
“Criminalized compliance regimes are inherently ineffective because they impose unintended behavioral consequences on corporate employees,” Haugh writes in his recent paper The Criminalization of Compliance. “Employees subject to criminalized compliance have greater opportunities to rationalize their future unethical or illegal behavior. Rationalizations are a key component in the psychological process necessary for the commission of corporate crime – they allow offenders to square their self-perception as ‘good people’ with the illegal behavior they are contemplating, thereby allowing the behavior to go forward. Criminalized compliance regimes fuel these rationalizations, and in turn, bad corporate conduct. By importing into the corporation many of the criminal law’s delegitimizing features, criminalized compliance creates space for rationalizations, facilitating the necessary precursors to the commission of white collar and corporate crime. The result is that many compliance programs, by mimicking the criminal law in hopes of reducing employee misconduct, are actually fostering it.”
Another result – compliance programs school executives in cover-up rather than compliance.
Haugh has a better idea – require companies to measure wrongdoing within the company and prove that they are taking steps to improve the situation.
“Most of the studies of compliance programs show that they are not that great,” Haugh told Corporate Crime Reporter in an interview last week. “If you laid out all of the studies on the effectiveness of compliance programs, more would show that there isn’t much of an effect or there hasn’t been a large effect. That’s the starting point. And that’s a problem for companies. And it’s also a problem for the government too.”
“That’s part of the motivation for the work that I’ve been doing. I’m trying to challenge some of the assumptions upon which compliance is based.”
“I would try to look at the base rate level of wrongdoing within an organization. You find that by looking primarily at hotline calls and investigations within a company. It’s not perfect. It’s not going to pick up all wrongdoing. But it’s going to give you a rough baseline of how much wrongdoing is going on within companies.”
“Then companies need to institute an intervention of some sort. And you can think about that in all different ways. There can be new rules and procedures if they are not in place. It can be behavioral intervention. It can be more education and training.”
“But then we need to keep testing that baseline. That is a more effective way. And we want to see that wrongdoing going down. And companies should be able to show this continuous improvement within the organization on the compliance front. That’s more useful than just saying – you have to have a good corporate culture. Here are the touchstones of an effective corporate compliance program. That’s sort of vague and companies don’t know how to interpret that. There is a more principled way to do it.”
A couple of years ago, we interviewed Hui Chen who was the compliance counsel at the Justice Department. She was trying to get at some of what you were talking about. She was getting into the weeds on this. She came up with detailed questions trying to determine the effectiveness of a company’s compliance program. And this was in the context of whether or not a company would get deferred or non prosecution agreements.
“I think Hui’s approach is excellent,” Haugh said. “I wish she was still at the Department of Justice. She drafted those questions to help determine whether a company’s compliance program is effective or not. That has become more formalized at the Department of Justice. That’s good. Hui’s approach, which has now been more formalized, is a risk based approach.”
“But what I’m talking about is a little bit different. I’m saying – let’s measure the baseline wrongdoing in every organization. Large companies have the capacity to do this if they collect the right data. Once we figure out that baseline, then we can tell whether a company is making improvements or not. And organizations should be making continuous improvement on reducing that baseline level of wrongdoing.”
“Eugene Soltes has written a bit about this – about identifying wrongdoing in organizations. He’s got the right idea. I would like to take that baseline and then require companies to keep testing and reducing that wrongdoing. It’s that idea instead of just telling a company – you have to have an effective compliance program with not a lot of guidance.”
“Now, companies are not exactly sure what they should be doing. And you get a check the box mentality, even in forward thinking companies.”
That kind of internal company information – calls to hotlines, reports of wrongdoing – that is not public information now right?
“That’s right.”
Would you favor the government monitoring that information?
“The simplest way is to think about amending the organizational guidelines to incorporate some kind of baseline measurement of wrongdoing and continuous improvement requirement. That would be the heavy handed way of doing it. You just add that to the requirement of an effective compliance program.”
“Then when a regulator comes in, the company would be expected to have that data available and provide it to the government. That’s one way to do it.”
“Another way to do it, if a company wanted to be an innovator, they could release that information publicly and show that their base rate of wrongdoing is going down. That would be outside the norm for sure, but that would be an exciting concept. Then you would have a race to try and get your wrongdoing down. That would be exciting. I don’t know how realistic that is now.”
There would be two factors you would look at – one is calls to hotlines and the other is reports of wrongdoing?
“Calls to hotlines is the simplest way to do it. You have organizational audits. Of course, there are lawsuits and civil claims.”
One issue is the lack of a federal database on corporate and white collar crime. What about requiring companies to report not just to report hotline numbers but adjudicated wrongdoing – civil and criminal settlements?
“And there have been calls for better data related to white collar and corporate crime. And that goes back thirty to forty years. I don’t understand why it’s not happening.”
“Whether there would be a required public database – I’m sort of indifferent. Third parties have picked up the slack here. You think of the corporate prosecution database at the University of Virginia, you think of Violation Tracker. There are some on the securities side looking at SEC cases. There have been big advancements in these databases. Whether we need a centralized federal database – that would be great in some ways.”
“We could get some of that data now. But what I’m advocating for now is that companies internally keep their data and make sure they are seeing improvements based on interventions that they make. If I was a prosecutor, that’s what I would want to see when I went in to investigate a company.”
[For the completeq/a format Interview with Todd Haugh, see 34 Corporate Crime Reporter 20(11), May 18, 2020, print edition only.]