A guest post from Jon May.
Today we ask the question: “What evidence does the United States Department of Justice or the United States Sentencing Commission have that compliance programs actually prevent crime.”
The short answer is that there is none. Let’s talk about why.
In the 21 years since the Department of Justice decided to consider a company’s efforts to prevent its employees from committing crimes, in determining the most appropriate sentence to recommend to the court, companies have spent tens of billions of dollars on compliance programs. The idea behind this initiative was that since there are not enough investigators to uncover white collar crimes and not enough prosecutors to bring charges against all the bad actors committing white collar crimes, out sourcing this police function (or what industry likes to call self-regulation) was more likely to uncover, punish, and deter illegal activity than a few high profile prosecutions. That was the theory anyway.
When a prosecutor makes an opening statement and tells a jury that she is going to prove the accused stole $10 million from his company, the prosecutor better provide evidence that $10 million disappeared and that the defendant was the one responsible. If the defendant is going to stand a chance of acquittal, defense counsel is going to have to demonstrate why his client is not responsible for the loss. When the jury goes to deliberate, they will not just have the versions of events presented by the opposing parties, they will have the testimony to consider and the evidence to review and even touch. When I meet with a prosecutor to try to convince the prosecutor that she is mistaken about my client, that he is actually innocent of wrongful conduct, I am expected to confront the government’s evidence and demonstrate why the prosecutor’s view of the evidence is wrong. But for some reason, the United States Sentencing Commission and the United States Department of Justice get away with imposing obligations on companies without having to prove that any of these requirements even work.
How is that? Because the Department of Justice doesn’t have the information they need to know what does work. Unlike crimes like robbery, rape, and murder, where the Department of Justice collects information from the various states and publishes yearly data on whether or not the incidents of different crimes has gone up or down, the Department of Justice (really the FBI) has no way of collecting such information as to the most common corporate offenses such as bribes to foreign officials, money laundering, government contractor fraud, securities fraud, tax evasion etc. Unlike street crimes, where the victims usually seek help from the police, most white collar crime goes unreported so DOJ cannot be faulted for not knowing how often these crime occur. But DOJ and the Sentencing Commission can be faulted for insisting that corporations spend money crafting compliance programs with specific elements when no one knows if they work.
Just last year, the Department of Justice made another effort at refining how prosecutors should evaluate a company’s efforts in preventing criminal activity. In June 2020, the U.S. Criminal Division of the Department of Justice (DOJ) issued a revised memorandum on Evaluation of Corporate Compliance Programs (DOJ evaluation guidance), which contains detailed guidance regarding how prosecutors should evaluate the effectiveness of a compliance and ethics program in the context of making charging, plea, and sentencing determinations. While this is a vast improvement in the Department’s evaluation of a company’s true culpability, it does not reflect an any better understanding of how to deter white collar crime.
Consider, what some call the most important ingredient of corporate compliance, “Tone from the Top”. With the enactment of the Sarbanes-Oxley Act of 2002, corporate executives became personally responsible for their company’s financial reporting. Thereafter the 2004 amendments to the Sentencing Guidelines provided incentives to corporations to “promote an organizational culture that encourages ethical conduct and commitment to compliance with the law.”
In response, companies began to emphasize involvement by the Board of Directors and C-Suite executives in creating a top to bottom culture of ethical behavior. Did it work? No. As the 2008 Great Recession demonstrated, executives at major financial institutions down to mortgage brokers on main street, knowingly allowed millions of unqualified home buyers obtain mortgages that these poor (in many cases literally) people could not possibly pay for unless the law of gravity was repealed.
Humans have a remarkable capacity for rationalizing their conduct when it’s in their financial interests to do so. Especially when there is little or no risk of being caught. The 2008 financial meltdown is the prime example of this phenomena. The financial scandal resulted in millions of jobs lost worldwide, countless business failures, a $700 million bailout, and many lives ruined. So much for victimless crime. By the way, how many corporate executives went to jail for this massive fraud: exactly two. By comparison, the Savings and Loan crisis of the 1980s and early 90s, resulted in 1000 bankers being prosecuted.
Getting back to the importance of an ethical culture, some have cited to the Wells Fargo scandal as an example of what happens when a company does not have a culture of ethical behavior starting with the Board of Directors on down. In the case of Wells Fargo, the company instituted a sales incentive program that punished employees for not meeting sales quotas. This resulted in employees opening 2 million fake bank accounts costing bank customers hundreds of million dollars in fraudulent fees. After it was caught, the Bank entered into a $3 billion settlement agreement with the government. But no one was prosecuted and the Bank’s former CEO and the executive chiefly responsible for the unlawful conduct, walked away with millions.
The lesson of Wells Fargo is not that a compliance program centered on ethics prevents corporate crime. (Although a culture of lawlessness certainly does promote criminal behavior, see for too Volkswagon). What it shows is that a company can commit crime with impunity, and if it’s caught, walk away with a Deferred Prosecution Agreement and its executives richer for it.
Now let’s look at Goldman Sachs. In a Deferred Prosecution Agreement entered into with the Department of Justice, Goldman Sachs admitted:
“[T]o conspiring to violate the Foreign Corrupt Practices Act (FCPA) in connection with a scheme to pay over one billion dollars in bribes to high-ranking government officials in Malaysia and Abu Dhabi to obtain lucrative business for Goldman Sachs, underwriting approximately $6.5 billion in three bond deals for Malaysia Development Bhd. (1MDB), for which the bank earned hundreds of millions in fees.”
To extricate itself from this quagmire, Goldman Sachs agreed to cough up $2.9 billion with U.S. and U.K. authorities. This time, certain executives involved were charged with crimes.
Unlike Wells Fargo, Goldman Sachs had a robust compliance program that was supported by senior management. And the program worked. Although two senior executives lied about their activities to the firm, various compliance component raised red flags, that upper management chose to ignore. When employees directly confronted management with concerns about bribery, those concerns were brushed aside. So what’s the lesson here? Even the Miami New World Symphony, playing Mozart’s “Sound of Ethics,” won’t be heard if management is more concerned about profits than anything else.
Before we turn to our next ingredient of “effective” compliance, whistleblowers, consider one last observation. Employees are not fools. When they see their company making billions of dollars in profits and employing various legal schemes to avoid paying any taxes, while they themselves pay thousands of dollars each year to the IRS, when their company insists they work 10 hour shifts or lose their jobs, employees quickly learn where the company’s priorities lie. So let’s not kid ourselves about tone at the top. Employees know hypocrisy when they see it.
Ok. Now let’s talk about that other key ingredient of compliance—whistleblowers. This is an element that actually can be quantified. The Association of Certified Fraud Examiners (ACFE) reported in 2014 that tips are by far the most common fraud detection method, with over 40 percent of all cases detected by a tip. This is more than twice the rate of any other detection method, and employees account for nearly half of all tips that led to the discovery of fraud.
But how likely is it that whistleblowers will continue to report misconduct internally. In 2020, nearly eight in 10 employees in the U.S. who reported misconduct said that they experienced retaliation for having done so. This was a 44 percent increase over the last measurement in 2017.
Does the threat of a whistleblower coming forward and reporting criminal conduct to the Chief Compliance Officer, or to the Government directly deter corporate crime? Their actions certainly help uncover crime and may lead to employees being prosecuted, but as to whether public or private whistleblowing has any deterrent effect on corporate crime, DOJ hasn’t a clue. I have no proof either, but it seems to me that the answer is not much. So long as DOJ gives out “Get out of Jail, Expensively Cards” and leaves corporate executives unpunished and richer for their crimes, there is no possibility of deterrence.
The fact is that the vast majority of companies don’t need compliance programs to obey the law. Employees don’t need to be told that kickbacks and bribes are wrong and not to do it. Companies and their employees obey the law because it’s the right thing to do. Does this mean companies should abandon their corporate compliance programs? Of course not. Most compliance is regulatory and is absolutely essential to keep our food safe, our medicines pure, and our air and water, breathable and drinkable. Corporate compliance programs are essential to keeping the company and its customers from becoming victims of white collar crime. In the case of healthcare, such programs are mandated. Moreover, they’re an insurance policy (albeit an expensive one) should one of your executives go rogue. If you don’t have a compliance program or yours is deemed a paper program, DOJ or the SEC will hammer you.
But corporations should have the freedom to spend their money on programs that work. Instead of liberating corporations to do what works, the new DOJ Guidance is likely to become another checklist that corporations will use to conform their programs to what they think will get them the most reward if they find themselves in hot water.
For instance, companies have, and will continue to get, a great deal of credit for sending compliance officers around the world to lecture employees about the Foreign Corrupt Practices Act and why bribes are wrong. This is seen as communicating the company’s ethos to all its employees. But this is a waste of time and money when bribery is a way of life in their country. Your employees will listen attentively to your training, and fill out a questionnaire about what they have learned, then go back to their reality. Better to spend the money on controls to make it difficult, if not impossible, for company money to be used improperly. These are the kinds of efforts that will stop crimes from happening in the first place.
As we have seen in previous posts, the likelihood of a company getting caught committing a crime is exceedingly small. And the Government’s enforcement efforts make getting caught just the cost of doing business. While some corporations and DOJ are comfortable with the status quo, it’s certainly not good for the country.
FCPA Institute - Zoom (April 12-14)
Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.