A Growing Divide Between Compliance Have’s and Have-Not’s

In Semi-Tough: A Short History of Compliance and Ethics Program Law, presented at a May 2012 RAND Symposium on Corporate Culture and Ethical Leadership Under the Federal Sentencing Guidelines: What Should Boards, Management and Policymakers Do Now, I explore the legacy of the Federal Sentencing Guidelines for Organizations (“FSGO”) with respect to compliance and ethics (“C&E”) programs.

Since the advent of the FSGO in November 1991, the legal drivers for corporations to implement strong C&E programs have seemed to be ever on the increase, at least in the U.S. Indeed, the past few years alone have seen:

• Rigorous enforcement, to an unprecedented extent, of the Foreign Corruption Practices Act (“FCPA”) – a law which, because of its internal controls provisions, strongly encourages companies to have effective C&E programs.
• The imposition, also to an extent never before seen, of very large federal criminal fines, including but by no means limited to those meted out in FCPA cases.
• The initiation of a significant number of “Caremark” claims alleging failures by directors to oversee sufficiently their respective companies’ C&E programs.
• Revisions in 2010 to the FSGO to encourage independent C&E officer functions.
• Numerous other subject-matter-specific legal developments including (but by no means limited to) those regarding government contracting and energy utilities.

Beyond this, the financial meltdown of 2008 reinforced the case for C&E programs in two ways. First, it demonstrated how important incentives and organizational culture – both of which are within the ambit of the FSGO’s C&E program expectations – can be to risk and mitigation. Second, it led to passage of the Dodd-Frank Act of 2010, which contains bounty provisions for whistleblowers that have fueled C&E program enhancements at many organizations.

Moreover, while for much of the period since FSGO went into effect, C&E programs were largely the sole preserve of U.S companies, there have recently been the signs of a C&E “spring” elsewhere, with the two principal developments here being:

• The issuance in 2009 by a working group of the Organization of Economic Cooperation and Development of an important anti-corruption report (and an equally important appendix the following year) recommending that member nations provide incentives for and guidance on C&E programs, particularly with respect to anti-corruption compliance. This has been seen as the FSGO going global.
• The passage in 2010 of a bribery act in the United Kingdom which both expanded the basis for organizational liability for corruption under that country’s laws and also incented the development of anti-corruption compliance programs by creating a defense relating to such programs.

However, notwithstanding all of this activity, in the past few years the C&E picture has in fact become mixed compared to earlier periods – such as the 1990s, when many companies began to develop programs in response to the then-new FSGO; and the early part of last decade, when – in the wake of Enron, WorldCom and other cases; the passage of the Sarbanes-Oxley Act in 2002; and sweeping revisions to the FSGO in 2004 – the C&E field was in what can now be seen as its golden age.

I say that the picture is now mixed based on a significant amount of anecdotal evidence that many companies have begun to cut back on their commitment to C&E programs. While obviously not done in any public way, among other things, this retrenchment is evidenced by the replacement of senior employees in C&E officer posts with more junior ones at many companies.

Some observers believe that the problem lies with government agencies failing to provide meaningful indication that effective C&E programs do in fact matter in enforcement decisions. This enforcement shortfall has been examined in detail in a recent report by the Ethics Resource Center.

Yet, during this same period, many other organizations have developed C&E programs of unprecedented scope and rigor, i.e., more ambitious and effective than anything seen in the “golden age.” While a large number of these are companies that do business in highly regulated areas, there are also many other companies in this category with managements and boards who, for whatever reasons, truly understand the business case for strong C&E.

In sum, we appear to be in a world with an increasing divide between C&E program “haves” and “have-nots.”

What lies ahead for C&E “law”? A positive (from a C&E perspective) scenario would be based in part on enforcement officials doing more to identify publicly actual cases where a company received lenient treatment for having a strong program. The recent resolution of an FCPA matter involving a former Morgan Stanley executive – in which the firm was not charged by the Justice Department, due in part to is strong C&E program – offers a model in that regard. At the same time, C&E professionals need to advance the state of the art considerably beyond where it currently is, so that both governments and business leaders are truly convinced that C&E programs are effective means to prevent and detect wrongdoing

In a more negative scenario, the government fails to follow the Morgan Stanley example and also allows C&E to be sacrificed to the cause of business necessity; the C&E profession fails to develop more compelling approaches to these programs; and executives and boards allow C&E to become absorbed into general area of “risk management,” where it is often at risk of being lost.

The full paper is available here.