US and UK prosecutors promise leniency for errant companies that have tried hard to comply and cooperated with investigators. When does a thumb on the scales do justice?
Rethinking Collective Punishment for Individual Wrongdoing
Regulators and prosecutors in the U.S. and U.K. face a quandary. Does justice require harsh penalties against a company (and its shareholders) for the misbehavior of a few employees? When and how should leniency be shown?
A trend in both countries is to go more lightly on companies that have earnestly tried to implement ethical cultures and sound compliance systems, as well as cooperated with investigators.
Recent examples include a relatively modest U.S. criminal fine imposed on Boeing for misleading the Federal Aviation Adminstration, as well as relatively leniency shown by the UK’s Serious Fraud Office (”SFO”) to a subsidiary of Serco Group that engaged in fraud and false accounting.
What Prosecutors and Investigators Want To See
The U.S. Department of Justice (”DOJ”) Guidance on Evaluation of Corporate Compliance Programs states that “High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program.”
In evaluating a program, the DOJ will ask whether it is well-designed, adequately resurced and enmpowered to function effectively and working in practice. In essence, the DOJ wants to see good faith efforts to implement a well-designed program, including self-assessment and continuous improvement.
Similarly, the SFO asks whether compliance forms “part of the company’s DNA…or do they just adorn a very nice couple of binders that are held on a bookshelf that don’t really do much more than provide window-dressing?”
Both the DOJ and SFO will reward companies that voluntarily disclose problems and cooperate with investigators. An open issue in the US and UK is the degree to which cooperation means full or partial waiver of privilege.
Analogue v. Digital: Legal v. Operations
Both the DOJ and SFO Guidance use terms like effective, adequate, proportionate, informed, etc.
For common-law lawyers, these terms are familiar. For people engaged in operations, however, they are meaningless.
An operational definition defines a test method and criteria for assessment. For example, a lawyer might approve a purchase order for a ‘50/50 wool/cotton blanket,’ but an operations person would not. There is no test method or criteria for assessing 50/50.
Interestingly neither the DOJ nor the SFO guidance references benchmarking or peer best practices. Benchmarking and best practices are the first questions private-sector executives would likely ask about their own programs: how does our program compare to our competitors’ and those of similarly situated companies?
Does An Ad-Hoc Approach Do Justice?
Both the DOJ and SFO Guidance are internal documents. They direct the actions of investigator and prosecutors but do not necessarily bind them. Moreover, the Guidances grants subtantial leeway.
In this regard, the DOJ Guidance states, “We make a reasonable, individualized determination in each case that considers various factors including, but not limited to, the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program.”
Along similar lines, the SFO Guidance provides (referencing additional guidance under the Bribery Act) that it is “not prescriptive and not one-size-fits-all; small or medium-sized enterprises (SMEs) in particular may have alternative procedures in place which are also adequate.”
Will these highly individualized approaches — without reference to benchmarking or best practices — yield justice, or simply place companies at the mercy of investigators and prosecutors, with corresponding opportunities for favoritism and corruption?
Does an approach this non-operational and ad hoc represent rule of law, or rule by bureaucratic fiat?
Give credit to the DOJ and SFO for wrestling with how to justly punish organizations (and their owners) for the wrongdoing of agents within them. But in tackling evaluation of corporate compliance programs in this manner, investigators and prosecutors may have moved beyond their operational experience and enforcement roles.
For a quick sanity check, one might ask how well the DOJ’s and SFO’s own compliance programs (or that of any government bureaucracy) would fare if assessed by the DOJ/SFO guidance.
[This column first appeared in Forbes. Reprinted here with permission.]