For the past several years, I have been working on a set of projects aimed at strengthening ethics, compliance, and governance programs and processes within corporations. At the outset of my research, I sought to identify possible ex ante incentives to address corporate misconduct or compliance failures. I then turned to how best to engage in root-cause analysis after a compliance failure occurred, and I next focused on internal governance mechanisms that seemed to contribute to significant and widespread compliance failures.
In this blog post, I will briefly outline the project to-date and then turn to the most-recent addition to this body of work, which again focuses on ex ante incentives for firms to engage in the creation and implementation of effective ethics and compliance programs.
The Strengthening Compliance Project
- In Coordinating Compliance Incentives,[1] relying on a small, original set of data, I demonstrate that corporate repeat offenders were not sanctioned as recidivists when they appeared before different enforcement authorities, but were when they appeared before the same enforcement authority. I argue that “compliance programs would benefit from regulatory mechanisms that (i) recognize when an institution is engaged in recidivist behavior across diverse regulatory areas, and (ii) aggressively sanction institutions that are repeat offenders.”
- In The Compliance Process,[2] I turned away from ex ante incentives and moved towards the aftermath of compliance failures. In the article, I demonstrate that the compliance process involves the four distinct, yet interconnected, stages of prevention, detection, investigation, and remediation, which I argue should be used to conduct firms’ root-cause analyses. It urges those charged with assessing compliance failures to turn away from asking “why did the compliance program fail” to asking instead, “at what stage(s) within the compliance process did failure(s) occur.”
- In Complex Compliance Investigations,[3] I focus on compliance failures that fall somewhere in the continuum between the “detection” and “investigation” stages within the compliance process. In particular, I focus on why compliance failures occur when the information about the failure was known or available before the wrongdoing within the organization became significant and widespread. I argue that firms should adopt process-based reforms that will bolster the firms’ collection, investigation, and analysis of information about potential misconduct, so that firms quit “missing” material incidents and start acting more proactively when they arise.
- And then, in More Meaningful Ethics,[4] I argue that while the compliance industry has grown significantly over the past several years, it is time to think through the role of ethics within compliance efforts in a much more deliberate and meaningful manner. It argues that it is time for firms to engage in more meaningful ethics efforts and implement specific and explicit ethical infrastructures within their compliance programs.
Returning to the Question of Ex Ante Incentives
As I’ve worked on these projects, however, I found myself back at the beginning, namely, the question of ex ante incentives: how could the government better incentivize and assist in the creation of ethics and compliance programs within firms? And I came to the conclusion that there appears to be an opportunity for the government to better use the information it is currently gathering to assist firms in their efforts to implement truly effective ethics and compliance programs.
Thus, in The Government’s Prioritization of Information over Sanction: Implications for Compliance, I look at how the government has repeatedly prioritized the collection of information from corporations as part of its enforcement strategy, but has failed to use and harness that information in certain ways that would serve the public.
The Effects of the Government’s Prioritization of Gathering Information on Corporate Compliance Efforts
In The Government’s Prioritization of Information over Sanction: Implications for Compliance, I begin by detailing three ways in which the government has signaled the importance it places on receiving information from firms. First, the government exerts pressure to incentivize firms to share information with the government. We have seen this occur since the Holder Memorandum was released in 1999, and again more recently in the Department of Justice’s (DOJ’s) Declination Program. Second, the government often eschews certain sanctions, like high-level fines, in favor of oversight periods.[5] The government’s use or disuse of monitorships has also been illustrative of this point; even as some governmental actors have reduced their use of formal monitorships, we have seen a rise of self-reporting periods and other oversight mechanisms. Third, the government’s litigation posture often sides with corporations’ efforts to limit the transparency of information about the full nature and scope of remediation efforts within firms. We saw this in the AIG,[6] HSBC,[7] and, most recently, the Tokar[8] cases.
Now some may ask, why does this matter? More specifically, should it matter that the government wants to receive information from firms engaged in misconduct and, at times, prioritize that information over levying certain high-level sanctions against them? To answer that question completely would necessitate conversations with scholars and practitioners across a range of legal areas, but my Article focuses on the implications for compliance efforts.
The Article suggests that when the government prioritizes the receipt of information from firms “without a meaningful commitment to maximize the use of that information for the public’s benefit,” it is undermining its role in incentivizing the adoption of effective ethics and compliance efforts at firms. It does so in a variety of ways, but I will focus on two examples here.
First, the government is currently failing to maximize federal enforcers’ own understanding and evaluation of compliance best practices. The government could take in the information it gathers, aggregate it, assess it, and use that information to better equip itself in evaluating firms’ compliance programs. When DOJ added its Compliance Counsel, it was starting down a path of doing that sort of systemic work, but when DOJ thereafter decided to abandon a centralized point of contact for that work in favor of a more decentralized approach, it may have undercut the agency’s ability to really learn and grow with each additional enforcement action. Instead, the knowledge resides with individual prosecutors who, if they leave the Department, leave with that information in hand. Government enforcers should adopt specific and clear policies and procedures that will enable the institution itself to obtain better expertise on what sorts of practices and procedures are more or less likely to result in effective ethics and compliance programs within firms.
Second, once it has aggregated and analyzed this data, the government should consider how it might empower the types of public and private partnerships known to create lasting change within organizations. A great deal of information is flowing into the government regarding various firms’ compliance practices, but not nearly as much information is flowing back out to those in industry. But again, if the government were to gather, aggregate, and analyze the information it has flowing into it and then provide insights to those in industry, [9] it would create an opportunity for the types of public-private partnerships that have proven to be effective in other areas to grow within the ethics and compliance space.[10]
The Upshot
The task of creating an effective ethics and compliance program within a firm poses a fascinating challenge for those working in the space. My hope is that my work will contribute toward that effort. In this most recent piece, I, again, analyze how the government’s enforcement strategy might better incentivize and assist firms in their efforts to create and implement effective ethics and compliance programs. The government has taken in huge swaths of information from corporations. It is time for it to do something more with it.
Footnotes
[1] Veronica Root, Coordinating Compliance Incentives, 102 Cornell Law Review 1003 (2017).
[2] Veronica Root, The Compliance Process, 94 Indiana Law Journal 203 (2019).
[3] Veronica Root Martinez, Complex Compliance Investigations, 120 Columbia Law Review 249 (2020).
[4] Veronica Root Martinez, More Meaningful Ethics, University of Chicago Law Review Online (Jan. 7, 2020).
[5] See 2014 Year-End FCPA Update, Gibson Dunn (Jan. 5, 2015) (highlighting the use of “[p]ost-resolution oversight mechanisms”, https://www.gibsondunn.com/2014-year-end-fcpa-update/.
[6] SEC v. Am. Int’l Grp., 854 F. Supp. 2d 75, 77–78 (D.D.C. 2012), rev’d, 712 F.3d 1, 5 (D.C. Cir. 2013).
[7] United States v. HSBC Bank USA, N.A., No. 12-cr-00763, 2016 U.S. Dist. LEXIS 59231, (E.D.N.Y. May 4, 2016), rev’d, 863 F.3d 125 (2d Cir. 2017).
[8] Tokar v. Dep’t of Just., 304 F. Supp 3d 81 (D.D.C. 2018) (additional litigation continued).
[9] For example, the Department of Education’s Office of Special Education Programs uses various policy reports and memoranda like “Dear Colleague Letters” to provide information to the entities it regulates and oversees based on monitoring and non-compliance. OSEP Policy Documents Publications and Products¸ U.S. Dep’t of Educ., https://www2.ed.gov/about/offices/list/osers/osep/products.html. (last visited Mar. 15, 2021).
[10] The “New Governance” literature has detailed these sorts of private-public partnerships in a variety of areas. Professor Miriam Baer has detailed some of the challenges associated with applying new governance insights to corporate compliance efforts. Miriam Hechler Baer, Governing Corporate Compliance, 50 B.C. L. Rev. 1 (2009).
Veronica Root Martinez is a professor of law, Robert & Marion Short Scholar, and the director of the Program on Ethics, Compliance & Inclusion at the University of Notre Dame Law School.
Disclaimer
The views, opinions and positions expressed within all posts are those of the authors alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the authors and any liability with regards to infringement of intellectual property rights remains with them.