Time to Stop Living Vicariously: A Better Approach to Corporate Criminal Liability
Pollack, Barry J., American Criminal Law Review
Much has been said and written of late about the propriety of holding corporate entities vicariously criminally liable for the actions of their agents and the role a supposedly effective compliance program should play in corporate charging, liability, and sentencing decisions. Academics and governmental agencies often cite empirical studies as support for the positions they advance in these debates. Rather than relying on empirical data or anything approximating the scientific method, this article offers anecdotal evidence based on the experience of a single practitioner. To the extent that this article cites any empirical data, it does so only to support the notion that the author's "real world" anecdotal experience is not anomalous. Based on that experience, this article argues that the current regime for prosecuting corporate entities for the criminal offenses of their agents allows the government to allege, without proving, wrongdoing by some corporate actor, and then encourages large corporate entities to buy their way out of criminal liability by agreeing to the unproven allegations and paying a substantial monetary penalty.
Academics and practitioners have suggested that one way to modify the current regime would be to offer the existence of an effective compliance program as an affirmative defense to corporate criminal liability, or even to require the government to prove the lack of such a program as an element of a corporate criminal offense. This article argues that under the existing regime, corporations already possess substantial incentives to create and maintain adequate internal controls and robust compliance programs.
Continuing to expose corporations that lack adequate compliance programs to vicarious criminal liability while shielding those that do have such programs adds no meaningful additional incentive to corporations to create and maintain such programs. Accordingly, few corporations would create or enhance compliance programs based solely on this proposed modification to the current regime of corporate vicarious liability. Allowing corporations with such programs to escape criminal liability when the corporation was nonetheless pursuing criminal objectives would circumvent the widely accepted policy goal of holding bad corporate actors criminally liable. Conversely, there are good corporate actors wholly lacking in criminal intent, which, for lack of resources or for other reasons, do not have adequate corporate compliance programs and would not establish such programs simply because doing so would preclude criminal liability. Such entities should not be criminally prosecuted. Thus, tying corporate liability to the existence of corporate compliance programs is both over-inclusive and under-inclusive if the primary goal of the criminal enforcement regime is to punish bad corporate actors.
The time-worn rationale for vicarious corporate liability is the observation that a corporation can only act through its agents. This does not mean, however, that the corporation as a collective entity shares the intent of every one of its agents. Indeed, this cannot be the case as different corporate agents may have diametrically opposed intents. This article argues that corporations should be subjected to criminal prosecution if, and only if, the corporation possesses criminal intent, i.e., the criminal actions of its agents manifest the collective criminal intent of the corporation.
Criminal offenses for individuals typically require intent. Indeed, the presumption that an individual should not be punished for a crime without a showing of intent is a long-settled principle of common law jurisprudence. The 17th and 18th Century writings by Edward Coke and William Blackstone state that the existence of "criminal intent" and a "vicious will" is the prerequisite of any crime. (1) Courts in this country have a long and uninterrupted history of following this basic tenet of criminal law. (2)
Similarly, a corporation should not be subject to criminal liability if it lacks criminal intent. Where the criminal actions of corporate actors are contrary to the collective intent of the organization, the corporation should not be prosecuted. The collective intent of a corporate entity should be measured by the actions, knowledge, and intent of senior management. The existence of an effective corporate compliance program may be relevant to assessing the intent of the corporate entity; however, it is that intent, and not the presence or absence of an effective compliance program, which should determine whether or not the corporate entity has engaged in criminal conduct.
This article first briefly summarizes the current regime for assessing corporate criminal liability, including the innumerable incentives a corporation has to establish and maintain a robust compliance program. Second, this article discusses how the current regime plays out in practice and why the result is a system that frequently imposes criminal-type sanctions on corporations without the benefit of any formal fact-finding, much less the assessment of corporate criminal liability based on the results of a legitimate fact-finding process that demonstrates the corporation to be a bad actor. Third, this article proposes changing criteria by which corporate criminal liability should be assessed, eliminating vicarious liability and changing the focus from an assessment of the corporation's compliance program to an assessment of whether or not the organization acted with a criminal intent.
I. THE CURRENT REGIME
A. Vicarious Liability
For at least a century, corporations have been held to be vicariously criminally liable for the actions of their agents. (3) A corporation may be able to avoid vicarious criminal liability if a corporation's low-level employee engages in criminal activity outside the scope of his or her employment. (4) However, courts construe the scope of employment very broadly, such that a corporation's ability to avoid vicarious criminal liability for the acts of an agent is exceedingly narrow. Corporations have been held accountable for criminal acts of low-level employees such as clerical workers, truck drivers, and manual laborers. (5) Additionally, corporations have been found liable for crimes committed by middle- and low-level managers, even where the criminal conduct was beyond the actual scope of the agent's authority. (6) Accordingly, in light of the broad interpretation courts have given the concept of vicarious liability, if there is a colorable argument that a corporation's employees have engaged in criminal conduct, a corporation typically has little to no defense on the merits of a criminal prosecution.
B. Emphasis on Effective Compliance Programs
A corporation can be vicariously criminally liable for the actions of its agents, even if the corporation had in place an effective corporate compliance program designed to prevent and to detect wrongdoing by its agents. The existence of such a program does not shield a corporate entity from prosecution or threatened prosecution. It is, however, a substantial factor on which the government relies in negotiating a resolution of potential criminal charges against a corporation and can be used by a corporation to reduce the monetary penalty assessed. The United States Sentencing Guidelines ("Guidelines"), the United States Attorneys' Manual and additional guidance from the Department of Justice ("DOJ"), and a disposition issued by the Securities and Exchange Commission ("SEC") on October 23, 2001 (popularly referred to as the "Seaboard Report") (7) all provide direction on the standards and requirements that the government typically considers as part of an effective corporate compliance program. The specific guidelines of all three are considered in detail in the following sections.
1. The United States Sentencing Guidelines
With few exceptions, federal courts follow the Guidelines when calculating a corporation's penalty for committing a criminal offense. (8) The provisions of the Guidelines for penalizing corporations convicted of a crime come directly into play only when a corporation faces sentencing, having unsuccessfully contested criminal charges and having been convicted. However, the DOJ consults the Guidelines prior to making offers to dispose of potential criminal charges through a negotiated resolution. Accordingly, the provisions of the Guidelines have an impact not only in contested cases, but in the much greater number of corporate criminal matters that are resolved by negotiated plea, deferred prosecution agreement, or non-prosecution agreement. (9)
One factor taken into account when performing a Guidelines calculation is whether the corporation's offense occurred "even though the organization had in place at the time of the offense an effective compliance and ethics program." (10) A company benefits from having an effective program in place by receiving a reduction in the sentencing calculation.
To qualify for this reduction, the company's compliance program must be reasonably designed, implemented, and enforced so that it is generally effective in preventing and detecting criminal conduct. In addition, the company must:
(1) exercise due diligence to prevent and detect criminal conduct; and
(2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
The Guidelines stipulate that, at a minimum, this requires:
(1) the establishment of standards and procedures to prevent and detect criminal conduct;
(2) the establishment of oversight, which requires that:
(a) the company's governing authority be knowledgeable about the content and operation of the organization's compliance and ethics program and exercise reasonable oversight;
(b) high-level personnel, at least one of whom is assigned overall responsibility of the compliance and ethics program, ensure the program's existence and effectiveness; and
(c) specific individual(s) be delegated day-to-day operational responsibility for the compliance and ethics program, including the obligation to report periodically to high-level personnel and, as appropriate, to the company's governing authority (or an appropriate subgroup of it), on the effectiveness of the program. Along with this operational responsibility, the individual(s) must also be given adequate resources, appropriate authority, and direct access to the governing authority (or an appropriate subgroup of it);
(3) that reasonable efforts preclude bestowing substantial authority on any personnel who the organization knows, or should know through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;
(4) that reasonable steps are taken to communicate periodically (and practically) the organization's standards and procedures, and other aspects of the compliance and ethics program, to the members of the company's governing authority, high-level personnel, substantial authority personnel, the organization's employees, and, as appropriate, the organization's agents. This should be done by conducting effective training programs and otherwise disseminating information appropriate to individual roles and responsibilities;
(5) that reasonable steps are taken to ensure that the organization's compliance and ethics program is followed, including monitoring and auditing to detect criminal conduct;
(6) that reasonable steps are taken to evaluate periodically the effectiveness of the organization's compliance and ethics program;
(7) that reasonable steps are taken to establish and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the company's employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation;
(8) that the compliance and ethics program be promoted and enforced consistently throughout the organization through appropriate incentives to perform in accordance with the program and appropriate disciplinary measures for engaging in or failing to take reasonable steps to prevent or detect criminal conduct;
(9) that reasonable steps are taken to respond appropriately to criminal conduct that has been detected and to prevent further similar criminal conduct from occurring, including making any necessary modifications to the compliance and ethics program; and
(10) that the organization periodically assess the risk of criminal conduct and take appropriate steps to design, implement, or modify each requirement above to reduce any identified risks. (11)
Commentary accompanying the Guidelines notes that what constitutes a sufficient compliance and ethics program may depend on the applicable industry practice, the standards called for by government regulation, the size of the organization, and similar misconduct by the organization in the past. The commentary also gives examples of what efforts might be seen as sufficient for both large and small organizations. (12)
2. The United States Attorneys 'Manual
In a section entitled "Principles of Federal Prosecution of Business Organizations," the United States Attorneys' Manual enumerates factors that the DOJ considers when determining whether to bring charges or negotiate a plea agreement with a corporate target. (13) These factors include:
(1) the pervasiveness of wrongdoing within the corporation, including complicity in, or condoning of, the wrongdoing by corporate management;
(2) the existence and effectiveness of the corporation's pre-existing compliance program; and
(3) the corporation's remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies.
The United States Attorneys' Manual strongly advocates for the establishment of compliance programs designed to prevent and detect misconduct and to ensure that corporate activities are conducted in accordance with all applicable criminal and civil laws, regulations, and rules. But federal prosecutors are instructed not to take the existence of a compliance program at face value; instead, the United States Attorneys' Manual instructs them to "attempt to determine whether a corporation's compliance program is merely a 'paper program' or whether it was designed and implemented ... in an effective manner." (14) So while the mere existence of such a compliance program is not sufficient in and of itself to avoid criminal charges, the United States Attorneys' Manual expressly stipulates that it is a factor in whether a corporation is prosecuted. Moreover, the United States Attorneys' Manual also states that remediation efforts, "such as improving an existing compliance program or disciplining wrongdoers," should be considered by enforcement officials when deciding whether or not to bring charges or to negotiate a plea agreement. (15)
While the United States Attorneys' Manual recognizes that no compliance program can ever prevent all criminal activity by a corporation's employees and it "has no formulaic requirements" regarding corporate compliance programs, it outlines critical factors that federal prosecutors should evaluate when assessing the sufficiency of a compliance program, including:
(1) whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees;
(2) whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives;
(3) whether the compliance program is well designed, comprehensive, and applied earnestly and in good faith, and, more simply, whether it works;
(4) whether the compliance program requires remedial actions for violations, including disciplinary action and revisions to the program in light of lessons learned;
(5) how promptly the program facilitates a disclosure of wrongdoing to the government;
(6) whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct, including whether:
(a) the corporation's directors exercise independent review over proposed corporate actions rather than unquestioningly ratifying officers' recommendations;
(b) the corporation's internal audit functions are conducted at a level sufficient to ensure their independence and accuracy; and
(c) the directors have established an information and reporting system reasonably designed to provide management and the board of directors with timely and accurate information sufficient to allow them to reach an informed decision regarding the organization's compliance with the law;
(7) whether a corporation's compliance program is merely a "paper program" or whether it was designed, implemented, reviewed and revised, as appropriate, in an effective manner;
(8) whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation's compliance efforts;
(9) whether the corporation's employees are adequately informed about the compliance program and are convinced of the corporation's commitment to it; and
(10) whether the program is designed to detect the particular types of misconduct most likely to occur in a particular corporation's line of business. (16)
3. Additional DOJ Guidance
In addition to the United States Attorneys' Manual, the DOJ has also provided guidance on compliance programs with respect to specific areas of enforcement.
For example, enforcement officials have set out the critical elements of a Foreign Corrupt Practices Act ("FCPA") compliance program in the deferred prosecution agreements, non-prosecution agreements, and plea agreements that the government has reached with various corporations under investigation. (17) Recently, the Deputy Chief of the DOJ's Criminal Fraud Section, Mark Mendelsohn, stated that these standards constitute a "floor" and not a "ceiling" of a sufficient compliance program. (18) He explained that companies, based on their own particular risk profiles, should take additional measures as needed to protect themselves from risk.
Many of the compliance program components included in these FCPA settlements, however, reflect elements of the guidance set forth in the Attorneys' Manual and serve to highlight some of the DOJ's more general compliance expectations, including: (19)
(1) a system of financial and accounting procedures, that include a system of internal accounting controls, designed to ensure the maintenance of accurate books, records, and accounts;
(2) the assignment to one or more independent senior corporate officials--who shall report directly to the audit, ethics or compliance committee of the board of directors--the responsibility for the implementation and oversight of compliance with policies, standards, and procedures;
(3) a reporting system, including a "helpline" for company directors, officers, employees, agents and business partners to report suspected violations of the compliance code or suspected criminal conduct;
(4) clearly articulated corporate procedures designed to ensure that substantial discretionary authority is not delegated to individuals who the corporation knows, or should know through the exercise of due diligence, have a propensity to engage in illegal or improper activities; and
(5) the creation and implementation of appropriate disciplinary mechanisms, including as appropriate, the discipline of individuals responsible for the failure to detect a violation of the law or of compliance policies, standards, and procedures.
4. Seaboard Factors
Unlike the DOJ, the SEC has declined to set forth the specific elements of a compliance program that it considers essential. But the Seaboard Report outlines criteria that the SEC takes into consideration "in determining whether, and how much, to credit self-policing, self-reporting, remediation and cooperation." (20) This includes "what compliance procedures were in place to prevent the misconduct now uncovered." (21) The Seaboard Report also notes that remediation efforts such as investigating wrongdoing and implementing prevention measures are important factors to be considered by officials when determining what enforcement action to take, if any, against an issuer for violations of securities laws.
Rather than a list of expressly stipulated compliance and ethics program components, the factors outlined in the Seaboard Report are a set of inquiries the SEC will make when investigating an alleged wrongdoing. These inquiries, however, suggest the basic outline of what the SEC expects from a corporate compliance and ethics program:
(1) the program should help establish a tone of lawfulness set by those in control of the organization. As part of this the company must be cognizant of the pressure it places on employees to achieve specific results;
(2) the program should implement effective compliance procedures to prevent misconduct, especially systemic misconduct;
(3) internal channels of communication should be efficient so that the organization can swiftly implement an effective response;
(4) detected misconduct should be stopped immediately, and the organization should commit to learn the truth, fully and expeditiously, through a thorough review of the nature, extent, origins and consequences of the conduct and related behavior;
(5) any review should be sufficiently independent and may require the oversight of outside directors. If circumstances warrant, the use of qualified outside counsel should be considered;
(6) the audit committee and board of directors should swiftly be informed in full of any detected misconduct;
(7) the existence of misconduct should be promptly, completely and effectively disclosed to the public, to regulators and to self-regulators;
(8) steps should be taken to identify any additional related misconduct that is likely to have occurred;
(9) steps should also be taken to identify the extent of damage to investors and other corporate constituencies, and the organization should appropriately recompense those adversely affected; and
(10) misconduct should be addressed in such a way, and internal controls and procedures revised to such an extent, that it provides assurances that the conduct is unlikely to recur. (22)
II. THE CURRENT REGIME IN PRACTICE
Despite all of the guidance offered by the DOJ and SEC, however, the fact that the corporation has what is deemed to be an effective compliance program is of little consequence in avoiding the threat of criminal prosecution or the unsavory alternative of entering into a deferred prosecution agreement or non-prosecution agreement to avoid that threat. Under the current corporate criminal liability regime, it is always extraordinarily risky for a corporation to contest an unproven set of facts suggesting potential criminal conduct by one of its agents. Given the vicarious liability standard, the risk is high of criminal liability attaching to the corporation if a jury believes a corporation's agent acted criminally. Further, the consequences of that conviction are not only likely to be harsh, but are also unpredictable. The Guidelines have so many variables in assessing organizational penalties, it is almost impossible to predict in advance what penalty would be imposed if a conviction occurred. For example, when determining the base level of a fine, the sentencing court has flexibility to choose among three different indicators, including the amount of the benefit the corporation obtained from the criminal conduct or the amount of pecuniary loss. (23) Thereafter, the base fine is adjusted up or down based on factors such as the size of the entity where the criminal conduct occurred, the entity's cooperation with the government investigation, and the existence of an effective compliance program. (24) After multiplying the culpability score by a figure that corresponds to the severity of the alleged offense, a fine is selected from a range based on subjective factors such as:
* "the need for the sentence to reflect the seriousness of the offense, promote respect for the law, provide just punishment, afford adequate deterrence, and protect the public from further crimes of the organization;"
* "any nonpecuniary loss caused or threatened by the offense;"
* "whether the offense involved a vulnerable victim;" or
* "any prior civil or criminal misconduct by the organization other than" similar misconduct. (25)
Further, the potential of collateral consequences flowing from conviction may dwarf the penalties imposed by the Guidelines. As an initial matter, the reputational damage may be devastating. Clients, customers, business partners, lending institutions, investors, etc. simply may not want to deal with a company that has been convicted of a serious crime. Moreover, a consequence of a criminal conviction may be debarment, that is, the refusal of the federal and/or state governments to do business with the convicted entity. For a corporation that relies heavily on government contracting, or a health care entity that relies on Medicare or Medicaid reimbursement, this collateral consequence is effectively a death penalty--it will put the corporation out of business.
A. Arthur Andersen and the Lesson for Large Corporate Entities
Arthur Andersen has become the poster child of what can happen to an organizational entity that contests allegations of criminal liability. In 2002, the United States indicted Arthur Andersen of obstruction of justice with respect to its role as auditor of the Enron Corporation. At the time, Arthur Andersen was one of the then-"Big Five" accounting firms, with 26,000 employees in the United States. Arthur Andersen was convicted and ceased doing business. Ultimately, Andersen's conviction was reversed by a unanimous decision of the Supreme Court. (26)
While one can, and many have, debated the merits of the decision to prosecute Arthur Andersen in the first place, there can be little doubt that the lesson of the Arthur Andersen indictment is at the forefront of almost every charging decision involving a major corporate entity in the United States today. The lesson of the Arthur Andersen indictment is similarly a primary consideration of every defense counsel who represents a major corporate entity facing potential indictment. In essence, a corporate entity can scarcely afford indictment. Therefore, the entity has little negotiating power to contest a potential indictment. While it may have excellent factual defenses, even in a world of vicarious liability, the price of pursuing those factual defenses may well be the demise of the corporation.
Ironically, however, the most powerful weapon in the arsenal of the major corporate entity facing threatened indictment is the prospect that should the entity be indicted, the result will be the demise of the corporation. For as reluctant as the corporation is to see that result, the government is only slightly less reluctant. The government does not want to put a large corporation out of business, given the collateral damage to innocent employees and shareholders. In other words, the balance of power is similar to the Cold War threat of assured mutual destruction, except that in this case, the result is assured unilateral destruction. While the government plainly has extraordinary power over the entity it is threatening with imminent nuclear attack, that power is tempered not by the threat of counterattack, but rather by the force of the Government's own threat. The larger the corporate entity, the more reluctant the government is to see the destruction it threatens come to fruition.
The result of the threat of criminal prosecution and resulting extinction of the corporation inevitably is compromise. Use of the word "compromise" is inexact, however, because the conciliation will invariably be on terms favorable to the government. The corporation not only fails to contest the government's one-sided, untested version of the underlying facts, but rather joins in the rush to accept the government's version of facts, because the alternative--contesting the facts--comes at such a price. The corporation agrees to the government's version of the facts and pays a substantial monetary penalty. In return, the government does not charge the corporation with a criminal offense but rather offers a non-prosecution agreement or a deferred prosecution agreement. The monetary penalty paid by the corporation funds the government's criminal prosecution of individual corporate agents and provides the government a substantial monetary incentive to repeat the process with the next investigation.
As a result, the government's allegations against the corporation are never tested through the adversary process. Of course, the vast majority of criminal prosecutions of individuals are resolved through negotiated dispositions. One could argue that when a defendant admits the facts, there is more reason for confidence in the accuracy of the facts on which the conviction is based than when found by a jury after a contested proceeding. However, when the disparity between the penalty imposed through a negotiated resolution and that which would be imposed based on a finding of guilt after trial is great enough, individuals have a powerful incentive to agree to a set of facts whose accuracy they question. This author submits anecdotally that individual defendants routinely make the rational decision not to contest highly debatable factual allegations to obtain the "benefits" of a plea bargain, i.e., avoid risking the far more draconian results should the defendant lose at trial. Further, this danger is heightened in the corporate setting. An individual plainly knows the actual facts from his or her first-hand participation and therefore is in a position to judge the accuracy of a proposed negotiated set of facts. The decision-maker for a corporation may have no first-hand knowledge of the facts. Accordingly, a corporation may be more likely than an individual to agree to allegations that if tested in court would not be proven to have occurred because the corporate decision-maker lacks the knowledge to assess the accuracy of the factual allegations. Thus, not only is the corporate decision-maker biased by the powerful incentive to agree to alleged facts necessary to support the negotiated resolution (based on the tremendous disparity in consequences between the negotiated resolution and a conviction), but also, the corporate decision-maker lacks the first-hand knowledge of the actual facts that might result in a refusal to agree to the alleged facts and a willingness to contest them, despite the potential consequences of being unsuccessful in doing so.
B. A Compliance Program Is Relevant, but Only in Setting the Terms of the Large Corporation's Negotiated Resolution
The fact that the corporation has what is deemed to be an effective compliance program does not allow the corporation to avoid the threat of criminal prosecution. The existence of an effective compliance program is also not an impediment to the government's assessment of a substantial monetary penalty against the corporation. Since the government is alleging that the malfeasance occurred despite the existence of such a program, and that allegation is accepted as fact because it is never tested through the adversarial process, it is somewhat of a given that the government will take the view that the compliance program was not robust enough and therefore some disposition with a monetary penalty is warranted. (27)
Notwithstanding the essentially automatic assessment of a monetary penalty based on the government's mere allegation of vicarious corporate criminal liability, a corporation has ample incentive to establish and maintain a compliance program. The existence of an effective compliance program frequently is a significant talking point for the corporation in lowering the monetary penalty accompanying its capitulation. The Sentencing Guidelines never come into play directly since the resolution is negotiated and a court is not called upon to apply the Sentencing Guidelines to a contested set of facts. However, in negotiating the resolution, both the DOJ and the corporation reference the Sentencing Guidelines and its consideration of a robust compliance program to mitigate what would otherwise be more draconian consequences of the negotiated resolution.
The existence of a corporate compliance program rarely, if ever, means that a corporation can convince the DOJ or the SEC simply to leave the corporation alone. The government knows that it can extract substantial monetary penalties from the corporation based on the theory of vicarious liability. Where the corporate compliance program is considered is in deciding the extent of the monetary penalty exacted in lieu of prosecution.
C. A Different Dynamic for Smaller Organizations
The author has seen the pattern outlined above repeat itself over and over again with large corporate entities. There is an allegation of wrongdoing by a corporate agent. The corporation quickly assesses the unpredictability of defending the conduct--the risk that it will not be able to convince the DOJ not to charge it; the risk that in litigating against the DOJ under the vicarious liability regime, it will lose; the risk of a high monetary penalty in the event of conviction and the uncertainty of determining the likely monetary penalty in advance of conviction; and the potentially disastrous collateral consequences of conviction. The corporation decides that its best play is to not contest wrongdoing, but rather to attempt to negotiate a resolution that does not include a guilty plea. In so doing, the corporation hopes to minimize the monetary penalty to the extent possible by arguing that it had an effective compliance program and reacted to the current allegation in a responsible manner. Hopefully, the corporation will also be able to assert that the conduct was not widespread and did not involve senior management. Yet with smaller organizational entities, the dynamic can be quite different. As an initial matter, by definition, a smaller corporate entity will not be viewed by the government as "too big to fail." Therefore, the smaller corporate entity does not hold the assured unilateral destruction card. Further, the government may not see a distinction between the corporate entity and the alleged criminal actors. For example, when a closely-held corporation with five shareholders--who serve as the corporation's only officers and employees--submits a false claim that all five of its employees helped prepare, the government is less likely to see the fictional corporate entity as a responsible actor with an identity independent of the five individuals. The entity is not too big to fail, and in the government's eyes, it may deserve to fail. Therefore, the government may not just threaten to indict this entity, it may actually do so.
In contrast, when five employees at a large corporation such as Boeing are involved in submitting a false claim to the government, although the government views Boeing as being vicariously liable for that conduct, it does not view Boeing as a criminal enterprise. It understands that Boeing has an independent identity as a responsible corporation; it employs tens of thousands of people and has millions of investors, none of whom had anything to do with the five bad actors. Thus, the government is more likely to negotiate a settlement with Boeing.
Where the government may consider a negotiated settlement with the closely-held corporation, its offer may be so unfavorable to the corporation that payment of the sum would effectively put the entity out of business. Further, the individuals who are deciding whether or not to accept a corporate resolution are more likely themselves to have personal exposure to individual criminal prosecution. As a result, the corporate decision-makers will have a personal incentive to defend the alleged wrongdoing. And, even independent of these considerations, the small, closely-held corporation will be more willing to tolerate the risk of contesting the facts and litigating the case than would a larger, more established, corporation.
On the flip side, the Boeing decision makers dealing with the DOJ are not personally involved in any of the alleged wrongdoing. As such, they have no incentive to defend the conduct if it is not in the corporation's best interest to do so. The large corporation likely has the resources to settle the matter, and the government will accept a settlement commensurate with those resources given its reluctance to put the Boeings of this world out of business.
D. Sentencing Commission Statistics on Organizational Prosecutions
The United States Sentencing Commission has compiled a wealth of empirical data about criminal prosecutions. Bearing in mind that any set of statistics can be used to support different, and sometimes mutually exclusive, arguments, the author submits that the Sentencing Commission data supports his anecdotal observations. In essence, large corporate entities rarely contest allegations of criminal wrongdoing by their agents, and smaller organizations more often contest such allegations. Large corporate entities tend to negotiate resolutions that result in large monetary penalties, absent conviction, based on unproven allegations. Smaller organizations, because of an unwillingness to compromise and a lack of perceived need on both sides of the table to compromise, get indicted more frequently than large corporations and, as a result, get convicted and sentenced more often.
The Sentencing Commission statistics largely tell the story of the dog that did not bark. In fiscal years 1997 through 2008, the number of organizational cases prosecuted ranged from a high of 304 to a low of 130. (28) The high and low water marks loosely bracket 2002, the year in which Arthur Andersen was indicted: 304 in fiscal year 2000 and 130 in fiscal year 2004. (29) In fiscal year 2008, there were 199 organizational cases. This compares to more than 9,000 prosecutions of individuals. (30) Further, the Sentencing Commission statistics reveal that of the small number of corporate cases that are prosecuted and proceed to sentencing, the number of prosecutions of large corporate entities is miniscule. Of the corporate entities sentenced in fiscal year 2008, 47.0% had ten or fewer employees and 85.5% had 100 or fewer employees. (31) Thus, the empirical data supports the anecdotal observations: the government has never pursued large numbers of corporate prosecutions. Additionally, the government has been even more reticent to do so following the prosecution and resulting demise of Arthur Andersen.
The government is, by and large, unwilling to pull the trigger and prosecute large corporate entities. Or, looked at another way, the government simply has no need to pull the trigger because by merely pointing its outsized weapon, corporations routinely surrender. In contrast, the government seems to have more of an appetite for pursuing the criminal prosecutions of small corporate entities, and/or small corporate entities have more of an appetite for contesting criminal cases. But even these prosecutions are rare.
The result is that the vast majority of cases are resolved without any fact-finding tested through the adversarial process. It is difficult to track the number of corporate deferred prosecution agreements and non-prosecution agreements entered into each year by the DOJ. The DOJ does not publish statistics in this regard (and accordingly, the Sentencing Commission cannot accurately track them). A review of published sources, however, would suggest that while the number of organizational prosecutions has always been fairly small and has not come close to rebounding to pre-Arthur Andersen indictment levels, the DOJ's use of corporate deferred prosecution agreements and non-prosecution agreements has grown rapidly, indeed exponentially, in the past several years. (32)
These cases can lead to the payment of extraordinary sums of money by corporate entities based on unproven factual allegations. To cite just a few recent examples of such settlements: PNC ICLC ($115 million in restitution and penalties), KPMG and HVB ($485 million in restitution and penalties), KBR/ Halliburton ($579 million in restitution and penalties), Siemens ($800 million in restitution and penalties), and AIG ($825 million in restitution and penalties). The option of buying the way out of a conviction, however, may not be available to smaller corporate entities.
III. PROPOSAL FOR A NEW REGIME OF CORPORATE CRIMINAL LIABILITY
Under the current regime, where the corporation is vicariously liable for the actions of its agents, it is risk averse and unwilling to tolerate unquantifiable risks, especially where the risk may include total destruction of the corporate entity. The corporation does not contest allegations of criminal wrongdoing and pays the government large sums of money. This often occurs in instances where the corporation already has a compliance program, where the factual allegations that motivate the corporation to pursue this path are wholly unproven, and where, assuming that criminal conduct has occurred, it occurred in spite of the corporation's intent, not because of it. Clearly, a better approach to the criminal liability of corporations is needed.
A. Alternative Approaches
Several ,commentators and practitioners have proposed alternative approaches to revise and improve the current regime. This author proposes that an effective means to rework the current regime would be a redirection of prosecutors' focus from the assessment of existing corporate compliance programs to the corporation's actual criminal intent. In so doing, the current standard for vicarious criminal liability for corporations should be eliminated.
In her thoughtful piece in this Symposium, Corporate Criminal Liability: When Does it Make Sense?, Professor Pamela H. Bucy agrees with this author that the current regime is flawed, but disagrees as to the means of modification. Professor Bucy argues for codification of an effective corporate compliance program as an affirmative defense to criminal charges against a corporation. (33) For the reasons set forth above, this author believes that such an approach does not adequately address the flaws in the current regime. A corporation currently has business and other incentives to establish a compliance program, independent of the criminal justice system. Moreover, the current criminal enforcement regime already provides powerful additional incentives to corporate entities to establish and maintain effective compliance programs. If effective, a corporate compliance program will minimize the likelihood that a corporation will face potential criminal prosecution and its corresponding costs. Further, if the corporation faces potential criminal prosecution in spite of such a program, the existence of the program will help mitigate the monetary penalty. Hence, although Professor Bucy's argument is persuasive that the ability to altogether avoid a monetary penalty would provide an additional incentive for the creation of compliance programs, this author questions the value of that incentive. This author asserts that existing incentives are sufficiently powerful that corporations have already established and are maintaining such programs. Any additional incentive would be marginal.
Not only would allowing an affirmative defense for effective compliance programs not result in any practical changes in the administration of corporate compliance programs, but also it would not improve the government's ability to detect and punish bad corporate actors. The existence of a compliance program is an imprecise measure of whether or not a corporation is a bad actor who "deserves" criminal prosecution. A corporation may have an effective compliance program, but that program has been circumvented by senior management engaging in criminal conduct. In this instance, the corporate entity should be prosecuted, despite the existence of the compliance program. Conversely, an entity, in particular a smaller one, may lack an effective corporate compliance program, but it has only hired individuals with the highest ethics and has always complied with the law. If a low-level employee of that corporation engages in criminal conduct to enrich himself at the expense of the corporation and in contravention of the explicit intention of the entire management of the organization, the corporation should not be prosecuted despite its lack of an effective compliance program.
Andrew Weissmann, the former Director of the DOJ's Enron Task Force, also argues that corporations' criminal liability is too broad and should be restricted. (34) Like Professor Bucy, Mr. Weissmann proposes a modification that will reemphasize the importance of corporate compliance programs. (35) Unlike Professor Bucy, however, Mr. Weissmann suggests that the current regime should be modified, not to create an affirmative defense for compliance programs, but rather to put the onus on the government to prove that the corporation lacked an effective compliance program in order to convict the corporation of a crime. (36) Mr. Weissmann argues that currently there is no incentive for a corporation to create an effective compliance program because even the best such program will not shield a corporation from criminal liability. (37) Again, as this author discusses above, corporations currently possess sufficient incentives to establish compliance programs. (38) Additional prosecutorial attention to the existence of a corporate compliance program will not improve the government's ability to hold bad corporate actors accountable for their misdeeds.
B. A Better Approach
This author believes there is a better way to assess corporate criminal liability than the current regime of vicarious liability or either of the two proposed modifications of the current regime--allowing an affirmative defense for an effective compliance program, or placing the burden on the government to establish the absence of an effective compliance program. The existence of an effective compliance program is an imperfect proxy for a corporation's collective intent. The better course would be to attack the issue directly, rather than indirectly. Regardless of whether a corporation does or does not have an effective compliance program, it should be subject to criminal liability when it has the collective corporate intent to commit a crime, and it should not be subject to criminal liability when it lacks that intent.
Recent developments in the law of honest services fraud illustrate the importance of assessing the corporation's intent and point to the fight direction for changes in the assessment of corporate criminal liability. Under the mail and wire fraud statutes, an individual corporate actor can be convicted of defrauding the corporation of its intangible right to the honest services of its agent. (39) Two cases arising out of the collapse of the Enron Corporation ("Enron") have refined what it means to commit honest services fraud.
In the first, United States v. Brown, the Fifth Circuit reversed the conviction of former Enron employees for honest services fraud in connection with a conspiracy to artificially enhance Enron's 1999 earnings. (40) The defendants were found guilty of conspiring to purport to sell power-generating barges off the coast of Nigeria to Merrill Lynch, which resulted in the recording on Enron's books of twelve million dollars in earnings, thus allowing Enron artificially to meet its forecasts. (41) On appeal, the Fifth Circuit determined that the defendants, even if perpetrating a criminal fraud, did not act contrary to Enron's intent because senior executives supported the scheme, which was in the interest of the corporation. (42) Therefore, although the defendants' conduct may have been illegal, because the corporation encouraged it and the activity was in the interest of the corporation, the defendants did not defraud Enron of its right to honest services. (43)
In the second case, United States v. Skilling, the Fifth Circuit affirmed Jeffrey Skilling's conviction for honest services fraud in connection with a conspiracy to overstate Enron's financial condition over a two-year period. (44) During the conspiracy, Mr. Skilling's roles included President, COO, Director, and CEO. Mr. Skilling argued on appeal that his conduct did not breach a fiduciary duty because it was in the corporate interest of achieving a higher stock price and, as a result, was not self-dealing. However, the Fifth Circuit held that while there was a confluence of Enron's earnings goals and Mr. Skilling's personal interests through his compensation structure, Enron did not authorize Mr. Skilling's conduct. (45) Since his conduct was unauthorized and contrary to the intent of the corporation-as defined by the intent of his superiors--he did defraud the corporation of its right to his honest services. (46)
Together, Brown and Skilling suggest a better approach to the criminal liability of the corporate entity. When the corporation intends to engage in criminal conduct and authorizes its agents to do so on its behalf, it ought to be criminally responsible. Where it does not, it should not. Of course, the question then becomes how to measure the intent of a corporate entity. Was Enron the bad corporate actor that directed Brown and his co-defendants to engage in criminal conduct? Or was it the good corporate entity, unaware that CEO Jeffrey Skilling engaged in criminal conduct, and therefore the victim of his actions depriving Enron of his honest services? This author submits that the answer must be the former. Indeed, the fact that senior management at Mr. Skilling's level were not only aware of the criminal activity, but also directed it, militates in favor of corporate criminal liability, not against it. (47)
The intent of a corporation should be judged primarily through the knowledge and intent of its senior management. The existence of an effective corporate compliance program is simply one piece of evidence of such intent. But the ultimate question should be the collective intent of senior management, which should govern a determination of the corporation's intent to commit a criminal act. (48)
Large corporations, of course, have many subsidiaries and divisions. (49) Senior management may rarely have knowledge of criminal wrongdoing within a particular subsidiary or division. In such instances, if senior management of the subsidiary or division had criminal intent, but senior management of the corporation did not, the subsidiary or division alone would be subject to criminal charges. In such circumstances, the collateral consequences of a conviction would flow only to that subsidiary or division, not the corporation as a whole. Thus, the particular subsidiary or division that possessed the requisite criminal intent and was charged and convicted may be debarred, but the remainder of the corporation, which had no criminal intent, would not be tainted by that conviction and would be able to continue to transact business with the government.
The intent of senior management could be established by the policies and procedures enacted and/or approved by senior management (including compliance policies and procedures), as well as the actions, knowledge and intent of the individual members of senior management. Where a single member of senior management had criminal intent, but the rest of senior management operated in good faith unaware of the one bad actor, senior management as a whole, and thus the corporation, would typically not be acting with criminal intent. Conversely, where senior management collectively was acting with criminal intent, as judged by the actions of all of its individual senior managers, the corporate entity would have criminal intent and be subject to prosecution. (50)
C. Advantages to the Collective Criminal Intent Approach
There are several advantages to this proposed regime over that of the current vicarious liability regime or over such a regime modified either to provide an affirmative defense of an effective corporate compliance program or to require government proof that the corporation lacked an effective compliance program. First, criminal liability for the corporate entity is judged by corporate intent to engage in criminal liability, not by a highly inexact proxy for it--either, under the current regime, that a single actor had criminal intent (the vicarious liability proxy) or, under the proposed modified regime, that the entity had an effective corporate compliance program. Second, because the government would need to prove more than simply the actions of a single wrongdoer, a corporate entity would more often be able to defend its conduct. That would lead to fewer occasions where criminal-type sanctions are imposed without fact-finding through an adversarial process. This is a desirable result since fact-finding through an adversarial process is a far more accurate way to determine the existence of criminal conduct than negotiated resolutions based on unproven allegations. Third, in the absence of criminal intent by corporate senior management, the corporation itself would not face criminal exposure; only the affected subsidiaries or divisions would face criminal exposure. As a result, the collateral consequences of conviction would be cabined. If the result of conviction is confined to the affected subsidiary, an adverse result may only be the loss of a limb, rather than the death penalty. This would have the salutary effect not only of confining the consequences to the bad actors, but also would allow corporations to challenge factual allegations more frequently. Fourth, from the government's perspective, the converse is true. It can pursue charges against a subsidiary that is not "too big to fail" where it would not pursue charges against the Corporation as a whole. The government is more likely to pursue charges against a subsidiary that it views as intertwined with the bad actors rather than as a true independent and responsible entity. In other words, the dynamic will more frequently mirror the smaller corporation model, where facts do get adjudicated and corporate actors with bad intent are prosecuted and convicted, rather than the big corporation model where the corporation buys its way out of liability based on unproven facts.
The author recognizes that the proposed revision of how to assess corporate criminal liability, moving from a vicarious liability regime to a collective corporate intent regime, is not without problems. Vicarious liability is more of a bright line rule, whereas collective intent is more subjective. Therefore, it may be harder to predict when liability will attach and may do little to make risk-averse corporations more likely to contest allegations of criminal wrongdoing. Accordingly, the proposed new boss may look much like the old boss (51) and may not fully address the flaws in that regime. However, even with a proposed standard that is more subjective, by increasing the government's burden by requiring proof of corporate management's criminal intent, a corporation will be in a position to defend allegations of wrongdoing more frequently than under the current regime where the threshold for establishing corporate liability is much lower. Further, as the new regime takes hold and case law develops, corporations will be better able to predict the fact patterns under which collective corporate intent will likely be found.
Defenders of the current regime, primarily the government, might argue that establishing a regime where corporations more frequently contest criminal liability is not, as this author views it, a good thing. The government would be required to allocate more resources to litigation costs and would receive fewer uncontested monetary penalties.
While the government's likely objections may have some legitimacy, this author believes they are outweighed by considerations of fairness and accuracy. First, it is simply fairer to a corporation to judge it by its intent, rather than by through the application of a strict vicarious liability regime. When senior management of a corporation itself engages in criminal conduct or encourages, facilitates or endorses criminal conduct by lower level employees, the corporation should be criminally sanctioned. Conversely, when senior management lacks any criminal intent, the corporation should not be subjected to criminal prosecution. Second, fact-finding tested through the adversarial process is more reliable than negotiated fact-finding. A criminal enforcement regime that frequently encourages the government and the corporate entity not to engage in fact-finding because each party knows the catastrophic consequences should there be a finding of criminal conduct by any corporate actor allows the routine imposition of criminal-type sanctions through negotiated resolution. Criminal sanctions are the greatest sanctions society imposes. They should typically be reserved for situations where a reliable fact-finding process has demonstrated criminal wrongdoing. The threat of criminal sanctions should not be used to induce extraordinary sanctions "voluntarily" based on untested factual allegations.
Under the current regime for corporate criminal liability, few corporations are criminally prosecuted. Large corporations are almost never prosecuted. Corporations' payments of extraordinary monetary penalties under the threat of criminal prosecution bear little relation to the criminal intent of the corporate entity. Such payments are made based on no formal process of fact-finding, much less the testing of the factual allegations through a reliable adversarial process. This article proposes moving away from a regime that imposes corporate criminal liability vicariously, but allows for the criminal prosecution of corporate entities that act with criminal intent. Such a system would maintain powerful incentives for corporations to create and maintain effective compliance programs while better correlating corporate criminal prosecutions to corporate culpability and would also result in fewer criminal matters being resolved on the basis of unproven allegations.
(1.) EDWARD COKE, THE THIRD PART OF THE INSTITUTES OF THE LAWS OF ENGLAND * 107 (William S. Hein Co. 1986) (1641); 4 WILLIAM BLACKSTONE, COMMENTARIES ON THE LAWS OF ENGLAND 21 (1769).
(2.) See, e.g., Davis v. United States, 160 U.S. 469, 484-85 (1895) (quoting 4 BLACKSTONE COMMENTARIES 21); see also Morissette v. United States, 342 U.S. 246, 250-51 (1952) ("The contention that an injury can amount to a crime only when inflicted by intention is