Corporations institute compliance and ethics programs (C&E) with the purpose of following the law and promoting ethical conduct on a daily basis. Traditionally, public law and order officials were authorized to keep a watch and prosecute civil and criminal infractions by business entities and their owners. Over time, businesses found it more beneficial to comply with public pressure for self-policing. “Outrage over ethical and financial misconduct by the senior management of public companies led to the passage of historic legislation redefining the roles and responsibilities of corporations and those who serve them.” (FindLaw, 2019).
A large number of corporate cases of bribing foreign officials for business and contracts, particularly government contracts, led to the coming of the Foreign Corrupt Practices Act (FCPA) in 1977. The investigations of offenders were carried out by the Securities and Exchange Commission (SEC). Enforcement is the joint responsibility of SEC and the Department of Justice (DOJ). (SEC, 2017). Enforcement agencies were formed to give teeth to the law. Such agencies were Environmental Protection Agency (EPA) and the Drug Enforcement Agency (DEA).
With the corruption and illegalities exposed in defense procurement in 1980s companies were in the negative radar of public resentment. Karpoff et. al. (1999) reported, “… from 1983 through 1989, 17 top defense contractors were convicted of fraud, whereas none was from 1946 through 1982 … From 1983 to 1995, these 98 companies were incriminated in press announcements for 249 separate cases of (alleged) procurement fraud … The most announcements in a single year occurred in 1988… Intentional frauds include mischarging, bribing, falsifying test results, and submitting false claims or invoices.” Managers were aware of the fraudulent activities. The contractors were penalized about the same, proportionally irrespective of size.
In response, companies started to create managerial positions for in-house policing. They are known as compliance and ethics officers. The purpose was to preempt further federal regulation by voluntary corporate responsibility. In 1991, the US Sentencing Commission released the first guidelines for organizations. It defined the specific requirements for an effective compliance and ethics program. Currently, there are stiffer federal sentencing guidelines for frauds committed with managers’ intent (Karpoff et. al., 1999). Leniency was proposed for successfully compliant companies.
Successfully compliant companies are considered favorably by prosecutors for pretrial agreements and deferred prosecution agreements in corporate criminal investigations. Executives of unsuccessful or noncompliant organizations can be imprisoned. Companies are increasingly integrating C&E programs into risk management and general counsel oversight.
The revelation of Enron’s unethical practices from 2001 was another major historical point for reforms. (FBI, n.d.). The directors of Enron had precisely waived the provisions of the code of ethics before their horrendous collapse. The chief financial officer was allowed to benefit from transactions involving Enron. Such blatant unethical behavior led to reforms incorporated in
Section 406 of the Sarbarnes-Oxley Act. The Act addressed the unethical practices at Enron, WorldCom, and Arthur Anderson. FindLaw (2019) reported, “Section 406 requires public companies to disclose whether they have codes of ethics and also to disclose any waivers of those codes for certain members of senior management. The Commission adopted specific rules implementing these requirements in January 2003.” FindLaw (2019) further reported that in 2003, “the Commission approved significant reforms by the NYSE and Nasdaq that, among other things, specifically require companies listed on these markets to have codes of ethics applicable to all employees, senior management, and directors.”
The US Sentencing Guidelines provides direction for an effective C&E program. It includes due diligence, organizational culture and effective program for preventing and detecting criminal activities, and knowledge of, leadership by, and responsibility for the program on the part of organizational leadership. Barring suspected and proven former offenders, periodic evaluation, reporting systems, appropriate response to criminal conduct, and program modifications for prevention of further repetition of such conduct are part of the guidelines. All employees and agents require training. There are also industry specific guidelines and requirements. One such industry is banking.
Congress and the Securities Exchange Commission (SEC) “asked public companies to disclose the fundamental values by which they operate, and by which the conduct of executives may be measured. Senior management and directors are challenged to examine the ‘tone at the top’ of their organizations, and to emphasize ethics and integrity in business decisions.” (FindLaw, 2019).
While progress has been made, much remains to be done. The 2013 National Business Ethics Survey reported that misconduct was significantly down as a result of organizational C&E programs. At the same time the nature of misdeeds, especially among management, is shocking. Reporting has gone down, and at the same time, retaliation is high. (Ethisphere, 2014).
C&E programs have mushroomed in organizations. The motivation appears to be the avoidance of stiffer punishment, including fines and penalties. Simultaneously, corporate scandals have mushroomed too. It is not surprising to deduce that corporations are too busy to stay within the law to avoid repercussions than to fine-tune corporate ethical culture.
The purpose of C&E programs is both law abidance and ethical conduct. For effectiveness, procedures, communications, and culture are essential. (Ethical Systems.org, 2018). A researcher at the University of Michigan, David Hess proposed two additions to the federal corporate sentencing guidelines: “Monitor the organization’s informal system of communication, surveillance and sanctions, and promote an informal system that supports the goals of the compliance and ethics program. Periodically assess organizational members’ perception of the organization’s ethical climate.” Hess emphasized that focusing on what can be measured is the easy part. Measuring culture on the other hand is not easy. Therefore, with time, compliance and ethics drifted apart, whereas they should have worked together. The end goal should be to do the right thing. (Vice President for Communications, 2016).
Edwords (2015) added, “Law, however, is not necessarily the same as morality; there are many moral rules that are not regulated by human legal authorities … Laws and rules are generally designed to regulate activities that can be publicly observed. This makes enforcement easy. But breaches … often involve acts that are not illegal but simply unethical and can include acts that are private and difficult to observe without invading that privacy. Enforcement, therefore, is almost totally left to the perpetrator. Others may work on the perpetrator’s emotions to encourage guilt or shame, but they have no actual control over the perpetrator’s conduct.”
Corporations are smart enough to know the difference between compliance and ethics. Compliance basically means to follow the law, rules, and policies so you do not get into trouble. Compliance is easier to achieve and easier to deliver. It can be very objective. As long as you have mechanically and accurately fulfilled the checklist, you have complied with the standard requirements. Ethics on the other hand, demands more.
While ethics at its minimum is compliance with the law, that is not by itself sufficient. Ethics demands that you have complied and complied in the right way. Fulfilling the requirements for the right way is where the challenge lies. Therefore, it is more convenient to have multiple and repeated measures for compliance than it is to have measures of ethics. It is not surprising therefore, that efforts at compliance “crowd out” corporate ethics in several C&E programs.
“Deterrence theory in its classical form holds that crime is deterred by the threat of punishment,” wrote Andersen et.al. (1983). They added that people make criminal choices rationally, based on the payoff probability. A moral hazard is doing something risky and leaving the damages on others that follow. The person or group that committed the action do not face the consequences of their actions. This leads to willful questionable behavior since there are no consequences on the wrongdoer, added Pritchard (2019). Deterrence theory and model provides the vital stimulus for C&E programs.
A good example from the world of business is the subprime crisis that came to light in 2007. Banking lenders gave housing loans to people who could not afford to make the payments. They were done with the principle that they, the banking lenders, would not be responsible for the aftereffects. Several banking lenders skipped due diligence with documentation, fabricated income figures, and approved loans on those bases. Once they sold/originated the loans, the banking lenders sold the loans to investment banks. When the borrowers failed to pay back, the investment banks, not the original banking lenders, paid the price, recounted Fiorillo (2018).
There was a public uproar, and the lawmakers swung into action. Some of them were themselves parties to the act. Fearing bank failures and the collapse of the US economy, and since the US government considered these banks to be “too big to fail,” the US government bailed them out. The bailout of course was with taxpayers’ money. “Lenders and investment banks took risks that had consequences for taxpayers and others,” said Pritchard (2019). Therefore, the banking lenders took unethical and even criminal action and taxpayers were the ones punished. That is blatant involvement in moral hazard.
Collins (2015) stated, “The operating principles of the big banks is a cesspool of greed, ethics and criminal intent and they give a very bad name to free market capitalism. The industry is not afraid to do it again because they know no one goes to jail and the government will bail them out.” About the global repercussions that followed, Noonan et. al. (2018) added, “The US, ground zero for the financial crisis, has jailed just one banker for issues relating to the crisis. Former Credit Suisse trader Kareem Serageldin was sentenced to thirty months in prison for artificially inflating the price of subprime mortgages, a financial product at the very heart of Wall Street’s unravelling.”
In conclusion, I strongly believe that the deterrence model by itself is inadequate to handle all ethical challenges. It is a good and strong start but not the end-of-all solution to ethical depravity. While it does provide for punishing somebody to establish accountability, in cases of moral hazard there is high likelihood that the original offenders go free and some poor unfortunate soul, who is left holding the bag, is punished. Ethically, that is fundamentally wrong. While the intent of Deterrent Theory was for establishing C&E Programs in corporations, it needs a lot more work. It needs to expand to control for moral hazard. The Theory is invaluable but it is still flawed. It is a work in progress.
A review of various cases of US C&E programs and related cases showed that both high-ranking and “the little people” are mostly equally treated. There is evidence to support that. The trend seemed to have been in place since the 1980s. There are exceptions too, but prosecution efforts are on. As Karpoff et. al., (1999) had pointed out, there are stiffer federal sentencing guidelines for frauds committed with managers’ intent. Intentional frauds include compliance and ethics. They found defense contractors who were found to have committed fraud in the 1980s were penalized irrespective of size.
In the Enron case revealed from 2001, several top executives and others were fined and sentenced to prison terms. This included high-ranking corporate officials and “the little people”. Section 406 of the Sarbarnes-Oxley Act addressed the unethical practices of top-management. “Section 406 requires public companies to disclose whether they have codes of ethics and also to disclose any waivers of those codes for certain members of senior management. The SEC adopted specific rules implementing these requirements in January 2003.” (FindLaw, 2019). FindLaw (2019) further reported that in 2003, “the Commission approved significant reforms by the NYSE and Nasdaq that, among other things, specifically require companies listed on these markets to have codes of ethics applicable to all employees, senior management, and directors.” This addressed all “high-ranking corporate officials” and “the little people”.
There are arguments or outcries that justice is not served equally. Collins (2015) complained that nobody is affected by the C&E program requirements among the high-ranking corporate officials because “they know no one goes to jail and the government will bail them out.” Noonan et. al. (2018) suggested that only “the little people” get punished. He said, ““The US, ground zero for the financial crisis, has jailed just one banker for issues relating to the crisis. Former Credit Suisse trader Kareem Serageldin was sentenced to thirty months in prison for artificially inflating the price of subprime mortgages, a financial product at the very heart of Wall Street’s unravelling.”
Pursuant to the Subprime crisis and the Troubled Assets Relief Program (TARP) Bailout. “There have been 35 bankers sentenced to prison, according to Christy Goldsmith Romero, the special inspector general for the Troubled Assets Relief Program (SIGTARP), in a report to Congress …” reported Isidore (2016). She reported further that Romero said, ‘I certainly understand the frustration of the people who want to see accountability for those who brought on the financial crisis. Some of these institutions where we are finding criminal conduct, the level of accountability stops at a lower level and doesn’t rise up.’ Romero’s “office is continuing to investigate hundreds of cases at institution of all sizes.” Isidore (2016) added, 59 bankers were convicted, 19 more bankers have been charged with crimes, and several are awaiting trials.
On April 23, 2019, the first ever felony charges were filed against Rochester Drug Co-Operative (RDC), Laurence F. Doud III, the company’s former chief executive officer, and William Pietruszewski, the company’s former chief compliance officer, for violating federal narcotics laws. The Manhattan U.S. Attorney and N.Y. Division of the Drug Enforcement filed the charges. “RDC entered into a Stipulation and Settlement Agreement (the “Agreement”) and consent decree under which RDC provided an extensive Statement of Facts admitting to its conduct, agreed to a $20 million penalty, reform and enhance its Controlled Substances Act compliance program, and submit to supervision by an independent monitor,” reported Sullivan (2019).
Pietruszewski “pled guilty to numerous charges, one of which carries a maximum sentence of life in prison and a mandatory minimum sentence of 10 years. A criminal case will proceed against Doud, who also faces two charges, one of which also carries a maximum life sentence in prison and a mandatory minimum sentence of 10 years. The government also brought a civil lawsuit against RDC for its knowing failure to comply with its legal obligation to report thousands of suspicious orders of controlled substances to the Drug Enforcement Agency (“DEA”).” (Sullivan, 2019).
Looking at both sides of the issue, the progress made, and the concerns about both the high-ranking corporate officials and “the little people”, I believe that C&E programs can be more intimidating for the latter. The 2013 National Business Ethics Survey reported that the nature of misdeeds, especially among management, is shocking. Reporting of violations has gone down, and at the same time, retaliation against “the little people” is high. (Ethisphere, 2014).
The attributes of an effective C&E program include all nine of the following. They are found in the U.S. Department of Justice’s 2017 document titled “Evaluation of Corporate Compliance Programs.”. The attributes are, 1. Oversight by Senior and Middle Management, 2. Autonomy and Resources Available for Compliance, 3. Assessment of Policies and Procedures, 4. Risk Assessment, 5. Training and Two-Way Communications, 6.Confidentiality and Reporting Hierarchy, 6. Fair and Consistent Disciplinary Actions and Incentives, 7. Continuous Improvement, Periodic Testing, and Review of Data and Reporting to Management and Board, and, 8. Third-Party Management – Monitoring and Incentives for Compliant and Ethical Behavior. (Chen and Soltes, 2018).
Paine (1994) proposed an integrity-based approach to ethics management. The integrity-based approach combines both the compliance requirements of law and the managerial responsibility for upholding ethics. The intent of the integrity approach is to “strive to define companies’ guiding values, aspirations, and patterns of thought and conduct. When integrated into the day-to-day operations of an organization, such strategies can help prevent damaging ethical lapses while tapping into powerful human impulses for moral thought and action. Then an ethical framework becomes no longer a burdensome constraint within which companies must operate, but the governing ethos of an organization,” Paine (1994) wrote.
Legal compliance is inadequate for addressing all everyday ethical issues. Just being legal is not necessarily ethical. For example, in the Salomon Brothers case from 1991, company lawyers found no law that dictated that the four top-level executives had to disclose the wrongdoings. Their ethical shortcomings adversely affected stakeholders. The loss to Salomon Brothers was nearly $1 billion. (Paine, 1994).
The attributes of the integrity-based approach are similar to a compliance-based initiative in several ways. It has the code of conduct, training, mechanisms for reporting and investigation, and, audits and controls. Paine (1994) argued, “A strategy based on integrity holds organizations to a more robust standard. While compliance is rooted in avoiding legal sanctions, organizational integrity is based on the concept of self-governance in accordance with a set of guiding principles. From the perspective of integrity, the task of ethics management is to define and give life to an organization’s guiding values, to create an environment that supports ethically sound behavior, and to instill a sense of shared accountability among employees. The need to obey the law is viewed as a positive aspect of organizational life, rather than an unwelcome constraint imposed by external authorities.”
There are fundamental differences too between integrity strategy and compliance strategy. Compliance aims at conformity with laws and preventing crime. Integrity aims at self-governance, responsibility, abiding with laws, company values, and social obligations. The activities in compliance and integrity differ in that integrity includes development of company values and standards from the top, integration into company systems, guidance and consultation, assessment of values performance, and, identification and resolution of problems. (Paine, 1994).
Navran (1997) recommended 12 best-practices attributes for an ethics program. They are: Vision Statement, Values Statement, Organizational Code of Ethics, Ethics Officer, Ethics Committee, Ethics Communication Strategy, Ethics Training, Ethics Help Line, Measurements and Rewards, Monitoring and Tracking systems, Periodic Evaluation, and Ethical Leadership.
The vision statement would define the parameters of acceptable decisions. If unethicality is involved in the decision or in the execution in the decision, it is an unacceptable decision and should be rejected. The company’s values statement would influence and retain appropriate behavior. The organizational code of ethics would provide organization-specific requirements of expected C-suite behavior in carrying out duties. The ethics officer provides the coordination and implementation. The ethics officer reports to the ethics committee that oversees the organizational efforts. The ethics officer should deliver an effective ethics communication strategy that is timely and usable and fosters two-way dialogue.
Ethics training helps to handle difficult situations and utilize safe avenues for communicating concerns and fair dissent. Ethics helplines facilitate communication. Measurements and rewards provide validation of acceptable practices. Monitoring and tracking systems provide feedback on internalization of the organization’s values and ethics code. Periodic evaluations show progress or need for intervention. Above all and most importantly, ethical leadership provides credibility and facilitates acceptance.
Here is the outline of the C&E program that I would recommend for my corporation. It will incorporate the integrity-based approach and fulfil the attributes provided by the Department of Justice. It would be in line with the US Sentencing guidelines for effective C&E programs. As mentioned earlier, the integrity-based approach combines both compliance and ethics.
With the plethora of outrageous corporate scams and frauds that came to light in the last 40-plus years, public outrage on corporate behavior reached revolutionary levels. Congress responded with Acts to reduce the blatant infractions. In order to avoid some of the impositions of the law, businesses started self-policing of compliance and ethics. Results have been achieved but the efforts cannot stop on the part of the government and businesses. A corporate C&E program has been recommended for my company.
In my remarks on the C&E program, I would like to emphasize that in the above-recommended C&E program for my company, both compliance and ethics are addressed. Complying with the law is the minimum starting point of ethics. It is impossible to enact laws for all ethical violations. However, if certain ethical violations become rampant, society would be forced to enact laws. Voluntary compliance and ethical propriety would serve all society well. The recommended C&E program fulfils the requirements of attributes of an effective C&E program, the expectations highlighted by the Department of Justice, the US Sentencing guidelines for effective C&E programs, best practices, and over and above all, integrity.
- Andersen et.al. (1983). Models of Deterrence Theory. Social Science Research 12, p. 236-262. Retrieved from https://www.sciencedirect.com/science/article/pii/0049089X83900145?via%3Dihub
- Chen, H. and Soltes, E. (2018). Why Compliance Programs Fail—and How to Fix Them. HBR. Retrieved from https://hbr.org/2018/03/why-compliance-programs-fail
- Collins, M. (2015). The Big Bank Bailout. Retrieved from https://www.forbes.com/sites/mikecollins/2015/07/14/the-big-bank-bailout/#7fcc13ec2d83
- Edwords, F. (2019). The Human Basis of Laws and Ethics. Retrieved from https://americanhumanist.org/what-is-humanism/human-basis-laws-ethics/
- Ethical Systems.org. (2018). Compliance & Ethics Programs. Retrieved from https://www.ethicalsystems.org/content/compliance-ethics-programs
- Ethisphere. (2014). 2013 National Business Ethics Survey of the U.S. Workforce: Executive Summary. Retrieved from https://insights.ethisphere.com/2013-national-business-ethics-survey-of-the-u-s-workforce/
- FBI. (n.d.). Enron. Retrieved from https://www.fbi.gov/history/famous-cases/enron
- FindLaw. (2019). Corporate Ethics and Sarbanes-Oxley. Retrieved from https://corporate.findlaw.com/law-library/corporate-ethics-and-sarbanes-oxley.html
- Fiorillo, S. (2018). What Was the Subprime Mortgage Crisis and How Did it Happen? Retrieved from https://www.thestreet.com/personal-finance/mortgages/subprime-mortgage-crisis-14704400
- Isidore, C. (2016). 35 Bankers Were Sent to Prison for Financial Crisis Crimes. Retrieved from https://money.cnn.com/2016/04/28/news/companies/bankers-prison/index.html
- Karpoff, J. et. al. (1999). Defense Procurement Fraud, Penalties, and Contractor Influence. Journal of Political Economy, 107(4), p. 809-842, Retrieved from https://www.jstor.org/stable/10.1086/250080
- Navran, F. (1997). 12 Steps to Building a Best-practices Ethics Program. Workforce, 76 (9) p.117-122. Retrieved from https://www.workforce.com/1997/09/01/12-steps-to-building-a-best-practices-ethics-program/
- Noonan et. Al. (2018). Who Went to Jail for Their Role in the Financial Crisis? Retrieved from https://ig.ft.com/jailed-bankers/
- Page 10 of 11
- Paine, L. (1994). Managing for Organizational Integrity. HBR. Retrieved from https://hbr.org/1994/03/managing-for-organizational-integrity
- Pritchard, J. (2019). Moral Hazard: Definition and Examples. Retrieved from https://www.thebalance.com/moral-hazard-what-it-is-and-how-it-works-315515
- SEC. (2017). Spotlight on Foreign Corrupt Practices Act. Retrieved from https://www.sec.gov/spotlight/foreign-corrupt-practices-act.shtml
- Sullivan, T. (2019). First Ever Felony Criminal Charges’ Against a Distributor and its Former CEO & Chief Compliance Officer for Violating Federal Narcotics Laws. Retrieved from https://www.policymed.com/2019/05/first-ever-felony-criminal-charges-against-a-distributor-and-its-former-ceo-chief-compliance-officer-for-violating-federal-narcotics-laws.html
- Vice President for Communications. (2016). Compliance Cannot Compel Ethical Behavior. Retrieved from https://news.umich.edu/compliance-cannot-compel-ethical-behavior/