The Complete Compliance and Ethics Manual 2021

Corporate Criminal Liability

When a crime involves an artificial entity such as a corporation, the government may charge the entity itself and/or the individual wrongdoers or corporate managers responsible for the criminal conduct. The rationale for corporate criminal liability is that it is necessary to ensure that organizations adequately supervise their officers, employees and agents. Quite simply, it is a governance matter recognized in the law that encourages organizations to develop general policies and procedures, as well as an appropriate culture, to deter wrongdoing. As a matter of social responsibility, corporate criminal liability places the responsibility on the entity that benefits the most from the wrongdoing rather than solely on the individual wrongdoer.

As a legal and practical matter, however, the law generally holds an organization responsible for the criminal acts of its agents through the doctrine of respondeat superior, which is the general federal common law in the United States. Where an agent has acted illegally, the doctrine of respondeat superior imputes that person’s criminal activity to the organization itself. Federal common law in the United States generally imposes liability on organizations for acts committed by agents acting on behalf of the organization and for the benefit of the organization. Organizational benefit is met as long as the agent intended in some part to benefit the organization. In other words, additional motives (e.g., personal gain) do not preclude organizational liability, provided that the individual wrongdoer was acting on behalf of the organization and intended the misconduct in some part to benefit the organization. Difficult issues arise in specific circumstances when the misconduct may actually harm the organization or when it is unclear whether the offender was actually an agent, or acting under authority of the organization. Needless to say, these issues are addressed on a case by case basis as part of the legal risk assessment under prevailing law of the appropriate jurisdiction, but the key point to be understood is that the organization is exposed to potential liability if it fosters conditions that created the problem even if the conduct is contrary to express policy or if the corporation has in place a corporate compliance program to ensure its agents and employees comply with the law.

Nor will liability be precluded if no actual benefit derived from the misconduct. It is the actual intent to derive some benefit, regardless if successful or not, that is the essence of the crime. In other words, actual profit is not an element of the crime, although it is very helpful in proving the individual’s intent! But what about organizational intent? From a legal perspective, how do you prove mens rea, or intent, of an artificial entity? The answer is through the collective knowledge of all the individual agents which is collected together and then attributed to the organization. The doctrine of collective knowledge is very important where no agent possessed the mens rea necessary for the crime, because the intent of individual actors is to be aggregated and imputed as a whole to the organization. For example, in a criminal case where none of the employees acted willfully, or with the required criminal intent, a court may nonetheless allow a jury to infer willfulness or the intent to act illegally if the organization was sloppy in the way it trained its employees and enforced its own policies and procedures.

The Law of Ethics

That leads us to several legally mandated corporate governance and ethics and compliance measures that, although none of them individually encompasses or requires business ethics, the practical effect of the coalescence of all of them combined does indeed result in what I refer to as “the law of ethics.” First, is the In Re Caremark, 1996 Delaware Court of Chancery case, in which the Chancery Court made it clear that the corporate directors’ duty of care included a corporate duty of compliance, that is, that a director had a duty to ensure that the organization had an adequate system in place to detect potential violations of the law. In Re Caremark essentially promulgated the board of directors’ compliance duty of care.

Second is the United States Sentencing Commission (USSC) Organizational Guidelines, which were amended in 2004 to offer a mitigated sentence if the organization implements an effective compliance and ethics program that adequately detects and prevents misconduct as well as promotes an overall culture of compliance and ethics.

Third, is federal prosecutorial policy for organizations. Prior to 1999, the DOJ did not have any formal or informal policy guidelines to consider when to formally charge an organization with a criminal offense. However, DOJ has since formalized the Principles of Prosecution of Business Organizations into the United States Attorneys Manual through a series of memoranda written by Deputy Attorney Generals Eric Holder (1999), Larry Thompson (2002), Paul McNulty (2006) and Mark Filip (2008). This federal prosecution policy went one step further than the Organizational Guidelines by providing that the existence of an effective compliance and ethics program could actually decrease the likelihood that an organization would even be charged with a criminal offense. Both the Organizational Guidelines and the Principles of Prosecution of Business Organizations reiterate the substantial incentives to all organizations to implement truly effective compliance and ethics programs.

Fourth, are the significant internal controls and accountability provisions enacted as part of the Sarbanes-Oxley Act (SOX) in 2002. When combined with the significant white collar enforcement measures identified above in PPACA, FERA and the Federal Deficit Reduction Act of 2005, which give rise to significantly heightened FCA scrutiny and liability, there should be significant concern and recognition that it is no longer acceptable to simply have a paper compliance and ethics program. The coalescence of all these factors results in what I call the Law of Ethics, which recognizes that organizational ethics is no longer aspirational under these circumstances, but required.

Understanding Organizational Culture

Although recognized that culture “is a major component affecting [organizational] performance and behavior,” it remains “a complex and pervasive part of any working environment” that defies agreement as to what exactly it is.^[9] The effort to define culture has been referred to “as trying to nail Jell-O to the wall!” The problem with defining culture is that it is essentially an anthropology concept that was borrowed and applied to the study of organizational behavior in 1979.^[10] In anthropology, culture is viewed from a societal perspective and compared on the basis of elements and characteristics without any concern for organizational effectiveness; therefore, the concept is not natural and does not fit easily in the study of organizational behavior.^[11] Accordingly, much of the research and theories are dedicated to explaining and defining the concept of culture with only the more recent publications focusing on how to influence or change organizational culture for the better. However, the concept of culture in this context can generally be classified in terms of observable behaviors and ideals focused on shared values.^[12] Thus, any operating definition of culture in the study of organizational effectiveness, regardless of the definition, should focus on how organizational culture affects the manner in which people interpret the organizational “cues” to determine the shared values and appropriate behavior.

To facilitate a better understanding of organizational culture, it is helpful to review Organizational Climate and Culture, which explained culture from a behavioral perspective in which culture derives from the relationship that exists between behavior and consequences.^[13] The organizational behavior theory is that culture is a reflection of individual behavior which may be formed, maintained or changed as a result of the social consequences associated with certain behavior. Positive behavior is socially reinforced and encouraged. Negative conduct is punished. Employees learn to behave in a manner consistent with the prevailing social norms, or values, within the organization and in the end, this pattern of behavior reflect the prevailing values, or culture, of the organization. The critical point, however, is that managers can actively influence this organizational culture through the consistent application of environmental factors affecting behavior (whether positively or negatively).

From a behavioral perspective, it is easy to see how this behavioral context explains the formation, maintenance and change of organizational culture. Perhaps this perspective is appropriate considering we have discussed the potential consequences, or risk, of organizational liability that may derive from unethical conduct that rises to the level of illegality. In this light, there are several key concepts that will assist you in affecting organizational culture:^[14]

1. Culture is a generic term. Culture is a generic term that generally refers to individual behavior that reflects the general operating norms within the organization’s environment. It evolves over time in the minds of employees as a result of environmental conditions that leads to a pattern of behavior consistent with that environment.

2. Adaptive capacity. Individuals naturally adapt their behavior as a result of the consequences associated with the behavior and will conform to a cultural norm if they perceive that compliance will lead to a desirable outcome for that individual. Organizational culture is formed, maintained, or changed over time through the consistent application of this dynamic relationship.

3. Culture is contagious. Not only do individuals learn to adapt their behavior but their interpretations of the prevailing norms, or organizational values, as reflected in this adaptive behavior is transmitted vicariously to other individuals who learn to adapt as well. This individual behavior response to perceived consequences is contagious because it is shared among individuals to create a pattern of behavior that other individuals interpret to shape their image of organizational culture. Therefore, any attempt to successfully influence this culture must involve the consistent application of environmental factors to reinforce positive behaviors because any conflicting signals will only serve to confuse individual perceptions. Remember, actions speak louder than words, and culture is the reflection of contagious behavior.

4. Many environmental factors affect culture. There are a multitude of environmental factors that reinforce behavior, and individuals will align themselves with those factors that meet their individual needs. In an emerging culture, loose relationships will develop generally around effective work flow, and interpersonal relationships will form to achieve desirable goals. An overall culture, or “negotiated order,” is formed yet there may be separate groups without a shared vision of that culture but demonstrating a willingness to “go along” to achieve their individual goals. Each group may exhibit its own sub-culture, and these groups, in addition to management and other individuals, may act as reinforcing agents that either support or contradict the overall culture.

   Once a dominant culture is formed, however, it can only be changed by first identifying these environmental factors and reinforcing agents to determine and understand their effect on the overall culture. Effective change is the result of integrating positive environmental factors and eliminating conflicting factors as part of the change process. The important point is that management alone does not control culture and that there are many factors that can be used to reinforce positive behavior albeit some are more effectively utilized by management. The reality is that there are a variety of factors affecting overall culture including other individuals and working groups.

5. Perception is reality. Individual experiences not only shape how the organization is perceived but how behaviors are interpreted and transmitted to other individuals. Individual predispositions as a result of their experiences form the individual’s “reality of organizational culture.” An individual’s predisposition will not only affect how they perceive a newly formed culture but will make it much more difficult to change an existing culture.

6. Be a Relationship Person. There is a natural relationship between those attempting to influence behavior and culture, and the target of that influence based on the perceived mutual benefits of that relationship. Yet, this relationship is limited by their zone of tolerance reflecting the degree of accommodation either party is willing to make. This relationship is even more pronounced during culture formation, as greater needs may exist until “a negotiated order” or basic culture is stabilized.

7. You can teach an old dog new tricks, but it’s difficult. Changing an established culture involves influencing and learning a new standard of appropriate conduct that requires a new set of consequences and environmental factors and reinforcing agents. The new desirable behaviors must be reinforced while the negative conduct is punished. This change process is difficult, yet attainable, because of the preexisting perceptions and relationships serving as the foundation of the organizational culture. To change the culture, there must be a deliberate effort to identify and undercut these environmental factors. This process proves to be so difficult in some circumstances that organizations will simply create a new organization rather than delve into the difficult task. In fact, even the United States Organizational Sentencing Guidelines recognize the “corporate death penalty”^[15] for situations in which it is determined that the organizational culture simply cannot be changed through an effective compliance and ethics program.

If we are studying organizational effectiveness, it is helpful to first identify what it means to be effective. Effectiveness can be viewed in terms of financial performance, productivity, impact on the environment or a wide range of measurements. It is well recognized among scholars today that organizational culture plays an integral role in organizational performance and long term success.^[16] How does your organization measure effectiveness, and what impact does your organizational culture play in the interpretation of what it means to be effective or successful as an organization? That is the inherent problem with defining culture. The concept is nebulous and contextual, yet vitally important in shaping the overall success of any organization in the 21st century.

The United States Organizational Sentencing Guidelines

Criminal sentencing in the United States dramatically changed in theory and practice with the passage of the Sentencing Reform Act of 1984, which created the United States Sentencing Commission (USSC) to study and devise both individual and organizational sentencing guidelines. The overriding purpose behind the United States Sentencing Guidelines (USSG) was to provide predictability, uniformity and consistency in federal sentencing through the use of “advisory” standards or practices, or guidelines. Although the individual sentencing guidelines took effect in 1987, the sentencing guidelines for organizations were implemented in 1991, and amended in 2004, after much study and debate. These organizational sentencing guidelines would dramatically shape both the way organizations in the U.S. view compliance and ethics programs as well as the rise of the entire compliance and ethics industry.

As a matter of governance, the organizational sentencing guidelines encourage corporate responsibility through the implementation of internal mechanisms to prevent, detect and report misconduct. The USSG provide incentives, or “carrots,” for organizations to maintain internal mechanisms as part of an effective corporate compliance program. This “carrot” approach is achieved through the calculation of an organization’s Culpability Score, which can be mitigated by the following four factors: 1) the existence of an effective compliance and ethics program, 2) self-reporting of violations within a reasonably prompt time and becoming aware of the offense prior to the imminent threat of disclosure or government investigation, 3) full cooperation with the government investigations, and 4) the demonstration of the recognition and affirmative acceptance of responsibility for the criminal conduct.^[17] As you can see, the organizational guidelines have provided a major incentive for organizations to inspire a culture of ethical corporate conduct through the promotion of a culture that encourages ethical conduct and a commitment to compliance with the law.

As you will learn, however, it is not only the organization’s obligation to develop high standards of personal accountability and understanding in order to diminish the significant risk of liability arising from unethical business practices, but the development of a key understanding that a culture of ethics is also good business. The implementation of an effective compliance and ethics program is the first step in assuring that it complies with all applicable laws and regulations. However, the other benefits of an effective program are numerous. It offers the potential to reduce the risk that ethical lapses become widespread patterns of organizational misconduct that ultimately could rise to the level of criminal conduct. It reduces the exposure of enforcement actions from governmental regulatory agencies as well as shareholder derivative lawsuits against the governing body for the failure to fulfill their duty of care in governance. In the unfortunate event of a government investigation, an effective compliance and ethics program reduces the likelihood of criminal prosecution of the organization under United States federal prosecutorial policy. As stated above, an effective program also reduces the organization’s culpability score when being sentenced.

It is not surprising then that since 2004, culture is the predominate focus of the federal government’s effort to encourage ethical business practices and self-governance through the federal sentencing guidelines in the United States. Prior to 2004, the organizational sentencing guidelines provided a “carrot” approach to compliance and ethics by offering a mitigated sentence opportunity for those organizations that implemented an effective compliance and ethics program to prevent and detect violations of law.^[18] An effective compliance program was one that “exercised due diligence in seeking to prevent and detect criminal conduct by it’s employees and other agents”, but there was no reference to an organization’s environment.^[19]

However, effective November 1, 2004, an effective program was amended to be defined as one that also promotes “an organizational culture that encourages ethical conduct and a commitment to compliance with the law.”^[20] This significant amendment not only formalized the criteria for an effective compliance and ethics program into its own guideline (i.e., rather than an application note) but elaborated on that criteria by placing “significantly greater responsibilities on the organization’s governing authority and executive leadership.”^[21] Specifically, the USSC determined that the organization’s governing authority must “be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”^[22] This emphasis on the “the highest-level governing body of the organization” reflects the perception that a successful organization is one that possesses organizational character and is capable of self-policing through the implementation of an internal crime prevention regime but also promotes a culture of ethics and integrity through ethical leadership at the top levels of the organization.

Most importantly, the 2004 Amendments to the USSG organizational guidelines reflect the reality that “an effective compliance and ethics program not only will prevent and detect criminal conduct, but also should facilitate compliance with all applicable laws” (emphasis supplied).^[23] Accordingly, the amendments added the emphasis on promoting an organizational culture of ethics and integrity to “reflect the emphasis on ethical conduct and values incorporated into recent legislative and regulatory reforms” in the aftermath of the corporate fraud scandals at the turn of the century and provided by the Sarbanes-Oxley Act, which in section 805 directed the USSC “to review and amend the organizational guidelines and related policy statements to ensure that they are sufficient to deter and punish organizational misconduct.”^[24] And that is how we entered the current era of focus and emphasis on promoting an organizational culture of ethics and integrity rather than simply offering a “paper” compliance and ethics program.

A Self-Governing Culture

A self-governing culture is the desired culture of any organization. In the book How: Why How We Do Anything Means Everything… In Business (and in Life) (2007), Dov Seidman explains how the future of all successful business activity is a self-governing culture. A self-governing culture is one of shared values and ownership among employees. The benefit of a self-governing culture is that it disavows rules because rules, or the law, only define minimum standards. Rules do not inspire higher ethical conduct. Rather, values guide how we think and how we behave. Accordingly, a self-governing culture is one where individual and organizational values are closely aligned with each other. This is important because people are more likely to violate organizational values than they are their own personal values. So, if you have personal values that are aligned with the organization’s values, you are much more likely to have conduct congruent with those values. More importantly, if people in your organization don’t know what values are important, then those values can’t guide behavior within the organization and people will default to what they perceive to be the accepted norms within the organization.

Ultimately, a self-governing culture engenders an environment that is self-regulating. Employees regulate each other to ensure compliance with organizational values. Everyone champions the core values of the organization. Although management continues to play a key role in regulating employee conduct and promoting positive behavior, the organizational structure is flatter and less hierarchical because everyone in the organization is a leader. The culture becomes self-enforcing and builds upon itself as it is transmitted throughout the organization. A self-regulating culture engenders trust between management and employees because everyone is responsible for their conduct, and this trust leads to greater confidence within the organization that allows creativity and appropriate risk taking. A self-governing culture should be the goal of any organization attempting to achieve a culture of compliance and ethics with the law that everyone within the organization, not just the chief compliance officer, is capable of consistently making the right call.

A Culture Risk Assessment

As a threshold matter, it is fundamentally important to recognize that “stuff happens.” It is unrealistic to believe that any organization is immune to misconduct. The proper focus is how are you attempting to prevent it and how are you responding to it when it does happen, but more importantly, how is everyone else in your organization responding? The hallmark of a self-governing culture is that ethical lapses, or the disavowal of organizational values and norms, are not tolerated. In contrast, the tolerance of ethical lapses soon leads to state of moral malaise and ethical collapse.

Marianne M. Jennings, a professor of business ethics at Arizona State University has identified seven warning signs of organizational ethical collapse in her book The Seven Signs of Ethical Collapse.^[25] A review of these warning signs is helpful in conducting a basic culture risk assessment in your organization. I have listed these seven warning signs below for your review and provided my own take on each sign’s important in evaluating your organizational culture. Remember, no warning sign in and of itself is indicative of moral malaise and a poor ethical culture, but these are insightful areas for you to assess in determining how you may influence your organization’s culture in a positive manner.

1. Pressure to maintain those numbers. It is basic micro-economic theory that in any performance-based system there is an inherent incentive to “cheat”. There is a natural correlation between greater performance demands and ethical misconduct. Eventually, the scales will tip in favor of widespread misconduct if left unchecked.

2. Fear and Silence. This is what I call the lack of authentic communication. Some organizations operate with the “gotcha” mentality, wherein there is no open communication regarding ethical lapses. The failure to openly discuss problems means you cannot learn from those problems, but more importantly it signifies that you are not aware of everything that is going on in your organization.

3. Young’uns and a Bigger Than Life CEO. The failure of ethical leadership at the top, especially if that person is nonetheless a charismatic leader, can be disastrous. This is a matter of role modeling. It is critically important that top leaders and managers “buy into” the program and “walk the talk.” Remember the old adage “actions speak louder than words.”

4. Weak Board. This is a matter of the failure of corporate governance. The governing body is responsible for “minding the shop” and ensuring that top leaders provide ethical leadership and implement an effective compliance and ethics program. Good governance is a fundamental check on poor leadership that can prevent many mistakes from evolving into a pattern of misconduct.

5. Conflicts. Rampant conflicts of interest demonstrate misplaced values and a culture run amok. The only thing worse that not having a conflict of interest policy is having one that is ignored. Remember, the key to successful behavior modification and influencing culture is the consistent reinforcement of positive, NOT negative, behaviors.

6. Innovation Like No Other. Bestselling author Jim Collins is famous for his best-seller Good to Great (2001) but it is his recent book, How the Mighty Fall and Why Some Companies Never Give In (2009), that identifies the first stage of organizational failure: hubris, or the ego and narcissism associated with success, but more importantly the simple failure to recognize that a good dose of humility is good for the organization’s soul.

7. Goodness in Some Areas Atones for Evil in Others. In order for knowing misconduct to occur, the perpetrator must first morally rationalize that conduct. Widespread rationalization of unethical conduct leads to the transmission of culture throughout the organization and could be disastrous. An ethical culture is one that naturally prevents the widespread moral rationalization of misconduct throughout the organization.