If you cannot get rid of the family skeleton, you may as well make it dance.
—George Bernard Shaw
Introduction
In ordinary society, norms that dictate how people should treat each other are enforced by religious belief, shame or the ego. Laws generally, and the structure of government specifically, are ideal when they reinforce those norms. The genius of the United States Constitution lies in part with the Founders’ recognition, to paraphrase James Madison, that men are not angels, and so government must be structured to work in conjunction with human nature and societal norms by discouraging the accretion of too much power to any one official or institution, and encouraging active monitoring of government by government.[2]
When government engages in commerce, these principles of checks and balances are even more crucial, as societal norms have always proven too weak to discourage corruption, fraud and greed at the expense of the taxpayer. Thus citizens, and the corporations they comprise, face a multitude of statutory and regulatory provisions dictating the ethics of how they conduct business. Justice Scalia noted in United States v. Sun-Diamond Growers of California[3][4] that the federal anti-bribery statute[5] alone was “merely one strand of an intricate web of regulations, both administrative and criminal, governing the acceptance of gifts and other self-enriching actions by public officials.”
The ethical obligations are most demanding in fields where there is the least amount of self-interested policing of business by a counterpart. Corporations that perform government contracts are not faced with a party equally motivated by profit; instead some of their counterpart officials might be as motivated by politics, publicity, personal greed or power as they are about saving funds. Consequently, contractors are subject to substantial regulation to ensure integrity throughout their government business relationships.
Historically, the theory has been that since only a fraction of bad actors are caught, if the penalties for the act are made extraordinarily severe (e.g., prison, treble damages and penalties, debarment), the deterrence factor might bridge at least some of the gap of the societal loss caused by undiscovered misconduct. Yet, active oversight of the vast regulatory scheme is expensive and government resources are limited; corruption is inevitable (some years seemingly more so than others); and aggressive enforcement is cyclical. Moreover, government has grown exponentially.[6] Voluntary disclosure programs were developed, by statute and regulation, to permit those regulated by government the opportunity to reduce the risk of the worst penalties in return for saving the government resources. Yet, despite a wide array of voluntary disclosure programs available to the regulated, the tide continues to flow toward greater oversight and enforcement.
Prior to the formal adoption of affirmative disclosure programs (voluntary and mandatory), corporate boards only faced an indirect duty to report the findings of internal investigations.[7] In more recent times, the opportunity to avoid the worst of the severe penalties largely were codified in rules that encourage, but did not mandate, that a corporation or individual come forward without compulsion and disclose their own misconduct.[8] Particularly in the area of federal contracting, we are now in a period of criminalizing (or nearly so) the failure to self-report; we have moved from a system that encourages the voluntary election of disclosure, to one that punishes not only for the original misconduct, but also for the knowing election not to self-report.[9] Disclosure requirements today are much more explicit, both in the specific obligations they impose on corporations to make disclosure and the consequences they provide for non-disclosure.
The purpose of this article is to assist counsel for corporations in choosing the best course of action when allegations of wrongdoing surface in the course of corporate operations under the current regime. We first introduce the most widely applicable formal program for providing credit for “good” corporate conduct, including voluntary disclosure, the United States Sentencing Guidelines. Next we discuss the Department of Justice’s own general standards for criminal prosecution, which are intended to parallel the USSG’s encouragement of voluntary behavior. We then introduce a sample of disclosure programs administered by an array of federal regulators, which vary based upon the conduct being regulated and the authority of the regulator. Finally, we discuss the various disclosure obligations imposed on federal government contractors, the group facing the most sophisticated and formal disclosure regime, one that today punishes not only the original bad act, but also deems that the party who knew of it and did not “tattle” is a bad actor worthy of punishment.[10]
For the compliance officer, as well as boards and senior management, the move toward mandatory disclosure is unavoidable. In the current environment, businesses must recognize and accept that the principles that apply to regulated entities, and particularly those with government relationships mirroring the commercial marketplace, are changed. The compliance officer is now charged not merely with creating and implementing an effective program to prevent and detect misconduct, and reacting to daily fires, but instead, creating a new corporate culture of ethics and social responsibility. Not because it is right — we have moved beyond mere morality — but because it is mandatory.
Although this article was originally written in 2010, little has changed in the overall landscape of the disclosure laws discussed herein. However, the Government continues to aggressively combat fraud and wrongdoing. The DOJ reported that in the fiscal year ending September 30, 2014, the United States obtained a record $5.69 billion in settlements and judgments from civil cases involving false or fraudulent claims against the government, bringing the five year total since January 2009 to $22.75 billion—more than half the recoveries since the inception of the modern False Claims Act in 1986.[11] While much of this recovery is attributed to whistleblower lawsuits, whether that increase is also due in part to voluntary disclosures, or perhaps more likely, to the changes in the mandatory disclosure laws in the FAR and False Claims Act is unknown, but one can certainly surmise. DOJ has not reported the number of voluntary or mandatory disclosures it has received, but in the most recent summary of disclosures that has been published, from December, 2008 through May 31, 2012, the General Services Administration (“GSA”) received 59 disclosures from contractors, in addition to 10 shared with GSA by DOD OIG and three reports of overpayments.[12] Of the 59 disclosures, 35 remained open as of May 31, 2012, and 24 had been closed, with GSA recovering over $3.4 million.[13] Significantly, compliance officers should note that none of the 59 disclosures resulted in a referral for suspension or debarment[14] and only one of the disclosures had been referred to DOJ for civil or criminal litigation, making a strong case for disclosure even when not mandatory.[15]
The Sentencing Guidelines
The U.S. Sentencing Guidelines for organizations (the “Sentencing Guidelines”) were created by the United States Sentencing Commission under the 1984 Sentencing Reform Act.[16] The purpose of the Sentencing Guidelines, in part, was to establish guidelines for the federal courts to determine the sentences to be imposed in a criminal case.[17] The first set of Sentencing Guidelines, published as Chapter 8 of the Sentencing Guidelines Manual, became effective in November, 1991.[18]
The original Sentencing Guidelines provided for a combination of fines, remedial orders, community service and orders of notice to victims as punishment for corporate wrongdoing.[19] With respect to fines, the Sentencing Guidelines provided for their adjustment based on the corporation’s culpability score.[20] For example, a corporation’s fine could be adjusted downward where the corporation had a robust program to prevent and detect violations of the law, reported the offense to appropriate governmental authorities, cooperated in the investigation of the instant offense, and accepted responsibility.[21] These mitigation factors, which could result in significantly different fine assessments for the same underlying offense, provided corporations with a strong incentive to begin adopting formal compliance plans.[22]
In 2004, the Sentencing Guidelines took compliance and oversight a step further by formally adding an Effective Compliance and Ethics Program that set forth what an organization must do, and how a compliance and ethics program must be structured, in order for an organization to take advantage of a reduction in fines. With regard to disclosure, the Sentencing Guidelines provided that “[a]fter criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.”[23] An obvious question, however, was what a corporation was required to do once it “detected” improper activities—i.e., how was it required to respond? Most importantly, was the organization required to disclose its evidence to the government?
The Sentencing Guidelines remained relatively silent on this issue until 2010, when they were amended to provide additional guidance to organizations.[24] Specifically, with the addition of the November 1, 2010 amendments, the Sentencing Guidelines now provide that organizations should respond to criminal conduct by “tak[ing] reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct”.[25] Such reasonable steps may include, where appropriate, “providing restitution to identifiable victims, as well as other forms of remediation” and/or “self-reporting and cooperation with authorities”.[26] While this amendment further encouraged disclosure of wrongdoing, it did not make disclosure mandatory, nor did it specify exactly what information needs to be disclosed.[27]