Search    RealCorporateLawyer  Web by
return to Wall Street Lawyer



May 2007
Volume 11 / Number 25

The Convergence of Principle and Rule-Based Ethics Programs - An Emerging Global Trend?
Part 1 of 2
By Ronald E. Berenbeim & Jeffrey M. Kaplan

The enactment of the Foreign Corrupt Practices Act (FCPA) in 1977 began a steadily accelerating trend in the United States of transferring significant responsibility from the public to the private sector for the development and internal enforcement of business conduct norms. With the promulgation of the 1991 Organizational Sentencing Guidelines, the
U.S. government provided a detailed description of essential compliance program elements applicable to businesses and risk areas of all kind. With few exceptions, the response of U.S. companies to this challenge has been to institute internal ethics and compliance systems of increasing scope and complexity.

Outside the United States, these systems have been criticized by some officials and non-U.S. companies that have felt the pressure to adopt them at least for their U.S. operations as excessively mechanistic and rule-based. These critics argue in favor of ethics-based approaches that articulate broad company business conduct principles rather than
what is sometimes seen as a narrow box-ticking compliance test for acceptable behavior.

Because of its origins both in the realm of corporate crime prevention (not only FCPA, but also in the anti-trust and government procurement areas) and in a fairly detailed set of regulations (the 1991 Organizational Sentencing Guidelines), the United States’ approach to these programs has generally been considered law - or compliance-based. By contrast, the European approach is often viewed as more ethics -or values-based. (This, of course, is something of an oversimplification, as there have been for many years practitioners of an ethics-oriented approach in the United
States, just as there have long been lawyers and others developing and administering aspects of compliance systems in Europe.) Nonetheless, the generalization is one that is still largely seen as accurate.

What is at stake in this ethics versus compliance debate? To ethics proponents, there is much lacking in the narrow compliance approach. Among the criticisms frequently heard in this respect is that:

  1. A pure compliance focus undermines the conditions and habits of mind necessary for ethics (such as principled, philosophical inquiry and autonomy);
  2. Compliance can, in effect, “squeeze out” ethics, as a matter of organizational attention span, because some
    companies may feel that they do not have enough “human bandwidth” for both compliance and ethics (when
    companies have to choose, compliance will usually “trump” ethics); and
  3. Less commonly cited, there is the issue of what Marxists called (in a different context) “false consciousness”,
    i.e., addressing issues in a mechanistic rule-laden way, companies avoid dealing with harder issues that a more values-focused approach would require.

Conversely, compliance practitioners sometimes view the values- or ethics-based methodologies as overly aspirational
and fuzzy, with far too little actual impact in helping employees and companies resolve real-world ethical or legal dilemmas. Compliance proponents sometimes also see values-based programs as lacking in the rigor and internal dynamism necessary to be effective to prevent wrongdoing in an effective manner .

The U.S. Compliance Model: Carrot and Stick

The U.S. business response to the FCPA and to the Defense procurement irregularities of the 1980s has been to develop voluntary compliance systems of which the Defense Industry Initiative (DII) was an early example. This model enables a company to argue to investigators and prosecutors that it has informed its employees of its zero-tolerance for the potentially culpable behavior of which it is being investigated or charged and consequently that the actions were those of rogue employees and that, further, the company cooperated with the enforcement authorities to detect the wrongful conduct and to bring the perpetrators to justice.

In the United States, the Federal Guidelines for Sentencing Corporations provided the legal endorsement for the
early company voluntary compliance efforts. The Guidelines resulted from a 1984 law that created the United States
Sentencing Commission, which was empowered to achieve greater uniformity in sentences for Federal offenses, initially for prosecutions of individuals and subsequently for corporate cases.

Given the climate of high-profile white-collar crimes (e.g., defense procurement, insider trading), a harsher sentencing scheme for corporate defendants was one of the inevitable outcomes of the Commission’s deliberations. The corporate
response to the Commission’s July 1988 and November 1989 drafts of the Commission’s plan was to urge a lowering of the maximum fines (which was achieved to a small degree) and greater incentives for corporate self-policing that was widely embraced in November 1991 when the Guidelines became effective.1

Under the Guidelines’ “carrot and stick” model, businesses were offered incentives—principally in the form of reduced
fines—for implementing what was called at the time “an effective program to prevent and detect violations of law”
(and what is now termed “an effective compliance and ethics program”), as well as guidance as to what, in the eyes of the government, effective compliance efforts entail.

While initially viewed as an experiment (a term used even by the then chair of the Sentencing Commission), the model was soon considered a success, and was—to some degree—adopted by other parts of the government, such as the Department of Justice, other federal agencies, the policies of various state officials and, in certain instances, in civil litigation.2 Most notable here is the position of the Department of Justice. The importance of having an effective compliance program now extends beyond sentence severity; of greater value, it can also determine whether or not a company will be charged. In a series of memoranda, culminating in the December 2006 McNulty Memorandum, the Department of Justice also issued a series of directives in which the existence and adequacy of the corporation’s pre-existing compliance program, (and remedial actions taken—which obviously can be compliance-related) could be factors to be considered in deciding whether to charge a corporation.

With respect to compliance program models, however, the McNulty Memorandum states that it has “no formal
guidelines for corporate compliance programs.” Instead it instructs prosecutors to ask whether the company’s program
is “well-designed” and “if it works.” Further, prosecutors are instructed to determine whether the company is maintaining a “paper program.” A program designed to function in an effective way will have sufficient resources to audit, document, analyze, and utilize the results of the company’s compliance efforts. If all of these tests are met and the company fully cooperates with the governmental officials, the prosecutors may elect to charge only the culpable
corporate employees and agents.3

But while the Department of Justice memoranda have promoted corporations’ incentives to develop effective
programs, the 2004 Revisions to the Sentencing Guidelines may ultimately prove more notable, in that they extend the scope of the 1991 guidance by introducing an ethics element.

While a number of the enhancements are compliance-based, the new Guidelines also set forth a more principle-based
approach that critics say was missing in the earlier statement. What had been called “a program to prevent and detect
violations of law” is now termed “a compliance and ethics program.” And, the 2004 standard seeks to augment program
effectiveness with an emphasis on the company’s promotion of a culture of compliance.4

Using an Ethics-Based Approach

In several ways, an ethics-based approach may make a compliance program more effective, even by the relatively
narrow standards of traditional compliance efforts. This is true for several reasons.

At the outset, it is clear that a broad ethical perspective can be necessary to understand a corporation’s legal risk.
This may sound paradoxical. However, the financial services industry enforcement actions brought by former New York
State Attorney General (now Governor) Eliot Spitzer’s office in recent years—involving widespread practices in the securities research, mutual fund, and insurance areas that had been understood to be unethical but assumed to be lawful—demonstrate that law can be a “lagging indicator” of compliance risk. Thus, adopting an ethical perspective—particularly in identifying duties of candor, but also other areas where good faith is essential to a corporation’s business—can in fact be essential to identifying future legal risk.

Similarly, strong ethical leadership, i.e., more than mere law abidance, is often seen as essential to promoting
compliance with laws. Employees are less likely to distinguish between compliance and ethics the way specialists do. When management does not act ethically this often sends a message that compliance requirements are mere hypocrisy, and should be ignored. By contrast, strong ethical leadership can inspire employees to take extra measures to protect the company.

Finally, ethics- and values-oriented communications can be a more effective way to promoting compliance. An ethics-based message is often seen as more appealing to employees, who often do not like programs that appear to be aimed mainly at “catching” people. Thus, a program rooted in ethics and values can increase the likelihood of employees reporting or raising issues.

Perhaps for these reasons, not only the Sentencing Commission but other regulators, too, regularly speak about the need for moving beyond a traditional compliance approach—to something more culture-based—in preventing corporate wrongdoing. Notable in this regard is a December 2004 speech by the then head of the Commission’s Enforcement Division, Stephen Cutler:

In short, we’re trying to induce companies to address matters of tone and culture. We’re trying to get the
fundamentally honest, decent CEO or CFO or General Counsel—the one who wouldn’t break the law—to
say to herself when she wakes up in the morning: ‘I’m going to spend part of my day worrying about, and
doing something about, the culture of my company. I’m going to make sure that others at the company
don’t break the law, and don’t even come close to breaking the law.’

What we’re asking of that CEO, CFO or General Counsel goes beyond what a perp walk or an enforcement action
against another company executive might impel her to do. We’re hoping that if she sees the a failure of corporate
culture can result in a fine that significantly exceeds the proverbial “cost of doing business,” and reflects a failure
on her watch—and a failure on terms that everyone can understand: the company’s bottom line—she may have a
little more incentive to pay attention to the environment in which her company’s employees do their jobs.5

But at the same time, attention to culture and ethics alone may not be sufficient—even to accomplish broadly focused
ethical ends, let alone narrower law-based ones. That is, if an ethics perspective is needed to give a compliance program “soul,” compliance tools may be necessary to provide “body” to an ethics-based program. This can happen in a number of ways, using such basic compliance program elements as risk assessment, performance evaluations, and compliance program efficacy assessments.

First, a compliance approach can force consideration of ethics issues. This might happen where an ethics risk is
identified in a risk assessment (an important tool of compliance programs). That is, when such an ethics issue surfaces through a risk assessment it is likely to be addressed by a company’s management, who will presumably not want to have auditors or directors ask why it has been unresolved. Similarly, the use of ethics criteria in a performance evaluation—another basic tool of compliance programs—can help ensure that a company deals appropriately with a manager who acts in a lawful but unethical manner.

Second, using the compliance mechanisms of a program assessment generally and third-party assessments in particular are likely to bring ethics issues to the surface, because this is what employees focus on. (Program assessments are required by the 2004 revisions to the Sentencing Guidelines, as are risk assessments and—indirectly—compliance and ethics related personnel evaluations.) Conducting compliance program assessments makes it harder to ignore ethics issues because here, too, ethics issues are identified in a way that is likely to be seen by a company’s directors and auditors, and hence to be acted upon.

Ultimately, effective compliance initiatives can help raise the profile of ethical thought in companies. Ethics becomes
seen as less a luxury and more a necessity, with positive effects both for corporate attention span and resource allocation. Put otherwise, more employees should understand the need for ethical thought (as well as compliant behavior)—increasing autonomy and reducing “false consciousness.”

Notes
1. For a detailed discussion of the history of the Federal Guidelines, see Jeffery M. Kaplan, Linda S. Dakin, and Melinda R. Smolin, “Living with the Organizational Sentencing Guidelines,” California Management Review, vol. 36, no. 1 (Fall 1993).

2. The Hon. William Wilkins, Preface to Compliance Programs and the Corporate Sentencing Guidelines, by Kaplan, Murphy and Swenson (West 1993).

3.Memorandum of Paul J. McNulty, Deputy Attorney General to Heads of Department Components United States Attorneys, “Principles of Federal Prosecution of Business Organizations,” December 2006.

4. For discussion of the Revised Guidelines and how prepared companies are for them, see Ronald E. Berenbeim, “How Prepared Are Companies for the Revised Sentencing Guidelines?” The Conference Board, Executive Action No. 139 (2005).

5. Stephen Cutler, December 2004 speech available on SEC web site: http://sec.gov/news/spch120304smc.htm

 

About the Authors

Ronald E. Berenbeim is the principal researcher and director for The Conference Board Research Working Group on Ethics and Compliance Criteria in Government Enforcement Decisions. He also teaches Market Ethics and
Law at the New York University’s Stern School of Business. Mr. Berenbeim is an authority on business ethics and corporate governance issues, and has written 44 studies for The Conference Board. Jeffrey M. Kaplan is a partner
at Kaplan & Walker, and is also chair of the Legal Advisory Board of Midi, Inc., a compliance training provider. This is the first of a two-part article; it will conclude in our June issue. Contact: Ronald.Berenbeim@conference-board.
org or jkaplan@kaplanwalker.com