By Joe Murphy
We know that companies should have effective compliance and ethics programs to fight all kinds of corporate crime and misconduct. Governments have given us clear directions on what we should do. We know, too, that compliance and ethics – the day-to-day work of preventing violations in our companies – is the right thing to do.
But there is a nasty little secret behind this conclusion. The legal system, which is supposed to help prevent business crime, actually undermines company compliance efforts. Instead of providing substantial incentives and recognizing the value of our work, there are strong undercurrents that undermine our efforts.
In the four decades I have been doing compliance work I have seen these developments, often just accepted resignedly by our field. Instead of praise and recognition, our work is used against our companies or treated hostilely and without the slightest deference.
Recently I was invited by the Rutgers University Law Review to submit an article on compliance, and I decided it was time to confront this issue. The article I have drafted, Joseph E. Murphy, Policies in conflict: Undermining corporate self-policing, 69 Rutgers U.L. Rev. 2 (forthcoming 2017), attacks this conflict head on.
Here are the types of things I address:
- Sacrificing compliance and ethics to litigation. Compliance program work can be and has been used against companies in litigation, even going so far as to have notes from compliance training used to assess punitive damages in an employment discrimination case.
- The National Labor Relations Board has taken action against companies based on their codes of conduct and other employee guides.
- EU privacy regulators have undercut compliance helplines and in some countries even bar anonymous employee reports. It can be illegal to allow an employee victim to report misconduct by the boss unless the employee discloses his or her own identity (thus making it easier for the boss to retaliate!).
- EU competition enforcers (and courts, following their lead) have rejected in-house attorney-client privilege to get access to counsel’s legal advice to employees, undercutting counsel’s role in helping assure compliance.
- EU enforcers also actually use companies’ compliance programs against the companies, and give no benefit for any program, no matter how rigorous.
- A variety of other agencies and courts have taken actions making compliance programs more difficult or risky.
There are certainly enforcers and agencies that take our work seriously. The Fraud Section of the Department of Justice’s Criminal Division has made it clear it considers compliance programs and will credit companies for good faith, diligent compliance work. The Canadian Competition Bureau is another example of an enforcement agency that values preventative efforts, and recognizes and promotes compliance programs.
But elsewhere in the legal system you see courts and agency officials who have no regard at all for the importance of compliance and ethics work. To them it seems to be nothing more than some foolish diversion to be put down as unimportant.
In the article I also discuss dangerous weaknesses I see in compliance programs, in part the result of these errant enforcement and judicial approaches. Here is my list of 6:
- Not addressing company executives as the highest risk in the company
- Chief ethics & compliance officers underpowered, disconnected from decision making & not independent
- Not recognizing the power of incentives
- Relying on trust as a control
- Being distracted by clichés, buzz words & other bright shiny objects
- Shopping the Sentencing Guidelines (i.e., ignoring important elements of the Guidelines standards).
I believe we should not quietly accept these bad policies. In the article I propose a solution to balance other legitimate interests against the need to encourage and support corporate self-policing.
The draft article is readily available on the SSRN, http://ssrn.com/abstract=2827324 . I welcome any comments you may have.