Compliance is the new corporate governance. The compliance function is the means by which firms adapt behavior to legal, regulatory, and social norms. Formerly, this might have been conceived as a typical governance matter to be handled at the discretion of the board of directors. Compliance, however, does not fit traditional models of corporate governance. It does not come from the board of directors, state corporate law, or federal securities law. Compliance amounts instead to an internal governance structure imposed upon the firm from the outside by enforcement agents. This insight has important implications, both practical and theoretical, for corporate law and corporate governance.
This Article pairs a detailed descriptive study of the contemporary compliance function with a normative account of its incompatibility with current conceptions of corporate governance. It argues that compliance alters the political economy of American business, challenges governance efficiency, and makes old theories of the firm new again. Prescriptively, the Article calls for greater transparency and a more limited role for government in designing corporate governance mechanisms.
TABLE OF CONTENTS INTRODUCTION I. COMPLIANCE A. Federal Origins 1. Sentencing Guidelines 2. Enforcement Tactics B. The Common Core 1. Structural Nexus 2. Information Flow 3. Monitoring and Surveillance 4. Risk-Rated Enforcement C. Compliance in Action 1. Scope and Organization 2. Budgets and Staffing 3. Industry Variation 4. Metrics and Effectiveness II. GOVERNANCE A. The Board of Directors and Compliance B. Governance Authorities and Compliance 1. State Corporate Law 2. Federal Securities Law III. IMPLICATIONS A. The Political Economy of Compliance 1. Weak Constraints 2. Other Constituencies B. Incentives and Information 1. Agency Costs and Externalities 2. Information Asymmetries C. Theories of the Firm IV. REFORMING THE REFORMS A. Government Exit B. Increased Transparency of the Compliance Function CONCLUSION "About the only thing bank directors have more of these days is meetings," joked one senior Wall Street executive who has frequent interaction with his board.... "Regulators have all but stripped boards of the main powers they had before the crisis." (1)
American corporate governance has undergone a quiet revolution. Much of its basic role--the oversight and control of internal corporate affairs--has been overtaken by compliance. Although compliance with law and regulation is not a new idea, the establishment of an autonomous department within firms to detect and deter violations of law and policy is. American corporations have witnessed the dawn of a new era: the era of compliance.
That we now live in an era of compliance is beyond serious doubt. Over the past decade, compliance has blossomed into a thriving industry, and the compliance department has emerged, in many firms, as the co-equal of the legal department. Compliance is commonly headed by a Chief Compliance Officer (CCO) who reports directly to the Chief Executive Officer (CEO) and, often, to the board as well. Moreover, firms have gone on a hiring spree to staff compliance, with large firms adding hundreds, even thousands, of compliance officers at a time. (2)
The reorganization of American business around compliance, by itself, is not necessarily remarkable. After all, firms routinely reorganize their businesses, and such reorganizations, because they take place under the fundamental authority of the board of directors, do not challenge basic structures of authority. For example, the establishment of an Information Technology department, headed by a Chief Technology Officer, can hardly be seen as a fundamental shift in corporate governance. Compliance, however, is different. The contemporary compliance function serves a core governance function, yet its origins cannot be traced to a board delegation or other traditional source of governance authority. Unlike other governance structures, its origins are exogenous to the firm.
The impetus for compliance does not come from a traditional corporate constituency--in other words, not from shareholders, managers, employees, creditors, or customers. Instead, it comes from the government. Compliance is a de facto government mandate imposed upon firms by means of ex ante incentives, ex post enforcement tactics, and formal signaling efforts. The imposition of governance structures aimed at compliance is a novel exercise of government power. In imposing these structures, the government is not simply making rules that firms must follow, as it does when it passes new laws and regulations, nor is it adjusting its traditional tools--the amount of enforcement and the size of sanctions--to assure compliance with existing law and regulation. Instead, through compliance, the government dictates how firms must comply, imposing specific governance structures expressly designed to change how the firm conducts its business. (3)
Moreover, government interventions in compliance come not through the traditional levers of state corporate or federal securities law, but rather through prosecutions and regulatory enforcement actions. (4) The resulting reforms are thus not the product of a transparent and politically accountable legislative process, nor are they the product of regulatory rule making, subject to cost-benefit analysis and public comment. Rather, they are extracted in an opaque settlement process under the Sword of Damocles. (5) Compliance thus presents a profound challenge to theories of corporate law and corporate governance.
The contemporary compliance function subverts the notion that corporate governance arrangements both are and ought to be the product of a bargain between shareholders and managers. Compliance rewrites Ronald Coase's famous passage on the internal organization of firms. (6) Compliance officers come into an organization not necessarily (or not entirely) at the behest of an "entrepreneur-coordinator, who directs production," (7) but rather pursuant to the directive of a government enforcer. Seen through the prism of compliance, the corporation no longer resembles a nexus of contracts but rather a real entity, subject to punishment and rehabilitation at the pleasure of a sovereign. Compliance thus rejects mainstream accounts of the firm in favor of older, largely discarded theories.
Furthermore, the imposition of intrafirm governance from extra-firm sources introduces a host of outside interests and incentives into firm decision making. Once corporate governance is no longer seen as the exclusive domain of shareholders and managers, questions arise over what purpose or purposes the firm should serve. Compliance thus revives the "other constituencies" debate--that is, the argument over whether corporations should serve constituencies other than shareholders and interests other than wealth maximization. Compliance also raises the question whether the authorities pressing for corporate reforms have the right incentives and the right information to do so. If they do not, the development of compliance may merely result in the imposition of inefficient governance structures on firms.
Yet, in spite of squarely challenging current orthodoxy on corporate law and governance, compliance is largely absent from the mainstream corporate law literature. (8) Aspects of compliance, especially those relating to the prosecution and settlement of cases against corporations, do appear in scholarship on criminal law and regulatory enforcement. (9) Mainstream corporate law scholarship, however, remains centrally focused on the agency cost problem and, because compliance is not principally concerned with agency costs, (10) blithely unaware of the challenge posed by compliance to its underlying assumptions. (11) Because it appears as an unexplained and, under current models, unexplainable phenomenon, compliance exposes deficiencies in corporate law theory. Likewise, compliance itself is undertheorized.
This Article aims to change that by launching compliance as a field of inquiry for scholars of corporate law and corporate governance. Its descriptive account documents the origins of compliance and demonstrates its maturation into a corporate governance function. The central argument in this Article is that...