Corporate Stewardship.

• Author: D'Onfro, Danielle

1. INTRODUCTION 440 II. CORPORATE WRONGDOING 444 A. The Persistence of Suboptimal Compliance 444 B. Sanctioning Wrongs 448 1. Sanctioning Things 448 2. Third-Party Sanctions 451 a. Collective Sanctions 451 b. Surety 452 c. Liability for Complicity 454 3. Third-Party Sanctions Against Corporate Wrongdoing 455 a. Responsible Corporate Officer Doctrine 456 b. Responsible Party Liability 457 c. Sarbanes-Oxley and Gatekeeper Liability 459 III. THE STEWARDSHIP PROPOSAL 461 A. The Basic Model 461 1. The Obligation to Report Out 464 2. Why Stewards Must Be Individuals 466 3. Consenting to Liability 468 4. When to Appoint Stewards 469 B. Liability of the Steward 470 1. Direct Liability 471 2. Liability for Corporate Wrongs 472 a. Term of Liability 473 b. Criminal Liability for Stewards 474 C. Ambassadorial Duties 474 D. Who Would Want This Job? 475 IV. IMPLEMENTING STEWARDSHIP 476 A. Easier Cases 476 1. OSHA 476 2. Mortgage Servicing 477 B. Harder Cases 479 1. Oil 479 2. Money Laundering 481 C. Where Stewardship Will Fail 482 1. False Stewards 482 2. Weak Stewards 484 3. Weak Enforcement 485 V. FURTHER IMPLICATIONS 485 A. The Steward as Object of Punishment 486 B. Facilitating De-Regulation 488 C. Stewardship Beyond the Corporation 489 1. The Military 489 2. Fraternities 490 3. Child Protective Services 491 VI. CONCLUSION 492 I. INTRODUCTION

   To secure the loyalty of remote states under his reign, Charlemagne collected sons. (1) These sons became obsides, hostages, given as surety of their parents' loyalty. Charlemagne often requested the noblest sons, (2) but sometimes agreed to take hostages from the populus. (3) The job of these obsides was to convince their communities to remain loyal, and to suffer the consequences if their communities failed to do so. From Genesis (4) to antiquity (5) until the practice's eventual decline in the later Middle Ages, (6) the exchange of hostages remained an essential form of guaranty when the legal and political systems otherwise proved incapable of enforcement. (7) Sometimes hostages guaranteed a specific transaction, such as the payment of ransom, but often they were meant to be permanent guarantors of "good behavior." (8) In the later Middle Ages, the trade of hostages to secure peace inspired the trade of personal sureties to settle lesser disputes. (9) Bail in criminal prosecutions evolved from "an ancient and extremely rigorous form of suretyship or hostageship which would have rendered the surety liable to suffer the punishment that was hanging over the head of the released prisoner." (10) And of course, individuals have long traded themselves and their families to guarantee private debt. (11) Although it takes many forms, personal assumption of risk has always been a core tool for facilitating compliance with legal obligations.

   Charlemagne's task--ruling wealthy and independent-spirited states from afar (12)--is not that different from the task of modern government regulators trying to motivate companies to adhere to their legal obligations. One party is nominally much more powerful than the other but faces significant information costs and other barriers to enforcement, not the least of which is their own unwillingness to use scorched-earth tactics. And even where regulators have the information and the will to monitor and enforce regulatory requirements, issues of scale make timely enforcement difficult at best. Compare the scale and political clout of modern corporations with the resources of today's regulators. Consider Wells Fargo. In 2016, the Consumer Financial Protection Bureau (CFPB), the flagship federal regulator of consumer financial wrongs, budgeted 742 full-time equivalent employees (13) for supervision and enforcement authority over several financial institutions as large and wealthy as small cities. (14) That same year, at least 5,300 Wells Fargo employees opened 3.5 million unauthorized accounts to meet sales goals. (15) These unauthorized accounts were patently illegal, but no one with the power to prevent or stop them had sufficient incentive to do so. This is not to say that our regulators are too small compared to the institutions that they oversee; rather, it illustrates how complex regulators' jobs are. Given the complexity of their monitoring obligations, regulators need innovative tools to deter bad behavior. Like Charlemagne and his kin, they need a way to ensure that they can trust their counterparties.

   Perhaps our regulators need hostages too. Of course, our regulators cannot literally hold a manager captive to ensure the good behavior of his or her employer, but they have tools for similarly focusing risk onto particular individuals. These tools make compliance obligations salient to those who can theoretically achieve compliance either through their own actions or by bending company behavior accordingly. On the literal end of the spectrum there are tools like residency and use requirements that force individual employees to face the same risks as the population whose interests they must protect. Less literal and far more common is personal liability.

   The idea that the law should take hostages may seem radical, but in truth our legal system already displays several analogs, (16) notably Sarbanes-Oxley (17) and various responsible officer doctrines. (18) But many of these third-party liability regimes create theoretical and doctrinal problems in their respective laws because they rest awkwardly on theories of respondeat superior or negligence. (19) Additional analogs exist in various gatekeeping regimes, such as our anti-money laundering (AML) rules that require financial institutions to file suspicious activity reports with regulators when they suspect wrongdoing.

   While it would be preferable to hold liable the individuals who are actually responsible for a harm, the diffuse decision-making inherent in corporations can make identifying the responsible individual costly or even impossible. In other words, the law may better deter corporate wrongdoing by aiming liability rules and public safety regulations at people other than the wrongdoers. The hope is that by putting these third parties at risk, they will encourage their company to comply with the regulators' obligations.

   This proposal is straightforward, but the details matter. When regulators determine that sub-optimal compliance is likely or when a company wishes to undertake a high-risk endeavor for which compliance is particularly important, regulators would require that the company appoint an individual--a steward--to be personally responsible if either specified preventative measures are not taken or, worse, specified harms occur. Stewards would consent to this liability in exchange for additional compensation from their company. In this way, stewards are internal gatekeepers--individuals tasked with monitoring and interdicting non-compliant acts--but highly motivated ones because they would face unlimited personal liability for their monitoring obligations. (20) The scope of the steward's purview would vary depending on the specific context in which he or she was appointed. It could be project-specific or risk-specific, as long as the scope was only so large as to allow the steward to actually monitor the risks.

   Pre-determining the scope of the stewards' liability is essential so that they have clear notice of their obligations. The stewards' liability stems from these affirmative obligations. In this way, it is doctrinally and theoretically cleaner than the strict liability regimes that currently make managers responsible for their employees' actions.

   What prevents stewardship from becoming yet another strict liability regime is the steward's obligation to report out to regulators wherever they are unable to bend company behavior to satisfy the compliance obligations for which they are responsible. (21) This obligation also avoids the "perverse incentives" that make those facing strict liability forgo efficient monitoring when that monitoring tends to generate information that increases their expected liability. (22) To encourage stewards to remain in close dialog with regulators, this reporting out must be confidential. While this system will inevitably lead to overreporting, regulators have discretion about which reports to act on.

   I call the employees bearing these oversight and reporting obligations stewards because they are other-regarding, just like stewards in literature, (23) theology, (24) and history. (25) Stewards have a personal obligation to protect the public interest by looking after the internal workings of their employers. (26) "Steward" as a title is also a convenient choice, because it is not otherwise occupied in the law. To be sure, stewards are a lot like sureties--individuals who guarantee the performance of others--but their roles are broader. (27) They are a lot like fiduciaries--holders of situation-specific obligations aimed at mitigating power and information imbalances--but not exactly because the public writ large is the intended beneficiary. (28) They are a flavor of internal gatekeeper--one that borrows attributes from several areas of law, but many actors are internal gatekeepers. In sum, stewardship is a pragmatic tool that regulators at all levels can use for improving corporate compliance.

   While stewardship should reduce corporate wrongdoing, it will not eliminate it. When wrongdoing nevertheless occurs, stewardship will facilitate punishment. When one of the designated harms occurs, regulators have a clear target for enforcement. This target will not carry the baggage of enforcement against a corporation, including mismatched resources, doctrinal concerns, and political concerns. Easier prosecutions can in turn mitigate the perception of lawlessness that arises when there is no significant enforcement response to obvious wrongs. In this way, stewardship will facilitate what Joel Feinberg calls the expressive function of punishment...