The criminalization of compliance.

• Author: Haugh, Todd

Corporate compliance is becoming increasingly "criminalized. " What began as a means of industry self-regulation has morphed into a multi-billion-dollar effort to avoid government intervention in business, specifically criminal and quasi-criminal investigations and prosecutions. In order to avoid application of the criminal law, companies have adopted compliance programs that are motivated by and mimic that law, using the precepts of criminal legislation, enforcement, and adjudication to advance their compliance goals. This approach to compliance is inherently flawed, however--it can never be fully effective in abating corporate wrongdoing. Criminalized compliance regimes are inherently ineffective because they impose unintended behavioral consequences on corporate employees. Employees subject to criminalized compliance have greater opportunities to rationalize their future unethical or illegal behavior. Rationalizations are a key component in the psychological process necessary for the commission of corporate crime--they allow offenders to square their self-perception as "good people" with the illegal behavior they are contemplating, thereby allowing the behavior to go forward. Criminalized compliance regimes fuel these rationalizations, and in turn, bad corporate conduct. By importing into the corporation many of the criminal law's delegitimizing features, criminalized compliance creates space for rationalizations, facilitating the necessary precursors to the commission of white collar and corporate crime. The result is that many compliance programs, by mimicking the criminal law in hopes of reducing employee misconduct, are actually fostering it. This insight, which offers a new way of conceptualizing corporate compliance, explains the ineffectiveness of many compliance programs and also suggests how companies might go about fixing them.

Introduction

In 2001, the Harvard Business Review published a profile of Intel's antitrust compliance program. The article described how the company's aggressive approach to compliance, which had become an "integral element in the chip maker's business strategy," allowed it to avoid the type of litigation and regulatory intervention that was miring rival Microsoft at the time. (1) According to the authors, Intel's compliance efforts provided a "valuable model for any enterprise that may come under regulators' scrutiny." (2)

The centerpiece of the program was Intel's "active approach" to compliance. The brainchild of CEO Andy Grove and general counsel Tom Dunlap, active compliance mimicked the actions of aggressive regulators seeking evidence of corporate illegality. (3) After employees were trained in the "basic dos and don'ts" of antitrust--no price fixing, no exclusive contracts, no talking to competitors about pricing strategies--the legal department would conduct random audits of employee files. (4) Beginning with senior managers and "fann[ing] out through the company," Intel lawyers would "swoop in" and seize papers, disks, and emails, anything that might be demanded by the Federal Trade Commission (FTC) or the Department of justice (DOJ) during an actual investigation. (5) If any irregularities were found, the seized materials would be used in a mock deposition of the senior executive in charge of the offending business unit. During the deposition, outside attorneys would cross-examine the executive in front of his or her colleagues, sometimes for more than an hour, attempting to establish that criminal statutes and regulations had been violated. Dunlap explained that these role-playing exercises served as a dramatic wake-up call for lax executives, giving them the experience of being in the crosshairs of a government investigation. (6) "Think about it: If you see a senior executive being grilled in front of his peers, will you write memos that will make you squirm? Will you let your people say things that will come back to haunt you?" (7) Dunlap suggested that Intel's approach to compliance was "the world's best." (8)

Now, that hardly seems the case. Since the early 2000s, Intel has been embroiled in one of the largest and longest-running antitrust sagas in history. First came lawsuits by Advanced Micro Devices (AMD) alleging that Intel was engaged in wide-ranging anticompetitive behavior concerning the sale of microprocessors. In 2009, Intel settled its almost decade-long litigation with AMD--"the computer industry's most bitter legal war"--by agreeing to pay its competitor $1.25 billion. (9) Next was a series of investigations by the FTC contending that Intel "waged a 'systematic campaign'" to cut off rivals' access to markets. (10) In 2010, Intel signed a consent decree with the agency banning the company from engaging in future abusive antitrust practices. And in 2014, Intel lost its appeal of a $1.44-billion fine imposed by the European Commission, the largest antitrust penalty ever imposed on a single company. (11)

But most telling was the lawsuit filed against Intel by the New York State Office of the Attorney General (NYAG). (12) The suit made public the first detailed accounts of how Intel executives attempted to cover up their anticompetitive behavior. In one email, after discussing the need to "kick" competitors out of "the major ... companies," an Intel executive warned against using such "strong language," because it might "come under antitrust scrutiny." (13) In other emails, executives implored colleagues to be careful about what they wrote because " [t]his is a very serious issue" and to "[please] delete after reading." (14) This led the NYAG to conclude that not only was Intel's compliance program ineffective, but that it contributed to the company's illegal behavior. "Whatever the intention," the complaint read, "the actual effect of the program was to school Intel executives in cover-up, rather than compliance." (15)

But if that is true, and Intel's once-lauded compliance program had become a tool of corporate misconduct, it begs the question: How is it that a compliance program could be a national model of effectiveness, but at the same time facilitate corporate illegality?

The answer to that question is what this Article explores. Drawing from criminological, behavioral ethics, and organizational legitimacy research, this Article contends that corporate compliance is becoming increasingly "criminalized"; that is, corporations are now approaching compliance primarily through a criminal law lens, using the precepts of criminal legislation, enforcement, and adjudication to advance their compliance goals. This can be seen in the Intel example, in which concerns over possible government intervention in the company's affairs resulted in a compliance regime that functioned like an ever-present criminal investigation. But the phenomenon of "criminalized compliance" is not an isolated one. Intel's approach, and its resulting failure, reveals a broader truth about how compliance operates in corporate America. After decades of scandal-driven legislation aimed at curbing corporate wrongdoing, companies have increasingly adopted criminal law-driven, deterrence-based compliance protocols to avoid criminal and quasi-criminal investigations and prosecutions. (16) These protocols have become criminalized because the criminal law is the primary paradigm through which they are derived and implemented.

The problem with approaching compliance through a criminal law lens is that it can never be fully effective in abating corporate wrongdoing. That is because criminalized compliance suffers from an inherent flaw: it imposes unintended behavioral consequences on corporate employees. These consequences stem from how employees facing criminalized compliance regimes rationalize their future unethical or illegal behavior. Rationalizations are the key component in the psychological process necessary for the commission of corporate and white collar crime--they allow potential offenders to square their self-perception as "good people" with the illegal behavior they are contemplating, thus allowing bad conduct to go forward. (17)

Criminalized compliance fuels these rationalizations, and in turn, bad corporate behavior. By virtue of its origins in and fidelity to the criminal law, criminalized compliance imports many of the criminal law's delegitimizing features into the corporation--from vague and overlapping rules, to aggressive and onerous monitoring, to inconsistent enforcement and adjudication. Employees recognize this illegitimacy and incorporate it into their own thought processes, thus creating an environment ripe for rationalizations. Once rationalizations take hold, there is little stopping an employee from committing an unethical or illegal act, regardless of the compliance program in place. The result is that many compliance regimes, by mimicking the criminal law in hopes of reducing employee misconduct, are actually helping to create it. This insight, which offers a new way of conceptualizing corporate compliance, not only helps explain the ineffectiveness of many compliance programs, but also how corporations might go about fixing them.

Part I of this Article explains what corporate compliance is, its goals, and how it has evolved over the past half-century. This Part demonstrates the influence criminal law has had on compliance and how it is being shaped by the application of the criminal law. Part II discusses the consequences of this evolution at the governmental, organizational, and individual level. The cumulative result is that compliance now shares many features of the criminal law, including the negative aspects of its enforcement and adjudication, which leads to the delegitimization of compliance programs in the eyes of corporate employees. Part III explains how this delegitimization fuels employee rationalizations, enabling the commission of unethical and illegal acts and undermining the goals of compliance. The Article's Conclusion...