These days most (though not all) resolutions in Foreign Corrupt Practices Act cases involve corporate defendants paying fines or other penalties to the government. Usually (again, not always) the government does not bother prosecuting the employees who paid the bribes. (While the government has recently made individual liability in corporate criminal cases more of a point of emphasis — as exemplified by the DOJ’s Yates Memo, which Danielle discussed in yesterday’s post — the targets in those cases are typically senior executives who orchestrated bribe-paying schemes, not the lower-level executives or employees who actually paid the bribes.) The government also uses various legal tools to encourage lower-level employees blow the whistle on their employers.
Do we have this backwards? Right now, the government focuses its enforcement efforts on the corporate employers, rather than the lower-level employees who pay the bribes. Should the government instead emphasize enforcement actions against the employees? Right now, the government tries to give employees incentives to uncover and disclose evidence of FCPA violations committed by their employers. Should the government instead focus on encouraging the employers to uncover and disclose FCPA violations committed by their employees?
This past summer, I was fortunate enough to attend the Third Annual Conference on Evidence-Based Anti-Corruption Policies in Bangkok, and the keynote speaker at that event, New York University Law Professor Jennifer Arlen, made a case along those lines. (Professor Arlen’s address was actually a much more wide-ranging discussion of corporate criminal liability; I’ve extracted, and possibly oversimplified or distorted, one thread of her argument. But it’s an interesting enough argument that I think it’s worth engaging, and I’ll focus on the simple version, even though her position is more nuanced.) The argument goes something like this: The DOJ should adopt a policy that any corporation that discovers FCPA violations by its employees, and then promptly (a) discloses the violation to the government, (b) provides the government with information, and (c) assists the government in prosecuting the employee, should be exempt from corporate criminal liability for the violation; the DOJ should instead vigorously prosecute the individual employees in this situation (using the evidence that the corporate employer has itself provided). If the corporation fails to promptly disclose such a violation, however, and the government subsequently finds out about it, the corporation should be held criminally liable for the FCPA violation, and penalized accordingly.
I think this proposal is interesting enough to take seriously, though in the end I remain unconvinced that this shift in emphasis would be a good idea. Let me first lay out the argument in favor of this change, and then explain why I ultimately disagree.
The argument in favor of this shift in emphasis emphasizes the value of deterrence, and the importance of information—particularly corporate self-disclosure—in providing the evidence required to successfully prosecute these cases. The reasoning runs as follows: Right now corporate employees (say, regional sales directors) are under a lot of pressure to pay bribes to bring in business—their remuneration and promotion prospects may depend on it. The risks to them as individuals from paying bribes are relatively low, because the likelihood of personal liability is very small (if the government finds out about the violations, it will be the corporation, not the individual, that is likely to be charged), and because the likelihood of detection is also small. The corporation doesn’t have much incentive to figure out if great sales numbers are the result of unlawful bribes, and even if the corporation does find out, it doesn’t have much incentive to self-disclose the violation, as this may well result in a lot of hassle and expense for the corporation. And even though the DOJ claims that it takes self-disclosure into account when determining an appropriate settlement in a corporate FCPA settlement, the amount of credit a corporation anticipates receiving may be unclear, and so the corporation may often decide simply not to disclose. It’s not like there’s no downside risk for either the employee or the corporation—an employee caught breaking the law by her employer will probably be fired, and the government may learn of an FCPA violation even if the corporation doesn’t self-disclose—but on net the deterrent force of potential FCPA liability is too weak.
But (the argument goes) if we changed this system to focus more on charging the individuals and encouraging corporate disclosure, things would be different. A corporation that uncovered FCPA violations by a lower-level employee would have every incentive to disclose this to the government immediately. Doing so would shield the corporation from criminal liability, and lower-level employees (regional salespeople, etc.) are more expendable and fairly easy to replace. So why not throw them to the wolves (that is, the government prosecutors) to protect the corporation? Indeed, the corporation would have much stronger incentives to uncover FCPA violations by its employees; failure to detect in advance means the corporation could be on the hook for a huge settlement if the government finds out about the violation independently, but if the corporation detects the violation, and turns over the culprit to the government, the corporation is safe. Meanwhile, the employees themselves now have very strong incentives not to pay bribes in the first place, because they know that if they do, not only are they likely to face criminal prosecution, but they also know that if their employer finds out about the bribe payments, the employer is likely to turn them over to the government and help the government prosecute them. Why, the employee would reason, should I put my own liberty at risk to help my employer’s business, when that employer is likely to sacrifice me to the government if my bosses get wind of the scheme?
It’s a clever argument, and worth taking seriously. If the DOJ adopted this approach, it would entail a dramatic reorganization of enforcement policies and priorities. We would rely much less on putting financial pressure on corporations (though that would still be a part of the overall strategy), and much more on incarcerating the lower-level employees who actually pay the bribes. Would this be a good idea? Despite the appeal of the logic sketched above, I think the answer is no. Here’s why:
Although deterrence is obviously an important part of how the FCPA operates, perhaps the FCPA’s most important effect, and its biggest success to date, is its impact on corporate compliance programs, and corporate compliance culture more generally. Even if the DOJ substantially stepped up its enforcement against individual bribe-payers, the likelihood of any individual bribe-paying employee being caught, charged, and punished are very small—so small the most of them are likely to treat that probability as zero, even if the penalties are high. The FCPA has its greatest potential to influence the behavior of individual employees by (indirectly) providing corporations with powerful financial incentives to invest in compliance programs, and to make sure employees know that these programs are serious. I can’t prove that assertion is true, but it’s my strong instinct.
Let’s assume for the moment that it is indeed true. What would be the impact of a rule that says to corporations, If you find out about FCPA violations by your employees, and disclose them to the government, you are insulated from liability? Proponents of the proposal I’ve attributed to Professor Arlen would say the result would be that corporations would police their employees more aggressively to uncover violations. My fear is that the opposite would be the case: Corporations would put even more pressure on their employees (say, though unrealistic sales targets or incentive-laden compensation schemes) to achieve results that are very hard to achieve without paying bribes; the corporation would likewise have much weaker incentives to invest substantial resources in effective training, integrity promotion, or other activities designed to prevent bribe-paying. After all, the corporation may reason that it is unlikely to face serious liability: If the employees are clever enough, their bribe-paying behavior will go undetected. (The corporation’s senior executives may well know or suspect that bribes are being paid, but if there’s not tangible evidence, they wouldn’t feel much need to disclose anything to the government, or even to inquire further.) If the employees are not clever enough—if the corporation gets the sense that a bribe scandal is likely to become public—the corporation can throw the employees under the bus, allowing the corporation to escape liability. So I fear that the result of shifting the focus from corporations to low-level employees, and giving the corporations a get-out-of-jail-free card if they finger their own bribe-paying employees, will prove counterproductive because it will erode corporation’s incentives to invest seriously in preventive compliance measures, and to cultivate a more general “culture of compliance.”
But what about the employees? Part of the thinking behind the proposal at issue is that they won’t be so inclined to pay bribes on behalf of their employers because of the deterrent effect of potential FCPA prosecution. Maybe, but I’m skeptical. First, as noted above, even with a radical reorientation of FCPA enforcement priorities, the likelihood of any individual employee getting caught and punished is likely to be so small that those employees tend to neglect that possibility altogether. Second, the employees would still be under tremendous pressure to meet their targets, bring in business, etc. Indeed, many of these jobs already tend to attract risk-seeking types, who are willing to run risks in order to reap higher rewards.
One other observation here: the blockbuster settlements against corporate defendants are highly salient, and probably do a lot to convince other corporations, that maybe haven’t thought much about the FCPA, that they need to take it seriously and invest in compliance. Hearing that another firm in your industry had to pay hundreds of millions of dollars because its employees were caught paying bribes tends to get the attention of the CEO and the board. Hearing that another firm’s employees went to jail for violating the FCPA is much less likely to convince senior executives and board members that they need to invest substantial corporate resources in improving their compliance systems.
So I guess what this comes down to, for me, is the question whether the most effective way for the FCPA to influence the behavior of the line employees (the potential bribe-payers) is directly, by credibly threatening them with criminal punishment, or indirectly, by giving corporations incentives to develop and implement more robust compliance programs. I tend to think the latter, indirect strategy is more likely to be effective (though I don’t have any hard evidence to back this up), and I also tend to think that allowing corporations to escape criminal liability if they assist the government in prosecuting the employees would tend to weaken corporate compliance programs more than it would strengthen deterrence (but again, I don’t have any solid evidence on this – it’s just instinct and conjecture). Still, I think these questions are worth asking, and I’m grateful to Professor Arlen for pushing us to think more about this problem.