These days most (though not all) resolutions in Foreign Corrupt Practices Act cases involve corporate defendants paying fines or other penalties to the government. Usually (again, not always) the government does not bother prosecuting the employees who paid the bribes. (While the government has recently made individual liability in corporate criminal cases more of a point of emphasis — as exemplified by the DOJ’s Yates Memo, which Danielle discussed in yesterday’s post — the targets in those cases are typically senior executives who orchestrated bribe-paying schemes, not the lower-level executives or employees who actually paid the bribes.) The government also uses various legal tools to encourage lower-level employees blow the whistle on their employers.
Do we have this backwards? Right now, the government focuses its enforcement efforts on the corporate employers, rather than the lower-level employees who pay the bribes. Should the government instead emphasize enforcement actions against the employees? Right now, the government tries to give employees incentives to uncover and disclose evidence of FCPA violations committed by their employers. Should the government instead focus on encouraging the employers to uncover and disclose FCPA violations committed by their employees?
This past summer, I was fortunate enough to attend the Third Annual Conference on Evidence-Based Anti-Corruption Policies in Bangkok, and the keynote speaker at that event, New York University Law Professor Jennifer Arlen, made a case along those lines. (Professor Arlen’s address was actually a much more wide-ranging discussion of corporate criminal liability; I’ve extracted, and possibly oversimplified or distorted, one thread of her argument. But it’s an interesting enough argument that I think it’s worth engaging, and I’ll focus on the simple version, even though her position is more nuanced.) The argument goes something like this: The DOJ should adopt a policy that any corporation that discovers FCPA violations by its employees, and then promptly (a) discloses the violation to the government, (b) provides the government with information, and (c) assists the government in prosecuting the employee, should be exempt from corporate criminal liability for the violation; the DOJ should instead vigorously prosecute the individual employees in this situation (using the evidence that the corporate employer has itself provided). If the corporation fails to promptly disclose such a violation, however, and the government subsequently finds out about it, the corporation should be held criminally liable for the FCPA violation, and penalized accordingly.
I think this proposal is interesting enough to take seriously, though in the end I remain unconvinced that this shift in emphasis would be a good idea. Let me first lay out the argument in favor of this change, and then explain why I ultimately disagree.
The argument in favor of this shift in emphasis emphasizes the value of deterrence, and the importance of information—particularly corporate self-disclosure—in providing the evidence required to successfully prosecute these cases. The reasoning runs as follows: Right now corporate employees (say, regional sales directors) are under a lot of pressure to pay bribes to bring in business—their remuneration and promotion prospects may depend on it. The risks to them as individuals from paying bribes are relatively low, because the likelihood of personal liability is very small (if the government finds out about the violations, it will be the corporation, not the individual, that is likely to be charged), and because the likelihood of detection is also small. The corporation doesn’t have much incentive to figure out if great sales numbers are the result of unlawful bribes, and even if the corporation does find out, it doesn’t have much incentive to self-disclose the violation, as this may well result in a lot of hassle and expense for the corporation. And even though the DOJ claims that it takes self-disclosure into account when determining an appropriate settlement in a corporate FCPA settlement, the amount of credit a corporation anticipates receiving may be unclear, and so the corporation may often decide simply not to disclose. It’s not like there’s no downside risk for either the employee or the corporation—an employee caught breaking the law by her employer will probably be fired, and the government may learn of an FCPA violation even if the corporation doesn’t self-disclose—but on net the deterrent force of potential FCPA liability is too weak.
But (the argument goes) if we changed this system to focus more on charging the individuals and encouraging corporate disclosure, things would be different. A corporation that uncovered FCPA violations by a lower-level employee would have every incentive to disclose this to the government immediately. Doing so would shield the corporation from criminal liability, and lower-level employees (regional salespeople, etc.) are more expendable and fairly easy to replace. So why not throw them to the wolves (that is, the government prosecutors) to protect the corporation? Indeed, the corporation would have much stronger incentives to uncover FCPA violations by its employees; failure to detect in advance means the corporation could be on the hook for a huge settlement if the government finds out about the violation independently, but if the corporation detects the violation, and turns over the culprit to the government, the corporation is safe. Meanwhile, the employees themselves now have very strong incentives not to pay bribes in the first place, because they know that if they do, not only are they likely to face criminal prosecution, but they also know that if their employer finds out about the bribe payments, the employer is likely to turn them over to the government and help the government prosecute them. Why, the employee would reason, should I put my own liberty at risk to help my employer’s business, when that employer is likely to sacrifice me to the government if my bosses get wind of the scheme?
It’s a clever argument, and worth taking seriously. If the DOJ adopted this approach, it would entail a dramatic reorganization of enforcement policies and priorities. We would rely much less on putting financial pressure on corporations (though that would still be a part of the overall strategy), and much more on incarcerating the lower-level employees who actually pay the bribes. Would this be a good idea? Despite the appeal of the logic sketched above, I think the answer is no. Here’s why:
Although deterrence is obviously an important part of how the FCPA operates, perhaps the FCPA’s most important effect, and its biggest success to date, is its impact on corporate compliance programs, and corporate compliance culture more generally. Even if the DOJ substantially stepped up its enforcement against individual bribe-payers, the likelihood of any individual bribe-paying employee being caught, charged, and punished are very small—so small the most of them are likely to treat that probability as zero, even if the penalties are high. The FCPA has its greatest potential to influence the behavior of individual employees by (indirectly) providing corporations with powerful financial incentives to invest in compliance programs, and to make sure employees know that these programs are serious. I can’t prove that assertion is true, but it’s my strong instinct.
Let’s assume for the moment that it is indeed true. What would be the impact of a rule that says to corporations, If you find out about FCPA violations by your employees, and disclose them to the government, you are insulated from liability? Proponents of the proposal I’ve attributed to Professor Arlen would say the result would be that corporations would police their employees more aggressively to uncover violations. My fear is that the opposite would be the case: Corporations would put even more pressure on their employees (say, though unrealistic sales targets or incentive-laden compensation schemes) to achieve results that are very hard to achieve without paying bribes; the corporation would likewise have much weaker incentives to invest substantial resources in effective training, integrity promotion, or other activities designed to prevent bribe-paying. After all, the corporation may reason that it is unlikely to face serious liability: If the employees are clever enough, their bribe-paying behavior will go undetected. (The corporation’s senior executives may well know or suspect that bribes are being paid, but if there’s not tangible evidence, they wouldn’t feel much need to disclose anything to the government, or even to inquire further.) If the employees are not clever enough—if the corporation gets the sense that a bribe scandal is likely to become public—the corporation can throw the employees under the bus, allowing the corporation to escape liability. So I fear that the result of shifting the focus from corporations to low-level employees, and giving the corporations a get-out-of-jail-free card if they finger their own bribe-paying employees, will prove counterproductive because it will erode corporation’s incentives to invest seriously in preventive compliance measures, and to cultivate a more general “culture of compliance.”
But what about the employees? Part of the thinking behind the proposal at issue is that they won’t be so inclined to pay bribes on behalf of their employers because of the deterrent effect of potential FCPA prosecution. Maybe, but I’m skeptical. First, as noted above, even with a radical reorientation of FCPA enforcement priorities, the likelihood of any individual employee getting caught and punished is likely to be so small that those employees tend to neglect that possibility altogether. Second, the employees would still be under tremendous pressure to meet their targets, bring in business, etc. Indeed, many of these jobs already tend to attract risk-seeking types, who are willing to run risks in order to reap higher rewards.
One other observation here: the blockbuster settlements against corporate defendants are highly salient, and probably do a lot to convince other corporations, that maybe haven’t thought much about the FCPA, that they need to take it seriously and invest in compliance. Hearing that another firm in your industry had to pay hundreds of millions of dollars because its employees were caught paying bribes tends to get the attention of the CEO and the board. Hearing that another firm’s employees went to jail for violating the FCPA is much less likely to convince senior executives and board members that they need to invest substantial corporate resources in improving their compliance systems.
So I guess what this comes down to, for me, is the question whether the most effective way for the FCPA to influence the behavior of the line employees (the potential bribe-payers) is directly, by credibly threatening them with criminal punishment, or indirectly, by giving corporations incentives to develop and implement more robust compliance programs. I tend to think the latter, indirect strategy is more likely to be effective (though I don’t have any hard evidence to back this up), and I also tend to think that allowing corporations to escape criminal liability if they assist the government in prosecuting the employees would tend to weaken corporate compliance programs more than it would strengthen deterrence (but again, I don’t have any solid evidence on this – it’s just instinct and conjecture). Still, I think these questions are worth asking, and I’m grateful to Professor Arlen for pushing us to think more about this problem.
A very interesting idea by Professor Arlen, and one I think I am personally less pessimistic about than Professor Stephenson. Unless the possibility of prosecution is so low as to be negligible (in which case presumably the possibility of detection and prosecution at the company level would also be negligible, if more expensive), I think companies will still have incentives to investigate. Otherwise if they don’t find out about it first and disclose, they won’t be shielded from liability.
That said, I think I have a bigger concern about what that would do to the perception of the FCPA and the work it does on behalf of international anticorruption. It’s one thing to hold large multi-national companies with strong US ties accountable for their bribery; it’s quite another to give those companies a free pass in order to go after low-level employees who are, I would guess, natives of the country they are working in (and may never have even been to the United States). Because it is harder to go after the higher level actors, who might have stronger US ties or at least be more directly involved in decisions that have an influence on US markets, the FCPA could be seen has giving a free pass to American-tied companies and actors at the expense of local people. People who’s prosecution might be better handled by his or her native country.
I think the US has the legal jurisdiction to do this. But I worry if the FCPA is just used to go after local actors, it might start to loose some of it’s moral one.
One important correction/clarification, which Professor Arlen helpfully brought to my attention: Her proposal would NOT exempt corporations that detected and disclosed employee violations from ANY sanction. Rather, she proposes that if a firm detects and self-reports, then the firm is shielded from a corporate criminal conviction, but would still have to pay a monetary sanction that offsets the benefit the corporation received due to the unlawful bribery. If, however, the firm fails to self-report, then on her proposal the firm should be convicted and pay a substantially larger penalty. This clarification is important, because my original description in the post might make it seem like she is proposing that a corporation that turns over its employees can keep the ill-gotten gains of that criminal act. That’s not the case — even the corporation that discloses and turns over evidence still has to pay a penalty equal to the illicit benefit (possibly as disgorgement, or simply as a fine calibrated to the estimated unlawful gain).
This clarification mitigates but does not eliminate my concern. (Here, Professor Arlen and I may still disagree.) A firm would still have a relatively stronger incentive to put pressure on its salespeople to meet aggressive, perhaps unrealistic targets, while under-investing in internal compliance, even if the firm knows that if it detects bribe-paying by employees it will have to cough up any benefit it received. The firm could reason as follows: “If our employees meet the targets, and we don’t uncover any evidence of bribery (which we may well not, even if bribery took place — especially if we’re not actually looking too hard) then we benefit. If we learn our employees did engage in bribery, then we need to immediately turn them over to the authorities and give up any gains those bribes may have secured for our firm. But at least then we’re in the same place we started. So it’s Heads We Win, Tails We Don’t Lose (Much).”
Of course, even if I’m right that a firm will invest relatively less in internal compliance under the proposed system, I still recognize that this system would create stronger deterrent incentives for the employees themselves. It’s possible — and to my mind still an open question — whether that direct increase in deterrence will offset the adverse incentives for the corporation that I still think would occur if we capped corporation’s potential liability to disgorgement in the case of self-disclosure. I’m skeptical, but this is a debate worth having. I thank Professor Arlen for starting it, and apologize to her for my misleading characterization of her proposal in the original post.
This argument over low-level employees being prosecuted or fined lacks contact with reality to a certain degree. Taking Thalland as an example (but applicable to any country where bribe-paying is endemic) it isn’t very likely that the Thai employee will ever be fined, jailed, or even charged with bribe-paying at the behest of his or her American manager. The DoJ simply won’t invest the time and money to engage in extradition proceedings first in the US and then via the Thai courts over a matter of a few tens or hundreds of thousands of dollars of bribe payments by that employee.
Nor will there be any repercussions of note to the career of the Thai employee. While the Yates Memo may be a sea-change regarding the old saw that “it’s just how business is done” this only applies to the American business culture overseas and (emphatically) not the local culture. Instead, in Thailand, the firm concerned would be blamed for not having its employees’ backs regardless of the letter of non-Thai compliance law. Our hypothetical Thai employee would still be very employable — especially by Thai firms — and with the word on the street the American firm could have difficulties in hiring in the future.
This does not directly address the treatment of the managers and executives who may authorize bribes. I would suggest that DoJ and State work more closely together on the issue, perhaps by not only fining the guilty but also taking away their US passports for a significant term, perhaps 10 years, to curtail their ability to work internationally.
It might also be desirable for Justice, State and Treasury to work up an equivalent of the latter’s SDNs (Specially Designated Nationals) for treatment of foreign locals involved in bribe-paying (or bribe-taking) thereby precluding them from employment in American firms, from traveling to America, etc.
This is a very good point, and one that I should have considered more carefully. Many of the lower-level employees, whose misconduct (on behalf of the corporation) renders the corporation criminally liable, are not themselves plausible targets for a U.S. criminal prosecution. This strikes me as an additional reason to be skeptical of a proposal that would shield a corporation from criminal penalties (beyond disgorgement of ill-gotten gains) if it turns over evidence on the lower-level employees who paid the bribes.
That said, though, and in fairness to Professor Arlen, in many cases the lower-level employees are (for example) regional managers who are U.S. citizens (or others whom the U.S. could plausibly prosecute). This does raise an interesting question for Professor Arlen and others who’d advocate something like her position: Does the corporation get full credit and a (partial) shield from liability if it discloses and turns over evidence on _any_ bribe-paying employees, or only those that the U.S. could plausibly prosecute (in lieu of the corporation)?
Two thoughts on this very useful discussion.
1) An FCPA case often sparks some sort of follow-on litigation by third parties — shareholder derivative actions may be the most common but antitrust suits by competitors and even damage actions by victims are possible. I suspect there aren’t enough of these to have any effect on the argument. But am I correct?
2) Measuring the benefits of a bribe is non-trivial. I haven’t looked at the literature for sometime but what I have seen was quite inconclusive and didn’t hold out much hope that further work was likely to make it any less so. For example, National Economic Research Associates’ Economic Analysis of Damages under the Foreign Corrupt Practices Act, May 2011.
I haven’t looked into this carefully, but my general impression (just from chatting casually with people who know this stuff better than I do) is that you’re right on both points. Yes, there’s some follow-on litigation, but as yet it’s fairly limited and doesn’t seem to have that much of an impact relative to the fines and other penalties levied by the government. And yes, measuring the benefits of bribery is often very hard, especially when you’re not talking about something like one big contract, but rather a pattern of bribery over time. But FCPA penalties do sometimes include disgorgement, indicating that the government believes it can at least make a ballpark estimate of what the company has to cough up (though it’s method has been criticized from both directions).
Professor Arlen’s idea is very interesting, especially in terms of deterrence.
I also have concerns about this proposal in one given situation. Reporting employees’ wrongdoing as a protection against corporate criminal conviction, even if the corporation is still be subject to monetary sanction, could be inadequate where the corporate culture and policies indirectly encourage misconducts.
Employees’ wrongdoing can be shaped by corporate rules, policies and culture which can be improper to prevent bribe giving, or worst, are promoting it. In some cases corporations are more to blame that individuals.
For these cases particularity corporate criminal liability is, I believe, very important.