The U.S. Foreign Corrupt Practices Act (FCPA) exposes corporations to criminal (as well as civil) liability for acts committed by the corporation’s employees, pursuant to the standard principle of U.S. law the corporations are liable for the acts of their employees, if those acts were committed in the course of employment and for the benefit of the employer. This principle, in the FCPA context and elsewhere, has familiar advantages and disadvantages. The most straightforward advantage is that this “vicarious liability” gives corporations an incentive to establish robust compliance programs and to monitor their employees. The main disadvantage is that, because no compliance system is perfect, corporations might find themselves faced with substantial liability for acts committed by “rogue employees”. Moreover, precisely because of this concern, corporations might over-invest in anticorruption compliance, or might forgo certain transactions or investments, because of worries about FCPA exposure. This may be bad for society, not just the firm.
In the FCPA context, a range of critics have argued that the FCPA should be amended to add a “compliance defense,” so that a corporate defendant would not face criminal liability for the acts of its employees, so long as the corporation maintained an adequate system for promoting compliance with the FCPA’s restrictions. (The United Kingdom’s 2011 Bribery Act has such a defense.) Advocates of an FCPA compliance defense have suggested a range of possible forms the defense might take; critics have pushed back, arguing that the existence of the defense would undermine the fight against corporate corruption. My take on the debate over the compliance defense is somewhat different: I think the addition of an FCPA compliance defense, under current conditions, would have no significant effect on FCPA enforcement actions. A compliance defense would probably be neither good nor bad, but rather (mostly) irrelevant. Here’s why: