How can the law prevent and deter corporate wrongdoing? The answer might lie in identifying what factors are associated with greater wrongdoing and how to best target them.
Editor’s note: This piece is part of our series on Corporations and Democracy, designed to continue the conversation initiated at a December 2020 conference by the same name sponsored by the Corporations and Society Initiative at Stanford GSB, and eight other schools and centers, including the Stigler Center at the University of Chicago Booth School of Business. See the conference’s website for a summary of the event, the program, full videos, and other links.
The annual costs of corporate wrongdoing in the US are conservatively estimated to be over $300 billion per year, with global estimates ranging even higher. There are so many examples of corporate wrongdoing from just the past few years that it is difficult to keep track—the Opioid crisis, the Volkswagen scandal, the GM faulty ignition switch scandal, Wells Fargo’s fake bank accounts, PG&E and the California fires, numerous Ponzi schemes, cybercrime, corruption, and more. These high profile examples and their staggering costs raise several important questions. What do legal systems do to prevent and deter corporate wrongdoing? Is it working well and, if not, why and what might be done?
The law generally aims to deter or prevent harmful activity by imposing liability on the persons causing harm, such as corporate employees. However, employees rarely have sufficient assets to pay for the harm caused and are often difficult to identify or sanction. This leads us to search for others who can monitor employee behavior, and in this regard, the corporation seems like a natural target. Imposing liability on corporations provides them with incentives to police wrongdoing within the firm, effectively deputizing them to assist in law enforcement.
Corporate liability, whether civil or criminal, is typically vicarious in that the firm is sanctioned for the behavior of its employees. Countries differ on the conditions under which they hold firms vicariously liable. Under respondeat superior, the most common standard in the US, corporations are liable for the behavior of any agent acting within the scope of her employment with at least a partial intent to benefit the firm. The “alter ego” standard, used in most countries outside the US and in some US states, only imposes liability on the corporation for the behavior of a “high managerial agent” or its “controlling mind” when she acts within the course of her employment and with at least a partial intent to benefit the firm. Respondeat superior is an easier standard because it premises corporate liability on any agent’s behavior.
The difference matters most in cases like the Well Fargo fake account fiasco where lower level employees engaged in harmful activity ostensibly to meet cross-selling quotas established by the firm’s top brass, but no high level employees were actively involved in creating fake accounts. There, respondeat superior leads to corporate liability, but the “alter ego” approach might not.
Although civil liability on corporations is fairly common, the imposition of criminal liability on them seems quite odd: a corporation can’t go to jail and its “state of mind” is not that simple to capture. Historically, corporate criminal liability provided a method of obtaining government enforcement and powerful information gathering powers, but over time civil liability has developed similar or stronger information gathering powers and civil regulators provide government enforcement, too. Thus, for corporations, civil liability offers many of the features of criminal liability without the costly and tougher procedures, such as those associated with the higher standard of proof in criminal cases.
However, corporations are not the only entities who might monitor corporate agents—perhaps auditors, investment bankers, lawyers, and senior executives might be able to monitor corporate employees too, and it may be that the risk of liability could increase their incentives to do so. Although the set of gatekeepers may be quite large in principle, senior managers are likely to be in the best position to ensure compliance with the law and prevent employees from causing harm.
The notion that corporate leaders should be liable for corporate harms is often referred to as the Responsible Corporate Officer doctrine. The idea is that a senior executive who has a supervisory role might be held liable for the failings of subordinates when, by reason of the supervisor’s actual authority, she has the power to prevent a violation and fails to do so. This doctrine is interesting because it can impose both civil and criminal liability on the supervisor even when she was not negligent—an oddity in the criminal law—and because the only defenses would be the supervisor being powerless to prevent the harm. However, the Responsible Corporate Officer doctrine has thus far been used sparingly in the US (primarily for public welfare offenses such as violations of environmental and food and drug law, although sometimes for securities fraud, consumer fraud, and antitrust) and has led to, at most, moderate penalties. Other countries often have similar doctrines that impose penalties on supervisors but permit defenses (such as the exercise of due diligence) or allow supervisors to be at least partially insured or indemnified, as I discuss elsewhere.
The key question is then whether the law, with its wide range of available liability options, optimally deters and prevents corporate wrongdoing. Answering this question with rigorous scholarly work is challenging because it is difficult to estimate how much wrongdoing would have occurred but for certain enforcement actions, how much wrongdoing remains undetected, and many other matters. More research, such as the one Anat Admati is doing with Greg Buchak to explore how outcomes depend on such things as the type of harm and identity of the harmed party, would help.
Even if we can’t easily answer the broader questions, however, we might make progress on identifying what factors are associated with greater wrongdoing and target them. Scholarly work in this area has been somewhat more successful in identifying executive pay, general firm performance, and the presence of powerful CEOs as influencing the risks of certain kinds of wrongdoing.
One area that merits greater study is the effectiveness of compliance programs, which have grown substantially and become potentially critical factors in affecting the incidence of wrongdoing, the likelihood of prosecution, the magnitude of sanctions, and potential director liability for wrongdoing. If corporate liability aims to enhance firm monitoring of employees, then attention to compliance efforts seems a rather direct way to assess whether firms are doing that. Yet, some worry that compliance is largely cosmetic; that we don’t know whether it is leading to sanctions on culpable individuals as indicated by enforcement policy statements, and a host of other matters. Surely more research is warranted on these matters.
We might also approach the question of the law’s effectiveness by examining the patterns of enforcement. For example, as mentioned, supervisory liability in the US has remained in its narrow lanes for public welfare offenses and led to only modest penalties. Corporate liability, by contrast, is relatively easy to attach, but the US Department of Justice has become more cautious about imposing criminal sanctions on larger firms, after the implosion of Arthur Anderson following its Enron-related indictment, for fear of large collateral consequences. Instead, we see more deferred prosecution agreement (DPAs), which involve holding off prosecutions while the firm makes changes to its governance and compliance (often with an independent monitor overseeing it), provides information to law enforcement on culpable individuals and other matters, and pays a fine. If these conditions are met, then the prosecution dismisses the indictment. Thus, criminal trials and convictions of large firms appear less frequent.
The scholarly evidence and enforcement patterns raise potentially worrying questions about whether our current approach to policing corporate wrongdoing is really working. Given the rising costs of corporate wrongdoing on society and the likely urgency with which we need to act in some spheres (e.g., climate change), it is important to examine potential reforms.
We could consider increasing corporate sanctions. Indeed, corporate civil sanctions continue to rise and corporate criminal liability has grown substantially in many countries, although the US has by far the broadest and most active enforcement in this area. Nevertheless, federal prosecutors in the US appear cautious about seeking large criminal sanctions against firms where collateral consequences are potentially significant. Further, one wonders whether civil liability on corporations might be more effective given that, as noted earlier, it replicates most of the features of corporate criminal liability without the costly and difficult to satisfy criminal process. In light of that, it might be worth considering increasing corporate civil liability and imposing civil or criminal liability on additional players in the corporate governance ecosystem.
Indeed, commentators, judges, prosecutors, and scholars in both law and business have advocated for greater individual liability, including of executives and others in a position to prevent wrongdoing. Since the primary difficulty in convicting individuals is usually too little evidence on their behavior and states of mind, reforms to address these difficulties should be actively examined.
One potential route is to gather more evidence on individuals through technologically sophisticated compliance programs and to find ways to encourage whistleblowers to provide information. More generally, more funding may be needed to conduct complex investigations and build cases against individuals. These appear promising, given that there is already quite a lot of effort being put into compliance efforts. However, we should be attentive to concerns that we are still learning what works in compliance and there may be fraught interactions with enhanced compliance monitoring relying on technology and employees’ data privacy concerns. Moreover, we should explore how to make compliance impact the incentives of executives (e.g., through impacting pay or chances for promotion, but, at a minimum, there should be some broad alignment in compensation schemes and compliance programs).
Another approach is to reduce the state of mind requirement by, for example, expanding some version of the Responsible Corporate Officer doctrine to other areas of law. The advantage of going in this direction is that the doctrine alleviates the need for as much evidence regarding intent and may thus result in more convictions, but it also raises concerns about scaring away the more risk averse individuals from being executives or directors (or having to compensate them more for doing so). To partially address these concerns, the law could provide a due diligence defense, require multiple instances of poor supervision before imposing liability, or provide other ways to reduce risk in a way that responsible officers would not face too much risk they cannot control.
We might go further and consider options for inducing other gatekeepers to get involved in monitoring corporate wrongdoing. For example, we might increase liability for third parties, such as auditors, who are in positions to block or detect wrongdoing or examine how we might set up incentives for newer players to enter the fray as has been recently suggested.
Considering these options is critical because the large and growing harms from corporate wrongdoing have become one of the seminal issues of our time. The legal system can do better at deterring these harms, and discussion and action on these issues are both timely and pressing.