OK, we get it. Companies should have effective compliance and ethics programs to fight all kinds of corporate crime and misconduct, including bribery.
In particular, the fight against bribery is a prime example of this need — to have companies do what they can to help end this scourge.
There are good solid standards for what companies should do. The U.S. Sentencing Guidelines give us sound guidance on what is needed. The OECD’s Good Practice Guidance (pdf) similarly provides practical advice.
So governments have given us a clear direction on what to do. We know, too, that compliance and ethics — the day-to-day work of preventing violations in our companies — is the right thing to do.
But there is a nasty little secret behind this conclusion. The legal system, which is supposed to help prevent business crime, actually undermines company compliance efforts. Instead of providing substantial incentives and recognizing the value of our work, there are strong undercurrents that undermine our efforts.
In the four decades I have been doing compliance work I have seen these developments, often just accepted resignedly by our field. Instead of praise and recognition, our work is used against our companies or treated hostilely and without the slightest deference.
Recently I was invited by the Rutgers University Law Review to submit an article on compliance, and I decided it was time to confront this issue. The article I have drafted, Joseph E. Murphy, Policies in conflict: Undermining corporate self-policing, 69 Rutgers U.L. Rev. 2 (forthcoming 2017), attacks this conflict head on.
Here are the types of things I address:
1. Sacrificing compliance and ethics to litigation. Compliance program work can be and has been used against companies in litigation, even going so far as to have notes from compliance training used to assess punitive damages in an employment discrimination case.
2. The National Labor Relations Board has taken action against companies based on their codes of conduct and other employee guides.
3. EU privacy regulators have undercut compliance helplines and in some countries even bar anonymous employee reports. It can be illegal to allow an employee victim to report misconduct by the boss unless the employee discloses his or her own identity (thus making it easier for the boss to retaliate!).
4. EU competition enforcers (and courts, following their lead) have rejected in-house attorney-client privilege to get access to counsel’s legal advice to employees, undercutting counsel’s role in helping assure compliance.
5. EU enforcers also actually use companies’ compliance programs against the companies, and give no benefit for any program, no matter how rigorous.
6. A variety of other agencies and courts have taken actions making compliance programs more difficult or risky.
There are certainly enforcers and agencies that take our work seriously. The Fraud Section of the Department of Justice’s Criminal Division has made it clear it considers compliance programs and will credit companies for good faith, diligent compliance work. The Canadian Competition Bureau is another example of an enforcement agency that values preventative efforts, and recognizes and promotes compliance programs.
But elsewhere in the legal system you see courts and agency officials who have no regard at all for the importance of compliance and ethics work. To them it seems to be nothing more than some foolish diversion to be put down as unimportant.
In the article I also discuss dangerous weaknesses I see in compliance programs, in part the result of these errant enforcement and judicial approaches.
I believe we should not quietly accept these bad policies. In the article I propose a solution to balance other legitimate interests against the need to encourage and support corporate self-policing.
The draft article is available on the SSRN http://ssrn.com/abstract=2827324.
I welcome any comments you may have.
Joe Murphy is a Certified Compliance and Ethics Professional and author of 501 Ideas for Your Compliance and Ethics Program: Lessons from 30 Years of Practice (SCCE; 2008). He was co-founder and vice-chairman of the board of Integrity Interactive Corporation (now part of SAI Global). He serves on the board of the Society of Corporate Compliance and Ethics (SCCE). He can be contacted here.