In writing and speaking about regulatory compliance, one term that comes up quite a bit is “credible deterrence.” When deterrence is real, institutions and the people in them are able to resist any temptation to skirt legal and regulatory imperatives, if only because of the fear of likely repercussions.
When such consequences seem minimal (the cost of doing business), unevenly applied, or unlikely, there’s just no reason for a business and its people to knock themselves out withal of the burdens of regulatory propriety.
In the U.S. financial services sector, the meltdown experienced in 2007-09 was caused by a myriad of factors, ranging from dangerous investment vehicles (like collateralized debt obligations backed by subprime mortgages), to financial firms being allowed to take on greater risk, to consumers thinking “more is better” when it comes to their purchasing habits.
The protections businesses and their top executives receive from the costs of failure undermine credible deterrence.
If you know there’s a safety net below you, the written compliance program might remain strong, but the day-to-day adherence to it becomes far more laissez-faire.
Before I get to what credible deterrence could look like, I want to mention that a business that gets some things wrong on occasion is not necessarily a corrupt enterprise.
Systems and people fail. Business leaders make mistakes and learn from them, sometimes crafting a far better strategy for the firm and its customers in the longer term.
The Bernie Madoff reminder. The guy everyone loved to hate, at least ten years ago, is Bernie Madoff.
My friend, Colleen Eren, an associate professor of Sociology at William Paterson University, wrote about him in a book called Bernie Madoff and The Crisis: The Public Trial of Capitalism.
Without putting makeup on him and pretending he was anything but a crook, Colleen points out that the media, regulatory, and law enforcement attention paid to Madoff was rather interesting.
That is, it was questionable given that the profits generated by selling houses in the prior decade were funded by dodgy mortgages implicitly underwritten by the U.S. government, even though they were based on lies — and their implosion was staggeringly larger and more damaging to the general public than the $17.5 billion rip-off perpetrated by Madoff.
He spearheaded a multibillion-dollar Ponzi scheme that harmed many investors, but his 150-year sentence likely did not lead to credible deterrence, because the case involved exaggerative elements in terms of the scale of the crime and the public’s incredible resentment built up during the financial crisis period — resentment finding an outlet in the face of one white-collar criminal.
Credible deterrence. Credible deterrence depends on the quality of external oversight and the probability that individuals will be named and an entity charged with a fine that is far above the cost of doing business. It also relies on the firms themselves encouraging whistleblower reporting, and depends on the impact of shaming the business and its top executives in media accounts so as to provide that final impetus to good behavior.
Sometimes it appears to be top of mind for regulators (take this enforcement in which the Financial Industry Regulatory Authority both expels a firm but later maintains jurisdiction over it sufficient to bar its brokers and impose fines) and sometimes more like an afterthought for regulators (see this post about plummeting penalties at the Securities and Exchange Commission).
With such a vacillating system of meting out punishment, we’re left with businesses being at the frontlines of creating credible deterrence.
Business leaders must realize that some job functions attract those with a penchant for risk-taking, and when they have the ability to exert investor harm, these persons must be closely monitored.
Consequences for misconduct must be certain and predictable.
Certain attitudes and behaviors must be discouraged repeatedly from voices in the organization that are recognizable and have impact.
The roles of compliance professionals in these firms should be elevated to a highly respected executive level, and their jobs must remain doable, i.e., they have reasonable budgets, salaries, and important technological surveillance resources. What they recommend must be valued, even if it means delaying transactions and investigating a high-performing employee.
It means it is credible the bad actor and the business not only won’t ever consider doing that again; if sufficiently egregious, each might not be ever given the opportunity.
____
Julie DiMauro, pictured above, is a contributing editor of the FCPA Blog. She writes best practice articles and speaks about compliance and risk issues in the financial services sector as part of the Regulatory Intelligence group at Thomson Reuters in New York. Follow her on Twitter @Julie_DiMauro and email her here.
3 Comments
So, what is lacking is a motivatonal force to get people to do what they should be doing.
Strange how it always comes down to PR, common sense and image.
Singelhanded the supercriminal does the crime?
Spread out the punishment and you have a viable deterrent.
Them, not just the him.
Hi, Julie – I agree that empowerment and positioning of the chief ethics and compliance officer are essential. If we want people to report misconduct, there must be someone in charge of the compliance program who has the independence and power to make things happen.
However, on the issue of deterrence, one major barrier is arrogance. Deterrence only happens if the culprits believe they will be caught. Economists and academics try to come up with formulas balancing penalties and probabilities of being caught, to come up with some theoretical optimal penalty. This may be intellectually interesting, but it typically misses the point that crime is not an intellectual exercise determined by mathematical calculations. Human behavior is more driven by emotions than intellect.
If we look back at Enron, the authors McLean and Elkind got it right in the title of their book, “The Smartest Guys in the Room.” The people who commit or set the groundwork for corporate crime and misconduct, usually the corporate leaders, aren’t necessarily deterred by possible penalties because they think they are smarter than everyone else and will not get caught. Remember that in that time frame, Arthur Anderson suffered the corporate death penalty, and Bernie Sanders went to prison for life. Other than making individual corporate crimes into capital offenses, how much more punitive can we be?
While I agree that corporate crimes and criminal managers should pay the price for causing harm, to me the key is not some idea of “optimal penalties,” but making sure the internal compliance mechanism is sufficiently independent and empowered, and also uses the types of effective management tools set out in guides like the US Sentencing Guidelines and the OECD Good Practice Guidance. Credible deterrence internally can prevent and ferret out misconduct more effectively than can outside enforcers. But the internal compliance professionals need the power and positioning to do this, and they need to apply the right tools.
Cheers, Joe
Joseph,
I am so sorry for not responding to your excellent comment here. You're absolutely right, in my view.
Such objective criteria as sentencing guidelines and other well-regarded, established guidelines can provide the legitimacy, transparency and consistency that compliance officers need to do their work.
Comments are closed for this article!