History of Corporate Compliance Regulations

HISTORY OF CORPORATE COMPLIANCE REGULATIONS

Introduction

It’s surprising to most business people that corporate scandal pre-dates the Enron and WorldCom misconduct of the early 21st century.  In fact, tensions between regulators and businesses define American corporate governance, starting slowly in the 19^th century and picking up considerable momentum in the 20th century.  Corporate regulation began as a response to business scandals, seeking to redress underlying causes but each time adding to its increasing complexity.   Even today, as regulators continue to deter massive scandals, businesses increasingly resist regulation that stymies their innovation.

Despite resistance to corporate regulation, public calls for justice following massive scandals drive tangible business reform.  As corrupt as they may be, “scandals also have a crucial silver lining; in each case, public outrage has forced lawmakers to step in.  This pattern, as it turns out, lies at the heart of American corporate governance.  For the past century, American corporate regulation has consisted of periodic, dramatic regulatory interventions by federal lawmakers after a major scandal, together with more nuanced ongoing regulation by the states.” [i]  It is important to reflect on this pattern of business scandal, followed by increased corporate regulation. 

Indeed, the history of major corporate scandal dates to the Civil War, when Philadelphia banker Jay Cooke made fortunes by selling government bonds to raise money for the Union army.  After the end of the war, he similarly sold bonds to raise money for the Northern Pacific Railroad.  Because of his stature, Cooke “had been regarded as a pillar of financial stability”[ii], comparable to the stature of modern financial icons Bill Gates and Warren Buffet.  In fact, Cooke’s ignored warning signs when railroad building far outstripped demand, but he continued to invest money in railroads.  The subsequent implosion of both Cooke’s bank and the railroads led directly to the economic depression of the Panic of 1873. [iii]

Public outrage erupted even from those who had no financial stake in the railroad.  The extensive advertising to sell bonds to raise money for the railroads impacted not only the rich, but also people of far more moderate means who had invested in the bonds.  Soon afterward, details of blatant corruption, self-dealing and bribery emerged[iv] and the Mail Fraud Statute[v] became the first federal law to protect Americans from fraud, scams and scandals.  In addition, Congress enacted statutes to better regulate the railroads, including the Interstate Commerce Act of 1887, soon followed by the regulation of monopolies with the Sherman Antitrust Act of 1890.[vi]   

Although several states enacted ongoing or implementing regulation, most states did little to regulate corporations amidst the wave of mergers, monopolies and corporate growth of the Gilded Age.  The term for this period came into use in the 1920s and 1930s, derived from writer Mark Twain's 1873 novel The Gilded Age: A Tale of Today, which satirized an era of serious social problems masked by a thin gold gilding of prosperity.[vii]  “The states’ abandonment of the fight against corporate combinations shifted the campaign against corporate monopoly from the states to Congress and federal regulators.  Two decades later, a trust-busting campaign led by Teddy Roosevelt would firmly establish federal regulators as the principal guardian for competition in American Industry.” [viii]

Teddy Roosevelt’s Corporate Regulation Campaign

            Public anxiety continued to heighten about the power, reach and lack of accountability for the corporate giants of the early 20^th Century.  Other than the statutes enacted in reaction to the Panic of 1873, “(t)he existing laws of the 19^th century were designed for small-scale concerns, not for the massive behemoths of the Industrial Age.”[ix]  This era of growing corporate power and influence, coupled with the rise of those who sought to expose the ills of society brought about by corporate robber barons, caught Teddy Roosevelt’s attention.  Recognizing that the states were either unable or unwilling to sufficiently regulate corporations, Roosevelt sought to balance corporate power and economic interests with public interests and the welfare of its citizens.  He thought that the way to accomplish this was through centralized government regulation of business activities, without further legislation.  Even though “he recognized the dangers of corporate power, he did not seek to completely destroy it or even substantially weaken it, as he felt that strong business was central to America’s growing economy and word power.”[x]

 “The idea of government regulating business, though passé nowadays, was in fact a radical notion at the turn of the century.  This was the so-called Lochner[xi] era, named for a Supreme Court decision striking down a New York Law that limited the hours one could work, on the basis that it interfered with individuals’ economic rights, even though it was intended to prevent worker exploitation.  Economic rights were treated then just the same as the rights of speech, religion, and so forth, and were just as inviolate.  Courts responded fiercely against any attempt by reformers to regulate business conduct.”[xii]  On December 2, 1902, in his second State of the Union Address, Roosevelt set the tone for the century of federal corporate regulation that would follow[xiii], by building on the delegation of power bestowed by the Interstate Commerce Act and the Sherman Antitrust Act.

Our aim is not to do away with corporations; on the contrary, these big aggregations are an inevitable development of modern industrialism, and the effort to destroy them would be futile unless accomplished in ways that would work the utmost mischief to the entire body politic.  We can do nothing of good in the way of regulating and supervising these corporations until we fix clearly in our minds that we are not attacking the corporations, but endeavoring to do away with any evil in them.  We are not hostile to them; we are merely determined that they shall be so handled as to subserve the public good.  We draw the line against misconduct, not against wealth.  The capitalist who, alone or in conjunction with his fellows, performs some great industrial feat by which he wins money is a welldoer, not a wrongdoer, provided only he works in proper and legitimate lines.   We wish to favor such a man when he does well.  We wish to supervise and controls his actions only to prevent him from doing ill.  Publicity can do no harm to the honest corporation; and we need not be over tender about sparing the dishonest corporations.[xiv]

Soon after his Address in 1902, the Northern Securities case[xv] characterized Roosevelt’s use of existing antitrust legislation to dismantle a monopoly, in this case a holding company controlling the principal railroad lines from Chicago to the Pacific Northwest.  Using the Sherman Antitrust Act, the federal government broke up the holding company because it was an illegal business combination acting in restraint of trade.  The case made its way to the Supreme Court, where the justices ruled 5-4 in favor of the federal government in 1904.[xvi]

At nearly the same time, the Elkins Act of 1903 was quietly championed by the President.  He was informed of the railroads’ desire to cease the practice of rebates.  He supported the bill in private correspondence, as supplier corporations demanded shipping rebates, threatening and able to take their business elsewhere because of the overbuilt railroad network.  Senator Stephen B. Elkins of West Virginia placed the bill bearing his name before the Senate and it passed in February 1903, unanimously in the Senate and by a 250 to 6 vote in the House.  The positive reception posed during the passage of the Elkins Act provided Roosevelt the confidence to publicly support other legislation to regulate the industry.[xvii]

            For example, the Hepburn Act of 1906 expanded the powers of the Elkins Act.  It gave rulings by the Interstate Commerce Commission (ICC) the equivalent force of law, strengthening federal regulation of railroad rates, prohibiting gratuitous passage and standardizing accounting methods.  Railroads were required to submit annual reports to the ICC and the number of Commissioners grew from five to seven, as their term went from six to seven years.  This time, Roosevelt openly displayed an intense interest in the passage of the bill, by wholeheartedly supporting the Hepburn Act.  Named for Representative William Hepburn of Iowa, chairman of the House Commerce Commission, the Act passed after a series of unpopular rate increases by railroad corporations.  The President reasoned that government regulation of the industry was a middle ground between the chaos of unfettered competition and government ownership of the railroads.[xviii]

            Unfortunately, just as the conduct of the railroads appeared to be under control, regulated in response to the chaos of the Panic, other misdeeds soon followed, in another economically perilous time, the Great Depression of the 1930s.

Franklin Delano Roosevelt and the New Deal

            In 1932, amidst the backdrop of the Great Depression, Samuel Insull’s electricity empire collapsed.  Insull was a former associate of Thomas Edison and a Chicago energy magnate, who built a massive business empire by relentlessly acquiring and eliminating rival energy companies and other businesses.[xix]  Similar to what Enron would do some seventy years later, Insull created an elaborate holding company structure to disguise an otherwise precarious financial position[xx].  Hidden in a maze of parent companies and subsidiaries, this shaky foundation soon came crashing down and led some to describe it as one of the “biggest business failures in the history of the world.”[xxi]            Further regulation emerged, as Franklin Delano Roosevelt campaigned on a promise to clean up corporate America, following in the footsteps of his cousin Teddy.  He made good on this promise in the form of the New Deal.  Specifically, he campaigned again the “Insull monstrosity”, to introduce a broad array of sweeping reforms that provided the infrastructure of American corporate and market regulation. [xxii]

 After the stock market crashed in 1929, Congress enacted the first securities laws, the Securities Acts of 1933 and 1934.  These Acts established the Securities and Exchange Commission (SEC).  The SEC quickly introduced extensive new disclosure requirements and antifraud provisions to ensure fair markets and to protect investors[xxiii].  The New Deal reformers also prohibited banks from engaging in both commercial and investment banking and restructured the utilities industry to prevent the kind of holding company structures that Insull used to mislead investors.[xxiv]  Unfortunately, due to changing times and loosening of such regulations, Enron would be able to do precisely that again, in the early 21^st century.[xxv]

 In summary, by examining corporate scandals and the resulting legislation, a pattern quick emerges.

A shocking scandal galvanizes attention, neutralizing the influence that corporation have under ordinary circumstances; Congress quickly responds by enacting reforms that are demanded by ordinary Americans.  It is these reforms that provide the federal regulatory infrastructure for the decades that follow.[xxvi]

It is this pattern that leads directly to the creation of what is now termed modern compliance programs.  Growing regulation and its increasing complexity required that companies find innovative ways to ensure that they and their employees understand and follow the rules.[xxvii]

Evolution of Modern Compliance Programs

            “Compliance has always been around, in some form or another, since the beginnings of organized commerce.”[xxviii]  In fact, self-regulation of business began with the Middle Age merchants and craft guilds, setting business standards for themselves[xxix].  Later, businesses began to adopt their own codes of conduct, in the wake of company scandals, to distinguish themselves with voluntary, informal and relatively simple self-regulation.  As government regulation grew in the early to mid-20^th century, businesses discovered they had to find more formal and structured ways to deal with the complexity of modern American governance[xxx], much of which still to come.

            Noted scholars now agree that modern compliance programs, as we know them today, were first installed in the early 1960s, after a bid-rigging and price-fixing conspiracy by electrical equipment manufacturers such as General Electric and Westinghouse.  The first prison sentences handed down in the 70-year history of the Sherman Antitrust Act quickly served as a catalyst for business executives to develop internal compliance programs.  Beginning with antitrust issues and quickly spreading to reach other regulatory areas, savvy managers scrambled to distinguish and shield their business practices from the enormity and publicity of the consequences suffered by the above-mentioned executives[xxxi]. 

Because of this and other scandals, compliance programs began to reach more heavily and complexly regulated industries.  Greater public and scholarly attention on illegal and harmful acts by corporations led to further regulation, as managers continued to act zealously, taking greater risks because personal concerns dominated corporate decision-making, often in the form of short-term incentives or “bonus” compensation arrangements.  The “scandal, and the underlying corporate dysfunction it revealed, accelerated the widespread development of corporate ethical conduct codes.”[xxxii] Upon review, many companies discovered that checks and balances were inadequate in regulating employee behavior.  Appeals to internal counsel also revealed that they were unable or unwilling to give clear, pertinent advice in this regard.[xxxiii]

After the Watergate investigation exposed that companies were paying bribes to foreign officials using off-the-books funds, Congress passed the Foreign Corrupt Practices Act (FCPA) in 1977.  The FCPA made it a crime for American companies to pay bribes to government officials for the facilitation of business activities in foreign countries, such as obtaining, retaining or directing trade agreements.  Again, it was public outrage combined with governmental pressure that spurred corporations to adopt much-needed reform.[xxxiv]  By the early 1980s, the public was again shocked with news stories detailing questionable and highly-inflated defense contracts.  For example, the U.S. military had purchased $300 hammers and $600 toilet seats.  It was estimated that billions of dollars of the national defense budget were wasted until President Ronald Reagan established the Blue Ribbon Commission on Defense Management, to investigate and make recommendations for improved compliance.[xxxv]

The Commission made numerous recommendations in its 1986 interim report to deter waste, fraud and abuse in the procurement process.  Among them were suggestions to “distribute copies of the code of ethics to all employees and new hires”.[xxxvi] It was also recommended that internal controls be implemented and monitored to ensure compliance.  Soon, the compliance recommendations of the Commission were also being applied to other government agencies and to businesses other than defense.[xxxvii] Also because of the Commission’s findings, “the Defense Industry Initiative (DII) on Business Ethics and Conduct was established in 1986 by thirty-two major defense contractors to improve compliance.”[xxxviii]  The DII has worked extensively throughout the defense industry for more than twenty years to “design principles for achieving high standards of business conduct and ethics.”[xxxix]

Then in 1987, the Report of the National Commission on Fraudulent Financial Reporting, also known as the Treadway Commission, “studied the financial reporting system in the United States to identify causal factors that lead to fraudulent financial reporting and steps to reduce its incidence.”[xl]   “The Commission’s key recommendations fall into several categories including the tone at the top as set by senior management; the quality of internal accounting and audit functions; the roles of the board of directors and the audit committee; the independence of external auditors; the need for adequate resources; and enforcement enhancements.”[xli]

Although many companies followed the lead of the DII and the Treadway Commission by developing compliance initiatives and tackling compliance issues more proactively, many still did not meet their stated goals.  “Many companies and industries maintain[ed] their own internal compliance and inspection programs . . . Unfortunately, while they [were] capable of doing so, they [did] not self-regulate effectively.”[xlii] As surmised by Martin Biegelman, author of Building a World-Class Compliance Program, by the 1980s “[c]ompanies had compliance mechanisms in place; all they needed were appropriate incentives to make their programs effective.”[xliii]

Federal Sentencing Guidelines for Organizations

            The development of modern corporate compliance programs was catapulted in 1991 when the U.S. Sentencing Commission (USSC) issued its United States Federal Sentencing Guidelines for Organizational Crime, holding corporations accountable by applying “just punishment” for criminal actions and “deterrence” incentives to detect and prevent crime.[xliv]  The corporate guidelines were added to the original Sentencing Guidelines, as the original Guidelines did not address organizations.  The USSC believed that due to the inherent characteristics of an organization, it needed to be treated differently than an individual offender.  The sentencing guidelines for organizations, with its seven minimum requirements, finally gave companies “a strong incentive to have an effective compliance program, either to receive a lessened sentence or mandated as part of probation”[xlv] or a settlement agreement.  The seven steps first recommended in 1991 were significantly enhanced in 2004 amendments.  The Federal Sentencing Guidelines for Organizations (FSGO) strengthened corporate compliance and ethics programs to mitigate punishment for criminal offenses[xlvi].  The FSGO have since been widely adopted and applied to civil and regulatory offenses as well, ushering in the creation of an entirely new corporate position, that of the Chief Compliance Officer[xlvii].

            This trend continued with the enactment of the Sarbanes-Oxley Act in 2002.  After the passage of Sarbanes-Oxley and the amendments to the FSGO, the average federal sentence faced by corporate executives more than tripled.[xlviii] A twenty-five-year sentence was passed down to CEO Bernie Ebbers for his role in the WorldCom fraud.  The Court expressly stated that the sentence was not unreasonable considering the new sentencing guidelines authorized by Congress.[xlix]          

The McNulty Memorandum

            Given the high priority placed on prosecuting corporate crime by the Department of Justice (DOJ), “it is important to understand the government’s perspective when building a compliance program.”  Specifically, it is important to understand the consequences of compliance failures, as well as the ways an effective compliance program can, to some degree, mitigate potential damage.”[l]  The FSGO specifically mention an effective compliance program as a factor that influences sentencing decisions[li].  In December 2006, the DOJ issued its McNulty Memorandum, outlining the revised principles of federal prosecutions for business organizations.[lii]

            The memo built on DOJ’s predecessor Thompson Memo[liii] to set forth goals for ensuring cooperation with government investigations and for developing effective corporate governance structures.  “The newer memo intended to alleviate many of the concerns engendered by application of the previous principles, while still maintaining stiff penalties for offenders and a strong anti-corporate crime outlook . . .  The most persistent criticism involved the pressure put on organizations by the Thompson Memo to waive attorney-client privilege””[liv], potentially exposing proprietary and confidential communications with corporate counsel.  “An ancient legal protection, the privilege allows for frank and open discussions with an attorney, without fear of the information becoming public.”[lv]  The Thompson Memo instructed prosecutors, when assessing the level of corporate cooperation, to consider its willingness to waive the attorney-client privilege with respect to the corporation’s internal investigations and communications between counsel and employees.[lvi]

Taking this criticism to heart, the McNulty Memorandum provided general considerations for the investigation and prosecution of corporate crimes, by listing nine factors to be evaluated in charging decisions, specifically stating that waiver requests would be rare.

We have heard from responsible corporate officials recently about the challenges they face in discharging their duties to the corporation while responding in a meaningful way to a government investigation.  Many of those associated with the corporate legal community have expressed concern that our practices may be discouraging full and candid communications between corporate employees and legal counsel.[lvii] 

In addition to typical considerations, such as strength of the evidence and the likelihood of conviction, prosecutors must now consider the following factors, giving executives and corporations guidance on what to expect and what to do in the event of an alleged violation and ensuing investigation.

1.  The nature and seriousness of the offense, including the risk of harm to the public, and applicable policies and priorities, if any, governing the prosecution of corporations for particular categories of crime;

2.  The pervasiveness of wrongdoing within the corporation, including the complicity in, or condonation of, the wrongdoing by corporate management;

3.  The corporation's history of similar conduct, including prior criminal, civil, and regulatory enforcement actions against it;

4.  The corporation's timely and voluntary disclosure of wrongdoing and its willingness to cooperate in the investigation of its agents;

5.  The existence and adequacy of the corporation's pre-existing compliance program;

6.  The corporation's remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies;

7.  Collateral consequences, including disproportionate harm to shareholders, pension holders and employees not proven personally culpable and impact on the public arising from the prosecution;

8.  The adequacy of the prosecution of individuals responsible for the corporation's malfeasance; and

9.  The adequacy of remedies such as civil or regulatory enforcement actions.[lviii]

According to McNulty, the fundamental questions any prosecutor should ask are: "Is the corporation's compliance program well designed?" and "Does the corporation's compliance program work?"[lix]

In answering these questions, the prosecutor should consider the comprehensiveness of the compliance program; the extent and pervasiveness of the criminal conduct; the number and level of the corporate employees involved; the seriousness, duration, and frequency of the misconduct; and any remedial actions taken by the corporation, including restitution, disciplinary action, and revisions to corporate compliance programs. Prosecutors should also consider the promptness of any disclosure of wrongdoing to the government and the corporation's cooperation in the government's investigation. In evaluating compliance programs, prosecutors may consider whether the corporation has established corporate governance mechanisms that can effectively detect and prevent misconduct. For example, do the corporation's directors exercise independent review over proposed corporate actions rather than unquestioningly ratifying officers' recommendations; are the directors provided with information sufficient to enable the exercise of independent judgment, are internal audit functions conducted at a level sufficient to ensure their independence and accuracy and have the directors established an information and reporting system in the organization reasonably designed to provide management and the board of directors with timely and accurate information sufficient to allow them to reach an informed decision regarding the organization's compliance with the law.[lx]

Accordingly, a prosecutor will examine the company’s true commitment to compliance, beyond the superficial appearance of the program.  It should never be what McNulty calls “a paper program.”  The memorandum lists the criteria that will be so examined.

Prosecutors should therefore attempt to determine whether a corporation's compliance program is merely a "paper program" or whether it was designed and implemented in an effective manner. In addition, prosecutors should determine whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation's compliance efforts. In addition, prosecutors should determine whether the corporation's employees are adequately informed about the compliance program and are convinced of the corporation's commitment to it. This will enable the prosecutor to make an informed decision as to whether the corporation has adopted and implemented a truly effective compliance program that, when consistent with other federal law enforcement policies, may result in a decision to charge only the corporation's employees and agents.[lxi]

Seaboard Criteria: SEC Mitigating Factors

            In late 1999, international business Seaboard Corporation (Seaboard) began an investigation of a division controller for booking improper entries in the financial statements.  The controller subsequently confessed in July 2000 that she had been making these false accounting entries for five years resulting in over $7 million in accounting discrepancies.  Seaboard’s management quickly notified the board of directors of the discrepancies and the board retained an outside law firm to conduct a thorough investigation of the entire matter.  In short order, the controller was fired as were two other employees who failed to adequately supervise her.  Seaboard issued a public statement that it would be restating its financial statements for a five-year period due to the controller’s action, and self-reported the matter to the SEC.[lxii]

            The SEC conducted its own investigation and confirmed the findings of Seaboard’s internal investigation.  Seaboard fully cooperated and assisted in the SEC investigation.  As a result, the SEC decided not to take any action against Seaboard[lxiii].  The SEC explained how the company’s swift and transparent actions benefited investors and the SEC’s enforcement program.  Because of this case, the SEC issued four key factors and related criteria that it would consider in determining whether to “credit self-policing, self-reporting, remediation and cooperation” and in deciding whether to take reduced action or no action against others in future enforcement actions.  The following are the SEC’s four mitigating factors.[lxiv]

·         Self-policing

• Establishment of an effective compliance program
• Strong support by the Board and executive management

·         Self-reporting

• Prompt and effective disclosure of wrongdoing to the public
• Timely and relevant disclosure to regulators or law enforcement, as appropriate

·         Remediation

• Disciplinary process for those who violate the code of conduct
• Continuous strengthening of internal controls to mitigate repeat violations

·         Cooperation

• Full and complete cooperation with the SEC and other investigators
• Providing all relevant documentary and testimonial evidence