The recent defeat device scandal at Volkswagen, in which VW engineers created and installed a computer algorithm to cheat emissions testing on over eleven million automobiles, brings together two things I spend time thinking about: white collar crime and cars. While that may seem like an odd combination, VW’s troubles happen to marry my professional and personal interests. As a former white collar criminal defense attorney and now professor of business law and ethics, my professional life is consumed with trying to understand why seemingly good people—executives, accountants, automotive engineers—do bad things and how we can prevent it. On the personal side, I happen to be a car nut. I have owned at least a dozen in my twenty or so years of driving. None have been expensive, but all are exotic in their own way.
Maybe that is why a phrase often used in corporate compliance circles has always intrigued me. The term “Cadillac compliance” denotes a corporate ethics and compliance program that, like the luxury sedans built in General Motors’ heyday, is unparalleled. It is innovative, comprehensive, and successful. Companies seek this type of compliance regime as an assurance that employee wrongdoing will all but be eliminated within the firm and that government regulators will deem the program “effective.” 1 What is an effective compliance program is largely determined by government agents’ interpretation of the Organizational Sentencing Guidelines. See U.S. Sentencing Comm’n, Guidelines Manual § 8B2.1(a)-(b) (2015). Companies are sold on the belief that a “Cadillac” program will help them avoid government investigation and intervention into their business—a “painful, time-consuming, and colossally expensive” process with no sure endpoint. 2 Jayne W. Barnard, Corporate Therapeutics at the Securities and Exchange Commission, 2008 Colum. Bus. L. Rev. 793, 817 n.119 (referring to compliance consultants used during investigation and remediation).
The problem is, most corporate compliance programs will never achieve that goal. Despite multinational corporations spending an average of $3.5 million per year on compliance, 3 Ponemon Inst., The True Cost of Compliance: A Benchmark Study of Multinational Organizations 5 (2011). and hiring “hundreds, even thousands of compliance officers at a time,” 4 Sean J. Griffith, Corporate Governance in an Era of Compliance, 57 Wm. & Mary L. Rev. 2075, 2077 (2016). compliance failures continue to be commonplace, inviting significant regulatory scrutiny, legal risk, and reputational harm. The financial crisis provides the most vivid examples, but fifteen years after the fall of Enron, companies still find themselves with little understanding of why their larger, costlier, and more rigorous compliance programs remain ineffective. Indeed, Volkswagen had a “comprehensive” compliance program while its engineers were installing the defeat devices. 5 See Richard Hardyment, CSR After the Volkswagen Scandal, TriplePundit (Oct. 28, 2015), http://www.triplepundit.com/2015/10/csr-volkswagen-scandal (reporting that more than 185,000 employees received training on compliance topics in 2014). Corporate America wants—and believes it is getting—top notch compliance programs. But instead of the Cadillac, companies are ending up with a Chevy.
Why is this? My research suggests the answer stems from two interrelated phenomena. First, corporate compliance is becoming increasingly “criminalized”; that is, corporations are now approaching compliance primarily through a criminal law lens. Second, as compliance programs become more criminalized they impose unintended behavioral consequences on corporate employees by creating opportunities for them to rationalize their unethical and illegal acts. Understanding these phenomena provides insight into the current failures of corporate compliance, but also how companies can best devise effective means of combating future corporate wrongdoing.
I. The Criminalization of “Cadillac Compliance” Programs
Corporate compliance is on an increasingly criminalized path. What that means is that corporations now approach compliance primarily through a criminal law lens, using the precepts of criminal legislation, enforcement, and adjudication to advance their compliance goals.
How this has happened is instructive. After decades of self-regulation prior to the 1960s, the compliance function in most corporations has evolved pursuant to a predicable cycle—a corporate scandal occurs, it is followed by public outcry, which is followed by criminal investigation and prosecution, then comes a sweeping legislative response, all culminating in increased company-level compliance efforts. 6 See Todd Haugh, The Criminalization of Compliance, 92 Notre Dame L. Rev. 1215, 1224-33 (2017) (discussing four eras of corporate compliance, culminating in its criminalized nature). This cycle, which has repeated itself in each of the last five decades, has resulted in compliance regimes myopically focused on limiting criminal and quasi-criminal investigations and prosecutions of companies.
In many ways this is unsurprising given the increasing ability of government agents to enter corporations. There are now over 5,000 federal criminal statutes and nearly 300,000 federal regulations that may be enforced criminally, many of which are aimed at business. 7 Reining in Overcriminalization: Assessing the Problem, Proposing Solutions: Hearing Before the Subcomm. on Crime, Terrorism, and Homeland Sec. of the H. Comm. on the Judiciary, 111th Cong. 15 (2010) (statement of Jim E. Lavine, President, Nat’l Ass’n of Criminal Def. Lawyers). Expansive mens rea requirements, coupled with the legal doctrine of respondeat superior, mean that almost any crime committed by an individual employee can be imputed to the corporation. 8 For a discussion of changing mens rea requirements in white collar crime, see George J. Terwilliger III, Under-Breaded Shrimp and Other High Crimes: Addressing the Over-Criminalization of Commercial Regulation, 44 Am. Crim. L. Rev. 1417, 1418-19 (2007) (cataloging problems caused by “explosive growth in federal regulatory prosecutions” and how changing legal doctrines have made it easier to prosecute corporations). For a discussion of the history of corporate criminal liability based on the doctrine of respondeat superior, see Harvey L. Pitt & Karl A. Groskaufmanis, Minimizing Corporate Civil and Criminal Liability: A Second Look at Corporate Codes of Conduct, 78 Geo. L.J. 1559, 1570-74 (1990) Government agents leverage these features of modern corporate criminal law as entrées into companies. Their goal: to change corporate culture for the better. Often this takes the form of deferred and nonprosecution agreements that empower court-imposed monitors to fundamentally alter corporate governance and even day-to-day business practices. 9 See Griffith, supra note 4, at 2088 (discussing use of these agreements).
While government agents may mean well, they have triggered a cascade of negative consequences. Because government agents can so easily enter into corporations and affect their inner workings, company leaders have ramped up compliance efforts to ensure those agents are kept out. Companies do this by hiring former prosecutors and regulators to develop cutting-edge compliance protocols—the “Cadillac” programs mentioned above. 10 See Robert C. Bird & Stephen Kim Park, The Domains of Corporate Counsel in an Era of Compliance, 53 Am. Bus. L.J. 203, 217-18 (2016) (describing heated hiring of compliance officers in regulated industries). When those former agents are faced with preventing the very governmental intervention they used to lead, they fall back on their training and expertise as lawyers and investigators, treating compliance as a problem that can be solved with the familiar tools of the criminal law—aggressive enforcement and adjudication. 11 See Information at 6, 10, United States v. Peterson, 859 F. Supp. 2d 477 (E.D.N.Y. 2012) (No. 12-224), http://www.justice.gov/sites/default/files/criminal-fraud/legacy/2012/04/26/petersong-information.pdf (describing Morgan Stanley’s highly criminalized Foreign Corrupt Practices Act compliance program). This is how compliance becomes criminalized. Companies willingly, and with much irony, adopt the precepts of the criminal law to stave off its effects.
The adoption of criminalized compliance regimes, which are now standard in many major American corporations, leads to the second phenomenon. Compliance programs modeled on the criminal law impose unintended behavioral consequences on corporate employees. These consequences stem from how employees facing such programs rationalize their future unethical or illegal behavior. Rationalizations are the key component in the psychological process necessary for the commission of white collar crime—they allow potential offenders to square their self-perception as “good people” with the illegal behavior they are contemplating, thus allowing bad conduct to go forward. 12 Vikas Anad et. al, Business as Usual: The Acceptance and Perpetuation of Corruption in Organizations, Acad. Mgmt. Executive, May 2004, at 39, 40-43; Shadd Maruna & Heith Copes, What Have We Learned from Five Decades of Neutralization Research?, 32 Crime & Just. 221, 228–34 (2005). Research confirms that rationalizations are the “crux of the problem” of white collar crime; without them, such crimes are unlikely to occur. 13 Donald R. Cressey, The Respectable Criminal: Why Some of Our Best Friends Are Crooks, Criminologica, May 1965, at 13, 15.
Criminalized compliance programs fuel these rationalizations, and in turn bad corporate behavior. By virtue of its origins in and fidelity to the criminal law, criminalized compliance imports many of the criminal law’s delegitimatizing features into the corporation—from vague and overlapping rules, to aggressive and onerous monitoring, to inconsistent enforcement and adjudication—now common features of many compliance programs. 14 See Scott Killingsworth, Modeling the Message: Communicating Compliance Through Organizational Values and Culture, 25 Geo. J. Legal Ethics 961, 966 (2012) (“‘[C]ommand-and-control’ oriented [compliance] programs . . . [provide] [t]he explicit message [that] is the same as the message from law enforcement: follow the rules or pay the penalty.”). Employees recognize this illegitimacy and incorporate it into their thought processes, thus creating an environment ripe for rationalizations. 15 Haugh, supra note 6, at 1218. Once rationalizations take hold, there is little stopping an employee from committing an unethical or illegal act, regardless of the compliance protocols in place. 16 See Gresham M. Sykes & David Matza, Techniques of Neutralization: A Theory of Delinquency, 22 Am. Soc. Rev. 664, 666 (1957) (explaining that there is no normative check available because it has been rationalized away). The result is that many compliance programs, by mimicking the criminal law in hopes of reducing employee misconduct, are actually helping to create it.
The sagas of many well-known companies illustrate how all of this operates, but focusing on a company referenced above, Morgan Stanley, is helpful. Under the guidance of a former prosecutor-turned-head of the bank’s Anti-Corruption Group, Morgan Stanley’s Foreign Corrupt Practices Act compliance program includes regular surveillance of client and employee transactions, random audits of selected personnel, pretextual phone calls to verify transactions, and criminal background checks of deal partners. 17 Information at 5-6, 9-10, United States v. Peterson, 859 F. Supp. 2d 477 (E.D.N.Y. 2012) (No. 12-224), http://www.justice.gov/sites/default/files/criminal-fraud/legacy/2012/04/26/petersong-information.pdf. These tactics are now considered industry best practices after the DOJ awarded the company a rare public declination when one of its executives paid bribes to a Chinese official to secure a real estate deal. 18 See Scott Cohn, Ex-MS Banker in China Bribery Case: My Side of Story, CNBC (Aug. 16, 2012), http://www.cnbc.com/id/48693573 (reporting that the Justice Department holds up the case as an example).
Yet this rigorous, seemingly state-of-the-art compliance regime—a “Cadillac” program if there ever was one—neither prevented the underlying wrongdoing, nor the government intervention that followed. More importantly, it likely fueled the very behavior it was meant to eliminate.
While Morgan Stanley’s FCPA compliance program was touted by the company and the government as “rigorous . . . smart, and responsible,” 19 Press Release, Dep’t of Justice, Assistant Att’y Gen. Lanny A. Breuer Speaks at the New York City Bar Association (Sept. 13, 2012), http://www.justice.gov/opa/speech/assistant-attorney-general-lanny-breuer-speaks-new-york-city-bar-association. a close review of the circumstances reveals otherwise. The offending executive violated anti-bribery laws partly because he was angry at the bank for requiring him to divest an interest in a real estate deal that preexisted his employment. 20 Cohn, supra note 18. While the executive’s thinking was certainly misguided, it demonstrates a clear “[d]enial of the [v]ictim” rationalization. 21 Sykes & Matza, supra note 16, at 668. By viewing the bank’s actions as inappropriate, the executive saw it as deserving of the harm caused by his wrongdoing. 22 See Cohn, supra note 18.
Critically, Morgan Stanley’s criminalized compliance approach appears to have fostered the executive’s rationalization. According to employees, the bank’s FCPA compliance program was more aggressive than industry norms at the time, and it conflicted with how Morgan Stanley approached compliance in other areas.
Employees report that there was “very little” FCPA compliance prior to the government’s investigation—compliance was lax in some areas, but strict in others.
This appears to have led to an overall perception by employees that the program lacked coherence, which created space for the executive to adopt his rationalizations. While this does not excuse the executive’s bad behavior, it demonstrates that a compliance program without true legitimacy in the eyes of employees creates opportunities for them to rationalize unethical or illegal behavior. Such a compliance program, which is concerned more with aggressive enforcement than cultivating positive employee norms, lessens not only the legitimacy of the compliance program, but of the entire firm.
Wells Fargo may provide the most recent example of a comprehensive yet behaviorally flawed compliance program that is destined to fail. Details of how the bank’s ethics and compliance program operated are still emerging, but preliminary reports suggest an environment that fostered employee rationalizations and led to illegality. Michael Corkery & Stacy Cowley, Wells Fargo Warned Workers Against Sham Accounts, but ‘They Needed a Paycheck’, N.Y. Times: DealBook (Sept. 16, 2016), https://nyti.ms/2cLtgcn. On the heels of Wells’ record-breaking $185 million settlement agreement with the Consumer Financial Protection Bureau, a number of former employees have come forward reporting that despite extensive training on the company’s code of conduct and banking regulations, and even explicit messages from headquarters to “not create fake bank accounts,” an aggressive sales culture “honed over decades” overrode any explicit compliance measures. Id. One former personal banker explained that creating fake accounts “was like jaywalking”—everyone did it because “[t]hey needed a paycheck.” Id.
Now, after bruising Congressional hearings and the initiation of multiple government investigations, the bank appears to be taking a hard line on compliance. It has deployed numerous “risk professionals” in an effort to “stamp out the illegal activity,” fired over 5,000 employees, and eliminated its most aggressive sales incentive structures. Id. But the question remains whether the company will fall into the criminalized compliance trap going forward, ensuring another compliance failure in the future, or will reimagine its approach.
Unfortunately, Wells has been here before. An October 2000 news story titled “Compliance Overkill at Wells Fargo?” reported that regional managers were digging through employees’ briefcases and trashcans looking for compliance violations. Compliance Overkill at Wells Fargo?, Wealth Mgmt. (Oct. 1, 2000), http://www.wealthmanagement.com/practice-management/compliance-overkill-wells-fargo. It is hard to know whether this earlier approach to compliance led to the current failures, but one thing is clear: Wells’ understanding of the actual impact its compliance program is having on employees has not changed much in the past fifteen years.
II. “Cadillac Compliance” as Behavioral Compliance
So what are companies to do? The criminal law, aided by prosecutors, regulators, and compliance professionals who draw heavily from it, is encouraging a compliance approach that fosters the very behaviors it is intended to prevent. Is there a way for companies to get out of this compliance catch-22?
The short answer is yes, but it requires a fundamental shift in corporate thinking. If companies are sincere in their intentions to build an effective compliance program, they need to take a lesson from the namesake of the “Cadillac” programs they are trying to construct. What originally made the Cadillac brand so successful, what established it as a “Standard of the World,” was an aspiration to engineer the finest luxury automobiles for its customers. 26 The Magnificent Series 70 Eldorado Brougham by Cadillac, Notorious Luxury, (Nov. 18, 2015, 5:19 PM), https://notoriousluxury.com/2015/11/18/the-magnificent-series-70-eldorado-brougham-by-cadillac.
A true “Cadillac compliance” program does the same. It ignores the standard wisdom of compliance consultants and former regulators, focusing not on how the government will react to a compliance initiative, but on how corporate employees—the “customers” of compliance programs—will be impacted. This approach inherently considers the behavioral implications of a compliance program, particularly how company policies might foster or defeat employee rationalizations, the behavioral lynchpin of corporate crime. In other words, companies must stop crafting compliance programs that mimic the criminal law, and instead craft them around the employees those programs are intended to reach.
Here are three steps companies can take to begin the process. First, companies need to hire behavioral specialists or develop them in-house, add them to the compliance team, and empower them to effect change. In order to create a compliance program that takes advantage of behavioral insights instead of falling prey to them, the entire organization must understand the key takeaways from current research. For compliance personnel this knowledge may be gained by taking deep dives into the latest empirical studies conducted in the fields of behavioral ethics, behavioral economics, moral psychology, and even criminology. 27 See, e.g., Behavioral Business Ethics: Shaping an Emerging Field 3-10 (David De Cremer & Ann E. Tenbrunsel eds., 2012) (collection of articles regarding cutting-edge behavioral ethics topics). For busy executives, reading popular books on decisionmaking and dishonesty authored by serious researchers may suffice. 28 See generally Dan Ariely, The (Honest) Truth About Dishonesty: How We Lie to Everyone—Especially Ourselves 1-9 (2012) (providing cutting-edge research regarding why we make ethical and unethical decisions); Richard H. Thaler & Cass R. Sunstein, Nudge: Improving Decisions About Health, Wealth, and Happiness 81-83 (2008) (demonstrating how “choice architecture” can be used as a policy tool to steer decision making and maximize welfare). Other employees might benefit most from roundtable discussions focused on well-known behavioral case studies. Regardless of how the information is delivered, creating a behavioral compliance curriculum gives all members of an organization insight into their ethical decisionmaking process. 29 Timothy J. Lindon, Crediting the Behavioral Approach, Compliance & Enforcement (July 20, 2016), https://wp.nyu.edu/compliance_enforcement/2016/07/20/crediting-the-behavioral-approach. This serves as the backbone of any behaviorally cognizant compliance program.
Second, companies should adopt behavioral compliance best practices in place of command-and-control, criminal law-driven systems that erode legitimacy. The key here is to start small and measure results. Once a behavioral compliance practice demonstrates a positive impact, it can be expanded, further measured, and refined if misalignments occur. This process is not foolproof; understanding and calibrating precise behavioral impacts is notoriously difficult and quantifying the benefits of any new compliance approach is similarly challenging. 30 See Griffith, supra note 4, at 2105-06 (explaining the difficulty of measuring compliance effectiveness). Yet, if compliance officers take a measured, research-driven approach, the end product will not only be more effective in reducing unethical and illegal employee behavior, it will also be sustainable and self-fulfilling—something criminalized compliance regimes can never achieve. 31 See infra Part I.
One of the simplest ways behavioral insights can be harnessed to increase compliance is to ask employees to sign an ethics-focused certification before they engage in behavior that has historically created compliance risk, e.g., filling out an expense report, transferring client funds, or meeting with government officials. Studies show that reminding employees of morality before they act significantly reduces dishonesty. 32 Ariely, supra note 27, at 39-53 (explaining the impact of asking participants to recall moral standard before engaging in behavior with an ethical dimension). Adding a certification where one had not previously existed, or simply requiring certifications before rather than after actions are taken, makes a real difference in employee behavior. These “just-in-time” compliance measures range in cost and sophistication—everything from a signature on a printed form to a buzz from a wearable device—but all have shown measurable results for organizations such as Bank of America and the IRS. 33 See id. at 45-53 (discussing results of experiment with an IRS tax form that improved the agency’s collection rates); Timothy L. Fort et al., The Angel on Your Shoulder: Prompting Employees to Do the Right Thing Through the Use of Wearables, 14 Nw. J. Tech. & Intell. Prop. 139, 146 (2016) (discussing Bank of America program that monitored employees by wearable sensors, finding that social employees were more productive).
Another simple behavioral best practice is for companies to encourage employee storytelling. That might sounds like trite advice for sophisticated companies, but storytelling in its many forms is essential to compliance. Stories of ethical employee behavior told by high-level managers educate employees as to applicable laws and regulations in a way that makes the abstract concrete and accessible. 34 Killingsworth, supra note 14, at 983. More importantly, stories of ethical dilemmas the company faced and triumphed over reinforce positive corporate values. Research shows that compliance messaging is most effective when it conveys that positive behaviors are “widely performed and roundly approved” within an organization. 35 Robert B. Cialdini et al., Managing Social Norms for Persuasive Impact, 1 Soc. Influence 3, 13 (2006). This is partly because such messaging contradicts rationalizations that would justify unethical behavior in the minds of employees who compare it to the bad acts of others. 36 See Cressey, supra note 13, at 15-16 (arguing that rationalizations can be “effectively blocked” to impede white collar crime).
Best Buy, for example, hosted a public website where its Chief Ethics Officer related recent and emerging ethical dilemmas within the company. The web posts discussed how anonymous employees considered ethics and compliance issues, sought advice from superiors and coworkers, possibly took a wrong turn or two, but ultimately resolved the issue positively. 37 Killingsworth, supra note 14, at 983. Aside from conveying company rules and norms, what made this type of storytelling so compelling and unique was its incorporation of behavioral insights. Instead of lecturing employees or creating more rules to govern their conduct, the stories wove in “accessible commentaries on recent research in the behavioral science of ethics,” offering brief lessons on reoccurring ethical traps such as conflicts of interests, the problem of slippery slopes, or the dangers of the “everyone does it” rationalization. 38 Id. Best Buy replaced the tools of criminalized compliance with ones focused on the behavioral realities of its employees.
Companies could consider even more immersive uses of storytelling to bolster their compliance programs. For example, a company’s compliance initiatives could include periodic small-group employee meetings in which employees—not compliance personnel—trace out the harms of typical white collar crimes, discuss the logic of an industry regulation applicable to their business, or explain how market failures perpetuated by sharp business tactics produce inferior products. When rationalizations arise during the discussions, they should be identified and explored (here, compliance personnel input is likely helpful). The goal is to raise awareness of patterns of self-exculpatory reasoning and flag them as suspicious, so that employees will be less likely to internalize that reasoning and use it when presented with an opportunity to act unethically. 39 Joseph Heath, Business Ethics and Moral Motivation: A Criminological Perspective, 83 J. Bus. Ethics 595, 611 (2008). By allowing employees to do the work of preemptively “reversing” rationalizations, a compliance program not only combats the psychological mechanisms that allow corporate crime, but it also builds legitimacy with employees. 40 Id.; see also Timothy L. Fort, The Vision of the Firm 231, 233 (2014) (discussing research suggesting we are hardwired to tell ethical stories and build trust in small groups).
Although not aimed specifically at combatting rationalizations, Johnson & Johnson has for years held “Credo Challenge Sessions,” in which employees discuss in small groups their perspectives and commitments to J&J’s famous responsibility-focused credo. 41 Leadership Challenges at Johnson & Johnson, Knowledge@Wharton (Jan. 9, 2014), http://knowledge.wharton.upenn.edu/article/alex-gorsky-leadership-moments-jj. Johnson & Johnson’s chairman agreed that the roughly 300-words-long credo boils down to the following: “We’re here on earth to serve people who need our products, great community, great employment setting and then we work for shareholders as well.” Id. Bob Kniffin, a former Vice President of External Affairs for the company, has said that it was these challenge sessions, not the credo itself, that allowed the company to so effectively manage the Tylenol crisis in the late 1980s. 42 Carter McNamara, Complete Guide to Ethics Management: An Ethics Toolkit for Managers, Free Mgmt. Libr. http://managementhelp.org/businessethics/ethics-guide.htm (last visited Apr. 4, 2017).
Third, companies must ensure their incentive systems align with compliance goals. The most effective compliance comes from intrinsic employee motivation—building a culture in which all members of the organization want to act ethically because it is the right thing to do for the company, not because it satisfies a regulation or because conduct is being monitored. 43 See Lynn Sharp Paine, Managing for Organizational Integrity, Harv. Bus. Rev., Mar.–Apr. 1994, at 106, 107 (arguing compliance is most effective when it ceases to be a constraint and becomes “the governing ethos of an organization,” fostering legitimacy organization-wide). Building intrinsic motivation is less about monetary incentives and more about creating a feeling of shared value. Studies show that when managers’ “tone at the top” communicates high levels of trust to employees, which is demonstrated by allowing them to work autonomously and with purpose, those employees feel intrinsic motivation. 44 Johann Graf Lambsdorff, Preventing Corruption by Promoting Trust: Insights from Behavioral Science 11 (Univ. Passau, Working Paper No. 1435-3520, 2015), https://www.researchgate.net/publication/286441815_Preventing_Corruption_by_Promoting_Trust_-_Insights_from_Behavioral_Science; see also Adam Grant & Jitendra Singh, The Problem with Financial Incentives—and What to Do About It, Knowledge@Wharton (Mar. 30, 2011), http://knowledge.wharton.upenn.edu/article/the-problem-with-financial-incentives-and-what-to-do-about-it. It turns out that praise and expressions of gratitude motivate more than money, and social group interactions motivate individual behavior significantly. 45 Adam M. Grant & Francesca Gino, A Little Thanks Goes a Long Way: Explaining Why Gratitude Expressions Motivate Prosocial Behavior, 98 J. Personality & Soc. Psychol. 946, 953 (2010).
Instead of defaulting to monetary rewards, companies need to think creatively about incentives to encourage ethical employee conduct. Boeing, for example, prominently profiled a marketing manager in its company newsletter who immediately alerted the legal department when she received an inadvertently delivered packet containing a competitor’s proprietary information. 46 See Joseph E. Murphy, Society of Corporate Compliance and Ethics, Using Incentives in Your Compliance and Ethics Program 29 (2011), http://www.corporatecompliance.org/Portals/1/PDF/Resources/IncentivesCEProgram-Murphy.pdf. A glowing personal letter from the CEO soon followed. Lockheed-Martin instituted an annual Chairman’s Award given to employees who exemplified the company’s ethical standards. 47 Id. at 30. More formal ethics-focused incentives include considering ethical leadership in performance reviews, compensation, and promotion decisions. While companies must be mindful of unintended behavioral consequences, namely the reframing of ethics as an economic proposition, thoughtful use of incentives can structuralize ethics and compliance within an organization and signal to the entire company its critical importance.
Getting corporate compliance right is far from easy. Companies, under pressure from government agents and facing resource constraints, have adopted what they see as the most effective approach—criminalized compliance programs mimicking the criminal law. Unfortunately, styling compliance after a criminal investigation is counterproductive because it fosters the very behavior at the center of corporate wrongdoing. Once that is understood, companies can take steps to remake their compliance programs; however, that represents a significant reconceptualization of the compliance function for many companies. But those steps also represent a path toward truly effective corporate compliance—behaviorally cognizant programs that may actually achieve the compliance goals set forth by corporate America: eliminating employee wrongdoing and the resulting government intervention in business. If a compliance program meets these goals, it will rightfully be called a “Cadillac” program, one that indeed serves as a “standard of the world.” 48 Cadillac: A New Standard?, Economist (Sept. 27, 2014), http://www.economist.com/news/business-and-finance/21620512-general-motors-hoping-boost-its-profits-expanding-cadillac-luxury-vehicles-new.
* Assistant Professor of Business Law and Ethics, Indiana University, Kelley School of Business; Jesse Fine Fellow, The Poynter Center for the Study of Ethics and American Institutions; 2011–2012 Supreme Court Fellow, Supreme Court of the United States.