Table of Contents
How the Organizational Guidelines Work: An Overview
Sharing "Best Practices" Information
Evolving Compliance Standards: New Models and Proposals
COMMISSIONER BUDD: Now, let's move to the formal part of our program and get things rolling. We thought it was important to offer you a quick grounding on how the guidelines actually work so that you have something of a context for thinking about the presentations that will follow. We are very fortunate to have two excellent presenters. I am going to keep with my own words and make their biographies very brief. Again, you have them before you.
Russell "Rusty" Burress is the first of our presenters this morning. He has been with the Commission for ten years, and during that time he has trained thousands of people in the federal court family, as well as in the legal community. Indeed, he is considered to be a national figure in the criminal justice system.
The other presenter, and she will be starting with Rusty in just a moment, is Julie O'Sullivan. Ms. O'Sullivan is an associate professor at Georgetown Law School where she has been for about a year. Prior to that she held several very important positions, not the least of which was serving as a law clerk for Associate Justice Sandra Day O'Connor of the United States Supreme Court.
With that, I'm going to turn the program over to Rusty and I think you're going to very much enjoy this presentation. Rusty Burress.
MR. BURRESS: The Sentencing Commission believes that an organization that has developed and has maintained an effective compliance program, that is a program that will detect and hopefully prevent violations of law, that a corporation that has done that is a good corporate citizen. Because of being a good corporate citizen, you are going to find out over the next couple of days, I believe, that there are a number of benefits to being a good corporate citizen.
One is that if this program prevented the violation of law, then, of course, your organization will not face a criminal conviction and will not face the penalties that go along with a criminal conviction. But even if there has been a criminal conviction, the guidelines still recognize and the Sentencing Commission still recognizes the good corporate citizen and the efforts the good corporate citizen has made in establishing and maintaining this effective compliance program. The way they recognize that is in lesser fines being called for under the guidelines for the organization.
So what Julie and I are going to do is to talk with you about how the guidelines are applied and how the guidelines recognize in their application this effective compliance program and call for lesser guideline fines because of this effective compliance program.
Now also, as we're looking at guideline application, we will point out other areas that are mitigating areas or factors that, if they're present in your organization, can result in lesser guideline fines. While we're looking at these mitigating factors that will reduce the guideline fines, we will also point out to you some aggravating factors, some factors that will increase the guideline fines if those factors are present.
We don't anticipate anyone being a guideline application expert in 30 minutes of discussion of guideline application, but hopefully, if you do leave here, if you ever look at our guidelines in any detail, you will at least have some insight as to what is going on in the guidelines.
Now, I have been talking about guideline fines, how we will calculate a guideline fine, and I have mentioned these aggravating and mitigating characteristics under guideline application. But there is really sort of a distinction between, say, the organization's culpability and the organization's responsibility under the guidelines and under the statute, and, Julie, what is that distinction and exactly what is the applicability of the organizational guidelines to an organization?
MS. O'SULLIVAN: Let me start with the basics. The organizational guidelines can be found in Chapter Eight of your Guidelines Manuals. The Commission has xeroxed it for you. Chapter Eight is in the last section of your booklet, so the entirety of the organizational guidelines is available for you. What we're going to do is just go through and generally sketch out the high points.
Now, Chapter Eight applies to organizations, and organizations are defined as persons who are not individuals. That means they're not living, breathing human beings. Chapter Eight will apply to corporations, unincorporated associations, partnerships, pension funds, and unions. It will apply to basically every organization you can think of.
Say you have an organizational defendant. If there is an individual employee who is also convicted, what will apply to that individual are Chapters One through Seven, which are the individual guidelines. They will be dealt with separately.
Now, just to be very basic so everybody's on the same page, the organizational guidelines do not change the standard for the imposition of criminal liability. Generally speaking, corporations can be vicariously liable for the actions of their agents or employees within the scope of their employment and for the benefit of the corporation. The guidelines don't change that.
What the guidelines do do is structure the judge's discretion in assessing sentence after the organization has been convicted. Congress, by statute, set forth the maximum penalty that can be imposed on an organization for a particular count. What the guidelines do is tell the judges what narrow fine range within that larger statutory maximum they must choose, and in most cases, the judge is required under the guidelines to impose the fine on the corporation within the range mandated by the guidelines, absent extraordinary circumstances.
And if the individual guidelines are any precedent, then what will happen is in most cases, the fine imposed on an organization will be within the range dictated by the guidelines. We are going to tell you how it is that you arrive at the guidelines range. Rusty, do you want to start that off?
MR. BURRESS: Okay. I want to introduce you to some of the general principles of the organizational guidelines in Chapter Eight. We are going to be using some overheads here, but in your Section One tab you have all these materials that we're using as overheads, so these are in your materials.
We're looking at the one that has the typewritten page number one at the bottom, the general principles that the Commission has in these organizational guidelines back in Chapter Eight of the guidelines manual. The first general principle is to remedy the harm. The Commission says if the offense has resulted in some harm, let's remedy that harm. Generally, that is going to occur by an order of restitution. There's going to be a victim in the offense. There's going to be a monetary loss, perhaps, and there's going to be an order of restitution to make the victim whole once again. Generally, that's how remedying the harm will occur.
You may also have remedying the harm occur through, say, a remedial order, to go in and remedy the harm that has occurred, have the organization do something that will remedy the harm or to lessen the likelihood of future harm or risk of harm from this offense that has occurred.
You also can have a community service order, ordering the organization to do some type of community service that will remedy the harm. So there are a variety of ways including an order of notice to victims that can be achieved under a guideline sentence that will try to remedy the harm in an offense.
MS. O'SULLIVAN: You may want to note that it may be called remedying the harm, but a restitution order of, say, $10 million, is going to seem awfully punitive to some organizations. So it is in theory remedying the harm, but it may hurt.
MR. BURRESS: Now, we see where the Commission goes in to penalize the organization - where the punishment occurs in guideline sentencing - is under the second general principle here: the second general principle being "penalize the organization through fines." That's where the penalty occurs. And we say fines based on the seriousness of the offense and the culpability of the organization, and we're going to come back to that in a little bit and see exactly how those fines are calculated. That's where we intend to spend most of our time up here with you over the next few minutes.
I will make the note that in those instances, and I dare say that none of your organizations that are represented here today would be one of these instances, but in those instances where the organization is determined to be a criminal purpose organization, that is, an organization that's operating primarily through criminal means or primarily for a criminal purpose, then the guidelines say that the fine imposed on such an organization should be sufficient to divest this organization of their net assets.
In other words, try and put them out of business if, indeed, it's a criminal purpose organization, but I don't think we're going to be dealing with that and that's why we're going to focus with you people on how fine range calculations will occur for your types of organizations.
The third principle is the use of probation to implement another sanction or to prevent future criminal conduct. Again, probation is not given as the punishment as such, but oftentimes probation will be given in order to carry out some other aspect of a sentence. If the court orders restitution or the court orders a remedial order or a fine has been ordered and those things haven't been immediately done, then quite likely there will be an order of probation so the organization will be under the jurisdiction of the court in carrying out these requirements of the court's order. So we have probation that is done primarily for that.
Now, one note to you, because we are going to try to encourage you, if you do not have an effective compliance program, to come up with one: if an organization comes into federal court having been convicted of an offense and that organization does not have an effective compliance program at the time of sentencing and the organization has 50 or more employees, then the guidelines require that the organization be placed on probation to come up with an effective compliance program. So it's a sure ticket to get placed on probation if you do not have an effective compliance program when coming into court.
Now, what we would like to do is go back here and focus on this second general principle, which is penalizing the organization through fines, and we say fines based on the seriousness of the offense and the culpability of the organization. Julie has come up with what I think is a very descriptive overhead here that shows exactly what this fine calculation is all about. Julie, do you want to explain to us how this fine will be established?
MS. O'SULLIVAN: I should note that some sections of Chapter Eight apply to every federal felony and Class A misdemeanor. The restitution provisions and the probation provisions apply to every federal felony and Class A misdemeanor. The fine provisions, however, apply only to certain federal offenses, and those offenses are specified in your Guidelines Manual.
Basically speaking, the fine calculation provisions do cover about 85 percent of federal cases. Notable exceptions to the application of the fine provisions are environmental offenses, national defense export violations, and food and drug violations. You need to make sure that the criminal violation that you're dealing with is covered by the fine calculation provisions.
Let's proceed to how you figure out the fine range within which a judge, absent extraordinary circumstances, must sentence the criminal defendant to a fine. Conceptually, the fine range is the product of the seriousness of the offense and the culpability of the organization. Now, the seriousness of the offense is represented by a base fine. The base fine can be computed in a number of different ways, but in most cases, the base fine is the loss caused by the offense.
Assume you have a federal contracting fraud and the government is out $10 million as a result of that violation. That's going to be your base fine. The Sentencing Commission has determined that that, in their view, represents the seriousness of the offense. So you've got a base fine, say, of $10 million.
You want to end up with a range, so you're going to multiply the base fine by a minimum multiplier to end up with the bottom of the range and a maximum multiplier to give you the top of the range. For example, your range could be $20 to $40 million at the end. How do you know what multipliers to apply?
The Commission has isolated certain factual circumstances that it believes are relevant to determining the culpability of a corporation. It has assessed points that relate to those factors. One goes through the factors, figures out whether they're applicable in the organization's case, adds up the points - say five points for this, three points for that. You end up with what's called a culpability score, for example ten points.
You look on a chart which we've given you on page nine of your handout. We won't go through it independently, but there's a chart that basically tells you for a culpability score of ten, you're going to have a minimum multiplier of two and a maximum multiplier of four. You apply the multipliers to your base fine. Conceptually you are multiplying culpability by seriousness.
In our example, you have a base fine of $10 million times a minimum multiplier of two and a maximum multiplier of four, and you end up with a fine range of $20 to $40 million, within which the judge, absent extraordinary circumstances, must sentence the defendant.
Now, there are certain grounds upon which a court can depart from that range, but again, given the individual guidelines experience, that's not going to happen very often.
You should also be aware that in certain circumstances, the judge can sentence outside the range if the fine range would essentially jeopardize the continuing viability of the corporation, that is, if the fine is too large. But in most cases the organization is going to end up paying a fine within the fine range yielded by the formula.
We are going to be concentrating on the culpability score because it is in this area that the organization can do the most right now to affect any future liability it may have, most notably by instituting an effective program for detection and prevention of criminal conduct. An effective program will give you credits that are going to make a very large difference in this culpability equation. Rusty, do you want to go on?
MR. BURRESS: Because Julie has a good example as to the dollar impact that these culpability points will have on an organization, let's just quickly look at these culpability factors, and we are going to come back and look at a couple of them in detail that are somewhat difficult, perhaps.
But for culpability calculations, just the mathematics of it, everyone starts with five culpability points. That's the starting point. Then there are factors, aggravating factors that may increase this culpability score from five points going up, and it potentially can go up as high as 17 points. And the mitigating factors that are subtracted from these five points that could run the culpability score down. It could potentially take you down to like a minus three. So these factors are going to decide what the multipliers are going to be.
Now, you start with five points and then these following are aggravating characteristics, that if they're present in the offense, the Commission says, this organization is more blameworthy than an organization that didn't have these characteristics. The first is the level of authority and the size of the organization. Basically, the Commission says, if you have someone who is in the hierarchy of an organization and that person was involved in the offense or somehow tolerated this offense occurring, then that organization is more culpable. And then if you have an individual in the hierarchy, depending on where they are in the hierarchy and the size of this organization, these two things in conjunction will increase the culpability points anywhere from one up to five additional culpability points. In other words, you could go from five up to a ten in some instances based on that factor alone.
The next factor is the prior history, prior history meaning did this organization have a previous criminal adjudication, civil or administrative adjudication for similar conduct, because if they did, this organization is more culpable than an organization that didn't have this prior record. And so that will increase the culpability points by one or two, primarily based on the recency of this prior adjudication.
This federal offense that the organization is coming into federal court for - is that somehow a violation of a court order or an injunction, or were they on probation and they violated a condition of probation by committing this offense? If so, it's a more culpable organization and that organization will pick up one or two additional culpability points.
And then obstruction of justice. Did somehow this organization obstruct the investigation or the prosecution of this offense? And if that's the case, three culpability points are picked up for that characteristic. I'm sure that it will be mentioned further on in the program, but this is sort of what they refer to as the "stick." In other words, this is where you are going to get punished, the organization gets punished for these characteristics.
But there's also the "carrot," and that's what these next couple of characteristics are, the mitigating characteristics, one being the effective program to prevent and detect violations of law that we've been mentioning already. That subtracts three culpability points, and we're going to talk a lot more about that over the next couple of days.
And then the final characteristic, the organization reporting the offense, cooperating with the authorities in the investigation and accepting responsibility, which often translates into a plea of guilty. Those things can reduce it by five additional culpability points.
So I mentioned you could get the culpability points high and you could get them low, depending on these aggravating or mitigating characteristics. Now Julie, do you want to give us an example, a dollars-and-cents example as to where this culpability may lead?
MS. O'SULLIVAN: This overhead is intended to give you a fairly graphic example of how much these factors can matter to an organization. This is my case of a $10 million contracting fraud. The base fine is $10 million because that's the loss that the government incurred here.
These represent three different assumptions. Assumption one, is ten or more points. Let's say you start, again, with your base of five. Say this particular organization also obstructed justice and acted in violation of a prior order. So they have another three points for obstruction, and two points for violation of an order. That's an additional five points. They end up with ten points for their culpability score.
That translates into multipliers that are going to give you a fine range of $20 to $40 million. Now, you have to recognize that this is in addition to restitution. This is just the punitive aspect. The organization would have been subject to a $10 million restitution order on top of this.
Case two: assume you start off with a base of five and there are no mitigating or aggravating factors. This organization in this circumstance is going to pay a fine of between $10 and $20 million.
Case three: you start off with a base of five points. Say you've got an effective compliance program. That's going to give you a credit of three points. Say, too, you cooperate and accept responsibility. Your culpability score will be zero. The organization's fine is going to be between $0.5 and $2 million. You can see what an enormous difference ten points makes.
What I want to also emphasize is that a culpability score of zero is possible. A score of zero is attainable, especially if one has in place, at this point in time, an effective program to prevent and detect criminal violations, because that will give you an automatic three point credit.
MR. BURRESS: Time is growing short, but we do want to just go back and look at a couple of these culpability factors in just a little bit of detail here over just the next couple of minutes so you're aware as to what these overheads in your materials actually mean. Going back to the first one we're looking at, the level of authority and size of an organization. Again, the level of organization is going to drive, to some degree, what this culpability point assessment will be.
This is assuming in this scenario here, that you have 10,000 employees in the company. If the person who committed the offense or tolerated this offense is, say, the CEO of this company, that's going to be five additional culpability points.
But in the same organization, if the person who is involved in the offense or tolerated the offense was, say, a sales manager, someone who wasn't in a policy making position or in control of the organization but had substantial discretionary authority in this position, then you're going to get two culpability points for that individual.
But now if you have an individual who's not involved, say, in the hierarchy of the organization, say just a sales representative, there will be no culpability point increase in that situation. So the effect on the culpability score by the level of authority is quite significant.
The size of the organization is significant, too. Assuming we have the CEO in each of these scenarios but the size of the organization varies, and we have, say, 10,000 employees. We just saw how that would give us five additional culpability points. But if the organization is smaller, say 200 employees, that would give three additional culpability points. Or a very small organization, say with 25 employees, that would get one additional culpability point. So those two things work in conjunction, both the level of authority and the size of the organization.
MS. O'SULLIVAN: When you're focusing on this factor, you should be aware that the guidelines do not only examine the level of authority of persons actually involved in the offense. They're also examining the level of authority of those persons who tolerated, condoned, or turned a blind eye to the offense, and the pervasiveness of that willful blindness within the organization.
So if a sales representative is the person that actually committed the offense, but persons at higher levels of authority basically condoned it or tolerated it, the organization is going to be assessed more points.
MR. BURRESS: On page seven of your materials we list for you the minimum requirements for having an effective compliance program. In other words, if you want these three culpability points removed, you have to meet the minimum requirements for an effective compliance program.
That means that's what you have to do to get the three culpability points removed. However, you may find that your organization will benefit more by having more than the minimum requirements. Maybe going beyond the minimum requirements is what you need to prevent the violations from occurring. It is certainly better to have no fine than to have a reduced fine.
The final characteristic that we want to look at, and I'll let Julie speak to, is the self-reporting, cooperation, and acceptance of responsibility where you can get a lot of culpability points removed.
MS. O'SULLIVAN: This is another area where the organization can get a lot of credit. You can get five points for self-reporting, but self-reporting is a fairly onerous requirement. You need to act prior to an imminent threat of disclosure of the violation or to a governmental investigation. So before you get the subpoena, and within a reasonable time of finding out about the violation, you must report it to the government. You must also cooperate with the investigation, and there's a lot of discussion as to exactly what cooperation entails, and you must accept responsibility, which usually translates into pleading guilty.
You have to do all those things to get five points. To get two points, you just need to cooperate and to accept responsibility, meaning plead guilty. To get one point, you need to accept responsibility.
You should be aware that there is a certain dove-tailing between these credits. For example, you are more likely to be in a position to claim these points for self-reporting if you have an effective program in place. If you have an effective program in place, presumably the organization will have detected the offense in advance of a governmental investigation and will be in a position to remedy and report it at that point.
MR. BURRESS: We are going to be with you all for today and tomorrow, so if you have any questions in particular, please feel free to talk to us. We look forward to spending time with you during the course of the symposium and thank you all for coming.
Win Swenson, Deputy General Counsel/Legislative Counsel, U.S. Sentencing Commission
COMMISSIONER GOLDSMITH: Good morning. My name is Michael Goldsmith. I am a member of the U.S. Sentencing Commission. The next panel is concerned with "The Organizational Guidelines' 'Carrot and Stick' Philosophy, and Their Focus on 'Effective' Compliance." The panel moderator is Win Swenson, who is Deputy General Counsel at the Commission.
Win was responsible for the staff group that developed the basis for the organizational guidelines. He has written several works on the guidelines, including a treatise on organizational sentencing and a series of law review articles on guidelines and guidelines implementation. He continues to oversee our staff group charged with studying organizational sentencing. Win?
MR. SWENSON:
I. INTRODUCTION
A. The previous presentation (Burress and O'Sullivan) summarized key features of the organizational guidelines. Implicit in these guideline features is a "carrot and stick" structure: companies that 1) fail to take certain actions (e.g., establish strong compliance programs, voluntarily disclose misconduct, fully cooperate in the investigation of the misconduct) and 2) have attributes indicating greater institutional culpability for misconduct (e.g., had senior corporate officials involved in the offense, or had employees obstruct justice) face stiff penalties in the event of a violation. Companies that take the prescribed steps, and do not evince attributes of greater institutional culpability, will avoid onerous penalties should a violation happen to occur.
B. In this presentation, I will attempt to set the stage for those that follow by examining three questions:
1) What is the origin of the Commission's "carrot and stick" corporate sentencing philosophy - and, relatedly, how does this philosophy contrast with prior practice?
2) What were the Sentencing Commission's objectives in establishing the carrot and stick approach?
3) How does an understanding of these Sentencing Commission objectives help one understand the definition of a guideline-qualifying compliance program - i.e., "an effective program to prevent and detect violations of law?"
II. Question One: What Is the Origin of the Commission's "Carrot and Stick" Corporate Sentencing Philosophy, and How Does this Philosophy Contrast with Prior Practice?
A. Prior to the guidelines the practice of sentencing corporations lacked a coherent, consistent rationale.
1) Court decisions demonstrated that judges truly were struggling to find meaningful ways to sanction corporations. See, e.g., United States v. Allegheny Bottling Co., 695 F. Supp. 856 (E.D. Va. 1988) (corporation sentenced to a three-year, suspended term of "imprisonment"), rev'd in relevant part, 870 F.2d 656 (4th Cir. 1989) (tbl.). See also United States v. Missouri Valley Constr. Co., 741 F.2d 1542 (8th Cir. 1984) (vacating a condition of probation that required corporate defendants to contribute money to a charitable organization); United States v. John Scher Presents, Inc., 746 F.2d 959 (3d Cir. 1984 ) (vacating condition of probation that corporate defendants use promotional business to raise money for charities designated by the probation office); United States v. Wright Contracting Co., 728 F.2d 648 (4th Cir. 1984) (vacating sentence of probation that imposed charitable contributions); United States v. Mitsubishi Int'l Corp., 677 F.2d 785 (9th Cir. 1982) (upholding a sentence requiring three companies to lend high-level executives' service to charity for one year without compensation and to pay contributions to the same charity); United States v. Arthur, 602 F.2d 660 (4th Cir.) (upholding requirement that white collar defendant accept full-time employment without salary in a charitable organization as part of probation), cert. denied, 444 U.S. 992 (1979); United States v. Clovis Retail Liquor Dealers Trade Ass'n, 540 F.2d 1389 (10th Cir. 1976) (vacating sentence of probation that included financial contribution to county alcoholism council); United States v. Nu-Triumph, Inc., 500 F.2d 594 (9th Cir. 1974) (upholding condition of probation requiring company not to engage in the distribution of pornographic material); United States v. Danilow Pastry Co., 563 F. Supp. 1159 (S.D.N.Y. 1983) (requiring bakery companies to donate fresh baked goods to specified charitable organizations).
2) Scholars also disagreed about how best to respond to corporate violations. See, e.g., Kip Schlegel, Just Deserts For Corporate Criminals (1990) (endorsing the application of the"just deserts" theory, which mandates that the punishment reflect the seriousness of the offense, to corporate crime); Michael K. Block & Joseph G. Sidak, The Cost of Antitrust Deterrence: Why Not Hang a Price Fixer Now and Then?, 68 Geo. L.J. 1131 (1980) (arguing that threatening antitrust violators "with exorbitant economic penalties that have only a minimal probability of being enforced" is not the optimal solution); John C. Coffee, Jr., Corporate Crime and Punishment: A Non-Chicago View of the Economics of Criminal Sanctions, 17 Am. Crim. L. Rev. 419 (1980) (arguing that "fines are an inefficient means by which to deter organizational crimes"); Brent Fisse, Reconstructing Corporate Criminal Law: Deterrence, Retribution, Fault, and Sanctions, 56 S. Cal. L. Rev. 1141 (1983) (arguing that the punishment for corporate criminals should not be limited to fines); Richard A. Posner, Optimal Sentences for White-Collar Criminals, 17 Am. Crim. L. Rev. 409 (1980) (arguing that a sufficiently large fine for white-collar crime is socially preferable to imprisonment); Andrew von Hirsch, Desert and White-Collar Criminality: A Response to Dr. Braithwaite, 73 J. Crim. L. & Criminology 1164 (1982) (arguing that "white-collar crimes should have a pyramidal structure of seriousness similar to that of ordinary crimes").
3) Empirical research of corporate sentencing practices conducted by the Sentencing Commission showed that corporate sentencing was in disarray. First, the Commission found that nearly identical cases were treated differently. Thus, there was evidence of disparity in corporate sentencing. Second, while some fines appeared quite high, the average fines were meaninglessly low. By that I mean that fines appeared to be, on average, less than the cost corporations had to pay to obey the law. See Mark A. Cohen et al., Report on Sentencing of Organizations in the Federal Courts, 1984-1987, in U.S. Sentencing Commission Discussion Materials on Organizational Sanctions at 7-11, 21 (tbl. 9). See also Ilene H. Nagel & Winthrop M. Swenson, The Federal Sentencing Guidelines For Corporations: Their Development, Theoretical Underpinnings, and Some thoughts About Their Future, 71 Wash. U. L.Q. 205, 215 (1993). This seemed to raise the specter that corporate crime did in fact "pay," as some had historically claimed.
B. Because the government's approach to corporate crime enforcement was managed by so many distinct entities and personalities, See generally Marshall B. Clinard et al., U.S. Dep't of Justice, Illegal Corporate Behavior 37 (1979) (stating that the regulatory agencies responsible for enforcement do not adequately coordinate their activities). it was difficult to make out what the government's policy was in all this. One thing clear was that the government's corporate crime enforcement policy often got mired in litigation. In very simple terms, you might say that the prevailing system was characterized by "speed trap enforcement" and a "circle the wagons" corporate response.
1) By "speed trap enforcement" I mean that the government's policy toward corporate crime often seemed reducible to that of the many state police forces out on the national highways. State police departments accept the fact that in all of the millions of miles of national highway there are only so many trees, grassy knolls, and dips in the road in which they can hide the limited number of patrol cars they have. So, they pick the best spots, turn on the best radar equipment they can requisition, and wait for unwary lawbreakers that happen by those spots. One can argue that the government engaged in a similar policy toward corporate lawbreakers - substantial resources were put into catching corporate lawbreakers, but little effort was put into providing a meaningful response to these violators. And, just as with speed traps, the enforcement community simply accepted the fact that for every one they nabbed, many more went sailing by somewhere else. See id. at 35-36 (discussing limitations of enforcement efforts).
2) This rather bare-bones enforcement policy toward corporate crime, in turn, fostered a "circle the wagons" response by many transgressing corporations. This was because companies often perceived little incentive to respond any other way.
(a) First, corporate decisionmakers could not know what penalties they would be facing because corporate penalties - just like fines from speeding tickets among the many jurisdictions around the country - were not imposed in any predictable way; they depended mostly on where the transgression occurred and the unpredictable proclivities of individual prosecutors and judges.
(b) Second, there was no guarantee that a company's cooperation with the authorities or its demonstration of extenuating facts - such as significant compliance efforts - would better the company's predicament. It was easy for companies to rationalize in this environment that the safest response was: "circle the wagons" and fight back - that is, litigate - for all your worth.
C. Meanwhile - and surprisingly given the state of things - many representatives of the business community argued that the Commission should ignore corporate sentencing altogether and leave the prevailing system as it was. They cited evidence that Congress's creation of the Sentencing Commission was motivated more by concerns over the sentencing of individuals than of corporations.
D. Given the lack of coherence in prevailing corporate sentencing practices and what most commissioners concluded was a broad, but definite, mandate from Congress to improve sentencing practices where they could, See Nagel & Swenson, supra note 3, at 214. the Commission decided to plow forward.
E. However, concluding that current corporate sentencing was in need of improvement begged an even more important question: could the Commission fashion a corporate sentencing policy that was any better? The Commission ultimately concluded that the answer was yes, but it is critical to recognize that this was not a foregone conclusion. For detailed discussions of the history of how the organizational guidelines were developed, see Nolan Ezra Clark, Corporate Sentencing Guidelines: Drafting History, in Compliance Programs and the Corporate Sentencing Guidelines: Preventing Criminal and Civil Liability 2:01-2:06 (Jeffrey M. Kaplan et al. eds., 1994). See also Nagel & Swenson, supra note 3, at 217-51.
1) The Commission's early forays into the development of organizational guidelines reflected little of the carrot and stick philosophy the Commission ultimately came to adopt.
2) For example, the first model the Commission considered - a so-called "optimal penalties" approach - relied on a formula to produce what theory said should be perfectly calibrated fines. The theory was that these perfectly calibrated fines would, in turn, bring about perfectly efficient crime-avoiding responses by corporations. Under the approach, fines were to be set according to this formula: the optimal fine = monetized harm (i.e., loss) probability of conviction.
3) This approach was really an idealized version of the pre-existing, "speed trap" approach to corporate crime enforcement. It assumed that government policy need be little more than a commitment to catch some corporate wrongdoers and fine them. Fines for the unlucky corporations that were caught would then be set in inverse relationship to the likelihood of being caught, and corporate managers - carefully, coldly scrutinizing these perfectly calibrated fines and concluding that crime could not pay - would rationally choose, instead, to spend resources obeying the law.
4) As it did with a variety of approaches over the next few years, the Commission rejected this approach and moved on. Overall, the process of developing organizational guidelines spanned five years, produced numerous official and informal drafts and generated mountains of public comment.
F. Ultimately the "carrot and stick" approach seemed to emerge from the Commission's acceptance of three facts:
1) Fact One: Vicarious liability means not all corporate defendants are alike - The Commission came to recognize that the doctrine of vicarious criminal liability for corporations operates in such a way that very different kinds of corporations can be convicted of crimes; from companies whose managers did everything reasonably possible to prevent and uncover wrongdoing, but whose employees broke the law anyway, to companies whose managers encouraged or directed the wrongdoing.
2) Fact Two: Responsible corporate actions can foster crime control - The second key fact the Commission came to embrace was that actions by corporate managers can significantly reduce the likelihood and impact of corporate crime. Voluntary disclosure and cooperation by a company mean, for example, that harms caused by the company will be rectified and individuals within the company will be identified and held accountable. Similarly, strong corporate compliance efforts hold out the promise of fewer violations in the first instance and greater detection and remediation of offenses when they occur.
3) Fact Three: Mandatory guidelines can create incentives - Finally, the Commission recognized that because guideline penalties are essentially mandatory and therefore predictable, penalties tied to how well a corporate defendant had undertaken specified crime-controlling actions would create incentives for companies to take those actions. With a guideline system, corporate managers would know - unlike the situation in the pre-guideline era - that their "good citizen" actions would make a difference in terms of the company's exposure to penalties. Good citizen actions, low penalties. Failure to take such actions, high penalties - "carrot and stick."
III. Question Two: What Were the Sentencing Commission's Objectives in Establishing the Carrot and Stick Approach?
A. The Commission had three principal and related objectives in structuring the organizational guidelines as it did.
1) Objective One: Define a model for good corporate citizenship - The first objective was to define a model for corporate action that would exemplify "good corporate citizenship" with respect to the narrow issue of law abidance. The Commission, for example, did not try to draft a broad model for corporate social responsibility. Cf. Edward Petry, Should the Government Create a Corporate Model for Social Responsibility?, 4 Center for Bus. Ethics News (Bentley C., Waltham, Mass.), Summer 1995, at 3.
2) Objective Two: Use the model to make corporate sentencing fair - The second objective was to incorporate this model into the guidelines so that corporate sentencing would be more fair. Penalties would go up and down depending on objective, defined criteria that would reflect a corporation's true culpability for criminal conduct.
3) Objective Three: Use the model to create incentives for companies to take crime controlling actions - The third objective was to create the incentives for good corporate citizenship that I mentioned before - incentives for corporations to undertake crime-controlling measures that, in turn, satisfy the Commission's model of good corporate citizenship.
4) This final objective marks a significant departure from the "speed trap" enforcement policy of the past. Under the new approach, the enforcement policy is something more than just "lie and wait" and impose a fine. The new policy is interactive. Companies take actions to join the fight against corporate crime and government responds by significantly limiting potential penalties for the companies that do. Limited government enforcement resources are augmented by the potentially highly effective efforts of companies themselves.
IV. Question Three: How Does Understanding this Last Objective - i.e., the Goal to Have Companies Themselves Undertake Effective, Crime - Controlling Actions - Help One Understand the Definition of Qualifying Compliance Program under the Guidelines?
A. An understanding of this objective makes clear what the Commission had in mind in defining an "effective" compliance program under the guidelines: the Commission wanted companies to use some reasonable degree of diligence and ingenuity to devise compliance programs that actually work. Put another way, the often-cited seven steps in the definition of an "effective" compliance program should not be viewed as a superficial check-list requiring little analysis or thought.
B. The actual guidelines definition of an "effective program to prevent and detect violations of law" support this interpretation. To begin with the "seven steps" are only one part of a four-part definition. For further discussion of the definition, see Winthrop M. Swenson, An Effective Program to Prevent and Detect Violations of Law, in Compliance Programs and the Corporate Sentencing Guidelines: Preventing Criminal and Civil Liability 4:06-4:08 (Jeffrey M. Kaplan et al. eds., 1994).
1) The definition begins with a paragraph of general criteria that includes what might be called the definition's baseline requirement: a qualifying compliance program is one that has been "designed, implemented, and enforced so that it generally will be effective." U.S.S.G. 8A1.2, comment. (n.(3)(k)) (emphasis added). To establish such a program, the introductory commentary continues, the company must exercise "diligence."
2) The seven steps constitute the second part of the definition. What is especially important to recognize is that the seven steps are drafted somewhat generally. Each step can be satisfied by a range of possible approaches. Finally, the definitional commentary stresses that the seven steps are the "minimum" steps required . Id. Thus, by their own terms the seven steps are drafted to imply a framework, not a highly specific course of action that companies can simply "adopt."
3) The third part of the definition stresses that the particular features of the company - its size, its areas of risk (due to the kinds of business in which it is engaged), and its prior history all must be given close attention in determining the "precise actions necessary" for an effective program. Id.
4) Finally, the definition concludes with a sentence instructing that a company must look to its external environment - to compliance standards met by others in the company's industry and to any relevant regulatory requirements - to ensure that its program measures up.
V. Conclusion
A. The definition of an "effective" compliance program does not envision that the process of developing a creditworthy program will be a passive one. You might say that - within reasonable and appropriate limits - the Commission wanted companies to "struggle" a bit to learn what works, tailor what are found to be generally effective approaches to their own particular circumstances, and continuously evaluate their unique compliance experiences to refine their approaches to compliance.
B. This is all part of the shift in enforcement policy that I described before. At its heart the new policy contemplates a kind of compact between government and the private sector so that our collective response to corporate crime can be made more effective.
C. Thus, over the next two days, we will look at how companies are engaging in this "struggle" to make compliance work, and what mechanisms they are creating to share "best practices" information.
This afternoon's concurrent sessions recognize the inherent flexibility in the guidelines' definition of an "effective" compliance program. In Session A, we will look at new external standards for effective compliance approaches that are being proposed to provide additional guidance to practitioners in this area.
In Session B, we will examine how the guidelines should be read to embrace a variety of approaches that prove effective, even when those approaches are not explicitly mentioned by the guidelines. This session is particularly relevant to those who have questioned whether good corporate conduct is better supported through a values or ethics-based approach than a "law-centered" one.
Finally, during the course of symposium, we will examine whether and how the government's role in this new enforcement approach to corporate crime can be improved.
D. When the Commission drafted the organizational guidelines, it basically took the title of this symposium and divided it into a question and an answer. The question was, "How should we respond to corporate crime in America?" The answer the Commission arrived at was, "Strengthen the 'good citizen' corporation." The implications of this answer are what this conference is about.
Kenneth D. Martin, Senior Corporate Counsel, Sundstrand Corp.
Herbert L. Thornhill, Jr., Deputy Counsel, Bank of Tokyo
John A. Meyers, Senior Vice President and Associate General Counsel, Tenet Healthcare Corp.
Moderator: Jeffrey M. Kaplan, Arkin Schaffer & Supino
Corporate Crime in America: Strengthening the "Good Citizen" Corporation
MR. SWENSON: I'm going to let our panel moderator introduce our next panel, but let me introduce our panel moderator very briefly.
Jeff Kaplan may be known to many of you. By background and training, he's a criminal defense attorney, but you may know him as one of the most prolific, energetic, and I would say creative writers on compliance issues who is out writing on these issues at all. He has written on compliance issues in just a vast range of arenas, everything from banking, insurance, environmental. He is also a co-editor of a book called Compliance Programs and the Corporate Sentencing Guidelines.
We are particularly glad to have him here as a panel moderator, but I should also tell you that he was useful to us not simply to be here to moderate this panel but also in helping us think about how we ought to approach it. So without further adieu, let me turn it over to Jeff Kaplan. Thank you.
MR. KAPLAN: Judge Wilkins, the former Chairman of the Sentencing Commission Commission, has described the organizational guidelines' carrot and stick approach as developmental, an invitation to shield against potential liability with well-designed and rigorously-implemented compliance systems. This panel will explore the compliance system design and implementation experiences of companies from three industries: defense contracting, in the case of Sundstrand Corporation; financial services, in the case of Bank of Tokyo, Limited; and for health care, Tenet Healthcare Corporation.
More than for their business areas, however, these three companies were chosen for this panel because each one's experience suggests in compelling but very different ways the importance of accepting the invitation that Judge Wilkins described.
By the time the organizational guidelines went into effect in 1991, Sundstrand Corporation, due in part to an earlier prosecution and in part to reforms in the defense contracting industry generally, had already implemented a significant compliance program. Nonetheless, using the guidelines' articulation of an effective program to prevent and detect violations of law, the company expanded and improved its program in many respects. One such reform, the "Responsible Executive" feature, became a model for various other companies' compliance programs.
Sundstrand's experience thus illustrates that even for compliance-sophisticated corporations, accepting the Commission's invitation by revising a program based upon the guidelines' articulation of an effective compliance program, what Joe Murphy of Bell Atlantic has called the new standard of accountability, can be most useful.
Although the Bank of Tokyo had instituted compliance policies and procedures before the advent of the organizational guidelines, it had had no traumatic experience to cause it to create a comprehensive program. It did, however, face a wide variety of compliance-related needs arising from various legal and regulatory mandates.
For the bank, the guidelines' articulation of an effective program to prevent and detect violations of law offered what Herb Thornhill calls a road map to coordinate its many compliance efforts. The bank has, indeed, found that using this articulation to structure its overall program provides significant efficiencies and cost savings.
A second lesson, then, is that for those creating as well as those modifying an overall program, the guidelines are a sound place to start. The experience of Tenet Healthcare Corporation offers a very different lesson, a "Ghost of Christmas Yet to Come," if you will, for those who might decline the invitation of the guidelines. Tenet, previously known as National Medical Enterprises, was the subject of the costliest prosecution ever for health care-related fraud.
Although the company's General Hospitals Group had developed a significant compliance program, its separately-managed Specialty Hospitals Group had not; and, as part of its settlement of the government's investigations, the company as a whole was compelled to adopt compliance measures more onerous than those typically found in a truly voluntary program.
Because the guidelines may require organizations to adopt a compliance program as a condition of probation, as was described in our first session today, Tenet's experience with what might be called "forced compliance" suggests just how unhappy living with a compliance program instituted under probation might be.
In sum, then, organizations that fail to develop and implement programs in the spirit of the first two companies featured in today's panel and in the spirit of Judge Wilkins's invitation may someday share the fate of the third.
Tenet's experience, however, may carry lessons for the government as well as the business community. Just as Judge Wilkins cautioned that the guidelines approach is developmental, so John Meyers of Tenet notes that the science of compliance is still very much in its infancy. John's frank criticisms of some of the obligations imposed on Tenet, a quarrel with the means, not the ends, will, I hope, be a part of a process of continuously analyzing what actually works in this new science of compliance.
Finally, a necessary disclaimer. In no way was the selection of these companies meant to serve anything other than an illustrative purpose. No Sentencing Commission approval, condemnation, or anything in between obviously should be assumed from their selection.
MR. KAPLAN: Our first speaker is Ken Martin. Ken received his law degree from Duquesne University School of Law. Prior to working at Sundstrand, he worked at Morton Thiokol with the U.S. Navy's Office of General Counsel, the U.S. Army Communications Electronics Command, and the U.S. Army Judge Advocate General Corps.
He joined Sundstrand in 1985, where he is currently responsible for providing legal advice in support to Sundstrand's business operations, particularly in the field of government contracts, compliance program activities, and intellectual property. He is a National Contract Management Association fellow, currently holding the NCMA position of Functional Director, Legal. Ken?
MR. MARTIN: Good morning, everyone. I have some overheads, if we can start with the first one, please.
Thanks very much for the opportunity to be here today, particularly for the invitation from the Sentencing Commission and Win Swenson and Jeff Kaplan, although I have to say I think it might not be a good idea to be here when the title of the conference is "Corporate Crime in America." What I thought I'd try to do in the time that we have allotted is first give you a little bit of an idea of the backdrop of Sundstrand's compliance program as it existed before the sentencing guidelines came into effect and then what the sentencing guidelines meant or what our reaction to the guidelines was. May I have the next overhead, please?
This first chart gives you a rough organizational idea of what our top-level compliance and ethics structure is. We have consciously chosen compliance and ethics in the sense that we try to cover both compliance with law as well as values and ethical standards.
To try to put a little context into the Sundstrand discussion, Sundstrand is a Fortune 500 corporation. We do about $1.4 billion a year in sales. We have about 10,000 employees. Most of them are in the United States, but we do have a significant number in some overseas locations and some plants and facilities in overseas locations.
We have two segments of the company, an aerospace segment and an industrial segment. Virtually all of the government business is on the aerospace side. The dollars are roughly split 50-50 between the two parts of the company. So one of the things, even though the focus of the discussion is government contracts, from a Sundstrand point of view, in today's environment, we are definitely a lot more than just a government contractor in terms of worrying about compliance issues.
We have a focus on trying to develop international business, which we believe has some obvious compliance implications, and our products range from construction compressors that you may see by the side of the road to the little pumps in your ice machines in the hotel here all the way up to aircraft electric power systems and torpedo motors. So we have a pretty wide range of different types of products and different types of markets that we have to contend with.
Our program, the Sundstrand Business Conduct and Ethics program, originated as a formal program in the late 1980s time frame, and it was principally in the context of a major fraud investigation relating to government contracts. The results of that investigation led to a payback of about $200 million, a three-year probation period, primarily under the auspices of the Department of Defense, and essentially many changes in terms of the senior management of the company and many other managers and employees at lower levels. So a fairly traumatic circumstance led to the establishment of the formal program that we started with.
At the time, nobody exactly knew what a compliance program was all about. The Defense Industry Initiative (DII) began around that time with Alan Yuspeh and some other industry leaders coming up with what industry, at least the defense industry, thought might be some guidelines. And until the sentencing guidelines came out, we principally operated under guidelines that were sort of developed by industry for themselves, to a certain extent supplemented by Department of Defense criteria or standards as to what they thought some relevant factors for a compliance program were; and that's where we went from the late 1980s until 1991 or 1992.
As an overview comment, how compliance is perceived within the company is, I think, a gut reaction. Sundstrand is a good old solid Midwest company. Most of the people are good solid Midwest people who believe in ethics and believe in values, so I think, overall, compliance and ethics are viewed as a business strength in the sense that if you don't have that kind of a program or that kind of a workforce, you're just not going to be viewed as a reputable supplier or a worthy business partner. So in an overall sense, that's the general attitude.
But then, of course, you get into the carrot and stick discussion and how the sentencing guidelines specifically are viewed, which I'll address a little bit later.
This chart shows that we have some high-level support and commitment from within the company, starting with the board of directors and the CEO of the company. The next chart, please?
The next few charts are just kind of a "gee whiz" listing of some of the key features of our program. For those of you who have programs, I would be surprised if there are any big surprises on this list. We think we have top-management commitment. We do have a code of conduct. We try to iterate that code about every three years, just to keep it fresh, put it in a different format. The basic message doesn't change unless there are some startling new laws or regulations that have come out on the books.
And, we also have gone through a lot of effort to try to internationalize the code and have it printed in various foreign languages to make it fit not only a domestic U.S. environment but overseas environments, as well.
We have a full-time Director of Business Conduct and Ethics. The person selected for that job has always been selected on the basis of being a fairly long-term employee, well known, well respected by the employees, someone that a lot of people would just know off the top of their head as a good person, a good role model. We have a specific government audit group in our internal audit department that has an expertise in looking at government contracts and government regulatory issues.
We have, in addition to the corporate ethics committee, other committees located at every one of our plants and facilities, a total of about 26 committees, and most of those committees include line worker and union representation where we have unionized plants, because we have also found that, at least for our environment, a key to success is to try to win the hearts and minds of all levels of employees and give all levels of employees an opportunity to participate and feel that they are a part of this process and this program.
As I mentioned, we are also a signatory to DII, the Defense Industry Initiative, and we think that that has been a particularly good forum to talk about and discuss best practices in terms of a compliance and ethics program.
Our corporate ethics committee has some responsibilities which are pretty broad ranging. Its job is to really set the pace for what the compliance and ethics program and policies will be. I don't think we need to repeat anything here. I think the critical factor is developing corporate-wide policies and that's how the committee views itself.
Our ethics director runs an ethics department and this is a short list of what the mission, at least what our ethics director perceives his mission to be. I think the short way of saying this is that his principal job is to continuously improve the program and to continuously assess its health in the best way that you can. Obviously, a lot of this is subjective, but you try to look at some indicators that give you some idea of whether the thing is working or not working and where you need to improve it.
You will also notice, if you look down a lot of those bullets, certainly the second bullet and the last two bullets, a lot of focus on how the employees feel about the program or how they regard the program, and I would put all of those bullets in the category of working on gaining employee trust and confidence, that the company is serious about this, that we mean what we say.
And I think for a lot of people in the room, the rubber really hits the road when you get a live allegation and all people involved in that process need to feel that it's going to be handled in a very confidential business-like manner and that everybody is not going to be roasted and fried just because your name happened to come up in the context of an ethics allegation.
These next two charts are just to try to give you a feel for some of the statistics that we keep or metrics that try to give us some indicators of what's going on in the program. This chart is just a list of the total number of contacts that our ethics director got for the second quarter of 1995. The total number of contacts is somewhere in the neighborhood of 100, 110 or 120, and I believe that these rough breakdowns are probably not too dissimilar from the experience of a lot of other companies.
We have our ethics director and our hotline available for any and all questions. We don't try to tell employees, only call if you have a compliance or a legal concern, so that's why you see a lot of human resources type of contacts. We get the calls where somebody says, "I thought I should have gotten a higher pay raise," and we funnel those off into the HR department. But the object of the program is to take every and all calls, any and all concerns, and this is a place you can call if you don't want to talk to your boss about it or you don't think that your supervisor is the right channel. It tries to take the sting out of asking questions.
Percent of anonymous contacts - we happen to think that this is a relevant indicator of the health of the program, only in the sense that this is some sort of measure of employees' trust and confidence; that is, when they call to ask a question or to question something that they have seen going on, how hesitant are they to identify who they are and where they work?
Our experience has been the trend that you see, and just to satisfy you that we're not playing games with numbers, the total number of contacts has remained constant over that time frame, so that trend is not just a function of reductions in force or selling divisions or any radical changes in the structure of the company. It's a true trend, and we may be kidding ourselves, but again, we think that that's one factor that may indicate how comfortable your people feel with the confidence and the treatment they're going to get under the program.
And now to move into what happened when the sentencing guidelines came into force, or life after the sentencing guidelines, I guess you could say when the sentencing guidelines became effective, I would be less than candid if I stood up here and told you that everybody in the executive office said, "Wow, this is really a great idea. Why didn't we do this sooner?"
That was not the prevailing reaction because the executive office grasped real fast the carrot and stick concept. So I think in the category of how do companies like these guidelines, things are either necessary, a necessary evil, or just evil, and my guess is the sentencing guidelines are perceived as somewhere in the necessary evil category, but it's also something that you have to recognize. You can't just do nothing and stand there naked.
So the decision that was made was we would incorporate sentencing guidelines considerations into our program. We did not view the guidelines as a program all by themselves. They were a guide as to factors that we should add to our program.
And I think the reception to this carrot and stick thing is, I don't know whether you ever noticed, but sometimes a carrot can sure look like a stick, but I don't think a stick ever looks like a carrot. There's a healthy slug of that, that this thing is to be viewed with a little trepidation because, again, senior managers read the newspapers, too, and they realize that this whole thing is maybe just another invention of all these lawyers that represents another blow to the safety of their species.
So we try to caveat it, and what are the benefits that come out of the sentencing guidelines, and we think there are some benefits. We thought that the principal benefits of the sentencing guidelines were that they clearly illustrate that compliance for a company like Sundstrand is not just government contracts, because one of the big albatrosses that we had around our neck after the situation we went through is that most employees thought that all this "compliance stuff" was just government contracts. It was you guys in government contracts that got us into this mess and all of us people out here in the rest of the company, we don't have anything to do with government contracts so we don't have to worry about compliance.
So obviously, one of the real messages in the guidelines is that it's a violation of any federal law, and certainly, a company the size of Sundstrand runs across virtually every wicket there is in terms of the alphabet soup of regulatory agencies.
We also thought it was a plus that the standards clearly set forth some due diligence standards, and that's how we refer to them in Sundstrand, the seven criteria. They are due diligence standards, and they are defined by the government, so they are at least some sort of an official starting point that says, to managers particularly, if you do these kinds of things and if we do these kinds of things as a company, if all is right in the world, we should be okay or at least relatively okay, even in the face of a maverick employee or a bad apple or whatever you want to call it that has gone against what we perceive as important standards to be followed.
Being an attorney in the company, I don't know how many people I've had come to me and ask me, what does due diligence mean? And when you sit down and try to go through a discussion of defining due diligence, sometimes it's pretty hard. We think the sentencing guidelines help that process because at least there's some starting point that says, well, the Sentencing Commission has said if our program has these things and if you do these things, again, all else being equal, that should be deemed as due diligence.
The other perspective we had on the guidelines is that we view the guidelines as principally a matter of proof and evidence, in the sense that if we are reading the guidelines the right way, if something happens in 1995 that represents a violation of law, it's not exactly like Win was talking about with a speed trap. When you get a ticket, you get ticketed right on the spot. You're apprehended at the time the offense is committed.
Well, in the environment that we're in with white collar crime, it doesn't happen that way. It's usually three, four, five years later down the road, and so to us, the problem statement was, if something happens in 1995 and we're in front of a judge in the year 2000, how do we prove what our program was in 1995 that says we had an effective compliance program at the time and that this thing happened in spite of good efforts?
I'll get into a little description of how we addressed that situation, but we saw that as a real issue with the sentencing guidelines, just from a pure statement of how do you prove how good you were in 1995 when the prosecution or the investigation doesn't happen until years later.
I'll slip through these next couple of charts and give you an overview. That first overhead was some of the key features of our program. We went down the sentencing guidelines checklist, and again, this is what Sundstrand thinks are the significant compliance risk areas that we have addressed with our program. That's not all the risk areas from a business point of view. That's what we believe are all the risk areas that could involve some possible likelihood of criminal violations or criminal activity. So we didn't try to cover the whole waterfront of every single issue. And again, that's just our list. That list obviously has to be tailored for a particular company. The next overhead, please?
This is a real eye chart, and I know it's also in your materials. The approach that we came up with to address sentencing guidelines is what we call our "Responsible Executive" program, and for each of those risk areas that was on the previous overhead, we selected one individual in the company, in some cases two individuals, and we selected them to be our responsible executive with principal oversight responsibility for compliance and ethics in that risk area.
And we selected the highest-level person we could find in the company who had policy-level responsibility for that area, not necessarily operational responsibility but policy-level responsibility, and to that person we said, "You are the responsible executive for this area and it's your job to continuously be sure that our compliance program meets the sentencing guidelines requirements."
What this chart shows is just an example of the government contracts risk area and how we move across this matrix to say that we identify the area of risk. We try to identify what the company policies are that apply in this area. And then the next column is statutes and rules that are the federal statutes or regulations you can trip across in that area, to make sure we've got them covered.
The next column lists the identity of the Responsible Executive. Then the next column lists the functional experts who are the principal supporters of the Responsible Executive in doing a lot of the day-in, day-out compliance function. As you can see, we just try to cover the areas.
We'll just go through the next two charts quickly, under the area of statutes and rules and violations. This just happens to be the list of statutes and rules that we believe could come into play in the government contracts area, and we have a similar list for each of other risk areas, again, just to try to define for ourselves where the traps are for the unwary in terms of laws.
The next one is just another example of how we identified the Responsible Executive and the statutes and rules for the area of securities law compliance. If we could go to the next overhead, please?
For each one of our risk areas, we decided that we needed to have some method of monitoring each of those risk areas and so we came up with this list. The way we use this list is that our internal procedures say that if a risk area is worthy enough to be identified as a risk area, then every one of these monitoring methods should be used in that risk area.
This is not a pick-and-choose list. Again, the standard that we have is every one of these methods should be brought to bear in the risk area if it's important enough to be identified as a risk area, so we try to check ourselves to be sure that we are doing some or all of these things for every risk area. The next overhead, please?
To bring this all together, we ask each Responsible Executive to do an annual review of their particular risk area and make a report on that risk area to the corporate ethics committee. The report is actually made in the form of a volume, a binder, a book, and the report that the Responsible Executive makes is keyed to the seven due diligence standards in the sentencing guidelines, and we have a book for each year.
The idea is we will have retained somewhere back in the files of the law department the books for 1994, the books for 1995, and the books for 1996. So again, if this issue ever comes up - what did you have in place in any particular year to address this particular risk area - the idea would be that we would have something available so we wouldn't have to go back scrambling through files and records and trying to reconstruct what happened three or four or five years earlier.
The form that we ask each Responsible Executive to sign is nothing more than a listing ofthe seven due diligence standards with a check block for yes or no. The idea is that in addition to this form, for each of the questions that are asked, there are backup materials and supplementary materials, examples, training lists, whatever the particular subject happens to be.
So this checklist or assessment form becomes the top cover for the 1995 compliance assessment book, and then underneath this form are the particular materials that the Responsible Executive has pulled together that offer some proof or evidence of what we did to answer this question, which we hope makes the program more than just a paper program, so there's actually some action behind the words.
That summarizes and describes the Sundstrand program. I was glad Win corrected one thing, too. I know when Julie was speaking, I guess I misheard her, because I thought she said that companies today are "nefariously liable" for the acts of their employees. I'm glad Win corrected that it's still "vicariously liable," because I thought there was some new standard that was being put out. Thank you very much.
MR. KAPLAN: Thank you, Ken. Our second presenter is Herb Thornhill. Herb is Deputy Counsel of the Bank of Tokyo, Limited, where he has played a central role in drafting and developing the bank's overall compliance program. Herb has also published and lectured widely on the subject of banking compliance. He's a graduate of Harvard Law School, a former clerk for a federal trial court judge, and worked at Winthrop, Stemson, Putnam, and Roberts before joining the bank. Herb?
MR. THORNHILL: Thanks for the introduction, Mr. Kaplan. As Jeffrey Kaplan just said, my name is Herbert Thornhill, and I work for The Bank of Tokyo, Ltd. in New York in the North American Legal and Public Affairs Office. I have been involved in establishing the overall structure for compliance at The Bank of Tokyo, Ltd.
I have also been involved in putting together compliance statements in specific areas including criminal liability, environmental liability, insider trading, confidentiality, and ethics. I also consult the Bank's Compliance Committee, which is a group of executives at the Bank that manages and oversees our compliance efforts.
What I would like to share with you today is the Bank's experience in the compliance area and how we approached the goal of assembling a compliance program under the federal sentencing guidelines. However, the basic theme that you will hear me repeat from time to time is this: If you start with the federal sentencing guidelines' definition of an effective compliance program, and use it as the guiding force behind your compliance program, you will put together an overall effort that will efficiently and reliably reduce the prospect of civil and criminal liability at your institution.
The Bank of Tokyo, Ltd. has made the federal sentencing guidelines the focal point of its overall compliance effort, and we have gained three basic advantages by doing so. First, as Jeffrey suggested, the federal sentencing guidelines gave us a "road map" for compliance. It was the only source that gave us an overall view of what a compliance program should look like once it is completed.
Second, to the extent that the definition gave us a sense of what a system of compliance should look like, it gave us a means of managing a series of complicated laws and regulations affecting The Bank of Tokyo, Ltd.'s business activities.
And third, the sentencing guidelines gave us a reference point for measuring the success of our compliance program once it was implemented.
Let me tell you something about The Bank of Tokyo, Ltd. and its activities. In terms of assets, The Bank of Tokyo, Ltd. currently has the largest presence of any foreign bank doing business in the United States. That status will continue after we merge with The Mitsubishi Bank, Limited and become the largest bank in the world. At that point, the size of our asset base will be three times that of Citicorp and roughly two-and-one-half times that of The Chase Manhattan Bank after it merges with Chemical Bank.
We have offices and branches throughout the United States in all of the key money centers, including New York, Chicago, San Francisco, Atlanta and Boston. In the greater New York area alone, we have approximately 1,000 employees.
We are a full-service bank, and we offer a range of financial services. Through our California-based affiliate, Union Bank, we are engaged in retail as well as commercial banking. However, our primary focus in the United States is commercial banking. Our activities include corporate banking, trust and fiduciary services, foreign exchange services, capital markets and securities activities.
Let me tell you why compliance has always been important at the Bank. The Bank of Tokyo, Ltd. operates in a highly-regulated industry: the banking industry. In 1990, we did a survey of the regulations and laws that apply to our banking activities. We came up with a list of more than 400 regulations and laws. Everything from lending and taking deposits to the location of our branches to the issues that our board of directors must consider on a regular basis is regulated to one degree or another.
But, many of the regulations we comply with go far beyond banking. Many of them are the same regulations that the organizations represented in the room today have to comply with.
For example, when it comes to export controls and OFAC regulations, the Bank has to be concerned because it is involved in international trade finance. When it comes to environmental liability, we have to be concerned because we are involved in financing real estate development and power projects. We also have to be concerned about insider trading because we receive confidential information about our customers, but, at the same time, we provide securities trading services.
And, finally, because we are a significant employer in the United States, we have to be concerned about EEOC-related regulations.
But, my purpose is not to merely list the laws and regulations that apply to The Bank of Tokyo, Ltd. My point is this. The Bank of Tokyo, Ltd. is concerned with regulations that apply to banking. However, many of the regulations we comply with are not directly related to the banking business. Yet, we have found that the federal sentencing guidelines definition of an effective compliance program is flexible enough to accommodate all of the regulations we face - regardless of whether they are banking-related. Therefore, the sentencing guidelines can act as a focal point for any compliance program for virtually any corporation, regardless of the industry and regardless of the relevant regulations.
In addition to the regulations that I just mentioned, starting in l990, The Bank of Tokyo, Ltd. had to confront a new compliance environment. During the recession of 1989-1992, as you will recall, many savings and loan institutions and banks failed. The response on the regulatory and legislative level was to develop stricter laws and regulations.
But, along with the change on the legislative and regulatory level, we saw a change in the attitudes of prosecutors, examiners, and regulators. As you all know, they became more rigid.
The Bank of Tokyo, Ltd. also had to consider the fact that the Comprehensive Crime Control Act of 1990 and the Financial Institutions Reform, Recovery, and Enforcement Act increased the fines and penalties associated with banking-related offenses. Currently, if you are involved in bank fraud, embezzlement, or bribery, you will face possible fines of up to $1 million and possible imprisonment of up to 30 years.
Under the FDIC Improvement Act of 1991, regulations were promulgated that required banks like The Bank of Tokyo, Ltd. to put in place internal controls for compliance and to establish overall compliance mechanisms to meet federal standards. Moreover, on an annual basis, banks like ours must test their compliance programs and report the results to federal regulators.
We also became subject to a new regulatory system for examining and evaluating the safety and soundness of banks. Under the current system, assessing compliance is a key aspect of the examination process. And, in fact, if a bank has a compliance program that doesn't meet federal standards, its examination rating can be affected adversely.
We also received a flurry of specific pronouncements aimed at a number of issues including money laundering, environmental liability, derivatives trading activities, and real estate appraisals. And finally, on November 1, 1991, the federal sentencing guidelines were adopted.
In response to this new compliance environment, the Bank used the federal sentencing guidelines to guide its compliance efforts for several reasons.
First, the federal sentencing guidelines gave us a clear picture of what a compliance program should look like. We received many directives from several agencies and legislatures. The directives required us, for example, to enhance our anti-money laundering compliance, to make sure that insider trading was addressed, and to ensure that environmental liability was properly managed. But no agency told us how to coordinate all of these directives through an overall compliance program. No one told us how everything should work together.
However, the federal sentencing guidelines gave us a clear picture of what a compliance program should look like and a set of instructions on how to construct a program. Another reason we used the federal sentencing guidelines is that they suggest a flexible structure for managing compliance. We found that virtually every directive we got, whether it was from the U.S. Congress or a regulatory agency or otherwise, could easily fit within the structure that is suggested by the seven elements for compliance under the federal sentencing guidelines. Let me try to illustrate this point.
As you all know, the sentencing guidelines stress several key concepts that should be parts of a compliance program. Number one, clear standards must be effectively communicated to employees. Second, you must establish auditing and monitoring mechanisms that are reliable. Third, you must ensure that discipline is properly enforced. Fourth, you must ensure that your employees are trained properly in the legal and regulatory areas affecting your institution. And, fifth, you must ensure that your effort is properly supervised by senior personnel.
We found that virtually every compliance directive we received, regardless of the source, fit comfortably within the structure that is suggested by the foregoing elements and the other elements contained in the federal sentencing guidelines definition.
An example is the Annunzio-Wiley Anti-Money Laundering Act, which required us to adopt stricter standards on money laundering. In that particular situation, we found that the Act emphasized, number one, proper supervision; number two, training; number three, written policies and statements; and number four, auditing mechanisms.
All of those requirements are already in the federal sentencing guidelines. And, if you put together a structure for compliance based on the guidelines, you will be able to easily introduce any new directive you get into your structure. It's almost like a computer. When you introduce new software to the computer system, you will give your overall computer system greater capability.
The same thing is true for compliance. If you use the federal sentencing guidelines as your overall structure, you will be able to introduce the new directives to your structure to give your compliance program greater capability. This is true because all the terms, all of the seven elements, are universal and generic.
Also, to the extent that the federal sentencing guidelines gave us a sense of an overall structure for coordinating compliance, they put us in a position where we could manage our compliance program effectively, and, therefore, save money. Clearly, saving money is a key concern in managing an effort of this magnitude.
Let me illustrate this point by giving you two basic approaches to compliance. One approach would be to respond to each compliance mandate that your institution faces on an individual basis. Of course, there is a good reason to do this because as soon as a company receives a directive, its first impulse will be to respond to the directive and ensure that the organization is protected.
On the other hand, if this approach is taken, an organization eventually will be left with a series of unconnected compliance objectives. They will not be coordinated. There will be a haphazard quality to the organization's overall compliance effort. However, if you use the structure for compliance suggested by the sentencing guidelines, you will have a well-managed coordinating structure, and you will be in a position to save money.
Finally, the reality of sustaining huge fines and perhaps a loss of reputation was important for The Bank of Tokyo, Ltd., as it would be for any institution. However, because we deal in large-dollar transactions, and the fines associated with large-dollar transactions are higher than others imposed under the federal sentencing guidelines, we realized that we had to take the guidelines very seriously. Also, many of the offenses associated with banking-related activities carry higher penalties under the federal sentencing guidelines than do other types of offenses.
The Bank of Tokyo, Ltd. has used the approach suggested by the guidelines. We believe in it. But, other banks have used the approach, and they believe in it also. On an annual basis, I work with Mr. Thomas Santiago of the International Bank Study Center, "IBSC," in New York to assemble a presentation for foreign banks on banking compliance.
At the first seminar, Jeffrey Kaplan was a key speaker, and he underscored the importance of using the federal sentencing guidelines as a starting point for assembling your compliance program. That message was well-received by the audience when Jeffrey delivered it originally, and continued to be well-received at each presentation that followed.
Moreover, one of the corporations that attended the original program, the Canadian Imperial Bank of Commerce, "CIBC," adopted a federal sentencing guidelines approach, put it into practice, and received such favorable results that I asked Mr. Eric Young of CIBC to join the panel to illustrate CIBC's experience. But it is not only CIBC. Several other New York-area banks have begun to use the guidelines as a foundation for their overall compliance efforts.
Further, state and federal banking agencies that attended the IBSC presentations remarked that starting your compliance program based on the federal sentencing guidelines represents a sound approach to compliance.
Finally, I would like to leave you with a sense of some of the other advantages that you can gain if you use the federal sentencing guidelines as the basis for your overall compliance effort. As you go through the process of constructing and managing a compliance program, you will have to focus on particular areas of your program at particular times. At one point, it will be important to write policy statements. At another time, it will be necessary to strengthen your auditing and monitoring mechanisms. An unfortunate result is that you may lose sight of your fundamental goals.
We found that the federal sentencing guidelines gave us a reference point that we could always refer back to and which allowed us to see the forest for all the trees. As a result, you can use the federal sentencing guidelines definition to evaluate your progress. The guidelines also provide a measuring stick for evaluating where a program is strong and where it is weak; where more resources are necessary and where efforts are sufficient. Another valuable aspect of the federal sentencing guidelines is that they provide an idea of how to prioritize your approach to dealing with a myriad of regulations and laws.
The Bank of Tokyo, Ltd., as I told you, has more than 400 areas of law and regulation that it has to comply with on a regular basis. When we started our compliance effort, the guidelines gave us a sense of how to prioritize our efforts. We focused efforts where our primary business activities were. We focused on where we were likely to run into problems. And, we focused on those laws and regulations that were likely to carry high penalties.
Also, the federal sentencing guidelines' definition allowed us to visualize how various departments would participate in our compliance effort. For example, by looking at the definition, we identified the need to put together written compliance statements. That task seemed to be a project well-suited for our Legal Office.
Similarly, auditing and monitoring mechanism requirements were easy to delegate because we already have internal auditors, and we simply added a new dimension to what they already do. We found that the federal sentencing guidelines' definition was valuable for another reason. It allowed us to keep the attention of employees when it comes to compliance efforts. The mere fact that you can sustain fines that have been estimated to be $290 million and more helps to keep priorities focused on compliance.
If you come away from my speech with one thought, I would hope that it is this one. The federal sentencing guidelines are the key place to start in constructing your program. They give you a clear picture of where you should be once you have established a compliance program. The definition is flexible enough to accommodate virtually any law or regulation you may face. The guidelines worked for The Bank of Tokyo, Ltd., they worked for the Canadian Imperial Bank Commerce, and I think they will work for many of the other corporations that are represented here today. Thank you very much.
MR. KAPLAN: Our final presenter in this panel is John Meyers. John has practiced domestically and internationally in the health care field for over 20 years. He is now a partner in the Los Angeles office of Katten, Muchin, Zavis, where he's a member of the health care department. Prior to this and until recently, John was Senior Vice President, Associate General Counsel, and Special Counsel to the CEO of Tenet Healthcare Corporation, which was formerly known as National Medical Enterprises.
He received his law degree from UCLA, is a member of various bar associations, and has spoken and published widely on health care issues. John?
MR. MEYERS: Tenet Healthcare Corporation is a $5.6 billion revenue enterprise and is the result of a March 1995 combination of the former American Medical Holdings and National Medical Enterprises. It is now the second largest publicly-traded hospital owner and operator.
Prior to the combination, a three-year trauma commenced in 1991 for NME as its psychiatric hospitals were the target of one of the most thorough-going federal investigations in health care history. NME had been founded in 1968 and owned and operated or managed diverse activities within the health care industry, including acute hospitals, rehabilitation hospitals, nursing homes, other specialty hospitals, as well as clinics, physician practices, and HMO and other provider-related activities.
NME operated in six states and in four countries and had over 30,000 employees. The psychiatric and substance abuse facilities were separately operated through the NME specialty group under the name Psychiatric Institutes of America, headquartered here in Washington, D.C.
In August of 1993, the federal investigators searched a number of NME facilities, including its California headquarters. Certain NME affiliates were charged under information filed by the United States with a series of acts which essentially amounted to the following kinds of violations. First, billing fraud. Second, improper payments to induce referrals. Third, improper waiver of copayments and deductibles.
As a result of the information and investigations, payments in civil settlements to 19 insurers amounted to about $215 million. The corporation suspended dividends in December of 1993 to conserve cash to pay over an additional $360 million to conclude federal investigations and to settle additional claims, and lest one think that these fines were severe, whether denominated as restitution or as fines, the judgment of the markets was even harsher. NME stock fell from a high of about 26 to under seven in trading on 180 million shares outstanding.
The three founders of the corporation departed, its board composition was changed so as to be thoroughly dominated by outside directors, and most of NME's 80 or so psychiatric facilities have now been sold or closed, along with more than 40 physical rehabilitation hospitals and outpatient clinics not on acute care hospital campuses.
Certain NME affiliates also entered into plea agreements and a civil and administrative settlement with the United States, which included, among other matters, the corporate integrity program, a program designed to be an effective program to prevent and detect future violations of law. The CIP agreement, I would like to have included in the materials, but its length of some 20 pages prohibited that. It is available through my offices, or if you would like to give me your card, I can give it to you.
It will be, according to Gerald Stern, who is the Special Counsel to Janet Reno on health care matters, the model of imposed corporate programs in the health care industry. So if you are from a health care company, this may give you some insight to what the future bodes for you if you do not come up with a voluntary program that works.
Prior to the emerging crisis in the specialty group, I served as the Chief Operations Counsel for the General Acute Care Hospital Division, which was a separately operated division of NME and headquartered in Los Angeles. As the difficulties in the psychiatric hospitals grew, I was appointed to oversee the legal functions of the Specialty Hospital Group after the removal of that group's chief executive officer.
One of the reasons for this appointment, I think, was that in about 1986, I had begun a number of legal compliance programs within the General Hospital Group and I have to admit that I was completely oblivious of the Sentencing Commission's struggle, as detailed by Mr. Swenson, in its efforts to come to standards.
My own efforts arose from my experience as counsel to the International Division of the company and in attempting to create a program of compliance with the Foreign Corrupt Practices Act. My concern in this regard and in this sort of embryonic compliance program was the following: I was concerned that the advice given by lawyers to the various facilities be performed according to its terms, that contracts that were approved by the legal department to be performed under the terms and conditions as approved, and this arose from the fact that the Foreign Corrupt Practices Act required that documents reflect the underlying transactions accurately.
The then-evolving safe harbors in the health care industry included a provision that agreements of certain types be in writing, and obviously for an agreement to meet the criteria of the federal government, the writing must reflect the underlying arrangement. It couldn't be some kind of a cover-up.
And that was sort of what started my view of this. I know that business people often depart from written agreements just in the ordinary course of business, but I was concerned that a departure might fail a federal test in another area and it reminded me of the strictures imposed under the Foreign Corrupt Practices Act.
What happened in 1991 under the duress of these events was that NME adopted an expanded version of my program, which amounted to a corrective action plan for its psychiatric and substance abuse facilities. Ultimately, these voluntary efforts were the basis for distinguishing a good corporation from its bad sister. NME essentially made the case that there were two companies, one of which had exercised substantial and pioneering efforts to assure general legal compliance, and that company deserved to survive.
And lest any of you doubt that your very corporate existence is at stake, the sentencing guidelines provide under section 8C1.1 that an organization found to operate primarily for a criminal purpose or primarily by criminal means shall have the fine set in an amount "sufficient to divest the organization of all of its assets."
I believe this early history is important for you because I think it places me and my management at the time squarely in the camp of those who support compliance programs, not simply because of their effect on sentence mitigation but because compliance with law is sound business in the long run and because it's basic morality. This belief gives context, I hope, to my remarks concerning how burdensome and counterproductive some elements of a forced compliance program can be. My concern is with the means and not the ends.
The present requirements of the corporate integrity program should provide, I hope, some valuable lessons for businesses which have the present opportunity to voluntarily discover and correct their problems before federal marshals appear and to ameliorate the burdens of a negotiated but still imposed solution.
If you act now, I think that you will prevent the imposition of programs designed to provide a skeptical government with assurances of both good faith and effectiveness at much greater cost and with less flexibility, and here I would like to talk to you about some of the issues raised under the corporate integrity program.
The first is a mandated series of audits which require outside auditing by accounting, law, professional organizations with respect to certain identified billing procedures, provision of certain services, certain payments to physicians, and certain accounting practices. The agreement requires contracting for reports in these subject areas, and under the duress of the agreement, it has been difficult to develop specifically targeted issues and standardized methodology. In fact, the audits begin to be a four-cornered document review.
I think all of you can feel from your own experience that it really is uncommon to find smoking guns which outline consciously criminal action in the form of documents lying around, although there are occasionally unwise documents, I think, within any large corporation. But this audit program and the expense of it to find this little kernel, I think is not an effective approach, and what I believe is a more effective approach is the combination of outside and internal functions working together.
The problem with the CIP program is that it requires numerous reviews by third parties, and not only are these expensive, but what happens is they pit the third party against internal constituencies within the corporation. The mandatory reporting requirement of, for example, material billing violations to Health and Human Services creates some unease both among the third party reviewers and among employees. It causes the third parties to worry about whether employees' participation in these reviews may compromise their own sense of integrity. It causes responsible employees to worry about the fairness of the conclusion drawn.
This is especially true in the health care area, where billing practices and procedures are undergoing continuous change and where their administration by government-contracted, private, third-party intermediaries sometimes results in what might be called a difference of opinion, which intermediaries sometimes characterize as a violation of law, and where, I might add, there can arise actual conflicts of interest as these intermediaries increasingly operate their own provider networks and operate as private payers.
This tension and this notion that some of your advisers can be advising some of your competitors and can be using your experience to advance their own interests creates a tension within the corporation. If you don't take the internal constituencies of the corporation and join with this outside system, what you have is two things.
You have a sort of group of enforcers that sit outside the corporation and a group of people who feel that they are somehow being looked at as potential sources of trouble and expendable people to the corporation, instead of tying the two together and saying the objective that we have here is to assure that the corporation complies with law.
But the government's position on this issue is quite simple. The government's position was the corporation had violated a number of laws. They didn't trust anybody in the corporation, and they weren't about to listen to the corporation's views of its own efforts.
So I say this to you while you have a period of calm that in the halcyon days, you really ought to look at this problem to be sure that your internal and external functions are well integrated so that there isn't this juxtaposition of two sort of opposing forces.
The CIP also required review of decisions to admit, for example, psychiatric patients by an NME officer who was not an employee of the admitting physician and an independent quarterly review by third parties of admission practices. This would have been prohibitively expensive and it would have alienated most physicians who believe that the decision to admit a patient to a hospital ought to be theirs, had the agreement not required the divestiture of most facilities to which the requirements were applicable. That's a pretty expensive way to resolve an operating tension.
Additionally, for certain classes of payments to physicians, outside legal review was required. Not only was this review expensive but it created pressure and tension between the inside and outside lawyers, and in effect, a kind of forum shopping occurs. Your inside business people seek the least restrictive alternative and they seek to consult lawyers who will effect their transactions, and I think this is an experience that all of us are quite familiar with.
What happens under such a circumstance is that, first, you go to the inside lawyers, and if they can approve your transaction, you are satisfied. If they can't, then you can go to the outside lawyers and see if they can approve your transaction, or you can go to the outside lawyers first and then to the inside lawyers. What happens is, just as happens among litigators, there is a kind of search for those who will expeditiously implement the objectives of the business principle in the ordinary course of his business, and I think this is contrary to the objectives of the Sentencing Commission, which ought to be to foster a considered review, not a review subject to another kind of law called Gresham's law.
Prior to these various mandated reviews, various employees in the Acute Care Group used to revisit certain transactions and programs to see the degree to which the transactions were performed according to their approved terms, and this had a practical effect. I would take legal teams out into the field. We would review certain of the facilities.
Both the lawyers and the operators educated each other as to the strengths and weaknesses of agreements previously entered into, and this, what I'll call post-op review by the corporation's managers reminded the business people that they were fallible, that conforming actual conduct to the entity's standards and procedures was and is more than just signing a paper that your attorney says is okay, and it reminded the lawyers that they weren't engaged in Euclidian geometry and they had to deal with the reality of the fact that contracts approved according to certain premises might be subject to factual change in the underlying circumstances.
Some employees, I believe, have also expressed fear that previously-taken actions, which now, after their education, they look at and they say, "Gosh, I wonder if that was the right thing or if I reached the highest moral ground or whether I was in compliance with all law in those areas." And they fear that they may be sanctioned by reason of the provisions which make adherence to the corporate integrity program part of each manager's performance standards.
Indeed, the very detail of the compliance report required to be filed with the government and the affirmative duty to report credible evidence of misconduct and the government's right thereunder to subsequently investigate reported matters has an intimidating effect on those who might otherwise report.
And here, I say this in the spirit of Win Swenson's talking about the struggle to implement common objectives. I believe that the government needs to be cognizant of the fact that in the real world, it's not just a fear of corporate reprisal but also a fear of government reprisal which can deter coming forth.
There is an independent corporate ethics and policy compliance body, and I think conceptually, no one disagrees with this notion. Our agreement requires this group to be staffed by certain identified executives, in particular, the president and various high-ranking executives. In a period of calm, I think this is a good idea. It shows that the corporation has got a high-level commitment to preventing problems, and it infuses the moral value of the corporation's leadership throughout the corporation.
But there is a little bit of a counter element here or a counterproductive trend and I wanted to just touch on it for a second. To the extent that high levels of management are involved in this body, while its credibility can be enhanced, there may also be a perception that the body is not truly independent and sometimes that it is created to conceal the sins of higher up.
An imposed program causes a more formalized and removed discussion of some issues and may add some trepidation to those who would like to bring exceptions to the attention of an ethics body. If you are a line employee, you have some difficulty with the very augustness of this body in voluntarily coming to it, and I suggest this to those of you who have a chance to do some voluntary thing, that you adopt a little bit of what Ken had talked about. I like the idea of having the 25 or so subcommittees that moved about in that enterprise because I think that they enable people a level of access and a level of ability to express their problems and their concerns that are not quite so intimidating.
A second issue is the issue of bad actors. NME was required to cease the following: employing all headquarters, regional, and facility executives involved as of a date certain in the operation of over 90 identified psychiatric and substance abuse facilities and not to employ or contract with such formerly-employed individuals for a period of five years.
We were allowed to retain certain specifically identifiable individuals, but this blanket prohibition cast, I believe, unfair aspersions upon a number of individuals, impacting their livelihood and causing some fear among remaining employees that the corporation would not stand by them in any difficulty. This undercut the loyalty and comfort necessary to make voluntary disclosure work, and there is something, I suggest, Orwellian about such a broadly based provision.
I wanted to suggest that in this developing business of trying to eliminate known bad actors that there are some areas where you can take some comfort. In the health care area, there is something called the Fraud Abuse Control Information System now sold by Strategic Management Services located here in Alexandria, Virginia which provides a valuable service in collating information about people with known violations of law. The CIP agreement itself had a stricture dealing with people actually convicted, and I think that this more narrowly drawn stricture is the preferable approach in a voluntary program.
Under our agreement, there are a series of notification provisions. We have to actually notify all employees and contractors of the fact and substance of the CIP agreement, and I think there's a one-page handout that all of you have. This rather detailed notice we actually hand out to those that we contract with. It was drafted by my former colleague, David Layne in TENET's legal department, as a result of our review of the documents.
The notice has a couple of effects. Given the history of the corporation, it had, actually, I think, an initial salutary effect in dealing with some third parties who might have been troubled in dealing with the corporation. It was a demonstration that the corporation had, so to speak, has reformed and gotten its act together.
But it does also discourage some third parties from proceeding with arrangements which might involve manageable legal risk for fear of the cost of involvement in an expensive compliance program, even, or perhaps especially, innocent third parties who have a fear of their activities being specially reported to the federal government concerning the necessity of their services. The requirement that the corporation report "credible evidence of misconduct," even by outside third parties, disturbed them even more.
Some of our contractors have explicitly stated to me an unease at doing business with what they call a government informant in an area of the law where the government acknowledges various meanings for departures, for example, from its own safe harbors promulgated as regulations under the anti-kickback statute.
Another complication that arises from the government-imposed program, and it is an odd one and I try to touch on these things, I hope, with some subtlety, is that the process of educating your employees about legal compliance is quite a difficult one. We are not sending all of our employees to law school. We are trying to get them to understand basic constraints that operate on the business and basic principles of law that apply to their distinct areas.
But business has become so complex, and I'll give you an example in the health care area. As you try to make employees aware of laws, there are areas in which the laws actually conflict. Take, for example, the changing health care regulations in every state dealing with who is allowed to employ physicians and to bill and collect for physicians' services.
Jurisdictions vary in their regulation of the corporate practice of medicine, and employees now sometimes fail to proceed with perfectly legitimate undertakings in their new locale because they have been educated by rules applicable only in a different jurisdiction. This happens because newly educated employees now know enough not to consult their lawyers about the law in the jurisdiction where they have gone. I don't know that this is a major problem but I was just trying to give you a sense of tension that happens.
Finally, there were a couple of things that were touched upon by the previous speakers. One was prioritizing. Here is what will happen to you under an imposed agreement. The agreement will lay out various areas and you will focus on those areas because you must and because you are required under the agreement to do so. Here, it's medical fraud; it's billing; it's the medical necessity of services and certain physician payments and bad debt accounting.
Out of necessity in corporate America and because of the limitations of resources, a deemphasis in some other areas occurs, for example, in antitrust, perhaps, or insider trading or in some of the other areas that are more generally applicable.
Finally, I wanted to just touch on this. It's the most difficult area. It's the disclosure requirements under the imposed program. As an in-house lawyer, I found it became ever more necessary to Mirandize employees, to tell them, "I am not your lawyer; I am the corporation's lawyer. Things that you tell me that indicate that we have violated law, I must report to our management, and our management must make a decision about what to do with that, given the constraints of the corporate integrity program."
This has a tendency to make your employees less willing to talk to their lawyers. They formerly thought of you as their lawyer and now they wonder whether they need a lawyer to talk with their ex-lawyer. We tried to solve this problem a number of ways, but I don't really believe that there is a good solution to this problem. I think there is an inherent tension, and I tell you this from personal experience; it played no small role in my decision to leave the corporation because I believe that in some circumstances I could more effectively represent it from the outside.
And this segues into another notion, which is the role of the attorney. For those of you who are lawyers out there, when you have an imposed program, it will raise issues that will surprise you in their complexity. These issues will make you search for who your client is within the organization; wonder about your function; wonder whether or not your duty is to disclose or to defend under client-attorney privilege; and whether or not to resign. I think it adds a great deal of complexity to operating inside.
If I have any specific thing that I would like to raise with the government it is this conflict between inside and outside attorneys. I believe that the struggle here should be to implement effective legal review and not be so concerned with the source of it. To the extent that corporate compliance programs can strengthen internal legal departments, that should be a legitimate objective. And while you have the chance to do so, you really ought to do so because I think it's much more cost effective than the hourly charge I now impose upon my former clients.
So this concludes my general remarks. I think if there was one last thought I would leave you with, it is that as a practical matter, if you are in business, it is a much better idea to implement and experiment with these compliance programs in a flexible environment where you have voluntary corporate compliance than under the strictures, tensions, and rigidity which accompany an imposed, albeit negotiated, program.
To those of you in the government, I know you are aware of the infant science of creating and implementing these programs and I hope you continue to consider the pressures, the fears, the organizational tensions operating on ordinary individuals who struggle to keep an organization lawful and economically viable.
MR. KAPLAN: Thank you very much, John. Let me just pose the first question to Ken, which is, "How do you deal with privilege issues in regard to your various auditing and monitoring mechanisms?"
MR. MARTIN: By and large, most of our auditing and monitoring that goes on is done without any particular regard for trying to establish privileges. Under our general rules of doing business with government officials, our audit reports are open for review. We routinely give access to work papers. Our defense auditors routinely see our board of directors' minutes.
We made one of those conscious decisions a few years back that a lot of this stuff is just not nearly as fascinating as the government people think it is, and after the first few times going through it, they realized that there aren't all these smoking guns and bad things going on. So with the exception of specific investigations of specific allegations of misconduct, those we do under privilege and try to keep under privilege at least until we have done the review. Except for those relatively rare situations, generally, our books are open.
MR. KAPLAN: Thank you, Ken. Here is a question for Herb. Did the discussion and consideration of Bank of Tokyo's commitment to an effective compliance program include the directors' fiduciary duties to its stakeholders to implement such an effective program and what were those discussions?
MR. THORNHILL: I can answer the question broadly, in that the directors were concerned about compliance at Bank of Tokyo, that the executive management of Bank of Tokyo was very concerned about compliance. They have really been a source of momentum for our compliance program.
Jeff Kaplan
Q. Do you see a need for an objective or independent assessment or "audit" of a company's ethical compliance systems? If yes, who should perform this audit or assessment?
A. While an independent audit of a company's ethics/systems is not always necessary, it is frequently advisable. Typically such an audit should be conducted by an individual having significant experience with compliance systems but not involved in designing the program under consideration. Utilizing a lawyer (with the appropriate expertise) may promote greater candor in the audit process since the results of his or her effort would be privileged.
Q. You are retained by a corporation that is under investigation (for an environmental crime) and discover that your client does not yet have a compliance program. Is it too late? What can you do? What advice do you give the General Counsel? The Chairman?
A. Even an after-the-fact program is better than none at all. The comments of several of the DOJ representatives at the symposium confirmed that prosecutors will give some credit in charging decisions to companies taking compliance-remedial steps after an investigation has started. Even a convicted corporation should develop and implement a compliance program prior to sentencing so as to avoid having to do so as a condition of probation. See USSG 8D1.1(a)(3).
Q. Most programs on corporate compliance programs and the sentencing guidelines feature speakers and written materials that are slanted to large organizations. The reality is that most investigations and fines have been imposed on small/medium organizations. What practical advice do you have for small/medium organizations (that do not have the financial/personnel resources of Sundstrand or Bank of Tokyo) for developing an effective compliance program, especially with regard to ongoing monitoring and auditing?
A. The components of an effective compliance program, as articulated by the sentencing guidelines, can readily be adapted to small/medium organizations, as I have found in working with a number of companies. What often works best in organizations that are too small to have a full-time compliance officer is to develop a compliance committee - composed typically of the CFO, head of human resources, in-house counsel (if there is one), and chief quality assurance officer - to meet periodically and review areas identified in a committee charter or "standard operating procedure" (which is drafted by the program designer) that serves as an auditing/monitoring road map.
Jeff Kaplan and John Meyers
Q. If the Tenet Corporate Integrity Program ("CIP") has been adopted as the model for CIPs for the health-care industry, have CIPs been developed in cases in other industries that will be models for future cases in those industries?
A. (Jeff Kaplan) A number of these are identified in Kirk Jordan's materials.
Kenneth Martin
Q. How can a large company with a minimum of government sales (= 15 percent), and having an ethical program primarily driven by the Defense Department, extend the ethics program across the entire company?
A. Compliance and ethics standards and procedures must be developed to address those common values and rules applicable to all business activities. As an example, the permissible extent of gratuities from vendors and to customers is an issue which should be faced across the business, even though the Defense Department certainly has unique rules supported by regulations and civil and criminal statutes.
Q. At Sundstrand, what is the role of the corporate committee in dealing with live allegations or major investigations?
A. The Corporate Committee does not generally become directly involved in or deal with specific allegations, investigations, or discipline. The principal role of the Corporate Committee is to monitor and improve the Business Conduct and Ethics Program and report on the statutes and health of the Program to the Executive Office and the Board of Directors.
Q. Should the corporation not only develop its own compliance program but also develop the programs of each of its subsidiaries? Is there a prohibition against such an eventuality?
A. Sundstrand's approach was to develop and implement a single Business Conduct and Ethics Program applicable to all subsidiaries and affiliates owned or controlled by the Company. There are no prohibitions against subsidiaries developing their own programs and this is an area where each company should choose the approach which best suits its structure, culture, and business activities.
Q. In what sense is the "responsible corporate officer" res