Corporate Crime in America: Strengthening The "Good Citizen" Corporation - Day Two

Corporate Crime in America: Strengthening The "Good Citizen" Corporation - Day Two

An Update On Cases

Carrots and Sticks Amid Overlapping Enforcement Schemes And Policies: Finding Government Message

The Experience And Views Of The Enforcement Community

Keynote Address

Privilege Update: When Should Compliance Practices Be Protected From Disclosure?

In Search of Government's Ideal Role in Fostering "Good Corporate Citizenship"

Symposium Wrap-Up: Commentary On Ideas And Issues Raised During The Conference

Appendix-A: Commission Questions & Answers

An Update on Cases

John Scalia, Jr., Research Associate, U.S. Sentencing Commission

Kirk S. Jordan, President, Compliance Systems Legal Group

Moderator: Commissioner Michael Goldsmith, U.S. Sentencing Commission


COMMISSIONER GOLDSMITH: Our next session deals with cases sentenced under the organizational guidelines. Our next panel will provide a preliminary look at this topic.

Because answering the question, "What do the cases show?" requires a two-part answer, we have two speakers: John Scalia of the Commission's research staff, and Kirk Jordan of the Compliance Systems Legal Group.

The reason for this two-part approach is as follows: The guidelines have thus far been applied only to cases involving more recent conduct; and, second, bigger cases typically have a longer gestation period. Sentencing Commission data, on which John Scalia will report, may not tell the full story of the guidelines' impact, especially on larger companies. Kirk Jordan will therefore provide a fuller picture of the relevance of compliance programs by talking about criminal cases that, while technically pre-guideline, appear to have been influenced by guideline factors. He will also talk about civil cases in which compliance has proven to be relevant.

John Scalia, Jr., is a research associate at the U.S. Sentencing Commission. In this capacity, Mr. Scalia has served on numerous working groups dealing with white-collar crime and organizational defendants. He was responsible for collecting the past practice sentencing data on organizational defendants. These data were used to inform the development of the Chapter Eight guidelines for organizations. He continues to oversee the collection of data on organizational sentencing pursuant to the guidelines.

Kirk S. Jordan is the President of Compliance Systems Legal Group, a law and consulting firm in Warwick, Rhode Island. Compliance Systems Legal Group designs and implements compliance programs for organizational clients and is a leader in the development of interactive, computer-based ethics and compliance training applications. Before founding Compliance Systems Legal Group, Mr. Jordan was associated with the law firm of Skadden Arps. Mr. Scalia?

MR. SCALIA: Thank you, Commissioner. When the Commission began developing the organizational guidelines, no comprehensive database of past sentencing practices for organizational defendants existed. Consequently, the Commission did extensive empirical research on organizational sentencing practices in the federal courts.

The Commission's study revealed that a very small proportion of the federal caseload actually involved organizational defendants. Of the approximately 40,000 criminal cases sentenced each year, fewer than 400 involved organizational defendants. Chart 1 indicates that the number of organizations sentenced each year is fairly stable, between 300 and 400 cases a year.

Since the organizational guidelines went into effect in 1991, 208 organizations have been sentenced pursuant to Chapter Eight according to documentation received by the Commission as of June 30, 1995. The Commission received an additional 72 organizations that were sentenced pursuant to the former antitrust guideline that was in place prior to the Chapter Eight guidelines. Chart 2 describes the number of organizations sentenced each year pursuant to the guidelines.

Why so few cases? Most of the organizational cases are rather complex frauds or market allocation agreements that involve lengthy investigations before charging decisions can be reached. Second, even though the Chapter Eight guidelines took effect in November 1, 1991 (and according to statute should be applied to all sentencings that occur on, or after, that date), the Department of Justice has instructed prosecutors, in light of relevant court decisions, the guidelines should only be applied to offenses that occur on, or after, November 1, 1991. Therefore, consistent with the Commission's expectations, the majority of the organizations sentenced over the past four years are sentenced pursuant to pre-guideline rules. Of the 197 organizations sentenced during fiscal year 1994, only 106 (or 54 %) were sentenced under the guidelines.

The Commission's data indicate that the majority of organizations sentenced for criminal offenses are closely held organizations. From its study of pre-guideline practice, the Commission found that approximately 90 percent of the organizations sentenced involved closely held organizations. Under guideline practice, approximately 97 percent involved closely held organizations. Openly traded organizations, public traded organizations, typically account for a relatively small percentage, approximately nine percent of past practice and only three percent of guideline practice.

Why are we seeing a significantly smaller proportion of publicly traded organizations? These cases tend to be larger and more complex, and it often takes longer for them to work their way through the system. Secondly, prosecutors may be opting to pursue these cases civilly rather than criminally. (Kirk Jordan is going to talk about the civil cases and large non-guideline criminal cases.) In time, we should see more publicly traded organizations sentenced under the guidelines.

Consistent with the fact that most of them are closely held organizations, owners and top management are frequently named as co-defendants and convicted in tandem with the organization. Of the 264 closely held organizations sentenced thus far, an owner or top executive was convicted in approximately 51 percent, or 134, of these cases; 189 owners or top executives were convicted in all.

Consistent with what Bill Laufer found in his study, the organizations sentenced under the guidelines typically employ fewer than 50 people. Chart 3 indicates that the overwhelming majority, 56 percent, employed fewer than 20 persons, and another 23 percent employed between 20 and 100 people. A very small percentage employed fewer than 500. Under the Small Business Administration criteria, those organizations employing fewer than 50 people would be classified as extremely small organizations.

The organizations sentenced under the guidelines tend to be fairly new. Fifty percent have been in business for less than 15 years. Antitrust defendants have typically been in business or significantly longer, about 37 years. Most of the organizations continued to operate after indictment and conviction; however, many had ceased operations or were experiencing financial stress at the time of sentencing. Chart 4 indicates that 22 percent went out of business sometime around indictment or before sentencing; three percent were undergoing bankruptcy; ten percent were undergoing some other financial stress; and 65 percent remained solvent and operating.

The guidelines provide for a corporate death sentence for organizations identified as criminal purpose. Under the guidelines, an organization that is defined as criminal purpose is divested of its assets. Fourteen organizations have been sentenced under this provision of the guidelines.

Chart 5 indicates that the majority of the offenses for which defendants were convicted are either antitrust offenses, representing 32 percent of the offenses; fraud offenses, about 30 percent; environmental, 12 percent; tax violations, 9 percent; and food and drug violations, 3 percent. As Rusty Burress pointed out yesterday morning, the environmental and the food and drug violations are not covered by the guideline fine provisions.

With respect to the fraud offenses that have been sentenced, the loss to the victims is relatively modest. The loss is typically less than $30,000. In only seven of the cases did the loss actually exceed $1 million.

With regard to the antitrust offenses, the volume of commerce that was affected by the offense was typically less than $4 million; however, in nearly a third of the cases, the volume of commerce did exceed $10 million over the course of the offense.

The culpability score is an essential part of assessing the organization's blameworthiness with respect to the offense. The most significant culpability factor has been level of authority and the size of the organization. Chart 6 describes the application of this factor. Because most of the organizations are small receive no enhancement or only receive a one-point enhancement for this adjustment: 46 percent received no enhancement; 38 percent received a one-point enhancement; and only one organization, which would be a 5,000-person organization, received a five-point enhancement.

Some of the other culpability factors, such as prior history, violation of an order, and obstruction of justice, are rarely applied. According to past practices, these factors were rarely present in those cases.

Four defendants apparently have sought credit for having a compliance program, but credit for a compliance program has only been awarded in one case. While the defendant did receive credited for having an effective program, the unique facts of this case limit its usefulness as a model - especially for larger companies. The defendant was in the business of selling smoking paraphernalia. Due to the nature of the products sold, the defendant recognized the inherent risk of selling those products: the products could be used as drug paraphernalia, which the sale of is prohibited under federal law. In order to prevent violations of the drug paraphernalia laws, the organization produced a training video to instruct employees that they should refuse to sell items to any customer who inquires about drug paraphernalia or indicates that the items will be used as such. The court felt that given the small size of the organization, a videotape in conjunction with verbal instructions issued by the owner represented an appropriate degree of formality to prevent and detect violations of the drug paraphernalia law. The organization was credited with having an effective program.

In the three other cases in which the defendant claimed to have a compliance program, credit was denied. The court cited the following reasons for not applying the mitigation: (1) The corporate president was actively involved in the offense conduct; (2) the corporate president, while not actively involved in the offense conduct, was aware of the illegal conduct; and, (3) while the parent organization had an effective program, the program was not in effect at the time of the offense at the newly acquired subsidiary where the offense actually occurred.

The last culpability factor is self-reporting, cooperation, and acceptance of responsibility. Chart 7 indicates that 87 percent of the defendants received credit for accepting responsibility to some degree. Chart 7 also indicates that most defendants received two points for cooperation; others received one point for acceptance of responsibility. Three defendants did receive the full five points for self-disclosure of the offense. In each of these three cases, the defendants were under investigation. As the defendants conducted their own internal review regarding the nature of the infractions, the defendant informed the government of the pertinent facts.

Under the guidelines, approximately 80 percent of the organizations received a sentence that included a criminal fine. The average fine imposed was $376,000. Chart 8 indicates the average fine imposed on the organization by offense type. It indicates that the highest fines were paid by antitrust defendants and fraud defendants.

Just as an aside, there was one racketeering defendant and it was sentenced as a criminal purpose organization - the organization was divested of its assets.

Chart 9 compares guideline practice with past practice. The chart indicates that the fines have increased significantly, mostly as a result of the antitrust and the fraud cases.

Restitution was ordered in about 33 percent, or 68, of the cases. The average amount of restitution was nearly $300,000.

In promulgating the Chapter Eight guidelines, the Commission emphasized the importance of probation as a sanction. Because probation provides a means of maintaining control over an organization following an offense, the guidelines require probation under certain circumstances.

Under the Chapter Eight guidelines, probation has been ordered in 61 percent of the cases. Consistent with the directive in Chapter Eight, this represents a significant increase over past practice. Under pre-guideline practice, probation was ordered in only 21 percent of the cases. The data indicate that probation was imposed in 72 percent of the cases primarily to secure payment of monetary penalties; however, in 14 percent of the Chapter Eight cases, the defendant was ordered to implement a compliance program to prevent and detect future violations. The case documents, however, provide no detail on how the program should be implemented.

The Commission's data is available through the University of Michigan. There are four data files, two for past practice and two for guideline practice. You can contact the Commission on how to specifically obtain that data. Thank you very much.


MR. JORDAN: Good morning. In the fall of 1993, C. R. Bard, Inc., a medical device maker, settled civil and criminal charges arising out of the company's manufacture and shipment of allegedly defective heart catheters. Part of Bard's plea agreement included a far-reaching compliance program. In reading that agreement, and in particular, the compliance program imposed on Bard, I was struck by how closely the compliance program tracked the organizational sentencing guidelines' seven due diligence criteria. This was true even though the Bard case technically was not covered by the organizational sentencing guidelines - because the conduct at issue had occurred prior to the effective date of the guidelines and, of course, the case had pled out prior to trial.

After the Bard compliance program came down, we undertook an informal review of other consent decrees and plea agreements entered since the guidelines became effective, in which compliance programs or portions of compliance programs have been imposed. Some of these pre-dated Bard, and many have come after. To date, we have looked at about three dozen such compliance programs and plea agreements.

Our survey was not exhaustive. As you might expect, it is difficult to track all of these down. Many are unreported. However, I think we have a representative sample here in the three dozen, and I think we have most, if not all, of the major cases in which compliance programs were imposed.

As the data reflect (see charts following John Scalia's presentation), since the guidelines became effective, compliance programs have been imposed by a cross section of regulatory agencies in connection with the settlement of a variety of underlying civil and criminal offenses. It is important to remember that technically none of these cases falls under the organizational sentencing guidelines for the reasons I mentioned about the Bard case; either the conduct at issue occurred prior to November 1, 1991, or they're civil settlements. Nevertheless, the compliance programs imposed in these cases provide some guidance on what the government is looking for in an organization's compliance program.

I would like to make a few general observations about the consent decrees and then highlight some of the main compliance criteria contained in these consent decrees and plea agreements.

First of all, a few general observations. Several of the compliance programs closely track the organizational sentencing guidelines' due diligence criteria. Bard is one that I have already mentioned. Bard was primarily a criminal case. The Grumman case is another. It was a civil settlement intended to head off the filing of criminal charges against the company. And the Lucas Aerospace case is another one that is a criminal case but closely tracks the organizational sentencing guidelines' requirements.

The National Medical Enterprises (NME) case and the Caremark case - we heard about NME yesterday. Both settled health care fraud and related charges, and the compliance programs imposed are very similar to each other. Those two programs also incorporate a fair portion of the organizational sentencing guidelines' due diligence criteria.

I would like to make a couple points in particular about the Bard, Grumman, and Lucas cases, and these points do apply to some of the other cases on the table.

First of all, the Bard, Grumman, and Lucas cases all closely follow the guidelines. In fact, the Grumman and Lucas cases almost lift the language verbatim from the due diligence criteria section of the guidelines. All three involve large companies - I think they're all public companies - which may be at odds with some of the information we have been talking about earlier and the information contained in last week's Wall Street Journal article. And all three of these would have been organizational sentencing guideline cases if the conduct had occurred after the effective date of the guidelines and the cases had not pled out prior to trial and conviction.

The second point is that several of the more detailed compliance programs, including, for example, the Bard case, Grumman, Lucas, and the Caremark case, are designed to prevent and detect violations of all laws affected by the company's business operations, not just the type of violations at issue in the underlying settlements. For example, the Grumman and Lucas programs are supposed to prevent all "improper business conduct."

The instances where compliance programs have been imposed cut across the enforcement agencies and involve both civil and criminal prosecutions of a variety of underlying offenses. If we discuss these cases by agency, we see that the Department of Justice has been the most active, both through its Criminal Division and its various Civil Divisions. In fact, the Department of Justice Civil Antitrust Division was responsible for settling the largest single group of consent decrees in which compliance programs were imposed. There are approximately 15 antitrust compliance settlements. The compliance programs imposed in connection with those settlements tend to be the same one to the next. The language is almost identical.

The Department of Justice, with respect to criminal cases, usually collaborated with one of the regulatory agencies. For instance, in several cases DOJ's criminal division collaborated with the EPA to settle environmental offenses, and, in many cases, there were parallel civil and criminal prosecutions.

In the environmental area, we see that there is not much distinction between the compliance programs imposed in cases settling civil versus criminal allegations. As an example, I point you to the Louisiana-Pacific case, which was a civil settlement of a Clean Air Act violation in which a rather rigorous compliance program was imposed, and compare that program to the Consolidated Edison case, which settled criminal charges arising under EPCRA. In the Con Edison case, a court-appointed monitor is directed - as part of probation that the company is put under - to develop and implement an effective program to prevent and detect violations of environmental laws under the standards established by the organizational sentencing guidelines.

The Department of Justice also collaborated with the Department of Health and Human Services on two major health care fraud cases: the National Medical Enterprises cases and the Caremark case. We heard about the NME case yesterday from John Meyers. The compliance programs imposed in connection with these two settlements are very similar. And, as John Meyers pointed out yesterday, the NME case, which was the first of the two, is expected to be a model in this area.

A legitimate question from all of this is: Are there any trends? The consent decrees and plea agreements that we have seen show some similarities across offenses - that is, if it is an antitrust offense, you have a good idea what your compliance program is going to look like. Similarly, if you settle health care fraud charges, you know that you are going to have a consent decree that imposes a compliance program like the one in the NME and Caremark case. And if you work in the FDA-regulated area, you would want to take a look at the Bard case. But I think it is too early to identify any specific trends that cut across the enforcement agencies.

It appears that the consent decrees and plea agreements reflect little, if any, policy coordination across the various enforcement agencies, and I think this would be very useful to companies. It would give companies some predictability because companies' operations obviously cut across enforcement agencies. And perhaps we can hear a little bit about this from the enforcement community later today.

Having said all that, and although there doesn't appear to be any direct policy coordination across the enforcement agencies, there are certain elements that tend to recur in these compliance programs, that are worth noting. The first, and one that appears to be very significant to the government, is the establishment or reaffirmation of strong compliance oversight, and management systems generally involving the appointment of a compliance officer, senior management involvement, and active participation of the board of directors.

For example, all of the antitrust compliance programs require the appointment of an antitrust compliance officer to be in charge of the company's antitrust compliance program. In the Bard case, we have the appointment of a compliance coordinator to oversee the company's entire compliance program. In Caremark, we have a compliance officer. In Grumman, there is a vice president of audit and ethics.

The government does not appear to be too concerned, at least in these cases, about who the compliance officer is. He or she clearly has to have sufficient power and authority to meet the guidelines' requirement, but doesn't necessarily have to be a lawyer; in Caremark's case, it is the CFO; in Bard's case, it is the vice president for scientific affairs.

Another feature of many of these compliance programs is the creation or reconstitution of board committees to monitor compliance within the organization and to interface with compliance officers. These committees are often made up entirely of outside directors or a majority of outside independent directors. These committees are expected to take an active role in the compliance efforts, reviewing codes of conduct and other policy statements, interfacing with compliance officers, getting reports on a regular basis from compliance officers. And I point you to the Bard case, Grumman, NME, and Summerville National Bank, among others, as examples of cases where strong board committees have been appointed.

Also, we see in many cases the reconstitution or creation of new senior management committees to take some responsibility for compliance and to give overall corporate direction to the company's compliance program. The compliance officer is usually a member of these committees.

Several of the consent decrees discuss the issue of the delegation of substantial discretionary authority. The Bard, NME, and Caremark cases have language treating this issue, and in a related provision, several of the programs, including the health care fraud compliance programs and the Grumman case, require that managers and supervisors' efforts to promote adherence to the company's compliance program be an element of the manager's performance appraisal process.

Many of the consent decrees also require companies to continue, update, or adopt new codes of conduct or similar written compliance policy statements, and also call for the drafting of additional written policies and procedures which are designed to prevent the recurrence of the misconduct underlying the settlement.

A majority mandate some form of training. The antitrust compliance programs require an annual briefing on the antitrust laws to key employees. The more detailed programs typically require some training of virtually all employees. These would include the Bard, the NME, Caremark programs; Denny's, which was a civil case settling public accommodation laws violations; and Grumman and Lucas also appear to require such training. Several make it clear that the training must be administered on an annual basis to all employees.

To the extent that the programs treat the issues of monitoring and auditing, two features seem to be emphasized: misconduct reporting systems - and where these are stressed, the feature that the employee be able to report it without fear of retribution is very important. Audits are also emphasized. The important factor there is that the auditor should be independent of the facilities or personnel they are auditing - not necessarily an outside auditor, but independent.

Few say much about enforcement. The most substantial is the Bard case, which tracks the guidelines language by requiring the creation of an organization-wide consistent disciplinary system for compliance violations.

To the extent that the decrees treat the issue of appropriate responses after an offense, three things are emphasized: conducting investigations, halting any ongoing violations, and requiring the reporting of substantiated offenses to appropriate governmental agencies.

Finally, these cases make one more point: if a compliance program is imposed, the government and the courts can be expected to be intimately involved in the company's subsequent compliance efforts, and in the company's actual business operations. Virtually all the decrees have one or more of these features, and they're very similar to the probation provisions of the organizational sentencing guidelines. You have court appointed monitors to oversee the company's compliance program. You have consultants who have full and unfettered access to books and records and to people in the organization. Also, companies are often required to get approval for all or part of their programs from the government or the courts. Many of the companies must give regular reports to the government or the appropriate regulatory agency, in some cases as often as every four months. The lesson here is, to echo what John Meyers said yesterday, a company is much better off voluntarily putting a compliance program in place rather than having one put in place in response to a consent decree or a plea agreement. Thanks a lot.


COMMISSIONER GOLDSMITH: Mr. Scalia, you have indicated that only four organizations had sought credit for a compliance program. The questioner says, "I thought the Sentencing Commission had reported that 31 organizations sought credit between November 1991 through 1993, and eight in other cases in 1993 to 1994."

MR. SCALIA: No. In our annual report, in the past two years we have only reported four. The first year we had the drug paraphernalia case, and then last year we reported that three cases didn't receive credit for their programs.

COMMISSIONER GOLDSMITH: Mr. Jordan, you mentioned officer and board involvement. Can you comment on director and officer liability?

MR. JORDAN: Well, I think actually Richard Gruner can speak to that at length. As some of you may know, under the ALI corporate governance principles, board members and senior management are subject to potential personal liability if they have not instituted adequate compliance controls and procedures, particularly in a public company.

I think the government's intent here with respect to the establishment of strong compliance and oversight structures at the top is to involve the highest governing bodies in the organization with the company's compliance program.

COMMISSIONER GOLDSMITH: Mr. Scalia, have any companies been found to violate probation? If so, what happened? Have any assistant U.S. attorneys verified compliance with probation requirements, especially those dealing with compliance programs?

MR. SCALIA: Unfortunately, the Commission doesn't collect post-sentencing information, so we don't have any way of knowing to what extent companies violate probation.


update on cases panel

Kirk Jordan

Q. You mentioned officer and board involvement. Can you comment on director and officer liability (1994 A.C.I. Corp. Governance)? Discuss affirmative duty.

A. The imposed compliance programs suggest that the government places great importance on the establishment of strong compliance oversight and management systems, including senior management and board involvement. Thus, in examining organizations' compliance programs, the government is likely to take a hard look at whether officers, senior managers, and, particularly for a public company, the board of directors are active in overseeing and monitoring the organization's compliance programs. At the same time, emerging standards of liability, in such pronouncements as the 1994 ALI Principles of Corporate Governance and the 1994 Corporate Director's Guidebook, suggest that officers and directors have an affirmative duty to ensure that the organization establishes adequate compliance systems and controls. These pronouncements suggest that officers and directors may face personal liability for failing to do so.

Q. It seems the government is seeking different compliance requirements in different cases. Do you have insight into why? Are your persuaded these differences make sense?

A. There appears to be little, if any, policy coordination among the Department of Justice and the assorted regulatory agencies that have imposed compliance programs since the guidelines became effective. However, two points should be emphasized: The compliance programs imposed for the same type of offense tend to be very similar. For example, the imposed antitrust compliance programs are almost identical, and the programs imposed in the National Medical Enterprises and Caremark cases, both for health care fraud and related violations, are very similar. Second, certain elements tend to recur across the consent decrees and plea agreements in which compliance programs were imposed. These elements generally track - and, more importantly, flesh out - the guidelines' due diligence criteria: strong compliance oversight and management structures, including the designation of specific personnel to oversee compliance; the creation and communication of compliance standards and procedures; monitoring and auditing systems, such as hotlines and independent auditors; and violation response systems.

Carrots and Sticks Amid Overlapping Enforcement Schemes and Policies: Finding Government's Message

The Honorable Eleanor Hill, Inspector General, U.S. Department of Defense

Bruce L. Drucker, Deputy Assistant Inspector General for Criminal Investigative Policy and Oversight, U.S. Department of Defense

William B. Lytton, Vice President and General Counsel, Electronics Sector, Lockheed Martin Corporation

David N. Yellen, Assistant Professor, Hofstra University Law School

Moderator: Win Swenson, Deputy General Counsel/Legislative Counsel, U.S. Sentencing Commission



MR. SWENSON: Good morning, again. At yesterday's lunch, Senator Kennedy spoke of the guidelines' promise of reduced penalties for companies that act as good citizens. But he also cautioned that if collateral, non-criminal penalties that a company might face do not turn on the same good citizenship criteria, the value of the guidelines' promise - and the policy that underlies that promise - may be diminished.

When it wrote the organizational sentencing guidelines in 1991, the Sentencing Commission recognized that companies facing guideline penalties might well face other kinds of collateral sanctions. However, the Commission determined that the question of coordinating criminal and other penalties was largely beyond its jurisdiction and control. The guidelines do permit courts to take collateral penalties into account in choosing the fine within the allowable guideline range, but that is really the extent of coordination of penalties under the guidelines.

Today we reopen the discussion, without taking a position on it at this point, but with a significantly broader view because coordination issues really go beyond the question of whether guideline penalties should better account for other sanctions. Coordination issues fundamentally include the question of whether the many enforcement tools and policies used by the federal government are in sync. I think that was the thrust of Senator Kennedy's remarks yesterday.

Exploring these issues this morning will be three distinguished speakers with distinct backgrounds: one from government, one from a large corporation, and one from academia.

Our first speaker is the Honorable Eleanor Hill. Since March 1995, Ms. Hill has served as the Inspector General of the Department of Defense. In this role, she oversees what might be considered the largest and best established government coordination policy: the Defense Department's Voluntary Disclosure Program. This program will be the focus of Ms. Hill's remarks this morning, and in keeping with our policy of trying to keep the train running on time, I'll refer you to the program book for a full description of Ms. Hill's most impressive bio. But let me say here that she has had a remarkable career in a relatively few number of years, spanning work in Congress, as a federal prosecutor, and a trial attorney.

Before calling on Ms. Hill, I should note that due to the press of other obligations, she is going to have to leave following her remarks. However, we are pleased to have Bruce Drucker here to answer questions that you may have in the wake of Ms. Hill's remarks. Bruce is the Deputy Assistant Inspector General for Criminal Investigative Policy and Oversight, and I guess in practical terms, Ms. Hill's point person for the voluntary disclosure program.

On that note, it is my very great privilege to introduce the Honorable Eleanor Hill.

MS. HILL: Good morning, and thank you for the opportunity to be with you here today. I am particularly pleased to be even a small part of the efforts of the Sentencing Commission to work with you on the very important issue of corporate crime in America. As Win mentioned, I have been Inspector General at the Department of Defense for only about six months now, so I am still relatively new in dealing with the Defense Department's voluntary disclosure program. However, in my prior life, both as a federal prosecutor and as a staff member in the U.S. Senate for almost 15 years working a lot on crime issues and law enforcement issues, I can tell you that I am very familiar with the issues you are looking at - corporate crime, the issue of compliance, corporate good citizenship.

In fact, in the Senate I can remember - only too well, perhaps - the many long hours of work that went into drafting and negotiating the final passage of the legislation that gave birth to the Sentencing Commission. I can tell you that many people worked very, very hard to get that legislation passed and to get it done in what they felt was the best way. So I am particularly pleased, and it is very reassuring to me, to be here many years later and see that the Commission is not only a leader in reforming the sentencing process, but is also working very hard with the private sector in forums such as these on other issues, including corporate compliance and corporate good citizenship.

I have been asked this morning to talk about the voluntary disclosure program in the context of the concept of the good citizen corporation, which I understand is the subject of this forum, as well as the need for improved corporate accountability. Both of those concepts, I believe, necessarily imply developing an increased sensitivity to what is and what is not appropriate behavior in the corporate arena. That task is never easy, often thankless, but nevertheless always critically important.

In the rush to compete and to achieve, our society's focus on ethics has too often been too little and too late. General Omar Bradley once commented, "The world has achieved brilliance without conscience. Ours is a world of nuclear giants and ethical infants."

The Department of Defense voluntary disclosure program in my view is our effort to energize an active corporate conscience of sorts in the defense industry. Discussing the voluntary disclosure program could, indeed, be a topic for an entire day's seminar by itself. Fortunately for you and for me, the schedule this morning doesn't permit us to do that.

Briefly, I am going to try to give you some idea about the program's genesis, about the processes under which it operates, and our best estimates as to its effectiveness and what our experience indicates it tells us about contractor efforts at self-governance in the defense industry.

In the early and mid-1980s, both the defense industry and the government faced an important, serious dilemma. There was a need to responsibly address reports of widespread fraud in defense contracting. The media had widely publicized cases of investigations of defense contractors for such offenses as cost mischarging, defective products, false statements, and false certifications. At the same time, the government and the industry needed to maintain a stable, cooperative, and productive relationship. The challenge for both was to do this while, in an oftentimes adversarial process, closely scrutinizing and investigating allegations of fraud in the industry. And that is not an easy task because there are natural tensions, obviously, when you get into the investigative mode.

During the same time period, the Department of Defense realized the need for a better and a more coordinated approach to fraud investigations, an approach that balanced in the most productive way possible all the available remedies - criminal, civil, administrative, and contractual.

The department to do this created something called the coordination of remedies program to ensure that all of those remedies were considered in a balanced and timely fashion. The approach encouraged the exchange of information between independent remedies authorities while attempting to also ensure that an action by one entity would not adversely affect the ability of another to use other available actions. As a result, the number of indictments, convictions, monetary recoveries, suspensions, and debarments all rose dramatically. Unfortunately, although this was beneficial to the government in one sense, it also inevitably increased tensions in the industry between the industry and the government.

Recognizing the need for a new approach, President Reagan created the Blue Ribbon Commission on Defense Management, commonly referred to as the Packard Commission after its Chairman, David Packard. The Commission, among other things, was established to find better ways to manage the business relationship between industry and government. The Commission's report, which was issued in 1986, recommended, among many other significant things, that contractors establish ways to implement stronger industry-wide principles of accountability. Even more specifically, the Commission report recommended that contractors disclose to the government irregularities that they discover in the course of their own accountability procedures.

The Commission recommended that the Defense Department also implement its own program, with appropriate incentives to encourage contractors to, in fact, voluntarily disclose this type of information to the government. To their credit, the major defense contractors acted almost immediately upon receipt of the Packard recommendations. The Defense Industry Initiative for Business Ethics and Conduct was established, and along with it there was an adoption of principles which, in fact, endorsed aggressive self-governance in industry and voluntary disclosure of violations of federal criminal and civil procurement laws.

The Department of Defense, not to be outdone, also reacted, both in response to the Commission's report and to the disclosure of some 14 matters by contractors to the department. Deputy Secretary of Defense Taft signed a memorandum in July of 1986, not only encouraging contractors to make disclosures to the Defense Department, but also establishing the procedures that were to become the voluntary disclosure program.

The program continues to operate today, with both my office and the department's senior management strongly committed to its success. It provides a formal framework in which self-governance efforts by contractors interface with government compliance and remedies programs in the department. It is not a means for excusing contractors for improprieties or illegalities; rather, the program encourages contractors to demonstrate to their employees their commitment to ethical business practices by helping the government to hold individuals accountable for improprieties.

Under the program, matters of potential criminal or civil fraud relating to the contractual relationship between the department and the industry can be brought to the Inspector General at the department by a contractor. Matters of administrative oversight, for instance, accounting issues, costing, pricing, et cetera, which do not involve any knowledge or intent to defraud, are brought instead to the administrative contracting officer or to the Defense Contract Audit Agency.

I want to take just a minute to discuss what the program does and does not do. First, the voluntary disclosure program is not an amnesty program. Action can be taken against corporations as well as individuals that are involved in matters that have been disclosed. On the other hand, good-faith cooperation and disclosure by the contractor is certainly considered favorably by the government in determining what action should be taken.

In reality, the program rests on three premises. First, that the department would be hard pressed if it found that it could no longer do business with a large number of its largest contractors, and, in fact, in the worst-case situation that could happen, particularly in an instance where a contractor, a large defense contractor, had a second or third conviction. Once beyond the first conviction, it gets harder to escape the possibility that that contractor might, in fact, be suspended or debarred, and thus end, at least for a time, the relationship with the department.

The second premise is that the department must make every effort to eliminate the perception - particularly the public perception, which was at a height probably in the mid-1980s - of the defense programs and industry as inefficient and corrupt. That certainly does not help the industry, and it does not help the Department of Defense in its justification of its programs to the Congress and to the President.

Third, a contractor is better off reporting problems rather than running the consequences of independent detection by the government, and I will tell you a little bit about what we do in the program to support that conclusion.

The program offers contractors several advantages: one, expedited investigation and audit of a matter; two, early identification of the DOD component which is designated to make suspension and debarment decisions in the matter. This, of course, serves to facilitate contractor communications from the outset regarding possible remedial actions by the government. And, three, an agreement that the Department of Defense will advise the Justice Department of the nature of the disclosure, the extent of the contractor's cooperation, and the types of corrective action that have been taken by the contractor. This last item is perhaps the most attractive to industry.

A corollary of probably equal benefit to the industry is the nature of the Justice Department process for handling voluntary disclosures under the program. It is not the usual prosecution and investigative process which is carried out in most cases that are not handled under the program.

In effect, the Justice Department has removed the uncertainties and the inconsistencies that would otherwise be inherent in the possible exposure to any number of different United States Attorney's offices in the country by identifying the Defense Procurement Fraud Unit in the Department of Justice as the central point for the Criminal Division in addressing the criminal aspects of these cases. So, in other words, there is one unit in the department that handles all the decisions on those cases as opposed to being handled by individual different prosecutors with different impressions in the field, so to speak.

While the program certainly offers advantages to contractors, on the other hand it also requires that contractors do certain things. First, to gain the benefits of the program, a contractor must make a disclosure of a matter voluntarily and not because of a belief or a knowledge that the facts of the case have been known or are about to be discovered by the government. Prior government knowledge of the facts does not necessarily preclude acceptance into the program as long as there is no evidence that the contractor knew of the government's involvement. In other words, obviously a contractor who is doing something wrong and realizes that the government or someone is about to find out about this cannot head it off, so to speak, by then going to the voluntary disclosure program. Good-faith cooperation is always viewed more favorably than its absence. We, along with the Justice Department, will evaluate a contractor's cooperation in any matter in determining the nature and degree of remedies appropriate for the case.

Two, the disclosure must be made on behalf of the business entity and not be made as admissions by individuals, officers, or employees. In other words, the corporation, the entity itself, must make the disclosure, not the individual.

Third, appropriate action, including appropriate corrective and disciplinary action, as well as restitution to the government, must be taken by the contractor. So, in other words, the contractor must do something to correct the problem. Also, it is not a strict requirement, but in many of our cases, the contractors themselves will actually conduct their own investigation of the allegations. Sometimes that's done before they bring the matter to the department because they obviously want to verify it, and sometimes they, in addition, follow up with a more detailed investigation after that, which we then review and can supplement if we feel it needs to be supplemented as we are reviewing the whole issue at the department.

And, fourth, the contractor must agree to cooperate in any ensuing audit or investigation. As with any new and innovative approach, the implementation of the voluntary disclosure program has not been without its problems. I believe participating contractors and the government have been able to mutually address many of the major problems that have arisen to date and hopefully will continue to do so in the future. I have to admit that I read with interest the outline that was prepared for Bill Lytton's remarks next here this morning. As I understand it, he is going to speak to you about the need for greater coordination, particularly his thoughts on inconsistent government policies in the areas of voluntary disclosure, qui tam suits, and hotlines, et cetera.

I have to confess that I smiled broadly when I read, as one of his lessons learned, that "There is no grand government strategy." I can tell you, having worked for many years both in the executive branch and probably even more pointedly in the legislative branch, in the Senate, that he is absolutely right. There is none.

The diversity and the sheer size of this government, which I believe reflects to a large degree the diversity and the size of this country, makes it, in my view, extremely unlikely, if not impossible, that we will ever have any comprehensive "grand strategy" of sorts in the U.S. Government.

That's not to say we haven't tried. Certainly parts of the government have tried. For example, I can remember working very hard to try to get legislation to come up with a grand strategy, so to speak, in the anti-drug area when the drug problem was at its height. And we worked on that for years and got some legislation, and I am not convinced we still have a grand strategy, but we have tried it in areas, and no doubt we will continue to keep trying. But it is, in my view, a very difficult goal, and it is a goal that is difficult because of the nature of this government and the nature of this country. It is a diverse government; it is a huge government that does many, many different things, and trying to perfectly coordinate it all into one single strategy is an admirable goal, but I'm not sure it's a realistic one.

The good or, at least I should say, the encouraging news is that at least in the Department of Defense, which in and of itself I can tell you is a huge organization and a diverse one, we have made real progress in getting closer coordination, if not a grand strategy, among the players involved in potential remedies, sanctions, or other responses to voluntary disclosure cases. Moreover, we try to coordinate with the Justice Department and with other known government players who may have an interest in these kinds of matters. The trick, of course, is knowing who the players are early on and coordinating and talking to them early on.

It is important to note that particularly where criminal activity is alleged, our coordination, as good as it is with the Justice Department, does not and cannot mean that we control their final decision on the matter, which is, of course, made independently of our office. So there are limitations even on how much we can coordinate, obviously, in certain areas.

In short, we have not solved all of the problems that Mr. Lytton is going to point out to you and that I think we recognize exist in the area of inconsistent policies and lack of coordination. But we certainly are aware of them, and we are working on them, and we will continue to work on them.

In any event, we do believe that the voluntary disclosure program has been successful and beneficial to both the government and the contractor community in providing a mechanism for addressing problems identified in self-governance programs. A few statistics demonstrate the extent to which the program has accomplished its purpose.

As of the quarter ended June 30, 1995, there have been 344 disclosures made to the Inspector General's Office, of which only 27 have been denied admission into the program for any number of reasons. Of the remaining 317 disclosures, 131 have been completed and closed, ten are in preliminary processing, 17 in the preliminary stages of acceptance, and 159 are actively being pursued for resolution.

A total of 145 corporations, including, I might point out, 48 of the top 100 contractors, have made the 344 disclosures. The program has resulted in a return to the government of approximately $297 million. There have been three corporate and 54 individual convictions as a result of the program, and only two contractors - two - have been suspended or debarred as a result of their disclosures. And I might add that the convictions of the corporations and the two that were suspended or debarred were cases where there were, in fact, aggravating circumstances that, in the minds of those making those decisions, justified those sanctions. But that clearly has not been the usual scenario once the disclosure is made in good faith and there had been good-faith cooperation.

Those results and the program's success have not gone unnoticed in other parts of government. The Department of Justice has issued prosecutive guidelines regarding voluntary disclosure in the area of environmental crime and a corporate immunity program for voluntary disclosures in antitrust cases. Recently, the Department of Health and Human Services, confronted by growing public concern and congressional concern over the problem of health care fraud, has announced the establishment of a pilot program for voluntary disclosure in that area.

Finally, my office has been approached by several other executive branch agencies who are considering developing similar programs in their particular areas of concern. And my own view is that with the probable or very likely ongoing reduction and downsizing of government resources over the next several years, it is very likely that you will see an increased interest in many parts of government in enacting and establishing voluntary disclosure programs, because as the government's resources lessen in the areas of audits and oversights and investigations, clearly programs like this that allow industry to help the government take a short-cut on some of these investigations by coming forward voluntarily. That is seen as a help to the government in the way of resources. So I think you are going to see more of this, and we continue to work with the other agencies, including HHS and those that are starting up, to give them the benefit of what we have done in the area of defense.

In sum, at least in the area of government contracting - and I recognize that your interest goes beyond just government contracting - voluntary disclosure programs do help to ensure not only fair and balanced government oversight, but also reliable contractor internal controls. Their goals should rightly be to make government oversight more effective and more efficient, not necessarily to eliminate, reduce, or downgrade such oversight. If these programs succeed, we all, both industry and government, stand to benefit.

On a broader scale, the success of our voluntary disclosure program demonstrates that the concept which you are looking at this morning, the concept of good corporate citizenship, is in my view, alive and well and hopefully growing in corporate America. It shows that good can come from government and industry working together to ensure accountability and ethical conduct in business as well as in government.

I see my time has just about elapsed, so I want to thank you again for the opportunity to be with you, at least for a few minutes here this morning, and just close with the thought that I hope that our experience in the Department of Defense - and we do have some in this area - can at least be of some help to you in working to develop many, many more "good citizen corporations" across the country in all of your areas. Thank you very much.



MR. SWENSON: Our next speaker, Bill Lytton, is one of those people who makes you wish you wrote your Rolodex in pencil. He began his career as a prosecutor and more recently, in 1989, he became the General Counsel of G.E. Aerospace and served in that capacity until G.E. Aerospace merged with Martin Marietta.

At the new Martin Marietta, he served as Vice President and Associate General Counsel until Martin Marietta's merger with Lockheed in March. In the new Lockheed Martin Corporation, Bill is a Vice President and General Counsel of Lockheed Martin Electronics.

Over the last few years I have heard Bill Lytton talk on a range of topics and always very impressively. His theme for today is something I can recall chatting with him about probably at a DII best practices forum a couple of years ago, and I think you will find that, despite his naturally shy demeanor, he has a lot to say. Bill Lytton.

MR. LYTTON: Thank you for the introduction, Win. I will remember that. I should start off with a disclaimer that my comments today are personal, based upon my personal experience. They do not necessarily represent the views of my corporation, whatever the name of it is today.

We have done a couple of things as a result of all the mergers. Number one, I don't order business cards in groups of more than five, and number two, those are now coming out in slate and chalk so that we can keep up to date.

I have been asked to address a provocative subject and to be provocative in doing it to give the perspective of the big corporation - not the big house, I might add, for those of you who are old 1930 movie buffs.

I want to talk about the guidelines. I think they have been a catalyst for organizations in many areas. They have forced a lot of us to re-examine the commitment we have to lawful and ethical behavior, and they have also helped us establish or modify policies and procedures that ensure compliance with legal and ethical standards. And in that regard, I believe the guidelines have had a salutary effect.

I also want to congratulate the Sentencing Commission for sponsoring this public forum and for being open to comments and criticism. It is not a group that has declared victory and gone home; rather, it is a group that has tried to critically examine what they are doing and see what changes might be made. And continuous improvement itself, I think, is somewhat unusual in the government.

Perspective is important. I saw a sign on a marquis a couple of weeks ago that said, "We do not see things as they are. We see things as we are." Obviously we filter what we see through our own eyes. And so what we see is obviously influenced by where we sit, and the challenge we face is to try to see it from the point of view of others. And this type of candid - hopefully candid and hopefully understood to be that - discussion I think is only helpful.

As an optimist, I see the guidelines as a work in progress, one that will improve. As a lawyer, I, of course, admire anyone who has the ability to speak out of both sides of their mouth at once. But I stand in unabashed awe at the ability of the United States Government to promulgate so many different policies, practices, and procedures that are absolutely inconsistent, and to do it all simultaneously.

Let me give you a little bit of an overview. I start with the premise that the guidelines are government policy. They are a specific, integrated, and articulated government policy that rewards a certain type of organizational behavior and punishes other types. So seen in a vacuum, the choice of an organization is clear. You modify your behavior to conform to the guidelines.

Organizations, however, act through human beings who need to be trained and encouraged to conduct the affairs of the organization in a manner consistent with that organization's commitment to conform to the guidelines. To the degree that these human beings are given conflicting or confusing directions, the ability of the organization to achieve its goal of conforming to those guidelines will be jeopardized; and to the degree that the organization's ability to conform to the guidelines is jeopardized, the goal of achieving conformity to this government policy is likewise jeopardized.

The United States Government, through legislation and executive branch actions, has institutionalized other policies which, at best, cause confusion and, at worst, are inconsistent with the guidelines' policy. And this conflict and confusion, I think, may be one of the single most important impediments to the goal of achieving that underlying policy that we all, I think, support with the guidelines.

So organizations sometimes find themselves in a Catch-22 situation where their employees' actions necessarily put them and their organizations at risk because of other government policies. In these cases, both the organization and the government, it seems, suffer.

Now, if the government is serious in wanting to promote the public policy underlying the guidelines, it needs to understand these conflicting policies and to address them, and that's what I have been asked to help do today.

The guidelines talk about a number of things that are important, characteristics that can be mitigating factors if and when a corporation finds itself standing in front of a judge about to be sentenced after having been found guilty of federal criminal conduct.

One of them is internal reporting. The existence "of a reporting system whereby employees and other agents could report criminal conduct by others within the organization without fear of retribution" is an important goal of the organization. This plays into a second important mitigating criterion, voluntary disclosure - part of what Eleanor just addressed - where the organization discloses to the government something that went wrong in the organization, and the company is encouraged to fully cooperate in the investigation and to affirmatively accept responsibility for its criminal conduct.

Most companies, I believe, certainly the large ones - and God knows I've been with a lot of them the last two years - have embraced the guidelines, have worked hard to encourage its employees to self-report, to have trust in their companies, to provide for anonymous reporting, and otherwise to develop audit and other processes that will discover relevant information. Hotlines and ombudsmen are only the most visible and obvious of these efforts.

But there is some inherent resistance to this type of self-reporting process. For instance, some company lawyers that I have known in the past may have difficulty in confessing to a crime that may not have been discovered and, indeed, may not even have been committed. A second impediment may be it is not in human nature in America to be a "snitch," and we sometimes find a lot of difficulty with our employees in encouraging them to tell us if they observe a problem caused by a fellow worker. One only has to look at the most recent case of Archer, Daniels, Midland and the reports that have been in the Wall Street Journal about what has happened in that case and the reaction to the executive who reportedly was acting as an undercover agent, an informant for the government.

I note that a member of the Illinois Christ Lutheran Church said, "Why didn't he just quit? That's what I would have done. I'm not about to be a spy." And the co-owner of Nick's Auto Body said, "The fact that the Feds spy on the community frightens me. They're about as underhanded as anybody. And this guy's not an upright citizen, or he wouldn't be ratting on his boss." So obviously the guidelines' policy has not yet affected the culture of some religious and auto repair organizations.

To the degree that our employees do not report what they see or suspect, and thus deprive the company of the opportunity to make a voluntary disclosure and to cooperate, that may be seen under the guidelines as evidence of an ineffective corporate program and perhaps an inadequate corporate commitment to compliance and ethics. And I'm not sure that is necessarily the conclusion that one should come to.

One of my favorite topics: qui tam. The same Congress that set up the Sentencing Commission has also established the qui tam or whistleblower statute, which provides that someone who files an action alleging a fraud against the government may recover up to 30 percent of the ultimate recovery, which itself can be up to three times the amount of the loss to the government.

The qui tam laws are premised on a central and very powerful idea: greed. And if it's not greed, then why do we need all that money to make people do it?

Money is not normally required to make people do the honorable thing. The theory is that if enough money is offered, employees will turn in their own mothers or at least their own bosses. And added to this greed factor is this wonderful, powerful interest of lawyers who see their opportunity of getting one-third to one-half of the bounty hunter client's reward on top of their counsel fees. I used to be in private practice, and I know how attractive that is.

In the case of an ongoing fraud, the longer the qui tam relator waits to file his qui tam case, the more money the government stands to lose, and the more money he or she stands to gain. I think this highlights the fact that the statute's concentration is on making money for the relator and the lawyer and not on stopping fraud, waste, or abuse.

This lure of the big bucks is a powerful incentive for employees to seek out their local plaintiff's lawyer rather than their ombudsman when they see a problem in their corporation. These whistleblowers are then applauded, of course, as courageous people who have put the interest of the country above their own well-being. The media has a field day with it, and the client and the lawyer begin to consult financial and tax experts and advisors. You might even hear that their very lives were in danger. Spare me.

The motive behind these cases, I suggest, certainly a large number of them, is exactly what Congress has or should have anticipated, and that is greed. And there are other types of bounty hunter laws that are being adopted or proposed or considered, including in the environmental area. So a corporate employee has two choices when confronted with possible wrongdoing in his company: be a good and honorable employee and report it internally, or take the money and run.

The fact that employees don't take the greed route all of the time is, I think, a wonderful surprise, but when it happens to you and your company - and those of you who deal with the government will find it happen - it is not very pleasant.

When they file these types of cases, I think it is predictable; it is human nature. But when we are able to go to an ombudsman and then follow a voluntary disclosure route, that happens in spite of, not because of, the qui tam policy of the United States Government.

This is more than a theoretical issue. Consider the following hypothetical. A company auditor discovers that your company has overbilled the government by $1 million. If he does what he is supposed to do and reports it internally and allows the corporation to make a voluntary disclosure - I checked with Win on this because he's the expert on this stuff - he says the fine could be as low as $50,000. If the same auditor, however, instead of reporting it internally decides to call up the plaintiff's qui tam bar and lets it go on and then we don't get a chance to discover it because we thought that's what the auditor was doing - indeed, the auditor may even lie to us, or maybe he just resigns because he knows he's going to make a lot of money - then the corporation can be fined up to $1 million.

So even though the facts of the crime are exactly the same, the decision made by the auditor could affect the size of the fine by a factor of 20. Such an arbitrary and capricious result cannot be the result of a conscious, coordinated government policy.

I think that if we as a people in this government want to encourage the voluntarily disclosure of problems to the government, why not require that a prerequisite to filing a qui tam action by an employee is that he or she first has to go to the appropriate person, whether it's the CEO or the ombudsman, and tell them. And if the company doesn't do anything for 60 or 90 days, then you can file it.

Do you know what's going to happen if some employee comes to me and says, "I've got a problem and if you don't do something I'm going to file a qui tam?" I'm going to call up Bruce Drucker. And you're going to have more disclosure. What would happen? The plaintiff's bar would lose a lot of money, and the relators wouldn't get up to 30 percent of the money.

I think these are ideas that take greed out of the equation and that would enhance the underlying policy of the guidelines for voluntary disclosure. And such a policy and such a change would be perfectly consistent with the guidelines.

There is also a second government practice or policy that can be inconsistent, or at least cause confusion. Government agencies often encourage and sometimes require that posters be prominently displayed with a hotline for calling the government when an employee is aware of fraud. I think this is confusing. Their quite reasonable rationale for having it is that in some cases employees will not feel comfortable to report it internally. They may not have a system that would work, or maybe they're dealing with a company that is just a bunch of crooks. So I think there's a good reason for it. I don't deny that. And the other reason they would do it is they're not aware of the whistleblower statues and all the money they can make.

But when an employee does call the government hotline, once again a corporation is deprived of the opportunity to make a voluntary disclosure. I think what we have to do is at least realize that in such cases it is not presumptive evidence, if you will, that we had an ineffective policy. I think there needs to be some consideration that the government would give credit to a corporation for what would have happened if they had made a voluntary disclosure - if this guy had called the inside person rather than the outside person. And I think sometimes this does happen in the DOD IG's office. I think they are willing to do that. But as we expand throughout the government, I think you need to watch out for that because our employees are being encouraged not to call us. They are being encouraged to call lawyers or the government, and the policy of the guidelines says that if they don't call you, that is not good - it doesn't say something good about you.

The voluntary disclosure program that Eleanor talked about is, I think, one of the real success stories in the United States Government. I think the DOD IG's office and Bruce Drucker do a wonderful job, and a trust has built up over the years between industry and government in this, and that is why it has been so effective. But let me talk about the process of making the decision to make a voluntary disclosure.

It is rarely a clear-cut, easy decision. The reasons for making it are compelling from a corporate point of view. You significantly reduce, if not eliminate, your chance of being criminally prosecuted. And if you are prosecuted, at least under the guidelines your penalty will be less severe than if you hadn't. But the circumstances in which the decision is often made are difficult, stressful, and ambiguous.

When I was a federal prosecutor in Philadelphia, we had a bank robbery. It was a wonderful case. The bank robber is in line. He robs the bank. A beautiful 8-by-10 glossy photograph of the bank robber comes out of the surveillance camera. The dye pack explodes, and standing behind him in line is an FBI agent. This is all true.

The closing argument of the government prosecutor was: "Ladies and gentlemen, are you familiar with the expression 'caught redhanded?' This guy was caught redhanded. Thank you very much."

Now, that's a dead-bang case, and, by gosh, if that happens, you know what to do. But the reality is in corporations, when you are dealing with fraud instances or potential fraud instances, you rarely see it with that sort of clarity. And while you're trying to get the clarity, you must recognize that hesitation or delay may be fatal to your ability to get into the program and to get the benefits thereof.

Clausewitz, I think it was, somebody like that, talked about the fog of war, and that's what happens when you are sitting on the inside and somebody comes to you with a potential problem. In a defective pricing case, you don't need a primer on this, but it often turns on the intent of the individual. That is your typical white-collar case. There is no question as to what the person did. But did he or she intend to do something wrong? A conscientious, good-hearted internal investigator who believed in the presumption of innocence might look at that and conclude that the person did not intend to do something wrong.

That same investigator having gone to Bruce's school and having been trained with a little booklet they have - I believe it says "Think Fraud" - believes that the presumption of innocence is a nice thing for the books, but it does not really apply. (I think once when I was with Bruce, I asked for a show of hands from the agents. I said, "How many of you really believe in the presumption of innocence?" Not one hand went up.) The investigator might now conclude with the same facts that the guy intended to do something wrong.

So while you are sitting there trying to make these decisions, very difficult decisions, you recognize that the clock is running. If you make the decision too late, you may be out. If you make it too early, you may disclose actions that you later determine upon further investigation are not fraud. And while I think I can convince Bruce on that, when I end up at the DOJ, I have another problem because the Department of Justice Civil Division believes that a filing of a Voluntary Disclosure is the moral, if not the evidentiary, equivalent of a confession of fraud. And if you later go to them and say, "Well, it was all a mistake, we looked into it further and it is not fraud," that might be construed as lack of cooperation, backing off, failure to accept responsibility, et cetera, et cetera.

So I don't know how much of a counter-balance the risk of significant civil penalties - because the DOJ comes in talking trebles and maybe you can get them down to doubles of whatever the loss to the government is - may or may not be to make voluntary disclosures. I don't think it is for the larger companies, but I think that with smaller companies it may well be, and you should keep that in mind.

I understand there is going to be somebody later talking about the self-audit privilege and I think this is another example. One of the things that results from the guidelines is the effort to find out if you've got a problem. So we conduct internal audits and investigations, and we like to keep those things kind of secret - for a number of reasons, many of which are legitimate.

Just like you have the FBI not wanting raw FBI 302s to be out there, we don't want our investigative files to be out there. Why? Because there's another group of lawyers called the plaintiff's security firms. I used to be in one of those, and what they do is every morning they look in the Wall Street Journal, and companies whose stock went up or down find themselves in trouble. They file a class action suit. There's a number you call in Wilmington, and if you're the first one, you're the lead counsel and you get most of the money.

It's very well organized - talk about sentencing guidelines for organizations. There's one you ought to look into.

We would rather not show all of this stuff to the plaintiffs who are going to try and blackmail us to settle the case. I don't mind sharing it with the government so much. They're not my biggest concern. But when we assert a privilege, I think there is a knee-jerk reaction of the government to say: a privilege - lack of cooperation. I think the government should think more carefully about when it's going to challenge an assertion of the self-audit privilege, because the more you challenge it and the more there is no privilege, the less internal investigation there is going to be; the less internal investigation, the less things we find out.

Let me talk for a second about suspension and debarment. The government very rightly doesn't want to have companies working for them that are crooks. Let me give you an example, though, of what government are we talking about.

We had a case where one of our employees pled guilty when I was with G.E. He was actually an old RCA employee. He got sentenced, to I think, a year. The government prosecutor and the defense lawyer said, "That's too much. We really would like for this guy to get work release. He's not a bad guy. He's cooperating."

They came to us and said, "Will you put him in some sort of commercial job just so he doesn't work for the government anymore so we can go in on a joint Rule 35 motion for reduction of sentence to have him put on work release?" I did it. They went in. He got reduced.

Flash forward, I'm now in front of the government suspension and debarment authority a couple of months later, and they said, "Why is this guy still working for your company?" I said, "The government asked us to keep him employed." He said, "What government was that?"

I said, "It was the Department of Justice." They said, "That's not our government." And then he gave me an example. He said, "You know, we had a paraplegic we caught stealing two aspirin. We fired him." I said, "That's not my company."

The government is not a homogenous single organism. It is a hodgepodge of people who rarely share the same ideas or agendas. What are the lessons we can learn? First of all, you are listening to people who have been involved in the defense contracting community. So why is that relevant? Well, a couple of reasons. Number one, our past is your future. The government is coming after everybody. We just happened to go first. Environment, health insurance, safety, everything is coming under the gun. The cross hairs of the government are very tightly focused. They are coming.

The guidelines are in large part consistent with, and I in think some parts, even modeled after the DII guidelines. So we have lived under them for ten years, and, therefore, we might have some insights that help you.

What have we learned? Simple, yet profound. We've got dozens of departments and commissions, hundreds of agencies, hundreds of thousands of people. They're not singing from the same hymn book. They don't even know there are others in the choir. And when they do, they don't really care. So what you get isn't the complex harmony of a Mozart, but the cacophony of a construction site in downtown Chicago or New York City.

And as Eleanor stole my punch line, the reality is that there is no grand government strategy. The fiction we indulge in is that we have to act as if there were such a strategy. And therein lies the risk for companies and the challenge for government. Government could not only make the private sector's life a little easier if it tried to reconcile these discordant policies, but would probably be a lot more successful in helping us all achieve some fundamental and worthwhile goals that are embodied in the sentencing guidelines. If only we could all agree what those goals are. Thank you very much for your attention.


MR. SWENSON: Our next speaker is David Yellen. David is an associate professor of law at Hofstra University and, accordingly, represents a somewhat different perspective than our prior two speakers. But I think it would be wrong to assume that his is the perspective of an ivory tower because David has been a very active participant in policy issues, both in his prior life as an assistant counsel to the House Judiciary Committee and more recently, while at Hofstra, through a number of policy-oriented writings, including a very interesting law review piece on the coordination issues that he is going to talk about. David also served as an advisor to the Clinton transition team on some of these same issues. David Yellen.

MR. YELLEN: Thanks, Win. Several years ago, I was the reporter to a special ABA committee that was set up to study the collateral consequences of organizational convictions, and we came to some conclusions that are not very surprising to anyone in this room, and certainly not after hearing Eleanor and particularly Bill. We found that there is a panoply of overlapping, sometimes inconsistent, unpredictably enforced civil and criminal sanctions that are available when an organization, a corporation, has committed some kind of misconduct. There really isn't a great deal of coordination between the different parts of the government. Despite what Bill said, I still think of it as one government, but there isn't a lot of coordination. And the sources of that lack of coordination are pretty straightforward as well.

First of all, you have Congress, which is not well-coordinated just on its own. Congress has become increasingly in love with criminal penalties in the last 10, 20 years. I guess de Tocqueville wrote many years ago that, in America, all issues of public concern wind up being matters for law and courts. Nowadays you can modify that to say that virtually all issues of public importance wind up being matters of criminal law. And Congress has gone way too far in criminalizing conduct that probably could be better handled civilly. When something is a crime already, Congress loves to just pile on additional penalties. And when that isn't enough, Congress loves to pile on mandatory sentencing laws.

I don't want to give them any ideas, but in some ways it's surprising that there hasn't been an effort to come up with some kind of mandatory minimum sentencing laws for white-collar and organizational crime as well as drug crime, where it principally resides. And then you add to that - so that's the Congress side. And then, of course, the agencies, we've heard a lot about the way, just how difficult it is for an enormous agency like the Department of Defense to coordinate its own efforts to enforce the various laws, let alone to expect any reasonable amount of cooperation and coordination across agencies.

One thing that did concern me about what Eleanor Hill said was in terms of an earlier effort where all the different parts of the Department of Defense that had responsibility for criminal and civil - all the different sorts of enforcement - when they did start talking a lot more, if I heard her right, she said that the great result was that every single type of enforcement action went up and there was more recovery of every kind. To me, that's not necessarily the goal of an effective coordination policy. It may be that you want less of one kind, more of another, more focus, more principles underlying what exactly the government is going to do.

So our conclusion was that there were problems with the lack of coordination from Congress and from the agencies and that more coordination was necessary. In particular, we focused on punitive sanctions. Obviously, criminal sanctions are punitive, and a great many sanctions that are denominated as civil are, nonetheless, punitive. And after the Halper decision from the Supreme Court a few years ago, it is necessary for courts to think about whether sanctions labeled as civil are, in fact, punitive to avoid double jeopardy problems.

In addition, we thought that theories of punishment that I will talk about a little bit also called for greater coordination in the sanctioning of corporations, and we called upon the government in general to start thinking more carefully about those issues. I don't think a lot has really come of that in the intervening years. As Win mentioned, I did a little bit of work advising the Clinton transition team on white-collar crime enforcement policies, and I talked a lot to them about this kind of coordination issue, these issues, and I haven't seen a lot of evidence of any real change in that area.

Also, I think the Sentencing Commission, which ought to play a central role, being a smaller, more well organized entity than something as sprawling as, say, the Department of Defense, the Sentencing Commission can play a crucial role in encouraging greater coordination of sanctions. And I think this is one area, although they have done a tremendously admirable job in many respects with the organizational guidelines, I think they missed an opportunity here. In one of the earlier drafts before the final guidelines that were promulgated, there was a provision that authorized judges to consider when imposing a criminal fine on an organization whether there had been or were likely to be punitive civil fines imposed; and if so, to have some kind of offset. And without any real explanation, that provision was dropped from the final guidelines that went into effort. So I think there is more the Commission can do as well.

I am not going to try and solve these problems, the broad, massive problems of coordination of all the government's enforcement efforts today. I really want to talk about compliance programs and address the question of whether our treatment of compliance programs can have a positive effect in encouraging the government in all its forms to engage in more coordinated sanctioning activity.

Before getting to that precisely, let me start with some fundamental questions about compliance programs that have been addressed only slightly in this conference. We all assume that it is good and proper for the Sentencing Commission in the organizational guidelines to give a very serious reward to companies that have had an effective program in place. Why is that? Why is it that we think it is right to do that - because what we are really doing is rewarding failed efforts at compliance. That may be a little bit unfair to say. If a compliance program reduces dramatically the amount of crime committed by its employees overall it's not a failure. But we are not talking about rewarding corporations for the crimes that weren't committed. Rather, we are talking about rewarding them when a crime has been committed and reported and investigated and prosecuted.

So why should we do that? You might say that individuals don't get an opportunity to stand up there and say to a judge, look, Judge, I really tried hard to not break the law, I wrote myself notes every day, I talked to my spouse, and I just couldn't stop myself.

Individuals don't get to do that, so why do organizations get to do that? And we could also say a little more seriously, why shouldn't effective compliance programs be their own reward? In other words, if companies can come up with truly effective compliance programs, truly effective means they're going to significantly reduce the misconduct by their employees. Why shouldn't we let the marketplace work and say, you know, let that be your own benefit, that you have less exposure to government enforcement actions, as well as the psychological benefit of feeling like you are doing the right thing.

Well, I think that at least as far as criminal liability for organizations goes, that is not the right answer. I think that is the wrong approach, for a couple of reasons. And to answer that, we have to first consider the two main rationales for criminalizing corporate misconduct. I do not want to sound too much like the ivory tower law school professor that Win, thankfully, said I am not, but a little background on the elementary purposes of criminal punishment is appropriate here. The main ones that are applicable to organizations are deterrence and retribution. Deterrence obviously plays a major role in punishing corporate misconduct. We punish companies so they won't do it again and so other companies will learn the lessons and they won't do the same kind of things.

Retribution ought to, in theory at least, have a much lesser role in sanctioning organizational misconduct. A company is not a person. As Professor Coffee from Columbia wrote a long time ago, citing an old case, it doesn't have a body to be kicked or a soul to be damned, so why do we think about punishing organizations for punishment's sake?

But I think clearly in modern times, with the attention that has been paid to corporate misconduct, people think about a need to punish companies that have done wrong, whether it is Exxon with the oil spill or lots of other situations as well. So these twin aims of the criminal law are really in force in how we deal with corporate misconduct.

So let's consider briefly the relationship between these goals and compliance programs. First, deterrence and compliance programs. As I mentioned, we might want to say, we could think about saying that good programs will be their own reward, and why should we give any additional benefit to companies that have put in place a program but the program hasn't worked on this occasion? That argument would have one benefit, I think, which would be to make companies focus exclusively on programs that really work and not at all on a real problem, which is programs that look good whether or not they really are going to have the kind of effect that we hope they do.

On the criminal side, though, this is inadequate. That deterrence argument that economists might make I think would not work, and that is because of a couple of things. First of all, how infrequent corporate prosecutions are. We have heard a lot of talk about - you saw a chart earlier today before the guidelines and under the guidelines. There are just a couple of hundred convictions a year in federal court of organizations. So if you were a rational corporate executive trying to decide simply in terms of your criminal liability, despite what the sentencing guidelines offer you for having an effective compliance program, you might, especially if you are a large corporation who has a very small chance of being prosecuted criminally, you might decide it is just not worth the effort and the money. It is very unlikely we are going to ever be prosecuted for a crime, and it is just cheaper in the long run not to bother with a compliance program under those circumstances.

Well, we as a society really want to encourage the kinds of efforts at compliance that we have heard a lot about here in the last two days. So I think it is entirely appropriate that, even despite what cost/benefit analysis might say, we come up with a way to strongly encourage companies to make serious efforts at compliance with the law.

We could do that in two ways. One way would be to increase the frequency of criminal prosecution or to increase the severity of the sanctions that are imposed when companies are prosecuted and convicted. The other way to do it would be to reward good efforts at compliance. From a deterrence standpoint, it really doesn't matter which way you go. Either way could conceivably have the same kind of effect. And that's where retribution comes in. You know, to put it in terms of the title of this conference, why should we choose carrots over sticks? And I think the answer is because we and government law enforcers believe that companies that have made a strong good-faith effort at complying with the law are less culpable than companies that haven't done that, and they ought to, in a sense of justice and fairness, receive a reward for their compliance programs.

Now, that is somewhat at odds with the respondeat superior principle which says that a corporation can be criminally liable for the acts of any of their employees within the scope of their employment. So we're saying you can be prosecuted for anything any of your employees do, but we are not going to do it when you have taken steps to comply with the law. The respondeat superior principle is very troublesome to those of us who believe that the criminal law ought to be used when necessary but no more than necessary. And, in fact, I think the Sentencing Commission has stumbled across - I am not sure this was completely what they had in mind - but they have come to a really good middle ground between the respondeat superior principle that prevails in federal court and the position urged by the Model Penal Code, on the other hand, which is that companies can only be criminally liable when there is high managerial involvement.

In fact, I think it could be argued that the Sentencing Commission should have gone further. If they really believe in their principles, as I am sure they do, they could have gone further and said, for example, that a company that has a truly effective compliance program, maybe they should receive no fine whatsoever, no criminal fine at least. And, similarly, the courts - there was a Rutgers Law Review article written recently by two New Jersey lawyers - I am sorry I cannot remember their names at the moment. It was a very good article, and they argued that there ought to be a criminal defense based on an effective compliance program. And I personally am very sympathetic to that. So I think the role of compliance programs in criminal prosecutions should, in fact, be even greater than it is today.

The more difficult question is: what should the role of compliance programs be in affecting punitive civil sanctions? It is always hard to define what component of a civil sanction is, in fact, punitive, but we have an obligation to try and do that already under Halper. My own view is that an effective compliance program should not result in no punitive civil sanctions being imposed. I think both the deterrence arguments and the retributive arguments are different when you are talking about non-criminal prosecutions. But I think they ought to have a serious effect on reducing the company's exposure.

What we would wind up with, then, is great benefit criminally if you have an effective compliance program, a good but lesser benefit in terms of punitive civil sanctions, and probably no real benefit in terms of purely remedial civil sanctions.

One of the benefits of this approach, I believe, would be to steer government regulators further towards punitive civil sanctions as opposed to criminal prosecution because they would not be faced with the likelihood of getting no fine for a company that had a truly effective compliance program. And I think that would be a good result for the reasons that I stated about the over-extension of the criminal law.

Now, how should this come about? I think, again, there ought to be a role for Congress to play in this in not simply passing a hodgepodge of laws, whatever seems to be a concern at the moment, and pile on some sanctions; rather, Congress ought to do a better job of thinking about what their goals are in having various kinds of sanctions. I am not too optimistic about that, having worked in Congress, even less so today than when I worked there eight or nine years ago. The agencies themselves have an obligation to do their best, and some agencies are really working hard at this, at least internally within their own structure. But, again, as we heard from Eleanor Hill, with a vast government bureaucracy across many agencies, that is very hard to do. But there needs to be more effort.

Again, the Sentencing Commission should really take the lead, as they are trying to do with this kind of conference, to define what is an effective compliance program, to talk about what ought to be the effect not just in criminal cases but on the civil side as well of a truly effective compliance program.

My hope is that if that effort comes out of this conference and the other things the Sentencing Commission is doing, we might begin to see the way out of the lack of coordination mess that you have heard about from this panel. If we can come up with a better way to coordinate the effect on various sanctions of an effective compliance program, that will have the effect not only of encouraging better efforts, more productive efforts at companies complying with the law, but maybe the government regulators and Congress and the Sentencing Commission can learn more about ways to come up with broader standards of coordination on all of the issues that we have been talking about today. Thank you.


MR. SWENSON: Thanks to our whole panel. I must say I think those were very provocative and helpful comments. We do have a number of questions from the audience. Let me ask one to Bruce Drucker first.

The question is: could you respond to Bill Lytton's suggestion about requiring whistleblowers to go to the company's ombudsman - let's just say not necessarily the ombudsman, but to the company - before filing a qui tam suit? And we had a second question which maybe Bill can keep in mind, and, Bruce, you might want to respond to it as well, which asked about a company policy and whether this might be enforceable, that would require employees to go to a company hotline 60 to 90 days prior to going to the government to file a qui tam action. Did I get the waters too muddy?

MR. DRUCKER: No, that's all right. I think I'm there. With respect to Bill's comments about a requirement for a corporate employee to notify the company, actually there have been similar proposals put forward with respect to whether government employees could be qui tam relators or not because there was a similar problem within the government. I believe in both instances that the opportunity to advise, in the case of a government employee, the appropriate officials in the government and, with respect to corporate America, advising the corporation of the problem would be, in fact, an appropriate means. I think it is entirely consistent with the intent of the qui tam statute. It would provide no bar to the employee or additional counsel ultimately making the government aware of the issue. This gives both the government and the company the opportunity to approach it in a voluntary disclosure mode, a less adversarial mode, if you will. And I think both interests are served.

The qui tam statute was created at a time when there was not sufficient government investigative and prosecutive resources to find all these things, so its concept was to get the public to participate on behalf of the government. Well, now we do have far more resources, and there is a relationship, a framework within which we can operate. So I think it would be a positive step.

MR. SWENSON: Bill, do you have anything you want to add to that? It sounds like you have worked out a deal.

MR. LYTTON: I am glad that Bruce has finally seen the light. No, I don't have anything to add. I don't see why we don't do it.

MR. SWENSON: Why don't we do it?

MR. LYTTON: Well - you want me to get political here - because there's a very powerful senator who thinks it is a great idea. There is a very powerful group of lawyers who bring these types of actions who make a fortune off of it, who have done a very effective job of lobbying, and because the media loves whistleblowers. And any effort that is perceived to be something that would reduce the ability of whistleblowers to blow the whistle - which I don't think this would be - gets jumped on.

So we are swimming upstream because whistleblowers get a lot of attention. And when you really get down to the nitty-gritty and try and deal with reality, a lot of people just don't want to hear it.

MR. SWENSON: I think bringing the political dimension into this is pretty useful. David, you spent some time as a congressional staffer and have seen this up close. Do you have some perspectives on this narrow issue but also more generally?

MR. YELLEN: Well, actually, I want to ask Bill a question. I haven't talked to a lot of people who have filed qui tam actions, but I assume it is a pretty hard step for an employee to take. I mean, you are hoping that you are going to make enough money to buy a house in the islands and retire, but you are taking some real risks in doing that in terms of your employment with your company.

What if it turns out that your claim is wrong and you get nothing? What is your future like at that company? So I think it is probably a pretty hard choice.

I wonder, have any companies - or is there any legal reason they can't do this - have any companies tried to offer financial incentives to employees to report things internally rather than going the lawsuit route? Assuming that Congress is not going to do what you want, why don't companies take some steps to try and encourage it?

MR. LYTTON: Two things. When I was with G.E. Aerospace, I proposed that we have a compliance award that we give out to people who had done exemplary things, not that they had necessarily turned in people, because there is a political problem internally if you are going to offer a bounty if you turn in your buddy. But I was trying to make it as pure as possible. I said, "Let's give awards to people who are exemplary, who come up with new processes, or who reduce the emissions or something like that." I talked about this at several of our plants. I did this in Camden, New Jersey. And the leader of the union there was outraged that I would suggest that we reward people for doing what they should be doing anyway. So that was a very interesting reaction that we had.

On the other hand, we did institute a type of program like that, and I will tell you an example. We gave a plaque to an employee down in Daytona, Florida, for having done something positive, and I sat with her at the lunch table when the award was given out. She was very proud. And I said I would visit her when I was next down at Daytona, which I did. And I went to her work spot, and her plaque wasn't there. And I said, "Where's your plaque?" She said, "I took it to my church." And the impact that that had had on her and how proud she was really something.

So I think you can do things to encourage employees to do the right thing, but remember - and to your point about whether a compliance program is successful or a failure. We are asking companies and organizations to do that which the family, the churches, and the society have failed to do. We want to have a zero defects society in our organizations, and we don't have it. And the fact that we have one or two or 15 or 50 employees who violate the law is not remarkable. Indeed, I did some studies once that showed that if you were a Department of Defense civilian employee, you were up to 20 times more likely to violate the fraud statutes than if you were a General Electric employee, based upon people who had been tried and convicted. It does not say that DOD is a bad group. It does not say that G.E. is a bad group. But I think we need to view this all in a larger perspective.

MR. SWENSON: I think it is the case that there is a lot of interest in whistleblower incentives on the Hill. I guess there is one particular senator who has been a prime sponsor of the qui tam actions, but there also have been bills introduced more recently to expand the bounty concept. We have a couple of questions about qui tam and those kinds of laws.

If I can sort of merge them together, one of them really just says that these statutes have done very nicely in terms of recovering dollars that would otherwise not have been recovered.

And a second question asks your thoughts on real, actual, not hypothetical cases in which an employee or agent of a company charged with undertaking compliance didn't first go to the company. I guess the suggestion of the question is there have been a number of cases where somebody did go to the company first, didn't get a response, and that that's the more typical example. Is your understanding different?

MR. LYTTON: The first question you asked was, you know, these have produced results that would not have otherwise occurred. Yes, I think that is right, maybe, but we don't know. But my proposal, I think, would produce as much or more.

It is really not my proposal, by the way. I didn't think of this. As Bruce mentioned, there have been many suggestions on this. I have plagiarized this, as I do most good ideas that I have.

If you want real-life examples of where people have filed qui tam where they did not go to the company first, the famous G.E. aircraft engines case involving Israel and General Remi Dotan I think is a perfect example of where an individual by the name, I believe, of Chester Walsh observed the fraud against G.E. and the United States Government and against the Government of Israel, did not go to his company because he said he was afraid of being killed - Jack Welsh is a well-known gunslinger - and instead went to a plaintiff's qui tam lawyer, and they watched the case grow, I think from a $12 million to $40 million fraud during the couple of years that they sat on it, and they only filed a qui tam when Remi Dotan was arrested in Israel, and they immediately filed the lawsuit. So that's one example. I think there are any number of examples.

Now, where an employee comes to us - and this has happened to me - you get a letter that says Joe Blow's a crook, and he's ripping off the government, and you better do something about it or else I will.

Well, I've got to figure out who is Joe Blow, where does he work. Now, in this company, I have 170,000 employees. When I was with G.E., I had 240,000 or something like that. Who is this guy? Does he have anything to do with the government? And now I've got to investigate it. When I was a federal prosecutor, you know, the FBI has the luxury of investigating these things for three, four, five years sometimes. I've got a couple of days, and if I don't do something immediately, I may be in jeopardy.

So what I typically do is I call Bruce Drucker, and I say, "Bruce, I don't know what I've got here, but I'm letting you know that I've got this, and if it turns out to be something, I'll be back to you." And as I say, DOD IG works great. Whether that's going to work with other agencies like that, I don't know. But I think there are certainly examples - and I think the Dotan case is perhaps the best example that I know of - where a qui tam relator went to his lawyer rather than to his company. The damage escalated geometrically, and he made a lot of money. So did the lawyer, by the way.

MR. SWENSON: Bill, you made the point in your direct remarks that when companies voluntarily disclose to the Defense Department, part of the final resolution of the case - assuming that they don't fall into that statistical anomaly of actually getting criminally prosecuted or suspended, very few cases there - but they still may end up paying substantial double or treble damages under the False Claims Act.

Bruce, do you think there should be more accommodation for sorting out the good citizen corporations among the voluntary disclosures - for example, companies that have committed to strong compliance efforts versus those that haven't?

This is not directly your bailiwick, but what do you think the policy ideas are behind having double to treble damages for companies that, let's say, voluntarily disclose and also meet additional mitigating criteria - fully cooperate under the program, maybe to the nth degree?

MR. DRUCKER: Well, I think that a part of the theory that is used, the policy approach that is used in dealing with resolution of voluntary disclosure cases is that the statute itself provides that in the case of a truly voluntary disclosure, which is one where a company finds wrongdoing and within a period of 30 days investigates it, identifies it, and fully cooperates with the government in resolving the issues in the case, that the statute itself calls for a double damage application in lieu of a triple damage application that would be provided for in a non-voluntary situation, an adversarial situation, if you will.

So I think part of the thinking that goes into the application of the double damage, even in a voluntary disclosure, is that the case is being settled under a statute that itself provides a reduction - a sufficient statutory reduction. Whether or not that is, in fact, a true incentive to disclose, i.e., that it is double versus treble damages in a situation where a company is fully cooperative, as you put it, to the nth degree, there have been cases that I am aware of in disclosures where we have ended up with resolutions of settlements for singles. I am not saying that that is the norm, but it has occurred where the Department of Justice is willing to negotiate for what the single damage amount plus interest was as a resolution of the matter financially.

There is a judgment factor involved there I think that needs to stay, and that is the extent of cooperation, the extent of participation, varying levels of responsibility within the company.

Bill alluded earlier to and I believe one of the other speakers mentioned the concept of respondeat superior. Well, it depends on whether it is Joe Smith that Bill alluded to earlier that is a line supervisor at the production plant at Fort Swampy or it's Bill sitting at corporate headquarters that knew about and participated in the scheme. And that is where I think we have got to give greater credence to how do we temper what action we take with respect to the corporate liability, i.e., how much was the corporation involved; and if it does cooperate, does it have a strong compliance program, did voluntarily disclose and it is at very low levels, I think we have to take that into account in determining double or single damage.

MR. SWENSON: But your policy at this point - there is no concrete written policy that can be pointed to?

MR. DRUCKER: No, there is not.

MR. SWENSON: Do you think that the Defense Department should move in that direction?

MR. DRUCKER: The problem that we have is that in resolutions of these cases, particularly with the damage aspects of it, the Department of Justice is, both by its mission and by the agreement that we have with Justice as to how the program is administered, responsible for those determinations. We have open discussions with DOJ at very high levels of both the Department of Defense and Justice in how we are and have been administering this program. So I think that is one of the issues that is going to be looked at, is the approach to the monetary resolutions of the case. We may well come out with a final policy.

MR. LYTTON: Could I just comment on that? I think that the DOD's mission is different than DOJ's. DOD's mission is to stop the fraud, clean up the companies - a laudable mission. DOJ's policy is to get money. Prosecutors suffer from a prosecution complex. As one former prosecutor said, "It's an unnatural act not to prosecute somebody." He's now a defense lawyer and, of course, has seen the light, has had a lobotomy, as we all have. But I think in terms of settling civil cases, in my experience dealing with the Department of Justice, less attention is paid by them, in terms of the amount of the fine, to what type of compliance program you have than what you would normally have in any civil settlement; they pay more attention to the strength of the case. And if you can convince them they don't have a strong case, you're much more likely to get those damages down than if you go in and say we're really good guys. So I think that where you get the lower damages as an agreement in a settlement, it may be more as a result of the weakness of the government's case rather than the strength of the company's compliance program.

MR. SWENSON: We have a number of more questions, but we really have run out of time. So I would like to thank the panel and say that I think some of the issues that have just been raised are a nice segue into our next panel, where we will have representatives of the Justice Department talking about what their current policies are. Our thanks to the panel.


Bill Lytton

Q. Could an early disclosure to the government, if it erroneously reports an alleged crime by an employee, lead to a later civil action by that employee? How do employee rights figure into decisions to disclose about employee actions?

A. Almost any employee can sue his or her employee for anything. It is possible that an employee who was the subject of a disclosure that turns out to be incorrect could sue the employer. However, the employer should be able to argue that it acted in good faith, with a belief as to the truth of the matter asserted, and there may be an argument that that type of communication has a limited privilege which would shield it from being the basis for a law suit.

I am not aware of any such lawsuit having been filed, so I can only speculate on what the result would be.

Q. In your experience, how does the government see "full cooperation"? Does it mean full agreement with the government's position (e.g., your cartoon)? What does full cooperation get you and what does it not affect?

A. "Full cooperation" is in the eye of the government. It is a very subjective standard. The assertion of a privilege, the existence of a joint defense agreement to which the corporation is a party, a disagreement about the ultimate resolution - civil or criminal - can all be viewed by the government as a lack of cooperation. And, some prosecutors or enforcement personnel would be willing to use this as a threat - explicit or implicit - to obtain a result that they otherwise might not be able to obtain. The thing to remember is that this is not a level playing field that one might encounter in normal civil litigation. As a rule of thumb, it is not a bad idea to assume that some government personnel will construe lack of full agreement with the government's position as a lack of cooperation.

"Full cooperation" can obviously be important if your company is being sentenced under the guidelines. In the more normal circumstance, it will make your life a lot easier, since the government may be less inclined to take a full pound of flesh, and will probably be more willing to concede that the company is "presently responsible," and thus can continue to do business with the government.

Q. As a former Assistant U.S. Attorney and a current Defense Department (DOD) employee, I would be interested in the study you referenced as showing DOD employees 20 times more likely to violate criminal statutes than GE employees. Where may we find your study?

A. There is no formal study. The statistics were pulled together for me about five years ago by a paralegal. The statistics themselves are not important. The point is that the fact that a member of an organization, whether large or small, government or private industry, violates the law does not necessarily lead to the inescapable conclusion that the organization is evil. Unfortunately, this is the conclusion that some in the media and in the government jump to when they learn that an employee of a corporation has committed a crime.

Q. Why is the qui tam statute inconsistent with the sentencing guidelines and their promotion of compliance -- if an employee discovers grounds for a qui tam, compliance has failed, right? A meritorious qui tam action is a sign that a company needs to work harder to incorporate compliance into its culture. Comment?

A. The guidelines are inconsistent with the qui tam statute because while the guidelines encourage and reward a company for having an internal reporting system that results in the making of a voluntary disclosure , the qui tam statute offers an employee a huge financial incentive to avoid the internal reporting mechanism that a company has established. The government should not actively seek to undermine a corporation's efforts to comply with the guidelines.

The fact that an employee may think he or she has knowledge of a crime does not mean that a company's compliance program has failed. No institution in our society - the government, the churches, or the family - has been able to produce a perfect society. Zero defects is the goal of every organization. The fact that it is not achieved does not mean that the program failed. It may simply be a reflection of basic human nature. If a vaccine can reduce the incidence of a deadly disease from 30 percent to five percent, does that mean that the vaccine is a failure?

Q. Qui tam with its bounty inducement has yielded many times more dollar resources to the public fisc than has the industry-controlled company self-governance programs voluntarily disclosed through the Defense Department's Voluntary Disclosure Program. If bounties work, then what is your problem with qui tam's obvious success?

A. Qui tam actions have resulted in many millions of dollars being recovered by the government. It has also made some private bounty hunter lawyers multi-millionaires, and it has been a windfall for the bounty hunter employees. Every dollar these bounty hunters get is one dollar less for the taxpayers.

We need to reexamine what our underlying policy goal is here. Are we trying to encourage vigorous compliance programs and effective self-policing by corporations who tell the government when the government has been cheated and pay the money back? Or are we interested in perpetuating a system where greed and bounty hunting lawyering are more prized? The present system encourages a game whereby rich lawyers become richer. That seems to me to be awfully hard to defend.

If we were to adopt a procedure such as I proposed whereby a qui tam action could not be filed until 60 or 90 days after an employee has brought the alleged crime or fraud to the attention of the company, the obvious result would be more voluntary disclosures. A company would have to be nuts or awfully confident of its legal position not to notify the government in such a circumstance. The result would be more disclosures, more money to the U.S. Treasury, and more bounty hunter lawyers looking for some other line of work. Sounds like a win-win-win solution to me.

The Experience and Views of the Enforcement Community

Robert S. Litt, Deputy Assistant Attorney General, Criminal Division,U.S. Department of Justice

Ronald A. Sarachan, Chief, Environmental Crimes Section, Environmental and Natural Resources Division, U.S. Department of Justice

Gary R. Spratling, Deputy Assistant Attorney General, Antitrust Division,U.S. Department of Justice

Eugene M. Thirolf, Director, Office of Consumer Litigation, Civil Division, U.S. Department of Justice

Moderator: Commissioner Wayne A. Budd, U.S. Sentencing Commission


COMMISSIONER BUDD: Ladies and gentlemen, over the last day-and-a-half, we have been talking about the organizational corporate guidelines, the developing of effective compliance programs and standards, and the experience that various corporations have had. We have talked about carrots and sticks. We have speculated as to what the government wants, what the government is looking for. And now I suppose we will hear firsthand of the experience and the views from the perspective of the Department of Justice, which, as you know, is the principal and I suppose the ultimate law enforcement authority in the United States.

So what are the approaches? What are the policies of the Department of Justice regarding these guidelines? How does the government view or treat the good citizen actions, for example, voluntary disclosure, cooperation, and a strong compliance program? How does this come to play in charging decisions? When does the department decide to pursue a case perhaps civilly rather than to go criminally? And whether or not the various divisions within the Department of Justice approach these things in the same manner, or do they treat them differently? Does the Department of Justice speak with one voice?

I am going to start our discussion this morning with Bob Litt, Deputy Assistant Attorney General in the Criminal Division of the Department of Justice. He graduated from Harvard College, and he topped that only by attending the Yale Law School. He did clerk for Justice Potter Stewart of the United States Supreme Court. Between 1978 and 1984, Mr. Litt served as an Assistant United States Attorney in the Southern District of New York. He was for a while a partner in the well-known firm of Williams and Connolly here in Washington, D.C. So as our lead-off speaker in this morning's panel, I would like to call on Bob Litt.

MR. LITT: Thank you, Commissioner Budd. I do welcome the opportunity to address you all this morning and talk about the Criminal Division's views on corporate compliance and criminal law enforcement. Just to anticipate what you will learn in response to one of the issues that Commissioner Budd mentioned, I think you will find that some of the divisions of the Department of Justice have somewhat different approaches to these problems. I don't think there is necessarily anything wrong with that. It develops out of the different enforcement issues that we have and the different kinds of communities that we deal with.

But I want to begin by thanking and congratulating the Commission for having this symposium. It is all too rare for us to have an opportunity to exchange views, not across the table where somebody is representing a client in a litigation context, but rather, in a more informal and academic setting. And I am pleased that we were invited and able to participate in this.

In recent years, the Department of Justice has come to focus more and more on the importance of prevention and compliance, as opposed to enforcement and punishment, as a means of effective law enforcement. If you want to police an entire industry's practices, you frequently have to enlist the industry itself in helping you. And so we are looking for ways to encourage corporate self-policing. By this, I mean requiring or inducing corporate management to take more responsibility itself for preventing and detecting employee misconduct. This includes implementing comprehensive and effective compliance programs to prevent corporate crimes, and it also includes voluntarily disclosing criminal activity to the government when the company discovers it.

Some of the other sessions of the conference are talking about some of these issues, and particularly the sentencing guidelines aspect of them, in greater depth. I would like to describe for you what the Criminal Division views as an effective corporate compliance program and also to talk to you a little bit about the principal means that federal prosecutors have for inducing corporate self-compliance, namely, prosecutorial discretion, voluntary disclosure programs, and I will talk briefly about the sentencing guidelines.

One question that prosecutors are often asked is: what do you consider to be an effective compliance program? Or to put it a little bit differently, what is it that you want us to do?

There is no pat answer to that question from the viewpoint of the Criminal Division. We don't have written guidelines, unlike the Sentencing Commission, for what constitutes a good corporate compliance program. In our view, any successful compliance program has to accommodate and be founded on the particular business that the company is in, as well as the existing corporate structure of the business. At bottom, the question that any prosecutor is going to ask about a compliance program is: does it work? Is it effective in this particular company?

Any prosecutor is going to recognize that no compliance program can ever prevent all criminal activity by rogue employees. We are not going to expect guaranteed 100 percent perfection out of you. Moreover, because each business and each situation is unique, we don't expect somebody to come in and match their compliance program up against the compliance program of another company and say, well, since Company X did this and we did it, therefore we should be treated like Company X.

What we want you to do, if you are ever faced with a situation where you have to deal with a prosecutor and talk about a compliance program, is come in and explain to us how your compliance program works for your company and why it is effective.

Although we don't adopt a cookie-cutter approach to compliance programs, there are certain overall principles about effective compliance programs that can be drawn from the Department of Justice's experience. The most important is that it is not enough simply to publish a corporate compliance program. We have seen all too many instances of companies which have a nice compliance program with a little gold seal at the bottom and a frame around it, and the company's officers and employees go out and violate the law anyway because the program is not an effective one.

At a minimum, to be effective a compliance program has to have the active and full support of a company's top management. The program also has to have concrete and specific measures to inform all of the company's employees of the program and to convince them that top management is committed to it. Finally, it has to be adequately staffed with people who are able to carry out the program to investigate, analyze, and report violations when they occur.

There are many different ways of achieving these goals. I am sure you have heard in other programs about some of the kinds of steps that companies have taken: ombudsmen, review boards, internal audits, written standards of conduct, ethics training programs, hotlines, newsletters and so on.

We are not asking you to adopt any particular one or combination of these features. What is important, as I said, is that at the bottom line you are able to come to a prosecutor and say, "Here's what we have done and here's why this is really effective." Even though - if you are in a prosecution context - somebody committed a crime, here's why our compliance program is good nonetheless.

Now, prosecutors have long taken the existence of a corporate compliance program into account in determining whether or not to bring criminal charges against the corporation itself. As you all know, a corporation can be held criminally liable for the acts of its employees within the scope of their employment and undertaken for the benefit of the corporation. That does not mean, however, that we are going to prosecute a corporation every time one of its employees commits a crime.

A good corporate citizen, one that is devoted to an effective compliance program, is much less likely to be prosecuted itself for the acts of its wayward employees than a rogue corporation with a culture that encourages or condones misbehavior. And, once again, I do want to caution you that prosecutors have broad discretion in making their prosecutive decisions, and the exercise of this discretion is going to depend on a wide variety of factors in each case. Corporate compliance is just one of the factors that we will take into account.

But it is true that in deciding whether or not to prosecute a corporation, most prosecutors will take a look at the compliance policies, take a look at the preventive and reporting procedures that the company has adopted, judge whether they were effective and appropriate given the company's size and type of business, and give a company credit for that in determining whether or not to prosecute.

In addition, it is also common for prosecutors, in making an agreement not to prosecute a company, to require that the company promise in writing, to establish a compliance policy if it does not already have one, or to strengthen its existing policy and to report periodically to the government on how it is working. In other words, even if you don't have a compliance program at the time you come into the prosecutor's office, you ought to think about setting up an effective one and offering this up as part of a plea bargain or an agreement not to prosecute the corporation.

For example, within the last year, one United States Attorney's Office declined to prosecute a major corporation in a fraud case. The company, when it learned of the wrongdoing, promptly fired the responsible employees, made an agreement to settle by paying restitution, and agreed to adopt a compliance program in writing that required it to report to the government any allegations about which it learns concerning potential criminal conduct involving government contracts. In other words, this company got credit in the prosecutive decision for, among other things, agreeing to set up an effective compliance program.

In addition to the issue of compliance programs, prosecutors will also consider what the company did when it learned of the wrongdoing. The strength of any compliance program and of any corporate commitment to good citizenship can be measured in part by whether the corporation acts promptly and diligently in detecting and correcting employee misconduct. While voluntary disclosure and cooperation with the government do not guarantee that a corporation will not be prosecuted, prosecutors often will give them great weight in making that decision.

In general, if a company promptly discloses wrongdoing, makes full restitution to the government, and takes swift disciplinary action against the employees engaged in the misconduct, a prosecutor may conclude that the federal interest in prosecuting the corporation under these circumstances is significantly lessened. And this is also something that you can see in many cases that you will read about in the papers, in which companies have come in, they have cooperated, they have reported themselves, and ultimately whatever action the government takes against the individual wrongdoers, the government does not prosecute the corporation.

In certain areas, this prosecutorial consideration of voluntary disclosure has been formalized in voluntary disclosure programs, such as the Department of Defense program discussed this morning, which has been operating since 1986. More recently, the Department of Health and Human Services and the Department of Justice have undertaken a pilot voluntary disclosure program.

Each of these programs provides significant incentives for corporations to disclose violations and to put into place programs to prevent violations in the future.

Generally speaking, a voluntary disclosure program follows a well-outlined path. Companies disclose wrongdoing by submitting a report to the enforcement arm of the investigating agency, which details the wrongdoing and provides the results of their internal investigation. If the agency determines that the disclosure is voluntary, that is, it is not prompted by the threat of discovery, the company and the agency will sign a written agreement that sets forth the parties' rights and obligations. Companies that are admitted to the program are expected to cooperate fully in the government's investigation and to take appropriate corrective and remedial action.

One of the hallmarks of a voluntary disclosure program is that the prosecutive decision made by a United States Attorney's Office is also reviewed centrally in Washington to ensure a certain degree of consistency and uniformity in whether these prosecutions are brought or not. From the corporation's point of view, the corporation expects that it will be afforded leniency both in the prosecutive decision and in any determination whether to debar the company.

I would just emphasize what I am sure is familiar to most of you: that these voluntary disclosure programs apply - at least those that the Criminal Division administers - only to the corporation itself and not to any individuals involved in the wrongdoing. Even if there is an agreement not to prosecute the corporation, corporate employees or officers can still be prosecuted.

Generally speaking, in determining whether or not to prosecute a corporation that is participating in a voluntary disclosure program, the prosecutor is going to consider factors such as the candor, completeness, and promptness of the disclosure, the extent of the fraud, the pervasiveness of the fraud, the level of corporate employee involved in the fraud, the cooperation that the corporation gave during the government's investigation, and the remedial action taken by the corporation, including disciplinary action, restitution, and changes in or the institution of a compliance program.

Some of these factors can be more or less important in individual cases, but I think that in most cases two factors are the most important for prosecutors. One is the nature of the disclosure. Was it timely and candid and complete? Prosecutors are really going to take a look at whether the corporation came in at the outset and made a full disclosure of what was found, or whether the corporation came in with an attitude of, "Let's disclose a little bit, let's see what we can get away with, let's resist and try to make the minimum possible disclosure."

Prosecutors will also examine the circumstances of a disclosure carefully to make sure that it was, in fact, a truly voluntary disclosure and not one that was prompted by the issuance of grand jury subpoenas or a whistleblower or qui tam action.

The second critical factor that a prosecutor is usually going to consider in determining whether to prosecute a company under a voluntary disclosure program is the extent and nature of the company's cooperation during the government's investigation. A company will get far more credit for taking prompt and effective action against its own wrongdoers and for demonstrating in concrete ways its commitment to ensure that justice is done than for reluctantly or unwillingly aiding the government while secretly trying to protect its officers and employees. I recognize that this can be a painful process for a corporation, particularly when high management is involved in the offenses; but if a corporation wants to get credit from the government for good citizenship, it has to demonstrate its commitment to compliance when compliance is painful as well as when compliance is easy.

In assessing the extent of a corporation's cooperation with an investigation, prosecutors are frequently going to require that the corporation produce documents to government, including internal investigative reports, audit reports and work papers, memoranda and notes of interviews of employees, descriptions of what files have been reviewed, technical assistance in auditing or contracting or other matters, and basically anything else that the prosecutor wants. I recognize that those of you who are corporate counsel probably are chilled by this idea. You are not used to the idea of turning these kinds of files over to the government. It goes contrary to your very nature. But we want to encourage corporations to commit themselves fully to compliance and cooperation with the government.

Bill Lytton earlier talked about some of the calculations that a corporation may go through - "Well, I might not get caught, or the cost of compliance and restitution may be great." You can make those calculations if you want to, but don't expect us to give you credit for them when you get caught. Half-measures by a company will not get full credit from the government in our prosecutive decision-making.

I believe that for most corporations, and in particular for publicly held corporations, the alternative of an indictment, a trial, and a conviction is far more damaging than the choice of cooperation with the government.

Finally, the operation of the new organizational sentencing guidelines offers further inducements to corporations to adopt effective self-policing and disclosure programs. As you no doubt have heard from others, the guidelines do provide a specific listing of factors to be taken into account in determining whether a compliance program is effective.

You can probably tell from the remarks I have made so far that these sentencing guideline rules in many respects are consistent with our own views in the Criminal Division. Over the years, prosecutors have gained substantial experience in identifying the characteristics that determine a corporate good citizen. In light of the paucity of prosecutions under the organizational sentencing guidelines, it is still too early to predict the extent to which these guidelines are going to influence prosecutors in their own determination of what is or is not an effective compliance program. However, I can probably predict that there is nothing in those sentencing guidelines that is going to be inconsistent with the views that prosecutors are going to take of what is an effective program.

Each of the factors that is included in the guidelines can be an important factor in an effective compliance program. In specific cases, some may be more important than others, and some may be less important. We hope over time to work with the Commission and its staff to refine the guidelines and our own approach in the light of our mutual experience. But we do believe that, in principle, the consideration of these factors of an effective compliance program for sentencing purposes will provide additional encouragement for you all to induce the adoption of effective compliance programs in your companies. In the long run, the most important result of this will not be the benefit that you get at sentencing or in prosecutive decisions, but the benefit that you get from instituting an effective compliance program that stops people from violating the law.

I have discussed several ways in which the law and law enforcement encourage the concept of the corporate good citizen. We want to increase compliance and enforcement by enlisting the help of you all to prevent crime before it happens rather than using the much blunter tools of the criminal law to punish crime after it happens. Corporate self-policing in the long run will reduce your costs and our costs as well. By presenting concrete incentives to companies to come in and establish compliance programs and to voluntarily disclose their wrongdoing, in the long run we hope to benefit law enforcement and society as a whole. Thank you.


COMMISSIONER BUDD: Our next speaker is Ron Sarachan. Until about a year ago, Mr. Sarachan was the section chief of major crimes at the U.S. Attorney's Office for the Eastern District of Pennsylvania. Most recently, he has been holding down the position of Chief of the Environmental Crimes Section of the Environment and Natural Resources Division at the Department of Justice. But Ron didn't come to this job without experience in the environmental area.

While in Philadelphia, he co-founded and chaired the Philadelphia Environmental Task Force which coordinated federal, state, and local prosecution of environmental crimes. Prior to joining the Department of Justice, Mr. Sarachan served as a special assistant to the director of the Rhode Island Department of Environmental Management. He also had a stint in the private practice of law in New York City.

Ron Sarachan received his bachelor's degree magna cum laude from Brown University in Providence, Rhode Island, and he took his J.D. degree from the University of Michigan, also magna cum laude. With that, I would like to bring to the podium Mr. Sarachan. Ron?

MR. SARACHAN: Thank you. Thank you for this opportunity to speak and particularly for this format where, as Bob Litt said, it is nice to be able to talk about these issues when we are not thinking strictly about a specific case.

I will focus on environmental crimes, of course, and build on the comments that Bob Litt made. In the environmental area, as in other areas, we are very concerned about voluntary compliance and compliance programs, and I will try to explain why.

The Department of Justice has had a formal policy for four years to encourage self-auditing, self-policing, and voluntary disclosure of environmental violations by the regulated community, and I will address that policy in more detail.

I will try to cover three topics. One is violations in the context of existing compliance programs. By that, I mean cases in which crimes are committed when an organization has a compliance program and how federal prosecutors look at that. The next topic is compliance programs that are imposed as part of sentencing. In other words, there is no program or no effective program and one is imposed as part of an organization's sentence. It is a separate but very important issue under the guidelines. And, finally,I will address some brief observations about environmental crimes in Chapter Eight.

First, let me put some issues in context. Let me ask folks here: how many of you have represented an organization that has been prosecuted criminally in federal court for an environmental crime?

A few hands. That is actually consistent with my experience. The vast majority of environmental violations are not handled criminally. The government response ranges from informal contact by regulators, formal administrative action, civil enforcement, and, finally, criminal enforcement. And it is a pyramid with a very broad base. So the majority of violations are going to be handled by the regulatory agency. Criminal prosecutions, as you could see from the very small number of people raising their hands, are the tip of that pyramid, and a small tip. And that is appropriate. Criminal enforcement is one tool. It is only one tool. It should be reserved for egregious cases.

In addition, as other speakers have said, there is no way for the government to be everywhere to monitor everything. That is certainly true in the environmental area given all the facilities subject to regulation. Environmental laws rely in a fundamental way on self-reporting and the honesty of the regulated community and the openness of the regulated community. As a result, the environmental laws, as you know, impose many mandatory disclosure and reporting requirements. They create a structure in which a central feature is the flow of information from the regulated community to government officials, the theory being that those government officials can review that information, make sure that environmental problems that could affect the public health and welfare are fixed, and act to prevent future harm. The system depends on the honesty of the regulated community to provide truthful and complete information.

As good corporate counsel out there know, when you are making the decision about making a voluntary disclosure, you don't think about making it to the Environmental Crimes Section or the Criminal Division of a U.S. Attorney's Office. If you did that, you would be defining your own problem as a criminal problem. The vast majority of voluntary disclosures in this area are made to the regulatory agency, with the hope, reasonably, hopefully, that it will remain an administrative matter.

As a general rule, in the criminal business we don't see the good corporate citizens with the good compliance programs. An organization with an environmental problem that is honest about it, that reports it to the regulatory agency, that works with the agency and is doing its best to fix that problem, the regulatory agency is not referring that kind of case to us. Chances are we never see that sort of thing, and if we do get it, those are all reasons to decline that case criminally.

Let me address one definitional issue that was touched on yesterday. When we speak of an effective program to prevent and to detect violations of law, how do we take into account the small companies, the ma and pa companies? The small companies, as people said, are unlikely to have a formal compliance program. However, they may still have the functional equivalent of those seven steps that you need for an effective program as set out in the guidelines. The kind of questions we would ask in the environmental context, in the criminal context, are: do the company's employees receive training needed to properly handle the chemicals used in the production and the waste generated? Do the employees have the necessary equipment? Are sufficient funds budgeted to do the job? Are supervisory responsibilities for proper handling of these materials clearly defined? Do employees know who to talk to about environmental problems? And do the supervisors have adequate authority?

Has the organization made its commitment clear? Are employees instructed to report problems, and does management respond appropriately, without retaliation? There are two sides to this. People who don't act properly, are they disciplined? And is proper environmental compliance incorporated into the standards by which employees are evaluated? It should work both ways.

Is day-to-day supervision adequate to quickly detect violations? Are there plans for emergencies? In general, does the corporate culture support compliance? A small company can have or do all those things. It can have the systems to do those things without any sort of formal program. If you ask its employees, "Does it have a compliance program?" they would say no. Nonetheless, the company can still do those things. And that raises a very difficult issue for the government and for the Sentencing Commission in dealing with different size companies.

The guidelines recognize that issue when they say that the larger companies will necessarily need to have a more formal program. But what do you do with the small companies? You need flexibility. Otherwise, the small companies are going to be left out of this whole process, and we're going to have a system that can benefit and encourage compliance with big corporations and ignore much of the business community.

On the other hand, if you define it too loosely, you dilute the standards for what these programs or systems are all about. You encourage after-the-fact rationalizations, with people claiming they had the systems, inventing it, after the crimes, and you add to litigation at sentencing.

When I talk about this in the rest of my remarks, when I talk about a program, I'm thinking of a system with enough flexibility to include the small companies. Let me address the department's July 1991 policy.

So far, what I have talked about are case referrals and the importance of compliance programs, and they are centrally important. Now we are talking about charging decisions. The Justice Department's July 1991 policy addresses charging decisions. It makes voluntary compliance an important consideration in those decisions. It specifically encourages prosecutors to take them into account in ways that will encourage self-auditing, self-policing, voluntary disclosure. It's always those things together.

The factors under the policy are similar to the factors you see under other policies and that the guidelines talk about: voluntary disclosure, cooperation, preventive measures and compliance programs. The policy also talks about additional factors that are considered especially important:

Pervasive non-compliance. If there's a claim that there is an effective program but we're seeing pervasive non-compliance, that's very strong circumstantial evidence that there is not an effective program.

Internal disciplinary action is critical. Subsequent compliance efforts are also extremely important in the environmental area, given the catastrophic harm that can be caused by these crimes.

No single factor is controlling, and we look for all three steps. You can do a beautiful audit of the company, and if it sits on the shelf and there is no follow-through, it is not doing anyone any good. There has to be an audit; there has to be disclosure; there has to be correction.

Different factors can be more or less important in any particular decisions, but we're looking for each of the steps.

Now, let me talk about the application of the policy and my own observations. Our experience in criminal cases is that typically the policy has not been at issue because there has either been no program or because there has been a completely inadequate paper program in our cases. Let me explain that and describe our cases.

Most of the environmental crimes, many of them, fall into two categories. The first are defendants who misuse the regulatory system for criminal purposes, often to commit fraud. The second are defendants who make a deliberate business decision to break the law for a business reason. They break the law to save a buck.

Not only can it pose a serious threat to the environment and to the public health when that happens, but it also puts competitors who are playing by the rules at an unfair disadvantage. Rather than trying to describe all the factors that go into what makes an environmental violation a crime, what I always try to do is take some of the last cases that I have personally been involved in, because I think a picture is worth a thousand words.

First of all, as far as a defendant who misuses the regulatory system to commit fraud, we recently had a case against a company in North Carolina. The company held itself out as being in the business of reclaiming waste oil and properly disposing of industrial waste water. Other businesses would come to this company and pay it money to properly dispose of their waste. The company would routinely take the waste and put it down the sewer without proper treatment. It included waste with heavy metals, other toxic and hazardous substances. To avoid being caught by the regulators, the company tampered with the monitoring devices.

So here is a company taking money, saying that it would comply with the environmental laws. It only was able to exist because the environmental laws impose these requirements, and then it didn't follow through with what it had promised. So it is a straight commercial fraud as well as an environmental violation.

As far as the other kinds of crimes, we recently this summer finished a trial against an electroplater in Texas. This company generated a couple kinds of hazardous waste: sludge from its giant tanks, plating tanks, as well as waste water. This company disposed of its hazardous waste water by pouring it on the floor. It typically had six inches of this waste water on the floor. The workers had pallets, for as long as they'd last, sitting on the waste water, and they would stand on these wooden pallets. There were drains in the floor, and the waste water went down the sewer.

When things go down the sewer, the treatment works, the sewage plants, aren't typically built to handle this material, so it in one way or another gets through the plant and ends up in the environment in one form or the other.

Also, with six inches of waste water on the floor, sometimes it wouldn't go down the drain fast enough, so the company would pump it out into the street or employees would take brooms and sweep it into the back alley.

The authorities in Texas did everything they could to get the company into compliance. They showed remarkable constraint. They brought administrative actions, civil actions. There was a federal civil action. This went on for ten years until the criminal case was brought. The president, vice president and plant manager, and corporation were convicted.

A compliance program was not really an issue in that kind of case, although the company did charge a five percent surcharge for its products for its compliance program. I don't know what that was.

When you think about it, though, it's outrageous. The people who worked in that plant were likely working there because they didn't have any other place they could work, and they're standing over liquid hazardous waste all day long.

Another case recently, this summer, in Massachusetts, ended in a guilty plea by a major corporation. The corporation discharged oil and grease into the Charles River from one of its facilities for 15 years. It was done chronically; it was done knowingly. Its own contract lab sent its reports for a while on a weekly basis showing that it was in violation of its permit, sometimes by 30 times, when it had a permit.

Internal corporate memos show that some officials in the company knew that the pollution control equipment never worked and that it was being bypassed.

Again, that's not a case where we're dealing with a compliance program at the time of the crime. That's a case where as part of sentencing we are seeking to have the compliance program imposed.

Where there have been compliance programs in cases, my observation is that federal prosecutors have taken it very seriously. They have followed the policy. They have bent over backwards to give companies a break in order to encourage compliance. And, again, let me give you an example from a recent case. There aren't a lot of examples. It has not come up a lot.

This is a case against PEPCO in Maryland. The company had been violating the Clean Water Act for five years on almost a daily basis. There was an open investigation by the U.S. Attorney's Office, but it was for commercial bribery. They were not aware of the environmental violations. The discharge was from a 600-acre flyash storage site, and it included extremely acidic water and water containing heavy metals which was being pumped illegally into a swamp, but the swamp would then flow into a river. And it was done surreptitiously at night by one company employee, who would then order other people to do it.

The company came forward. The government made no promises at the outset but asked for cooperation. The company was fully cooperative. It did all the sorts of things that Bob Litt was talking about. It gave summaries of employee interviews. It gave the internal investigative report. It gave consent to search and access to facilities. Employees were made available for interviews. The company identified possible employee witnesses as well as possible employee subjects of the investigation. The company took disciplinary action, and eventually the U.S. Attorney's Office prosecuted the plant manager for commercial bribery and for violations of the Clean Water Act and agreed that it would not prosecute PEPCO. There was a civil action.

The prosecutor applied the department's 1991 policy. There had been disclosure. Both the guidelines and the DOJ policy talk about the key being promptness, that is, disclosure before the person making the disclosure knows about the government investigation. Here it was very timely. PEPCO acted quickly when they discovered it.

There also has to be full cooperation. There was very good cooperation here. This is a very difficult area. I've seen it a little in the environmental area. I've seen it more in fraud cases and other cases in the context of full cooperation, because what happens a lot is you end up sitting down at a table and the prosecutor's on one side, corporate counsel, defense counsel, maybe outside counsel, are on the other side, and there is a discussion about whether the company is being cooperative, whether it has fit all the criteria to get the break or to get some consideration.

What happens is, to the prosecutor it looks like the company is holding back, and when you look at the other side of the table, counsel is looking very frustrated at the prosecutor. Typically, in my experience, what is happening is they're operating from very different facts; the witness who is being interviewed as part of the internal investigation with corporate counsel present is not saying the same thing when that whistleblower employee is calling up the FBI and spilling his guts. And so what's happening is the prosecutor perceives the limited information as a company holding back. In fact, what may be happening is corporate counsel is saying everything he or she knows, but doesn't know as much as the government knows, or knows different things. Many of the disagreements over what appear to be applications of policy really arise because the factual world view of both sides is completely different.

Finally, preventive measures and compliance programs - PEPCO did have a program in place, and it fit what the DOJ policy talks about as being a regularized, intensive, and comprehensive program rather than the phrase "effective program" that you see in the guidelines. Perhaps it was not a super policy, but there was something in place.

Probably most importantly, it was adopted in good faith. It appeared to have been established in a timely manner. And as Bob Litt pointed out, we see all too many times instances where suddenly there's a compliance program after a company knows it's being investigated. That's something that we get very cynical about.

I have talked about the first two screens where compliance programs apply: case referrals and charging decisions. Let me move on to sentencing. As I have said, we have not seen this come up in a lot of sentencings because those first two screens are at work.

In addition, I have to make a disclaimer. As you know, Chapter Eight, the fine provisions, do not apply to environmental crimes except for criminal purpose organizations. So our experience with the fine part is in a pre-guideline setting.

What I want to suggest is that in the environmental area, compliance programs are not merely important; they are necessities. You have to have a compliance program. Employees must know what they have to do to handle dangerous materials and waste, and management needs some sort of system to ensure that the standards are being met. The guidelines appear to recognize that. The guidelines say if an organization handles toxic substances, it must have established standards and procedures designed to ensure that those substances are properly handled at all times.

Given the importance and the essential nature of compliance programs, what I want to suggest is we may be past the point where, as a matter of sentencing, there should be simply a benefit if a defendant has a program. Compliance programs perhaps should be the baseline. And if a defendant has an effective program, it should get a benefit. But if it has nothing, then there should be a penalty attached to that. We are past the point where we can ignore this area.

Let me talk briefly about compliance programs as part of a criminal sentence. Reflecting our strong interest in these kinds of programs, in a number of recent and important cases, compliance programs have been a very important factor in plea agreements. Recent cases include Palm Beach Cruises, Crescent Ship Services, Ketchikan Pulp Company, and ConRail.

The catalyst for this really comes from the guidelines for organizations. If you speak to the prosecutors handling these cases, they point to the guidelines. While the fine provisions don't apply to environmental crimes, the organizational probation provisions do, and they talk specifically about seeking compliance programs as part of sentencing.

Common terms in these plea agreements are five years organizational probation, an independent auditor, and a very detailed program that must be approved by the court. More recently, we're looking for an assessment of the problems before sentencing. It not only helps speed things along, but it's a real aid to the court at the time of sentencing. The first couple of times, we didn't do that. At sentencing what we had basically was a commitment to do the plan or the program. The result was a necessity for hearings after sentencing to get the same job done. It is more efficient to try to get a head start.

A specific corporate executive is named as being directly responsible for managing the company's compliance with the program, quarterly reports to the court and the government, and then periodic inspections by government personnel and private consultants.

Again, let me suggest that in looking at these compliance programs, specifically in the environmental area, it's important to look at the guidelines and, in some instances, to make adjustments. Just as an example, the provision which authorizes examination of books and records in order to monitor compliance programs is a great provision, 8D1.4(c)(4). In a financial sort of program, that may well be enough, but for an environmental compliance program, inspecting books and records doesn't go the whole way. The government needs to have opportunities for sampling, opportunities for site inspections, if these programs are really going to be monitored. So there's a need to make adjustments to take into account environmental crimes in these provisions.

My final observation is a general one about Chapter Eight and environmental crimes. This is really responding to the sort of comments we heard this morning from Bill Lytton and others about the need for consistency, or at least if not consistency, to look at the differences and see if the differences make sense.

This is just one example, and that's all. The guideline provision for self-reporting gives credit for self-reporting, cooperation, and acceptance of responsibility. There's no differentiation made on voluntary disclosure between the disclosure that is voluntary and the disclosure mandated by law already. So you could be required by law to make the disclosure, and you'd get the same credit, as I read it, under the guidelines.

Under the department's policy, a voluntary disclosure does not include a mandatory disclosure. So that's a difference, and there are arguments on both sides. Perhaps at this sort of symposium in the future, those sorts of considerations for environmental crimes and Chapter Eight should be considered, with each point looked at carefully. Anyway, those are some thoughts. I very much appreciate this opportunity to address you. Thank you very much.


COMMISSIONER BUDD: Our next panelist is Gary Spratling. Mr. Spratling is, of course, with the Department of Justice, and he serves as the Deputy Assistant Attorney General for Criminal Enforcement within the Antitrust Division. In that capacity - and you may have read about this in today's paper - he led the way in obtaining a plea from a company by the name of Dyno Nobel, and that plea involved a $15 million fine. It can only be described, I assume, as an explosives price-fixing case.

Gary has served as a prosecutor at the Department of Justice for some 24 years, and during that time he has received a number of professional awards and honors, including the John Marshall Award for the Supervision of Litigation and the Presidential Rank Award. Mr. Spratling is also very active in the Bar Associations across the nation, and currently he serves as the vice chair of the Criminal Practice and Procedure Committee of the American Bar Association's Antitrust Section. Ladies and gentlemen, Gary Spratling.

MR. SPRATLING: Thank you, Commissioner Budd, and good morning. Let me begin by expressing my appreciation for the opportunity to address this group. It is an honor to be asked to join the distinguished group of speakers that this symposium has brought together. And now you get to hear the antitrust perspective, and it's going to be different in a number of important respects from what you've heard thus far.

As a prosecutor, when I think of a good corporate citizen, I think of a corporation that has an effective compliance program, one that reports its violations whenever that program is not completely successful, and one that accepts responsibility and cooperates in any resulting government investigation. For prior discussions about compliance programs and antitrust enforcement, see "Antitrust Compliance Programs: Are They Worth It? Between Prevention and Sentence Mitigation - Don't Forget Amnesty and Other Forms of Favorable Treatment by the Government," paper by Robert Bloch, Chief, Professions and Intellectual Property Section, and Gary R. Spratling, San Francisco Field Office, Antitrust Division, State Bar of California Annual Golden State Antitrust and Trade Regulation Institute (September 9, 1993); "Corporate Compliance Programs, Antitrust Enforcement and the New Organizational Sentencing Guidelines: A Prosecutor's Perspective," remarks by Robert Bloch, before the American Bar Association Annual Meeting (August 10, 1992); "Antitrust Compliance Programs Under the Guidelines: Initial Observation From the Government's Viewpoint," article by Neil E. Rogers, Chief, Legal Policy Section, Antitrust Division, Corporate Conduct Quarterly, Summer 1992; "The Importance of Deterring Antitrust Crime: Corporate Compliance Programs and Federal Antitrust Enforcement," remarks by James F. Rill, then Assistant Attorney General, Antitrust Division, before the Symposium on Antitrust and Association Law (February 20, 1992); "Corporate Compliance Programs and Federal Antitrust Enforcement: A Cooperative Approach to Deterring Antitrust Crime," remarks by James F. Rill, then Assistant Attorney General, Antitrust Division, before the Symposium on Antitrust Enforcement (March 19, 1991).

However, as a comparison of Bob's and Ron's remarks would indicate, and as the addition of my remarks will make absolutely clear, the manner in which federal prosecutors take compliance programs, self-reporting, and cooperation into account at the various stages of investigation and prosecution can vary significantly from one component of the Department of Justice to another, and the sentencing guidelines don't resolve all the issues with respect to credit for those actions at the sentence mitigation stage.

Therefore, my purpose in this presentation is to address four issues regarding my postulated elements of corporate citizenship, that is, compliance programs, self-reporting, and cooperation, from the perspective of an Antitrust Division prosecutor.

First, what effect do compliance programs have on the operation of the Antitrust Division's discretion?

Second, what is the Antitrust Division likely to require in a compliance program before it acquiesces to a reduction in culpability score and a reduction in fine range for a corporation?

Third, is the sentence mitigation sufficient in antitrust cases to justify the effort required for an effective compliance program and the risk of the self-reporting and cooperation required for full credit in the guidelines?

Fourth, are there even more important potential benefits from a compliance program, self-reporting, and cooperation than exist in the sentencing guidelines? And in connection with that topic, I will discuss the Antitrust Division's amnesty programs, one for corporations and now one for individuals.

Lastly, I would like to discuss a not directly related issue, but in order to discuss the fine that Commissioner Budd mentioned a moment ago, I would like to discuss the impact of the sentencing guidelines on fines in antitrust cases.

Let's look first at the Antitrust Division's perspective on compliance programs and the exercise of our prosecutorial discretion. What if, in spite of a compliance program, a violation occurs? Will the corporation get credit from the Antitrust Division for having that compliance program in place at the charging stage, at the sentencing, or in both?

First, the charging stage. This is the bad news for corporations. The existence of a compliance program has a very limited role in how we exercise our prosecutorial discretion. Once a violation occurs, the compliance program can do little, if anything, at the Antitrust Division to persuade us not to prosecute the corporation.

During the pre-indictment phase of a grand jury investigation, we frequently hear from counsel representing the corporations that the corporation should be excused from criminal liability because of an individual employee's conduct that occurred without the knowledge, approval, or authority of the corporation, and, in fact, in direct contravention of the corporation's compliance program. This is the "rogue employee" argument, and we hear it in every antitrust case.

The argument is that, therefore, the employee's conduct should not be imputed to the corporation. We also hear a related argument in antitrust cases that we should not indict the company because the minute the company found out about the rogue employee's conduct, it instituted a compliance program to stop similar conduct in the future; and so since it has instituted that conduct to prevent similar violations from occurring, there is no further need for a deterrent effect.

The Antitrust Division does not give much weight to either of these arguments in the pre-indictment stage. To the extent that antitrust prosecutors allow failed compliance programs to excuse antitrust violations, we believe that we undermine our own efforts to deter crime. Were we to credit failed compliance programs at this charging phase, there would be less incentive for companies to make sure these programs work, to refine the programs, and to make them effective. The ultimate goal, after all, is a compliance program that prevents crimes, not one that excuses the corporation in the event that one occurs.

Although the existence of a compliance program will rarely prevent a corporation from being pursued criminally by the Antitrust Division, a sound compliance program may serve to reduce, and reduce significantly, the fine that a corporation has to pay upon conviction.

The Sentencing Commission has set out in detail what it means by an effective compliance program and has described the seven due diligence criteria as the minimum types of steps that must be taken in order to qualify as an effective compliance program. I'm not going to review those because by now you know them by heart.

If these seven requirements listed in the sentencing guidelines are the "minimum types of steps" that must be taken, that raises the issue of what, if any, additional steps federal enforcers believe should be taken before a company gets credit for a compliance program.

Bob talked about some of those additional steps, Ron talked about some of those additional steps, and the Antitrust Division has identified additional steps as well, largely consistent with those that Ron and Bob described:

No credit if, after an organization becomes aware of a violation, it delays unreasonably in reporting it to the government authorities.

No credit if high-level people are involved in the offense.

No credit for paper programs. This is something that I think Bob referred to as empty programs, where there is no real commitment for detecting offenses.

Lots of credit for affirmative steps to detect price fixing and bid rigging, and examples are set forth in the materials.

For credit, it is critical to have regular and unannounced audits of pricing and bidding personnel. For credit, the compliance program must be customized to the firm's specific organization, operation, and personnel. And for credit, the compliance program should have negative incentives for violations - loss of position, forfeiture of benefits and so on - and positive incentives for those that report violations.

If a firm does get credit for an effective compliance program, that credit could reduce an organization's maximum fine by more than 50 percent, which, of course, in the antitrust area can be many, many millions of dollars. But that's not the best part of a compliance program. The really good news has to do with all the potential valuable benefits to a corporation between prevention and the sentencing guidelines. And let me explain that.

In the antitrust area, there are two special antitrust-only provisions in the sentencing guidelines. The first provision is an instruction to use 20 percent of the volume of affected commerce in lieu of pecuniary loss in calculating the base fine. The second provision is that whatever an organization's culpability score, neither the maximum nor the minimum multiplier may go below 0.75. As you know, as the culpability score goes down for all other types of offenses in the sentencing guidelines, you can get down to 0.05.

The net result of these two provisions is that there is a floor in antitrust cases, a minimum fine of 15 percent of the volume of affected commerce. This has caused a lot of commentators to ask the question, "Is there a sufficient incentive in the sentencing guidelines for an antitrust offender to come forward?" Indeed, a firm that starts with an initial culpability score of, say, five can get down to very near the minimum multiplier for an antitrust case of 0.75. It can get down to 0.80 just with acceptance of responsibility - without having a compliance program, without self-reporting, and without cooperation.

Of course, the problem with that analysis is the wrong question is being asked. The question is wrong because it's looking to the effect of those activities at the sentencing stage of the enforcement process instead of looking to the beginning of the enforcement process when each of those actions - compliance programs, self-reporting, and cooperation - has its real benefit. That's where those activities may actually result in the corporation not being subject to the sentencing guidelines at all; or if it is, benefiting from very substantial reductions in the minimum fines set forth in the guidelines.

Early detection of a violation through a compliance program affords an organization the opportunity to consider the options of voluntary disclosure in the case of the defense procurement fraud area, self-reporting in the case of antitrust, and cooperation with the government at a time in the enforcement process far before conviction and sentencing when those actions had the potential for very favorable treatment for the organization, including complete amnesty, a pass from prosecution. And if amnesty isn't available, there still remains a whole range of disposition alternatives with substantial benefits to the organization, benefits which are unavailable to the organization that does not have a compliance program able to detect those violations early, and that is therefore unable to come in and be one of the first ones to cooperate with the government.

Let's look first at the amnesty program at the Antitrust Division. The Antitrust Division first announced its corporate amnesty policy, also known as the corporate leniency policy and corporate immunity policy, but most commonly referred to as the corporate amnesty policy, in October of 1978. That policy was in effect for 14-and-a-half years, and the policy said that the Antitrust Division was prepared to give serious consideration for lenient treatment to organizations that voluntarily reported their illegal activities and came forward to us before the violations were detected by the division.

The grant of amnesty was not automatic, was based on prosecutorial discretion pursuant to a seven-factor test, and was available only to people who came forward or organizations that came forward before we had begun an investigation, which is still the case in the other divisions of the Department of Justice.

In 1993, the incoming and current Assistant Attorney General for Antitrust, my boss, Anne Bingaman, said that a corporate amnesty program made good sense, but that the longstanding policy of refusing to give amnesty to anyone, no matter what they could offer because an investigation was underway, was maybe denying the Antitrust Division valuable cooperation that would be in the public interest. So she changed the amnesty policy in several respects, making three important changes.

First, if a corporation comes forward before our investigation begins, amnesty is automatic. There is no prosecutorial discretion involved. It is a certain grant of amnesty, and the criteria are similar to conditions under the earlier policy.

The second major change is that if a corporation comes forward after our investigation begins, it may still qualify for amnesty. This is a discretionary grant of amnesty based upon seven criteria. The first two of these criteria are the threshold criteria. The first criterion is you have to be the first corporation to come forward. The second criterion is that at that point in the investigation we cannot yet have sufficient evidence against the corporation to result in a sustainable conviction. The seventh criterion establishes that the earlier you come in, the more likely you are to get amnesty.

The third major change is if a corporation qualifies for automatic amnesty - and this is different than any other division of the department - then all directors, officers, and employees who come forward with the corporation and admit their involvement and cooperate in the investigation will also receive automatic amnesty.

Note that whether or not an investigation has begun - that is, whether or not you are seeking to get automatic amnesty or alternative amnesty - you must be the first corporation that comes forward. There are no two bites here. Only the first corporation gets amnesty.

The number of corporate amnesty applications has increased significantly under the new policy. So Anne Bingaman was right. Under the old policy, we received, on average, one amnesty application per month over the course of 14-and-a-half years. Since the new policy went into effect, we started out at and we have continued and, in fact, in recent months it has gone up a little bit, but we are receiving on average one amnesty application - did I say before per month? I meant per year. We are now receiving one amnesty application per month.

In August of 1994, one year to the day after Anne Bingaman announced the new corporate amnesty policy, she announced the first ever individual amnesty policy. This is separate from coming forward with a corporation. After the corporate amnesty policy was announced, some asked, "What about individuals who come forward on their own behalf? What if they don't want to wait for detection by the corporation and wait to see what the corporation is going to do? What about individuals who want to come forward on their own after a corporation has detected the violation but has determined it's not going to do anything about that detection?"

Many thought that such individuals that come forward on their own also ought to be eligible for amnesty, and so we have the new policy that provides that, one, if an individual comes forward before we have an investigation; two, reports with candor and completeness and then cooperates in the investigation; and, three, was not the originator or leader in the activity and didn't coerce anybody else into doing it, then that individual gets automatic amnesty.

Even if an organization comes in and does not meet the amnesty requirements, it may receive a fine below, perhaps substantially below, the guidelines minimum for substantial assistance in the prosecution of other individuals and organizations. And if you come in, even the next step, if you come in and you are not yet in early enough to qualify for the substantial assistance reduction for cooperation, the government can still tailor a criminal settlement that is advantageous to that organization and favorable as compared to organizations that will come in later.

Since I have just been given the five-minute sign, I won't go over those other types of favorable treatment.

To sum up my remarks on the first four topics, when a firm detects a violation early, especially before we have an investigation underway, it is time for that firm's counsel to host "Let's Make A Deal." When counsel or the client detect a violation before we do, it is one of those rare times in our system of law that counsel for a corporation that has committed a felony is in the driver's seat. Why? Because we want the information your corporation has to offer more than we want your corporation as a defendant, because your corporation is going to allow us to prosecute other culpable corporations and individuals. And so when you find yourself in that situation, don't think about the sentencing guidelines. Think about: can we cooperate early? Can we report to the government, work in their investigation, and possibly qualify for amnesty and not be subject to the sentencing guidelines at all?

My last topic is fines in antitrust cases under the sentencing guidelines. In November 1990, the maximum Sherman Act fine for a corporation found guilty of a criminal violation was raised from $1 million to $10 million. The combined effect of this change in the maximum statutory penalty and the minimums established by the sentencing guidelines for antitrust offenses is now becoming very apparent.

In the past 14 months, six corporations have paid fines of at least $4 million for single-count Sherman Act violations. Two weeks ago, an antitrust defendant agreed to pay and the court imposed the statutory maximum fine of $10 million for the defendant's participation in a conspiracy to fix prices and rig bids in the explosives industry. This was the first time that the maximum statutory penalty had been imposed under the Sherman Act.

And yesterday, as Commissioner Budd mentioned, a defendant agreed to pay and the court imposed a $15 million fine on a company in that same investigation. A $10 million maximum on the first count and a $5 million fine on the second count, which involved an agreed-to upward departure by both the government and the defendant under circumstances that unfortunately I do not have time to discuss.

The $15 million fine is the largest fine imposed on a single defendant in a criminal antitrust case. It is instructive to look at how that $10 million was arrived at because it did not involve an extraordinary amount of commerce, and let me, in the interest of time, just focus on the first of those cases which is United States v. ICI Explosives.

The parties reached an agreement that the volume of affected commerce was approximately $50 million. Following the guidelines instruction to use 20 percent of the volume of affected commerce in lieu of pecuniary loss, the defendant's base fine was $10 million. The parties also stipulated that the defendant warranted a culpability score of seven, which would have been much higher but for its early cooperation with the government throughout the investigation, and, thus, its minimum and maximum multipliers were 1.4 and 2.8. That meant that the range of fines for the corporation was $14 million to $28 million. In this case, the division agreed that the calculations of double the loss and double the gain would unduly complicate and prolong the sentencing process and agreed that a $10 million statutory maximum was appropriate.

As the calculation that I have indicated to you in this case should indicate, the $10 million maximum in an antitrust case can be reached very quickly with volumes of commerce much less than $50 million, especially for organizations that do not cooperate.

A concluding point: A Wall Street Journal article last week that suggested that the sentencing guidelines have been used, for the most part, only against small companies. At least in the antitrust area, such a notion is not true. There is nothing fundamentally wrong with the guidelines with respect to corporate fines. Statistically, of course, there are more small companies than there are large companies. Our investigations develop evidence of violations against small companies and against large companies, wherever that evidence exists. Proof of the larger conspiracies often take longer to develop; however, as a matter of prosecutorial discretion, you can bet that we are looking at the larger conspiracies and looking at the larger companies.

The average fine imposed on corporations in Antitrust Division cases has increased 170 percent between 1992 and 1995 to date. At the Antitrust Division, we try to be equal opportunity prosecutors, bringing cases against both large corporations and small corporations, as the $10 million and $15 million fine should confirm. And note that those large fines were imposed upon corporations that cooperated: ICI, which received the lower fine of $10 million because it cooperated early in the investigation, and Dyno Nobel, which is cooperating now. Had those firms not cooperated, we would have sought higher fines. Thank you.


COMMISSIONER BUDD: Our final panelist will be Gene Thirolf. Mr. Thirolf graduated from St. Louis University School of Law and spent some time in the area of legal services. After a few years in that capacity, he went to the Department of Justice where he was assigned to the then newly created Office of Special Investigations, which had as its charge the investigation and litigation of cases involving Nazis and Nazi collaborators who illegally immigrated to the United States.

In 1981, Mr. Thirolf became a senior litigator with the Department of Justice's General Litigation and Legal Advice Section, where he prosecuted complex legal cases. Since 1992, Gene has served as Director of the Office of Consumer Litigation. In this capacity, he has had responsibility for both the civil and the criminal enforcement of the Food, Drug, and Cosmetic Act, the Federal Trade Commission Act, the Consumer Product Safety Act, among other statutes. Mr. Thirolf?

MR. THIROLF: Thanks very much, Wayne. Thanks for the opportunity of appearing before you. Good morning. Over the last few years, I have spoken to a number of groups and associations about the consequences of sentencing guidelines on their organizations that were or could be facing criminal prosecution. I have heard defense lawyers, not unlike today, portray the sentencing guidelines and those of us federal prosecutors who do white-collar work as being more or less the villains in a Dickens plot in which the lives of executives and the fortunes of firms regulated by the government are ruined.

I'm not that bad a guy. But if being brought out in this sort of symposium to say that you'd better adopt a compliance program or the dogs will be let loose results in your adopting meaningfully successful compliance and ethics programs, then it's worth it to you and to me.

None of us takes any delight in the distress of others, be they corporations or individuals. We want you to make money. We want you to be prosperous. Indeed, the food and drug firms, which is a good part of our practice, have been very successful and innovative during the years that we have been involved. But most of all, we want you to stay out of trouble.

Our experience has been that guilty corporations do criminal acts that you would want punished, especially if they were your competitor, if it was not your case and if it was not your firm.

Ladies and gentlemen, we have been through this for a number of years because the food and drug statutes and some of the other statutes that we handle have imposed a self-audit, a compliance responsibility on responsible corporate officials for many years. And do you know what? We fight over, when we talk to potential criminal defendants, criminal defendants after they have been convicted, whether or not their compliance program was meaningfully successful, whether or not corporate officials at a high level were involved. Because there is an adoption of a program does not mean that it works and does not mean that it should be given credit when the process is underway. And, indeed, the guidelines contemplate that we are truth seekers in that endeavor as well.

When I encounter a corporation in a negotiation to settle a particular criminal matter, I feel a little bit like someone's spouse who has warned you about some misadventure, only to be saying later, "I told you so." Well, I have news for you. I have been in a number of these sessions, and at each one I have said, "I am going to remind you if you come in to see us that I told you so."

At the urging of Win Swenson and some other members of the bar, I am trying to explain to you why, in our experience over the years, sound management principles, good science, and good judgment, and now the over-arching discipline of the sentencing guidelines, can prevent you from getting into trouble in the first place and can even inure to your benefit if you are prosecuted by any one of these components of the Department of Justice.

To prove what you have been learning all week is common sense, let me quote from Judge Wolf's conclusion in an opinion accepting the $61 million civil and criminal penalty in the Bard case. Bard was and is an innovator in medical devices and was prosecuted as a corporation. The individuals' trial was just completed recently, and three of those executives were also found guilty.

Quoting Judge Wolf: "The court finds that the agreed sentence provides just punishment for Bard. It should prevent Bard from committing comparable crimes in the future. It should also send a message to corporate officials and companies they personify that to subvert the Food and Drug Administration process, intended to assure the safety and effectiveness of medical products, is not just wrong, it is dumb."

Keep in mind that establishing accountability and ethical standards and having review and approval of all of that at the highest level of an organization is simple common sense and good business management.

I am not going to repeat what is in my outline, nor, I hope, repeat what you've heard among the other panelists this morning. We enforce both civil and criminal matters under the statutes that we enforce. I think that is somewhat unique in the Department of Justice as a litigating division, but it's true in every United States Attorney's Office.

Our job is pretty straightforward. We receive referrals from agencies. We analyze the cases, and our job in essence is to protect consumers from unfair practices and to protect those consumers who really are not in a position to protect themselves. If you go in for a heart catheterization procedure, you have to have confidence and believe that the medical device that is being used on your heart is, indeed, safe and effective, or our medical system isn't going to work as well as it has.

We have pursued a number of cases with unsafe biologics, drugs, and medical devices, and we have resolved a number of those cases with injunctions and civil settlements. Obviously you want to know how to get on the civil side rather than on the criminal side. Ladies and gentlemen, I submit to you, by the time the case gets to us, since you have gone through the regulatory agency either at the federal or state level, it's pretty much a closed question.

We have sought and obtained injunctions against blood banks, for example, for unacceptable collection and distribution practices and not proceeded in criminal ways for all sorts of reasons. But primarily when we are presented with fraudulent conduct, we pursue the fraudulent conduct. And if there is fraudulent conduct, I submit to you, as a matter of truth seeking, that compliance program, whatever it was supposed to be, was facially or, as applied, inadequate.

Now, there are some obvious concepts you need to have to understand how these guidelines have affected our practice. There is a disconnect, I know, and the outline says it. Organizational guidelines don't necessarily apply to our cases. Why do we use them?

First, the food and drug statutes have required a similar system of checks and balances as the organizational guidelines have for 50 years. We have been arguing about this with defense counsel for a long time. And, secondly, that has been specifically articulated as a ready set of principles to debate. The Supreme Court said in the Park case over 20 years ago that responsible corporate officials subject to the food and drug statutes have to operate with the highest standards of foresight and vigilance to detect in the first instance and to avoid violations in the second. Isn't that in essence what the guidelines are intended to do?

Our experience - and I'd like to focus a little bit, since I was asked to go into some specifics - involved the generic drug industry. Congress passed legislation in the 1980s to allow the public to pay less for prescription drugs that had passed off patent, that the pioneer product had gone on and served its function and now was off patent, and others could copy it and sell copies. When you go into your pharmacist, he says to you, "Do you want the generic?" And we prosecuted firms as they came on line. Sixty-seven individuals, 16 companies have been prosecuted since that began in basically 1990. More than $30 million in fines have been assessed. What did they do?

Bolar is an example. One of the premier generic firms coming on the market, they're going to be first on the market because if you're first on the market with your drug product, the pharmacist will tend to suggest yours rather than someone else's. They had to prove at Bolar that their copy of the drug was equivalent to the pioneer drug that the manufacturer of that product had spent billions of dollars producing. In fact, they had to prove it in tests, tests on individuals and tests in the chemical lab. And they were on a rush. They wanted to be first on the market. What do you do? I've got a secret for you. Take the pioneer product, crumble it up, re-package it as your drug, and test it against the pioneer product. You know what happened? Their product came out comparable to the pioneer.

This is not rocket science. You do that sort of activity, you are going to get prosecuted. And if you're convicted, you're going to pay a substantial fine. And if you're at the high levels of that organization, you're going to go to jail. Those individuals were at the highest level of the corporation who were prosecuted.

One of the interesting segments of this - and I don't know if it's true of my colleagues' experience, but in each of the corporate pleas that we have been involved with in the generic drug industry, they have all wanted an 11(E)(1)(c) plea that says, conditionally, "Judge, this is how much we want to pay." So the negotiation between the government and the corporate representatives ends up being a discussion of the guidelines. What else are we going to talk about? Because, indeed, when we talk about corporate responsibility, we end up talking about specific and general deterrence. We talk about what is fair or just punishment to the stockholders of this organization for the activities of its agents. We talk about the activity of the employee balanced before or after the guidelines in terms of whether the employee was trained, whether the employee was given incentives to do what the written policy said he would do.

Ladies and gentlemen, as we debate with corporations over how to control the wayward acts of their criminal defendants, I think in a sense we have merely formalized the rules of the debate in the guidelines. If you all like to debate - and I presume that anyone who has obtained a law degree enjoys that to some extent - let me give you a tip. When you come in to talk to us to say why your corporation should not be prosecuted, come in with particular evidence that shows why your compliance policy failed in spite of your best efforts. Let's not just shout and complain to each other.

Believe it or not, in the generic drug industry many of the firms had written regulatory policies. Many of them had compliance officers. Some had regulatory affairs specialists. The policies were not used, were not enforced, were not trained, were not meaningful. A critical criterion for us and for most, as you have heard, is: did the corporation come in and blow the whistle and cooperate before dogs like me were at the door?

Our experience has been that, with but a few exceptions, these violations have been committed by individuals who were at the highest levels of the corporation. The experience is not new. Before the guidelines, before the fine provisions were so markedly increased, we prosecuted United States v. Hyland. The government proved during an eight-week jury trial that the highest corporate executives of a manufacturer and distributor of a drug, epherol, that was unapproved - intended for premature infants - had knowingly and continually marketed this drug despite reports from doctors that the intravenous drug was killing some of the premature infants it was given to.

We had a debate with the representatives of the corporation. These were wholly-owned subsidiaries. They pointed out in the debate that they had standards of conduct. They pointed out that they had a history of dealing with the Food and Drug Administration. They pointed out that they had some audit system at home.

We were able to show in that debate that there were no real standards of conduct for employees. Employees had never been disciplined. Employees had never been even trained what those standards were. There had been a long history of both firms pushing their business close to or over the line where the regulators drew it. And there was no check and balance system for the marketing of drugs. There was no particular audit process. It was inadequate.

It had some effect in the industry. We have now seen, for example, that the Association of Device Manufacturers, medical device manufacturers, has come out with an association policy that goes through such specifics as - here's a particular possible violation of the law - failing to perform adequate complaint and failure investigations, trend analysis, and corrective actions with regard to your medical device. What is the preventive action? Read the regulatory requirements in the good manufacturing practice manual of the agency, have appropriate standard procedures, train employees with each of those procedures, ensure documentation, allocate resources to prevent backlogs, follow up on significant product problems. If you do that, how is it going to occur that somebody is going to do something like put a drug on the market that has been untested for premature infants?

This is serious stuff. In reviewing the cases over the years - and you've heard from each of us - the amount of money has increased significantly. The consequences to the organization are very serious.

The Bard case is an example. Bard paid $30,500,000 in criminal penalties, $30,500,000 in civil penalties because the product was being paid for out of CHAMPUS, Medicare, Medicaid funds.

The guidelines didn't apply to that case. It was prior to the guidelines. It was after the sentencing enhancements. It was a case handled by the United States Attorney's Office in Boston, and we served in an advisory role. But, ladies and gentlemen, when the corporate lawyer began to recognize the possibility of exposure under these guidelines, they wanted to come to resolution. And the discussion focused on what their policy was. And after the discussion was over, one of the components of that settlement is a comprehensive compliance decree that says explicitly what Bard will do in the future to comply with the law.

Bard is successful. The food and drug firms in this country are some of the primary exporters of products that we have. It does not mean that if you have an effective, meaningfully successful compliance program you cannot be successful. Indeed, if you don't have it, I wonder how you are successful.

I want to add two points, and then I'm going to finish. We, like the Environmental Crimes Section in the Criminal Division, but unlike Antitrust, rely on agencies to bring us cases. If you aren't working with the agency on a regular basis and expect when you come to us to present your corporate compliance policy as a trump card on everything else, you're kidding yourselves.

By the time that it comes to us, very serious analysis has already gone on. Your relationship with those agencies with whom you work is critical to success. If I don't see the case, I can't prosecute it.

Our goal is deterrence. We are responsible for a fairly esoteric group of prosecutions, and I want to just complete my thoughts here by saying that if you look over the 50 years in which the Federal Food, Drug, and Cosmetic Act has been in existence, in which there have been corporate compliance officers, in which there have been regulatory affairs officers, in which corporations have been trying to comply with a very strict standard, because you can be convicted criminally under the Food, Drug, and Cosmetic Act of a misdemeanor on basically strict liability, and that industry - or those industries, rather, have been successful. You can be successful, too, and if you don't have a corporate compliance policy and you come in to see me on behalf of your client's problems, I'm going to tell you, "I told you so."


COMMISSIONER BUDD: Ladies and gentlemen, we've heard from four excellent speakers. I'd like to pose one of your questions to each of the speakers. I'm going to pose this first question to Bob Litt.

Bob, does cooperation under Section 8C2.5(g) require any of the following: one, mandatory waiver or tolling of the statute of limitations for the conduct under investigation; two, mandatory waiver of the attorney-client and work product privileges for information or documents otherwise protected; three, mandatory curtailment of payments of the attorney's fees for directors, officers, or employees who invoke their Fifth Amendment rights; four, mandatory forbearance from the entry of information-sharing confidentiality agreements, also known as joint defense agreements, with current and former employees and third parties; and, finally, requiring employees to submit to "Queen For A Day" interviews, "use immunity" interviews and the like?

Bob, would you care to respond to those?

MR. LITT: Let me just begin quickly by saying that, as to the last point, "requiring employees to submit" is probably an overstatement of what a prosecutor will ask. I think a prosecutor will ask you to request your employees to submit, but I don't think anybody expects you to strap them to a chair and hold klieg lights over them.

Also, I don't feel that at this stage I can be addressing this question in terms of what the sentencing guidelines require. I think that is something that is going to be worked out through the courts. I don't think there's a sufficient basis yet for assessing that.

I can tell you that from the Criminal Division's point of view in terms of how we assess a company's cooperation, the answer to all of those can be yes. And I go back to what I mentioned before. We're looking for a company that comes in and is committed to cooperating with the government.

From the prosecutor's point of view, if there are people out there who have committed crimes, a corporation that has one foot with the criminals and one foot with the government is not cooperating with the government.

COMMISSIONER BUDD: Bob, thank you very much. To Ron Sarachan, under the Justice policy, is a company barred from consideration for leniency or non-prosecution if it self-discloses a violation that it was legally required to report?

MR. SARACHAN: The short answer to that is no. Let me say two things in explanation. One thing, when you look at our policy, it makes clear that each of the components is a factor, and they can carry different weight in different cases. So if you have a company that does everything right - it discloses, it cooperates fully, it has a compliance program, it corrects - the fact that the disclosure happened to be mandatory won't mean that it doesn't get consideration.

The other thing is if you look at the disclosure provision of the policy, it talks about the quantity and the quality of the disclosure. There can be a big difference in a mandatory disclosure in which you tell the regulatory agency about your Clean Water Act discharges in a monthly discharge report versus coming forward to the government and saying this was not just a fluke, we have a problem here, this is what we're doing about it. So even in the context of a mandatory disclosure, there is often a lot more that can go into a voluntary disclosure.

COMMISSIONER BUDD: Thank you, Ron. To Gary Spratling, if an individual goes for amnesty before the company, is it possible for the company to come in and get amnesty as well?

MR. SPRATLING: It's possible. Obviously automatic amnesty would no longer be available because automatic amnesty is available only when we don't know about the violation. We know about the violation from the employee.

You still might qualify under alternative amnesty, but remember the two threshold requirements I mentioned there. Number one, you have to be the first one in. Assuming the first one in, you now face the major hurdle, which is whether or not as a result of your employee coming in we already have sufficient evidence to result in a sustainable conviction against your firm. If your employee has given us that, then you can't get amnesty. If he hasn't given us all of that, then you would still be eligible for amnesty. But even if you're not eligible for amnesty, of course, coming in that early and offering to cooperate, there are significant other benefits you might obtain.

COMMISSIONER BUDD: Thank you, Gary. A final question for Gene Thirolf. On page five of your printed material, you say that the proactive operation of drug firms can serve as a model. Could you elaborate on what you mean as a model for compliance programs?

MR. THIROLF: I mentioned it in my discussion. The food and drug firms have been under the responsibility of the highest standards of foresight and vigilance for 50 years. They have had to come up with what amounts to corporate compliance policies.

The Health Industry Manufacturers Association here in Washington spent two years - and I talked at two of their conferences - in trying to develop a set of recommendations to comply with the obligations of the Medical Device Act and the FDA regulations. It is very specific, it is very detailed, and it took a long time and a lot of effort to do it.

I see no reason why other trade associations could not assist in drawing from the large operations to give to the smaller operations insight into how to have a very particularly designed compliance program.


Bob Litt

Q. You mentioned that U.S. Attorney decisions after voluntary disclosure are centrally reviewed, for consistency. What are the prospects for centralized review of other types of U.S. Attorney decisions regarding prosecuting corporations (e.g., compliance program worthiness), especially with respect to large publicly-held companies?

A. As a model, the Food, Drug and Cosmetics industries have a 50 year history of compliance with the provisions of the Food, Drug, and Cosmetic laws mandating "the highest standards of foresight and vigilance" in meeting statutory requirements. Consider the Health Industry Manufacturer Association, a trade group for medical device manufacturers. HIMA developed and formulated a corporate compliance policy for all of its members. As a service, HIMA makes the policy available and helps firms customize the plan to their needs.

Proposed prosecutions of corporations (but not individuals) who have made voluntary disclosures under the Department of Defense Voluntary Disclosure Program are centrally reviewed by the Criminal Division of the Department of Justice. Requests for review of other decisions to prosecute corporations for policy reasons may be made to the Criminal Division in matters within the Division's jurisdiction. However, the primary prosecutive authority rests with the United States Attorney in the district where the charges are being brought.

Q. Do you see any value in a self-audit privilege?

A. Although the Criminal Division fully supports the use of self-auditing as a means to obtain compliance with the law, we oppose the creation of evidentiary, discovery or testimonial privileges for self-audits. Such privileges would shield criminal misconduct, authorities, and be contrary to the goals of corporate "good citizenship," i.e., disclosure and cooperation. It would make enforcement of the law more difficult by interfering with the ability of law enforcement to obtain evidence relevant to their investigations and to their ability to quickly ascertain the facts. In addition, a self-audit privilege undoubtedly would lead to protracted litigation involving privilege issues, and would be susceptible to abuse. For example, corporations may claim that normal day-to-day business practices constitute "audits" in order to avoid disclosure of wrongdoing. Also, the privilege may be invoked to bar the use of evidence even against rogue employees who engaged in criminal conduct against company policy.

Q. In light of your remarks about companies needing to turn over reports, investigation results, etc. - how does a company reconcile this governmental position with the "promise of confidentiality" "good citizen" companies make to their employees to encourage internal self-reporting?

A. Most companies today, particularly those that participate in the Department of Defense's Voluntary Disclosure Program, feel that they are ethically if not legally obligated to advise their employees that their interviews are being conducted under the corporation's attorney-client privilege and that the company, at a later date, may choose to waive that privilege and provide the employee statements to the government. As a consequence, most employees are expressly told that this means that the company and the company alone decides whether to disclose what the employees say.

From the government's standpoint, once a company has provided thorough and full advice to their employees about their privileges and the possibility of future disclosures to the government, it ordinarily is in the company's best interest to waive its privilege and disclose the statements of some or all of the interviewed employees. As I stated earlier, to gain credit for "god citizenship," corporations must demonstrate their commitment to compliance when it's painful as well as when it is easy.

Q. What is DOJ's position with respect to a corporation paying (advancing/indemnifying) for counsel for an employee who is alleged to have engaged in wrongdoing?

A. The Department of Justice recognizes that under the corporate laws of the state of incorporation or in accordance with the corporate by-laws, most corporations may indemnify or advance fees for corporate officers and employees accused of wrongdoing, and sometimes are required to do so. In cases where indemnification or fee advancement is discretionary, the Department would expect corporate boards of directors to carefully scrutinize such action and to deny such payments when appropriate. While these decisions should be made by the corporation's board, and the government does not require that any particular action be taken, a corporation that seeks the benefit of cooperation with the government has a burden of showing that it is not providing financial support to wrongdoers.

Q. Yesterday, a lawyer familiar with the National Medical Enterprises case (in which your division was involved) criticized the compliance requirements the government exacted from the company to resolve the case. He said these requirements might actually undermine the company's development of a corporate culture supportive of law abidance. How do you know when you exact compliance requirements in cases like this that the requirements are sound?

A. The compliance program adopted in the National Medical Enterprises (NME) case resulted from lengthy negotiations between the Department of Health and Human Services and NME, and was intended to address the specific problems uncovered during the investigation. We believe that NME would not have agreed to the terms of this compliance program if it did not believe the program was appropriate. As a general matter, DOJ is not interested in imposing unreasonable conditions upon any company. The government and companies share the common interest of adopting compliance programs that will most reasonably ensure that the company's future operations are conducted in a fair, ethical and legal manner. Each case will be examined individually, and compliance programs will be tailor-made to fit the facts and circumstances. Indeed, in the more recent settlement involving Caremark, the compliance plan was different from the NME compliance plan.

Q. To what extent will the government work with the corporation to maintain confidentiality of sensitive documents while allowing the government to obtain the information it needs or wants? Has DOJ considered adopting policies that would enable a "good citizen" corporation to fully cooperate without the punishment of having sensitive documents become publicly available?

A. It is legally difficult for the government to maintain the confidentiality of documents provided by a corporation against third parties seeking access to such information. The current case law clearly suggests that the company waives privileges such as the attorney-client privilege if disclosure is made as a part of a voluntary disclosure, although as noted above, grand jury proceedings themselves are secret. The Department has not considered adopting policies, nor has it sought legislation, that would provide for a limited waiver.

Q. In law, defendants are presumed innocent until proven guilty. Yet corporations - to get the credit under the guidelines - must consider their "guilty" employees as guilty and fire them, rather than defend them. Can you reconcile this apparent contradiction?

A. We do not view this as a contradiction. As a sound business practice, corporations should question whether to continue employment relationships with employees who have knowingly violated company polices, state or federal civil laws, or who have engaged in criminal conduct. The decision whether to fire or otherwise discipline errant employees rests within the sole discretion of corporate management and is based on numerous factors, such as the employee's position within the company, the duration and impact of improper conduct, whether company policies are violated and whether the employee has engaged in other wrongdoing. Under many circumstances, conduct need not even be deemed criminal to warrant dismissal. While the government generally will view in a more favorable light those corporations that discipline or terminate employees who have engaged in criminal activity, the government does not and will not require that any particular course of action be taken.

Q. Does "full cooperation" mean complete adoption of the Justice Department position (i.e., full mea culpa) or can a corporation cooperate fully and still preserve its defenses and those of its employees?

A. There are no Departmental standards governing "full cooperation" by corporations, and prosecutors will consider each situation on a case-by-case basis, including the assertion of privileges such as attorney-client and work product. However, where prosecutors suspect or have evidence that corporations or their employees are withholding critical evidence, seriously misrepresenting facts or obstructing the government's inquiry, they will demand more cooperation from the company. Moreover, "full cooperation" by the corporation does not mean protecting wrongdoers. If a corporation expects to receive the benefits of full cooperation, it will be expected to provide full information about its culpable officers and employees, and take whatever disciplinary action it deems appropriate.

Q. It is my understanding that at the time of drafting the organizational guidelines, the Department of Justice was not very supportive of compliance programs - i.e., DOJ did not think they should get much credit. What factors have influenced the shift in perception of these programs so that now DOJ believes there should be a baseline requirement?

A. The Department of Justice has not had a shift in philosophy about compliance programs. The Department proposed its own organizational sentencing guidelines to the Sentencing Commission during the development of Chapter Eight. Our proposal would have provided a significant reduction in the fine for an offense that "represented an isolated incident of criminal activity that was committed notwithstanding bona fide policies and programs of the organization reflecting a substantial effort to prevent conduct of the type that constituted the offense." Thus, the Department recognized compliance programs as a basis to reduce fines. However, under the Department's proposal, the reduction could have been given only if the offense was an "isolated incident of criminal activity" committed despite the compliance program. We did not want to give credit to a program that repeatedly failed to do its job. There has not been a shift in this philosophy. If a program repeatedly fails to do its job, we would have to question whether it constitutes an "effective program to prevent and detect violations of law" within the meaning of Section 8A1.2.

Q. Please comment on Bill Lytton's comment regarding the inherent conflict between qui tam actions and internal compliance programs. Specifically, individual greed versus sponsoring a corporate culture of good citizenship. Why not require notice to a company with a legitimate compliance program before an employee is permitted to file a qui tam action?

A. Notwithstanding the existence of a compliance program, for various reasons employees may have little confidence that their allegations of wrongdoing will be taken seriously and may believe that they will be disclosed in due course to the government. There may be legitimate fears that going to the company before reporting the fraud to the government may lead to destruction of documents and suppression of relevant evidence. Thus, a requirement that employees report to the company in all cases could well discourage employees from coming forward at all.

Moreover, Congress amended and liberalized the qui tam provisions to provide monetary incentives and other protections from retaliation or other employment discrimination to those who have information about fraud against the government. Requiring a plaintiff to first report allegations to the corporation before he or she is permitted to file a qui tam action creates the very disincentives that the Act was intended to eliminate; that requirement exposes the employee to possible retaliation from the employer for reporting the fraud, and thus discourages employees from coming forward with the information. By allowing the employee to file suit under seal and allow the government to undertake an investigation, the employee's allegations can be made without the fear of recrimination. However well-intentioned a corporate compliance program, certainly the perception of some employees in the corporate world is that allegations may not be taken seriously or pursued in an appropriate fashion if they must be given first to the corporation.

All Panel Members

Q. There have been a number of high profile cases in which DOJ has announced a decision not to prosecute a corporation because of its compliance efforts (e.g., Salomon Brothers, Sega Corporation in New York). Have there been cases in which DOJ has announced a decision to prosecute a high profile corporation because of non-compliance with the guidelines? Would this encourage compliance in the corporate community generally?

A. (Robert Litt) Prosecutive decisions are based on a variety of factors. We do not base decisions not to prosecute solely on a company's compliance program; rather, the existence of a compliance program is one factor to take into account in a prosecutive decision. Similarly, decisions to prosecute a corporation are not based solely on the failure of compliance programs, but that is a factor that can be considered.

Q. What is the process for determining the culpability score in both consent decrees as well as in those matters that go to trial? For example, who determines whether or not the organization had an "effective program?" Is there a standard form that is used by the court or an agency that mechanically calculates the score?

A. (Robert Litt) The sentencing court determines the culpability score, after consideration of evidence concerning the company's compliance program presented by the government and the corporation. A company may want to enter into stipulations with the government concerning factual matters about its compliance programs and policies. Compliance programs will be the subject of intense scrutiny by the government during the criminal investigation. The government will ask the necessary questions to satisfy itself that the program is not merely a "paper program."

Q. Would you subpoena (or seek voluntary disclosure of) any corporate compliance program from a target corporation before entering into plea negotiations?

A. (Robert Litt) We would expect corporations to voluntarily provide us with their written compliance programs if we have reached the stage of plea negotiations, and it probably would be in the company's interest to demonstrate the existence and effectiveness of their programs. In our experience, information concerning corporate compliance programs generally is made available to the government.

Keynote Address

Stephen L. Hammermann, Vice Chairman, Merrill Lynch & Co.

Introduction: Commissioner Michael Gelacak, Vice Chairman, U.S. Sentencing Commission


COMMISSIONER MICHAEL S. GELACAK: It is my pleasure to introduce today's keynote speaker. He is a distinguished member of the bar and a force in the financial services marketplace. Our speaker today is a graduate of the University of Pennsylvania's Wharton School, as well as New York University's Law School. He is a former Assistant United States Attorney in the Criminal Division for the Southern District of New York. He has served as the New York regional administrator for the Securities and Exchange Commission. And he was appointed by President Reagan to the Board of Directors for the Securities Investors Protection Corporation. He is a past Chairman of the Board of Governors of the National Association of Securities Dealers and is now a member of the Board of Directors of the New York Stock Exchange.

He is presently the Vice Chairman of the Board of Merrill Lynch & Company, Incorporated, and Chairman of the Board of its broker-dealer subsidiary, Merrill Lynch, Pierce, Fenner and Smith.

Ladies and gentlemen, I am honored to introduce Mr. Stephen L. Hammerman.

MR. HAMMERMAN: Thank you very much, Mike. I am truly honored to have been asked to participate in this important program, and I got a piece of the program today. I was trying to get into the morning session, but it was standing room only and you couldn't get past the door, which is a compliment to Mike and Win who have put this program together.

When one reads the press, it appears that crime is rampant in the corporate world and that it is a new phenomenon. First, I do not believe that crime is rampant. I think that most people and most corporations are law-abiding and try to do the right thing. Second, what we read about is not a new phenomenon. The fact is that if crime were new, we would not have the Ten Commandments. We'd have the Ten Suggestions. But the fact that wrongdoing might have existed since Adam and Eve does not make it of less concern.

Regardless of what industry one is in, and no matter how good a reputation for integrity one might have, any attack on a corporation's integrity will result in the loss of confidence on the part of its important constituencies. For example, we have in the United States the strongest capital markets in the world. This is because our markets have integrity. Any hint that our markets lack integrity will result in a lack of confidence which will diminish our effectiveness as a nation. This is also true of any business. Before the sentencing guidelines were even thought about, we in the securities business had an expression that good compliance is good business.

We are, I dare say, in the securities business the most regulated industry in the world. We are regulated by the SEC, by the United States Attorney's Offices, by the states' attorney generals offices, securities commissioners, self-regulators like the New York Stock Exchange, and the NASD.

However, you could wipe away all this regulation and still be left with one principal regulator: the corporation itself. Any corporation that doesn't believe that it is its own chief regulator will not remain in business. There should be a race to the top and not to the bottom when it comes to compliance standards. Perhaps this is what Judge Stanley Sporkin expressed as the "do the right thing" principle. A race to the basement when it comes to compliance might provide corporations with some short-term monetary savings and gains; however, history has taught that in the long run it is doomed for failure.

Just read Burning Down the House, which is the fall of E.F. Hutton in our business, or Serpent on the Rock, a book which just came out about how a limited partnership scandal cost a company almost $2 billion.

Statements of principle like "good compliance is good business" have been proven to be true and are very important to help guide decisions made in the corporate world. I believe that it is very important for a good corporate culture to have established principles which are conveyed to employees, clients, and others by saying these are the principles we believe in and any deviation from these principles is not to be tolerated.

Now, having principles is important, but I think they have to be established in the context of a true story. This man was riding a Rolls Royce over a mountaintop, and all of a sudden the Rolls Royce hit a rock, and the Rolls Royce went over the mountain. And as the Rolls Royce was going down with the driver in it, the front door by the driver's side opened up, and the man miraculously fell out of the Rolls Royce. And as the Rolls Royce crashed to the bottom, the man grabbed onto a branch, and holding onto that branch, he looked up to the sky, and he said, "Lord, save me." And a voice boomed down and said, "Save you? Why should I save you? You're a bum." And he says, "Lord, save me. I won't be a bum." He says, "No, you don't take care of your wife; you don't take care of your children." He says, "Lord, you save me, and I'll be the best husband and father that they can ever find." He says, "I have no reason to save you," the Lord said, "because you give no charity. You're a wealthy man." He says, "Lord, I'll give all my money away to charity. Just save me."

The voice came down again, he said, "I can save you, but you have no faith. I have no reason to save you." And he looked up and he said, "Lord, save me. I have faith." And a voice came down and said, "You have faith?" The man said, "Yes." He says, "If you have faith, let go of the branch." And the man looked up and he said, "Are you crazy?"

Now, that is a true story - it was true because it was in the press.

That true story illustrates the difference between words and actions. Now, the philosophy of any corporation should be that no one's personal bottom line is more important than the reputation of the corporation. All of us in management are responsible for making certain that at our institutions actions speak louder than words.

Any impairment of our reputation results in a direct negative impact to our bottom line and the price of our stock. There is no way we can reach the corporate goals that carry out the strategies if our reputation for integrity is tarnished.

It is to be expected that in any organization, whether it be the corporate world or in government agencies, there will be some individuals who will violate policies and rules. However, how our clients, our fellow employees, shareholders, and regulators will view our behavior in the corporate world depends upon two things:

First, did we create a working environment that told people and taught people that at our company we do not tolerate violative behavior? Because if we create an environment where we say the rights words but we permit the wrong actions, we have a problem. If we create an environment where the penalty for a violation depends on whether or not the person is a big or small producer, we have a problem.

The second important criteria by which we are judged is how we handle a problem once it is discovered. If a problem comes to our attention, we must act on it, no matter who the individual is that is involved, whether it is the chairman of the board or whether it is a clerk in one of the functioning areas of the firm. A problem handled at an early stage may be a little difficult to swallow, but if you cover up the problem, well, when that problem surfaces - and it will surface - that problem becomes indigestible.

Management in business must set the tone every day for how our people should behave. Even allowing an employee to exaggerate or lie when it comes to travel and expense reports, or misuse cab services, only lets the individual mistakenly believe that rules exist only to be broken. You know, it would be like being at home and lecturing to your child about not stealing from the candy store while you're driving off with a towel that you just took from the Hilton Hotel. You've got to be consistent. You cannot be inconsistent.

I think the same is true of our responsibility regarding employees whose personal traits can affect our clients and our business. It is our business if someone dealing with our clients has a gambling addiction. It is our business if someone dealing with our clients has a drug addiction. These problems we must deal with. They cannot be buried.

You know, in business we have what's called ROE, return on equity, which determines our financial success as a corporation and in many ways the price of our stock. ROE, return on equity. But I believe there's also an ROI, a return on integrity. Perhaps we cannot calculate a return on integrity, but let integrity slip and take second place to revenue, then it will cost us more than the dollars. The cost would be fatal. In fact, increasing our return on integrity will almost guarantee without question increasing our return on equity.

Now, how does a corporation make certain that its ROI, that is, return on integrity, keeps improving? Is it sentencing guidelines? Is it more rules or standards? No. What is important is that an environment for doing the right thing exists, and it must start at the top. It sounds obvious. It sounds like a cliche. But it's true. If true, you ask, why isn't it working?

Well, it is working, but it needs help once in a while. This help comes in the form of a strong and effective legal and compliance department in a corporation. The foundation of an effective legal and compliance effort is formed by where or whom the counsel reports to. Where an individual reports reverberates throughout an organization.

For best results, it is my view that reporting to the CEO, the chief executive officer, lets everyone know the importance of the legal and compliance function within the organization. But where an individual reports is only part of the solution. Whether the general counsel or compliance person is an activist or passivist is critical to the success of a corporation.

I think that the regulators of the '90s are looking at the '80s and are convinced that many of the ethical problems of the last decade have occurred in part because lawyers, both inside and out, and compliance people may not have done the right thing when the opportunity presented itself.

Now, having the job of general counsel or compliance officer is not an easy task. We know that. And we also know that the most difficult time to get people's attention to compliance is when business is very good or when business is very bad. When business is very good, people don't have patience for the impediments we want to impose. When business is very poor, the business people don't have the stomach for our impediments.

The signals of the struggle of the people in the compliance area appears in phrases such as, "You're killing my business. The other Brand X firms let the people do it"; or "If we don't do this type of business, we might as well be out of business"; or "Thanks for the advice, but it's a business decision to hire the bum or sell the product."

When these phrases start to appear, get ready because my 30 years of experience in this business tells me that the following happens: one, the other firm generally does not do it, including Brand X; two, you're better off being out of business than being indicted when in it; and, three, it's not a business unit's decision to destroy or even harm the reputation of our firms.

We as general counsel have a dilemma. Do we pigeon-hole ourselves and our responsibilities so that we limit ourselves to advice that, if not followed, we memorialize in a memorandum to show we oppose certain action? Or do we insist upon being more of an activist and participate in preventing harm to our firms?

Whatever role we choose to take will depend upon many things, depending upon the company we're in. But let me suggest to you, if something goes wrong, someone, despite your memo, will insist that you should have been more of an activist. We have to do our jobs right because we're going to be responsible anyway.

By the way, I said that the general counsel should participate in correcting the wrong. It is the highest executive for the business unit who bears the primary responsibility for taking compliance action and to react if one of their people does not adhere to good compliance standards. It is the job of the general counsel or compliance officer to convince him or her of what is the right action. Get the business executive to sign and send the memos on dealing with compliance matters.

For example, in our business, it should be the executive vice president in charge of investment banking that signs the memo cautioning against the misuse of inside information. It is the business executive who pays the salaries and the bonus, not the general counsel. General counsels do not have to live under the edict, "publish or perish." It's the executives at the top level who must believe law, and compliance must have immediate access to them. If it's a public company, there is an audit committee of the board, and access to that committee is also vital.

The top executives must show every level of a firm that good compliance is good business. As lawyers, we should share with the business executives early and realistically problems as they arise. Do not be afraid of the CEO who doesn't like bad news. Teach him to swallow slowly. If you don't, you will, I am afraid, become the scapegoat.

The efforts of the general counsel to push for strong compliance efforts should never cease. Sometimes you have to push harder, although you have the feeling no one appreciates you. And if I may, just talking about appreciation and swallowing slowly, it reminds me of the story of the man who walks into a restaurant, and he sees another gentleman choking on a bone. And he walks over. This man is near death. And he walks over to him and says, "Take it easy, sir. I'm a doctor. Let me assist you." And he takes a fork and he bends the fork, puts it down the throat, and he pulls out the bone. He saves the man's life.

The man, after gasping a little while, says, "Sir, thank you very much. You saved my life. I must pay you for this service." He says, "Don't be silly. It was just fate that brought me into this restaurant. You don't have to pay me." The man insisted, "I'll pay you." He kept insisting, "I must pay you."

Finally, the doctor said to him, "I'll tell you what. If you have to pay me, why don't you pay me what you would have paid me when the bone was still in your throat."

So all of you folks who are working in corporations understand. Believe me, there will be plenty of bones to pull out.

As I said earlier, any corporation will have problems. A corporation should be judged by how it handles that problem. Some actions by individuals have clear-cut responses; others do not. To avoid being second-guessed by regulators and to guarantee a fair approach in handling problems, I recommend the formation of what we call a review committee.

In our company, our review committee is made up of the experienced folks in the legal and compliance areas who review the facts and circumstances of an apparent violation. After a full review, they sit with the business executives of the area involved and recommend action to be taken. If agreement on the action to be taken is not reached, the matter is elevated up the line. If the review committee and the highest level manager still cannot agree, the matter then comes to the executive vice president of that business unit and to me for decision.

We have had the review committee in place since 1985. The review committee, by the way, is not permitted, other than the person who has done the investigation, to know the production of the individual that they're reviewing. They must look at only the facts and not whether or not the person is a big or small producer. But since 1985, although we've had this review committee that has heard hundreds and hundreds of matters, only five matters have been sent up for review to an executive vice president or myself.

This is the result, I believe, of the culture being understood by the managers throughout the organization. And in our business we must report problems to the regulators. We don't have the luxury, as some, to sort of cover it up. So every time we've taken any discipline internally or there is a problem, we must on a form report it to the New York Stock Exchange or the NASD so it gets elevated. And I would say that in the ten years we've had this in place, not one instance has ever occurred where a regulator has in any way disagreed with the findings of the review committee and the business group. It works.

I'm a strong believer in an effective hotline. We have had a hotline in effect years before the sentencing guidelines. Yes, there are serious concerns and dangers that accompany a hotline. These should not be underestimated. However, a hotline controlled by professionals who are experienced in dealing with people and problems and are concerned with people's rights as well as protection for the corporation is a very effective compliance tool. It is effective not only because it gives employees a place to reveal possible wrongdoing, but it gives employees an opportunity to vent frustration about corporate policy. We take our general counsel's hotline very seriously. People know that, and that's why it works.

But to have an effective compliance program, there must be a consistent and sincere effort at education. Senior people in the organization should participate in these education programs, and executives should constantly refer to ethical standards while talking about the need for revenues. That's a very important point I personally believe; that as we talk to our various people in the business units about why we need greater production here or why we need to go ahead and increase productivity over here, we must always build into that - and the senior business people do - that that has to be done ethically and meeting the philosophies of the firm with its high standards. Just talking about revenues by itself gives a misleading impression that the corporation only wants to generate revenues any way that it can get it.

Memos are okay in education, but eyeball-to-eyeball contact is the best way to communicate compliance principles. Follow it up by real action when a problem arises.

One of the areas where questions have been raised is whether or not compensation practices create inherent conflicts of interest that result in violation of the law. In our industry, this topic was addressed in 1994 by a broad-based committee on compensation practices, which was formed at the request of the Chairman of the SEC, Arthur Levin. The committee found that although the existing commission-based compensation system works remarkably well for the vast majority of investors, the prevailing compensation system inevitably leads to conflicts of interest among parties involved. However, organization culture, the committee found, is probably the most effective tool for creating the best atmosphere that reduces the potential harm stemming from conflicts of interest. The kind of culture which is created when senior managers articulate high standards and communicate them through their own behavior and the administration of firm-wide policies is necessary to mitigate against conflicts of interest.

The committee also found that having a strong compliance department is essential for making certain that effective, preventive steps are taken to ensure that the client's interests come first. It is also clear that compensation plans that encourage appropriate supervision and behavior by managers are vital to controlling conflicts of interest. A significant portion of a manager's compensation should depend upon his or her compliance record. Financial incentives can and should be used to encourage proper supervision by managers.

It is also important to test one's compliance program on a periodic basis. Stale compliance programs are not effective and can, in fact, be detrimental to a showing of trying to create a good compliance environment. If you're an industry like ours where new products can be developed in the amount of time it takes to take a shower, that new product or business should not commence until compliance has developed standards and procedures to detect possible problems.

Let me say that under the heading of there's always somebody out there who thinks that the glass is half full, I recently read that there is concern that industry officials comparing notes on how to fight corporate misconduct could amount to collusion among companies to lower standards. Nonsense. I have found that after being in the securities business since 1968 that one of the most effective ways to enhance and sharpen one's compliance programs is to share programs, information, and problems with other firms. I do not believe there is competition when it comes to compliance.

As I said earlier, there should be a race to the top and not to the bottom when it comes to compliance standards. I have never seen or observed a race to the bottom in the securities industry. The Securities Industry Association, which holds seminars and workshops which have become such a significant success, always worked toward the goal of high standards. Anyone with an attitude that lowers standards in compliance as the way to do business has a short career.

So, yes, let's get together and talk. Competitors and regulators should share their views and experiences to help make our compliance programs the best in the world, because that's where our competition is today - the world.

Before I close, let me say that government policies like the sentencing guidelines should favor corporate compliance efforts, not to wake up corporations but because it's fair. It's comforting to know that if a corporation does face sentencing, it has something to mitigate its hurt. However, what concerns me - and I was interested to hear Bob Litt's comments this morning - is that if a corporation's compliance effort is sufficient to mitigate sentencing, it should never have been indicted in the first place. The mere threat of an indictment or leak of an investigation will today cause a corporation to lose its clients, its creditors, and its employees. Sometimes there is not sufficient sensitivity or knowledge on the part of the government of the consequences of an indictment of a corporation. Sometimes it takes too long to end the government investigation and give the corporation a clean bill of health. Investigations that linger are like black clouds hovering overhead, ready to rain disaster.

In fact, the sentencing guidelines have given some U.S. Attorney's Offices the opportunity to say, okay, we will not criminally indict you, but we want X millions in a civil settlement for this privilege, as if reading a headline in a newspaper that X corporation paid a $20 million fine is not damaging. It is extremely damaging.

I strongly urge government agencies, when considering vicarious liability, to understand the corporation and the efforts it has made to be a good corporation citizen and understand the corporation's business in the context of a violation while reviewing the facts before indictment and at an early stage of investigation.

We all know what the law is, but if a corporation has created the right environment and has lived by its philosophy of doing business the right way, it should not be subject to attack because some individuals violated the law. I believe that the long-term senior management attitudes transcend economic conditions and dramatic events such as major litigation or regulatory actions in determining a firm's commitment of resources towards good compliance and, accordingly, long-term success.

Senior management's belief and emphasis on return on integrity will guarantee that good compliance filters throughout an organization. Today, good compliance is not just good business, it is vital to stay in business. Thank you all very much.

Privilege Update:When Should Compliance Practices be Protected from Disclosure?

Commissioner Michael Goldsmith, U.S. Sentencing Commission

Patricia Bangert, Deputy Attorney General for Natural Resources, Colorado Attorney General's Office

Moderator: Win Swenson, Deputy General Counsel/Legislative Counsel,U.S. Sentencing Commission


MR. SWENSON: With the new emphasis on corporate compliance efforts, some compliance practitioners are arguing that this is a classic case of no good deed goes unpunished. The better a company is at critiquing its own compliance practices, the argument goes, the more vividly the company draws a road map to its own liability.

The argument has certainly found receptive ears in state legislatures where a number of states have enacted statutory privilege laws, and I guess the question is: "Does the argument have merit? And if so, how should the problem be addressed?"

This afternoon we have two views that we are going to present. We will hear first from Commissioner Michael Goldsmith, whom you have already met, one of the organizers of this conference. Commissioner Goldsmith is certainly someone about whom you can say he has had varied experiences.

He served as counsel to the New York State Organized Crime Task Force, as Assistant U.S. Attorney in Philadelphia, and as senior staff counsel to the House Select Committee on Assassinations. He currently teaches law at Brigham Young University where he specializes in, among other subjects, privilege and evidentiary law. He will offer some commentary on existing law in this increasingly important area. Commissioner Goldsmith?

COMMISSIONER GOLDSMITH: Thank you, Win. My topic this afternoon is concerned with the question of disclosure and, more specifically, under what circumstances, if any, might compliance practices be subject to mandated disclosure in the courts. The reason that my colleagues assigned me this particular task, I think, is because they candidly acknowledge that there is no answer to that question.

You've heard a lot at this point, I suppose, about the carrot and stick philosophy underlying the sentencing guidelines. The stick, of course, is the very severe fines that apply in the context of the organizational guidelines. When an organization violates the law, the fine range is based upon the seriousness of the offense and the organization's culpability. Typically, what that means is that the greater culpability score, the more that you pay by way of a fine.

The carrot, by comparison, is achieved by creating an effective incentive for corporations to follow; more specifically, if corporations establish an effective program to prevent and detect violations of the law, then an organization may reduce its potential fine substantially if a criminal violation occurs.

However, the compliance practices contemplated by the guidelines pose disclosure and liability risks. The rest of my remarks are basically a long footnote to this statement. By way of example, two recent cases:

One is a case entitled Slender v. Lucky Stores back in 1992, which held that corporate compliance programs are subject to discovery. In the Lucky Stores case, the company had received numerous complaints of alleged gender discrimination. In response, they instituted an affirmative action program and held training sessions designed to instruct managers on how to implement the affirmative action program. The managers also met on several occasions to review, comment upon, and modify the program. Well, in a subsequent sexual discrimination lawsuit, the court held that the plaintiff was entitled to obtain documents pertaining to this program.

Another case involved the Coors Brewing Company. Coors had conducted an extensive internal study, which revealed excessive emissions of volatile organic compounds. Notwithstanding the fact that such emissions were previously unknown both to major breweries and to regulators, the voluntary disclosure of its study by Coors ultimately resulted in a fine of $1.05 million. (This was not a fine under the guidelines, but a fine imposed by the regulators.)

These two decisions occurred at a time when many corporations had, in fact, begun to institute compliance programs designed to identify and redress potential wrongdoing. Though such programs were obviously crucial to management, such audits oftentimes produced highly incriminating materials. Once these materials come to the attention of corporate officers and counsel, the guidelines in effect require the company to consider the agonizing question of whether to disclose this evidence to federal government prosecutors.

When you address that issue, there are a number of broad considerations that come to mind. Of course, there is the carrot, the incentive offered to you by the guidelines themselves. The fact of disclosure will allow you to obtain a better culpability score. Disclosure also avoids the potential risk that you will subsequently be accused of obstruction of justice and thereby incur an enhancement under the guidelines for obstructing justice.

Resolution of this issue, standing alone, is tough enough, but you have further complications because disclosure may cause other litigants to bring an action against you. Thus, even if the government chooses ultimately not to prosecute, or even if you get the benefit of a reduced culpability score, all of a sudden you may face a third-party lawsuit, either by a private litigant or by another governmental entity, a state regulatory agency, for example.

Moreover, if you choose not to disclose, there may not be any adequate legal basis to withhold such information from criminal investigators. Because this uncertainty hampers the effectiveness of any compliance program, it potentially undermines the incentive-based organizational sentencing guidelines.

(Incidentally, even though I'm going to be addressing the guidelines in this context and the issue of disclosure and disclosure risks, I want to emphasize that I'm speaking to you here today in my capacity, I suppose, as a law professor and, further, in my capacity as a Commissioner, but that my views in terms of the legal analysis here don't reflect the position of the Sentencing Commission per se. They reflect my own views, and I don't want to be binding the Commission by virtue of whatever this academic presents to you.)

Let's talk a little bit about creating a compliance program under the guidelines. Chapter Eight of the guidelines, of course, governs the sentencing of organizations for felony and class A misdemeanor offenses. The guidelines further set forth requirements for an effective program to prevent and detect violations of the law.

Generally, an effective compliance program must prevent and detect criminal conduct. However, the failure to detect criminal conduct does not automatically make the program ineffective. Rather, the hallmark of an effective program is that the organization exercise due diligence in seeking to prevent and detect criminal conduct by its employees and other agents.

Due diligence essentially requires the following: that the company establish compliance standards and procedures reasonably capable of reducing criminal conduct; that the company communicate the standards and procedures to all employees through training programs or publications that describe the practical application of the standards; that the company conduct audits designed to detect criminal conduct; that the company consistently enforce the standards through disciplinary mechanisms; and, finally, that the company take all reasonable steps to respond appropriately to the offense and to prevent further similar offenses, including making any necessary modifications to its compliance program.

The problem that you folks face is: how does one create and conduct an effective compliance program without producing a smoking gun for opponents to use in future litigation.

As Joe Murphy may discuss with you, at least in part, in his presentation later this afternoon, how do you avoid getting beaten with carrots or forced to eat the sticks that underlie the guidelines system?

Let's talk a little bit about how materials might be protected under a variety of sources of law. First of all, the law of privileges. Privileges, as you folks will recall, at least those of you who took the basic course in evidence, are typically disfavored. They are disfavored because they serve to keep out highly relevant information. For the most part, the courts will construe the law of privileges narrowly and will recognize a privilege only when it is clearly warranted.

Now, there are a variety of reasons for this, but in part you can all thank Richard Nixon for that proposition, because the Supreme Court in U.S. v. Nixon established the principle or at least recognized once again the proposition that the government is entitled to every person's evidence. In that light, a privilege will typically be construed quite narrowly.

Now, the privilege that most obviously comes to mind in this context is the attorney-client privilege, which protects confidential communications between an attorney and client. Ordinarily, the law requires four factors to be present before the privilege will be recognized:

the privilege holder must, in fact, be the client or someone seeking to become a client;

the communication must be with a licensed attorney who is acting as a legal counselor;

the communication must be confidential;

and it must relate to the rendition of professional legal services.

Now, these requirements trigger a variety of potential obstacles in our immediate setting. For example, as a practical matter, attorneys oftentimes lack the skills to conduct a proper investigation. This is especially the case where the corporation or collective entity is somehow involved in highly technical work. Lawyers don't always have the scientific background or the mathematical or technical background to understand the everyday functions of an organization's activities. Consequently, oftentimes you will need a trained person, someone trained in the particular workings of the corporation's affairs rather than legal matters, to conduct this investigation. Oftentimes, as a result, many compliance programs do not involve attorneys.

Furthermore, if the attorney is viewed as acting as a business advisor rather than as a legal counselor, the privilege will not apply.

In addition, because of conflicting case law, under the attorney-client privilege, management cannot be assured that its discussions of problems or remedies in the presence of other employees will be protected. As a result, management might not be able to advise employees about the results of internal audits, nor can these results be used in training materials for employees without the risk of waiver. Unfortunately, however, the guidelines at least implicitly seem to require such disclosure in order for employees to be effectively trained. Thus, the attorney-client privilege is an imperfect tool in this context.

What about the work product doctrine, which protects the opinions or mental impressions of attorneys in connection with litigation? That is a potential shield from disclosure, but the difficulty is that oftentimes compliance programs are not done in connection with immediate litigation. Indeed, the very purpose of the compliance program is to avoid litigation. Consequently, the work product doctrine may not be applicable.

Now, another speaker earlier in the program made reference to an ombudsman's privilege, which a few courts have recognized. However, that privilege is not widely recognized, at least not in the reported cases; and even where it has been accepted, it won't cover those situations where the compliance officer is not serving as an ombudsman.

I suppose the best potential gap-filler in this context is what has come to be known as the self-evaluative privilege. To promote corporate audits, some courts have begun to fill the gap in privilege doctrine by recognizing a self-evaluative privilege which protects audits and other materials from discovery when public policy outweighs the judicial system's need for access to that information. This evaluative privilege is designed to encourage self-analysis and self-criticism by a corporation.

Unlike the attorney-client privilege, the self-evaluative privilege does not require attorney involvement or any intention to engage in litigation. This privilege has evolved in the federal courts in part because Rule 501 of the Rules of Evidence allows the federal courts to create, in effect, a federal common law of privilege. The drafters of the federal rules anticipated a fluid set of privileges that would evolve over time in response to changing circumstances.

Even before the adoption of the federal rules, at least one federal court recognized at least a qualified self-evaluative privilege. The case, of course, is in the materials, and it's called Bredice v. Doctors Hospital. Sometime in the late 1960s, Doctors Hospital experienced what has become known in the trade as a "therapeutic misadventure." Of course, that means the patient died. And upon the death of the patient, the hospital established a committee to review hospital procedures and to improve patient care.

In a subsequent malpractice action, a plaintiff requested all minutes, reports, and data concerning the patient's death. The court, in response, recognized a qualified privilege to protect that committee's minutes and reports from discovery. The court found that three elements must exist to sustain this privilege: first, the information must result from a critical self-analysis; second, the free flow of this information must advance some public interest; and disclosure must curtail the free flow of this type of information.

Based upon the Bredice doctrine, subsequent federal courts in a variety of contexts have recognized a limited self-evaluative privilege. Now, I say it's limited because it may be overcome on occasion by a showing of need. This type of privilege has been recognized, for example, in the context of medical peer review committees, railroad safety investigations, tenure decisions, and related situations.

The difficulty, however, is that the application in the courts has been uneven. Some courts have held that these materials must be prepared for a mandatory purpose, meaning, in other words, that the government has mandated the compliance program or preparation of the materials at issue. But there is a conflict of authority as to whether the compliance program must, in fact, be mandated.

Other courts have said that this type of privilege exists only if the program is a voluntary one. And, of course, what about the sentencing guidelines, which do not mandate these compliance programs, but give due credit for their existence?

Further, some courts have said that this material is limited to subjective, evaluative information generated internally. This creates problems defining what constitutes subjective data and purely evaluative data. And how do you deal with a situation in which you have a report that contains both subjective and objective material?

Some courts have further limited this privilege by holding that it is limited to situations involving public health or safety. Finally, others have said that under no circumstances will they recognize this type of a privilege when it is being asserted in response to a subpoena issued by a federal agency; and in my mind, by implication, in response to a subpoena issued by a grand jury.

As a result, we have a situation in which some courts have recognized the privilege, others have not, and inevitably we have a situation in which the outcome is going to be uncertain.

What is the best response to this situation? Well, in part, I can tell you that there are bills pending before Congress, at least in the environmental context, to enact legislation that will establish a limited self-evaluative privilege. On the state level, a number of states have likewise begun to consider this issue. But, again, keep in mind that even if the states are successful, a state privilege, while valid under state law, would not ordinarily be valid in response to a subpoena issued by a federal agency. Consequently, state legislative relief will not be fully comprehensive for your purposes.

What do you as counsel do under these circumstances? Well, I think that what you've got to do, I suppose, is engage in the intolerable labor of thought. You need to figure out a solution. In part, I think what you've got to do is make the argument that the attorney-client privilege applies as broadly as is possible. In a situation, for example, when you have not engaged in the communication with the employee, but someone has acted for you, make sure that you have taken the proper steps to designate that interviewer as your agent so that that individual would fit within the umbrella of the attorney-client privilege.

Second, make sure that you are stressing the confidentiality of the communications at all times.

And, third, go back to the law books and re-read the Supreme Court's decision in Upjohn v. U.S. (1981). It will provide you with a lot of very useful text for two reasons: first, it will help you argue that the attorney-client privilege deserves to be broadly applied; and, second, the Upjohn decision, at least from a policy standpoint, provides good arguments in support of the adoption of the self-evaluative privilege.

The Upjohn case involved an internal investigation by Upjohn concerned with whether any of its employees had violated the Foreign Corrupt Practices Act by making improper payments to foreign officials. Its attorneys prepared a questionnaire for area managers, asking them to provide full information concerning questionable payments. The managers complied, and as a result of the investigation, the company filed a report with the SEC and the IRS.

Consequently, as soon as the IRS got this report, it issued a summons to the company seeking access to all the underlying questionnaires as well as all interview notes with company employees.

The company asserted the attorney-client privilege. The Court of Appeals eventually rejected the privilege, reasoning that the privilege did not apply to the extent that the communications were made by employees who were not responsible for directing Upjohn's actions in response to legal advice. Establishing, in other words, a control group test as a means of limiting the attorney-client privilege.

The Supreme Court rejected this control group test and, in doing so, broadly endorsed the principles underlying the attorney-client privilege. The court said that this privilege is the oldest privilege in our law. In a corporate context, furthermore, frequently the employees with the critical information will be beyond the so-called control group. We don't want to force a Hobson's choice upon counsel. Specifically, if counsel interviews employees outside the control group, the privilege will not be recognized. On the other hand, if counsel chooses not to interview those individuals, counsel will not get full information necessary to render complete advice to the company.

As a result, the court said that the narrow scope afforded the privilege by the control group test "threatens to limit the valuable efforts of corporate counsel to ensure their client's compliance with the law." The court also observed that corporations, unlike most individuals, constantly go to lawyers to find out how to obey the law, particularly since compliance with the law in this area is hardly an instinctive matter. That's still true under the sentencing guidelines. No one has told me that the guidelines have made law any easier to apply. Not yet, anyway.

Finally, the court said that an uncertain privilege or one which purports to be certain but results in widely varying applications is little better than no privilege at all. On that basis, the court rejected the control group test, applied a broader analysis for trying to define the circumstances under which the privilege ought to be recognized, and protected the communications. The point here is that the Upjohn case, carefully analyzed by you, will provide you with a basis both for arguing that the attorney-client privilege ought to be broadly recognized in this context, and it gives you guidance also as to how to set up your own internal compliance program in a manner that conforms to Upjohn. Beyond that, Upjohn identifies the types of policy considerations that you can use in trying to assert the self-evaluative privilege by way of defense in this context.

Ultimately, however, I think the solution here is a legislative one. We need for Congress to adopt the right type of a privilege that will provide you with certainty in this context. Absent such a solution, the compliance initiative undertaken by the sentencing guidelines may never achieve its full potential. Thank you very much.


Commissioner Michael GoldsmithUnited States Sentencing Commission; Professor of Law, Brigham Young University.
Chad W. KingB.A., Brigham Young University, 1993; J.D. Candidate, Brigham Young University, 1996.

  • Introduction.
  • Do compliance practices, as contemplated by the guidelines, pose disclosure and liability risks?
  • $1.05 Million Fine Against Coors May Deter Corporate Environmental Audits, Firm Says, 24 Env't Rep. (BNA) 570 (July 30, 1993).
  • Stender v. Lucky Stores, 803 F. Supp. 259 (N.D. Cal. 1992) (holding that corporate compliance program re:sexual discrimination is subject to discovery).
  • Creating a Compliance Program Under the United States Sentencing Guidelines.
  • Chapter Eight of the Sentencing Guidelines governs the sentencing of organizations for felony and Class A misdemeanor offenses. United States Sentencing Commission, Sentencing Guidelines Manual 8A1.1 (1994) [hereinafter U.S.S.G.].
  • A "carrot and stick" philosophy underlies the guidelines. See Oversight on the U.S. Sentencing Commission and Guidelines for Organizational Sanctions: Hearings Before the Subcommittee on Criminal Justice of the House Committee on the Judiciary, 101st Cong., 2d Sess. 189 (1990).
  • The Stick.
  • When an organization violates the law, the fine range is based on the seriousness of the offense and the organization's culpability. "The seriousness of the offense generally will be reflected by the highest of the pecuniary gain, the pecuniary loss, or the amount in the guideline offense level fine table." U.S.S.G., Ch. 8, intro. comment.
  • The Carrot.
  • By creating and implementing an "effective program to prevent and detect violations of law," an organization may reduce its fine if a criminal violation occurs. U.S.S.G. 8C2.5(f); Winthrop M. Swenson & Nolan E. Clark, The New Federal Sentencing Guidelines: Three Keys to Understanding the Credit for Compliance Programs, 1 Corp. Conduct Q. 1 (1991).
  • Requirements for an "effective program to prevent and detect violations of law" as defined by the guidelines:
  • Generally, an effective compliance program must prevent and detect criminal conduct. U.S.S.G. 8A1.2, comment. (n.3(k)).
  • However, failure to prevent or detect criminal conduct does not automatically make the program ineffective. "The hallmark of an effective program to prevent and detect violations of the law is that the organization exercised due diligence in seeking to prevent and detect criminal conduct by its employees and other agents." Id.
  • Due diligence generally requires that the organization:
  • Establish compliance standards and procedures that are reasonably capable of reducing criminal conduct, id. 8A1.2, comment. (n.3(k)(1));
  • Communicate the standards and procedures to all employees through training programs or publications that describe the practical application of the standards, id. 8A1.2, comment. (n.3(k)(4));
  • Conduct audits designed to detect criminal conduct, monitor employees, and utilize a reporting system through which employees can report criminal conduct within the organization without fear of retribution, id. 8A1.2, comment. (n.3(k)(5));
  • Consistently enforce the standards through disciplinary mechanisms, id. 8A1.2, comment. (n.3(k)(6)); and
  • Take "all reasonable steps to respond appropriately to the offense and to prevent further similar offenses--including any necessary modifications to its program," id. 8A1.2, comment. (n.3(k)(7)).
  • Problem: How to create and conduct an effective compliance program without producing a "smoking gun" for opponents in future litigation? See Ronald J. Allen & Cynthia M. Hazelwood, Preserving the Confidentiality of Internal Corporate Investigations, 12 J. CORP. L. 355, 357 (1987).
  • Protecting Materials Generated Through Compliance Programs.
  • Privileges generally.
  • Privileges are typically disfavored. Herbert v. Lando, 441 U.S. 153 (1979).
  • Privileges are often narrowly construed and may be invoked only when clearly warranted. See United States v. Nixon, 418 U.S. 683, 710 (1974); 8 John H. Wigmore, Wigmore on Evidence 2291 (McNaughton rev. ed. 1964).
  • Traditional common-law privileges.
  • Privilege against self-incrimination.
  • Prohibits a person from "being compelled in any criminal case to be a witness against himself." U.S. Const. amend. V.
  • Problem: The United States Supreme Court ruled that this privilege is inapplicable to organizations. E.g., United States v. White, 322 U.S. 694 (1944); Hale v. Henkel, 201 U.S. 43 (1906).
  • Attorney-client privilege.
  • Protects confidential communication between an attorney and a client. See Upjohn Co. v. United States, 449 U.S. 383 (1981).
  • Typically requires four factors:
  • The privilege holder must be a client or someone seeking to become a client;
  • The communication must be with a licensed attorney who is acting as a legal counselor;
  • The communication must be confidential;
  • The communication must relate to the rendition of professional legal services to the client.
  • Problem: Many compliance programs do not involve attorneys or confidential requests for legal advice. In addition, under the attorney client privilege management cannot candidly address problems or remedies in the presence of other employees.
  • Work product doctrine.
  • Protects an attorney's work product prepared for litigation. Hickman v. Taylor, 329 U.S. 495 (1947); Fed. R. Civ. P. 26(b)(3).
  • Problem: Many compliance programs are not conducted in connection with litigation.
  • The self-evaluative privilege.
  • The self-evaluative privilege protects audit and other evaluative materials from discovery when public policy outweighs the judicial system's need for access to the information. The doctrine is designed to encourage corporations to engage in confidential self-analysis and self-criticism. See Granger v. National R.R. Passenger Corp., 116 F.R.D. 507, 508 (E.D. Pa. 1987).
  • Unlike the attorney-client privilege or the work product doctrine, the self-evaluative privilege does not require attorney involvement or an intention to engage in litigation.
  • The self-evaluative privilege, however, may be overcome by a showing of need. See, e.g., Robinson v. Magovern, 83 F.R.D. 79 (W.D. Pa. 1979); Nancy C. Crisman & Arthur F. Mathews, Limited Waiver of Attorney-Client Privilege & Work Product Doctrine in Internal Corporate Investigations: An Emerging Corporate 'Self-Evaluative Privilege', 21 Am. Crim. L. Rev. 123, 172 (1983).
  • Creation and Evolution of the Self-Evaluative Privilege.
  • The privilege originated in Bredice v. Doctors Hosp., Inc., 50 F.R.D. 249 (D.D.C. 1970), aff'd, 479 F.2d 920 (D.C. Cir. 1973).
  • Upon the death of a patient, Doctors Hospital established a committee to review hospital procedure and improve patient care. In a subsequent malpractice action, plaintiff requested all minutes, reports, and memoranda concerning the patient's death.
  • The court recognized a qualified privilege that protected the committee's minutes and reports from discovery. Three elements must exist to sustain this privilege:
  • The privileged information must result from a critical self-analysis;
  • The free flow of this type of information must advance some public interest; and
  • Absence of confidentiality must curtail the free flow of this type of information.
  • Eight years later, in Webb v. Westinghouse Elec. Corp., 81 F.R.D. 431 (E.D. Pa. 1978), the federal district court for the Eastern District of Pennsylvania delineated three different elements for the privilege:
  • The materials must be prepared for a mandatory government report;
  • The materials must be subjective and evaluative; and
  • Proponent must show that the public policy favoring the privilege "clearly outweighs" the need for disclosure.
  • Courts continue to limit the privilege. For example:
  • The privilege will not apply if the organization voluntarily discloses the material to a regulatory agency, see, e.g., In re Subpoena Duces Tecum, 738 F.2d 1367, 1375 (D.C. Cir. 1984);
  • Some courts decline to recognize the privilege if the material is requested by a regulatory agency under a subpoena, see Federal Trade Comm'n v. TRW, Inc., 628 F.2d 207, 210 (D.C. Cir. 1980) (holding the self-evaluative privilege inapplicable to subpoenaed information); and
  • Some courts hold that evaluative material will only be protected when it involves public health or safety. See, e.g., Mergentime Corp. v. Washington Metro. Area Transp. Auth., No. 89-1055, 1991 U.S. Dist. LEXIS 11080 (D.D.C. Aug. 6, 1991) (declining to recognize privilege for this reason).
  • Judicial Application of the Self-Evaluative Privilege.
  • Nevertheless, courts have applied the privilege in a variety of cases, see Tharp v. Sivyer Steel Corp., 149 F.R.D. 177, 180 (S.D. Iowa 1993), including:
  • Medical peer review, see, e.g., Bredice v. Doctors Hosp., Inc., 50 F.R.D. 249, 251 (D.D.C. 1970), aff'd, 479 F.2d 920 (D.C. Cir. 1973);
  • Personal injury, see, e.g., Dowling v. American Haw. Cruises, Inc. 971 F.2d 423, 425 (9th Cir. 1992);
  • Railroad safety, see, e.g.,Granger v. National R.R. Passenger Corp., 116 F.R.D. 507 (E.D. Pa. 1987);
  • Products liability, see, e.g., Roberts v. Carrier Corp., 107 F.R.D. 678 (N.D. Ind. 1985);
  • Securities litigation, see, e.g., In re Crazy Eddie Sec. Litig., 792 F. Supp. 197 (E.D.N.Y. 1992). But see In re Salomon Bros. Sec. Litig., Fed. Sec. L. Rep. (CCH) 97,254 (S.D.N.Y. 1992);
  • Denial of tenure or promotion in an academic setting, see, e.g., EEOC v. University of Notre Dame Du Lac, 715 F.2d 331 (7th Cir. 1983). But see University of Pennsylvania v. EEOC, 493 U.S. 182 (1990);
  • Employment discrimination, see, e.g., Banks v. Lockheed-Georgia Co., 53 F.R.D. 283 (N.D. Ga. 1971);
  • Environmental litigation, see, e.g., Reichhold Chems., Inc. v. Textron, Inc., 157 F.R.D. 522 (N.D. Fla. 1994). But see United States v. Dexter Corp., 132 F.R.D. 8, 10 (D. Conn. 1990) ("The application of the 'self-critical' privilege in this action would effectively impede the Administrator's ability to enforce the Clean Water Act, and would be contrary to stated public policy.").
  • Inconsistent applications. Compare Bredice v. Doctors Hosp., Inc., 50 F.R.D. 249 (D.D.C. 1970) (medical peer review materials privileged) with Davidson v. Light, 79 F.R.D. 137 (D. Colo. 1978) (medical peer review materials not protected); compare Reichhold Chems., Inc. v. Textron, Inc., 157 F.R.D. 522 (N.D. Fla. 1994) (environmental evaluation materials privileged) with United States v. Dexter Corp., 132 F.R.D. 8, 10 (D. Conn. 1990) (environmental evaluation materials not protected).
  • Reasons for rejecting the privilege:
  • Several courts believe that the self-evaluative privilege thwarts government efforts to enforce regulatory laws, resulting in reduced industry compliance. Robert W. Darnell, Note, Environmental Criminal Enforcement and Corporate Environmental Auditing: Time for a Compromise?, 31 Am. Crim. L. Rev. 123, 141 (1993).
  • Granting the privilege increases the cost and burden of discovery. Robert J. Bush, Comment, Stimulating Corporate Self-Regulation--The Corporate Self-Evaluative Privilege: Paradigmatic Preferentialism or Pragmatic Panacea, 87 Nw. U. L. Rev. 597, 634-37 (1993).
  • The self-evaluative privilege's protection is unnecessarily duplicative of other incentives that promote corporate self-regulatory conduct, such as federal regulatory requirements or industry standards.
  • By restricting access to information, the privilege creates obstacles to litigation aimed at promoting good corporate conduct. See Jay A. Sigler & Joseph E. Murphy, Interactive Corporate Compliance: An Alternative to Regulatory Compulsion 122 (1988).
  • Federal Treatment of the Self-Evaluative Privilege.
  • Federal agencies do not recognize the self-evaluative privilege.
  • The Environmental Protection Agency recently announced that it will not treat corporate environmental audits as privileged business information.
  • The Securities and Exchange Commission does not recognize a privilege for audit or other evaluative documents, although it will enter into limited waiver agreements to protect such documents from civil discovery.
  • Federal courts.
  • Courts evaluate privileges "in the light of reason and experience." Fed. R. Evid. 501.
  • Federal courts generally construe the self-evaluative privilege narrowly. Mason v. Stock, 869 F. Supp. 828, 834 (D. Kan. 1994); Everritt v. Brezzel, 750 F. Supp. 1063, 1066 (D. Colo. 1990).
  • Self-Evaluative Privilege Legislation.
  • Proponents of self-evaluative privilege legislation point to the following policies:
  • Corporations are more likely to conduct voluntary self-evaluative investigations if the materials will be protected from private-party discovery;
  • Although all privileges increase the cost and burden to the opposing party, granting a self-evaluative privilege will not increase the cost of discovery enough to overcome the need for the privilege, see 8 John H. Wigmore, Wigmore on Evidence 2291 (McNaughton rev. ed. 1964) (privileges are "an obstacle to the investigation of truth"); Robert J. Bush, Comment, Stimulating Corporate Self-Regulation--The Corporate Self-Evaluative Privilege: Paradigmatic Preferentialism or Pragmatic Panacea, 87 Nw. U. L. Rev. 597, 635-37 (1993);
  • The privilege merely preserves the status quo. It essentially leaves litigants where they would have been if the corporation had conducted no evaluation, see Joseph E. Murphy, The Self-Evaluative Privilege, 7 J. Corp. L. 489, 496 (1982);
  • The disclosure of audits adversely affects constructive corporate behavior, see James T. O'Reilly, Environmental Audit Privileges: The Need for Legislative Recognition, 19 Seton Hall Legis. J. 119 (1994); Jay A. Sigler & Joseph E. Murphy, Interactive Corporate Compliance: An Alternative to Regulatory Compulsion (1988). For example:
  • Fewer internal activities are examined;
  • Fewer investigations are undertaken;
  • Fewer of the findings are translated into corrective plans;
  • Management hears fewer criticisms of past practices; and
  • Criticism is less widely distributed.
  • Empirical evidence indicates that attorneys and corporations are more willing to perform investigations if they believe that their work will be protected from discovery, see Vincent C. Alexander, The Corporate Attorney-Client Privilege: A Study of the Participants, 63 St. John's L. Rev. 191, 260-61 (1989).
  • Federal Self-Evaluative Privilege Statutes.
  • Bills are currently pending before both houses in Congress that will codify a self-evaluative privilege for environmental audits. Voluntary Environmental Self Evaluation Act, S. 582, 104th Cong., 1st Sess. (introduced March 21, 1995); Voluntary Environmental Self Evaluation Act, H.R. 1047, 104th Cong., 1st Sess. (introduced February 24, 1995).
  • State Self-Evaluative Privilege Statutes.
  • Recognizing the need for a dependable privilege, several state legislatures codified the self-evaluative privilege in various areas of the law.
  • Medical peer-review committees.
  • See, e.g., Ark. Stat. Ann. 20-9-503 (Michie 1994); Idaho R. Evid. 519; N.C. Gen. Stat. 122C-30 (1994); R.I. Gen. Laws 5-37.3-7, 23-17-25 (1994); Va. Code Ann. 8.01-581.17 (Michie 1995); Wash. Rev. Code 70.41.200 (1994); Wyo. Stat. 35-17-105 (1995).
  • Environmental audits.
  • Approximately one-third of the states have enacted an environmental audit statute, and many legislatures have environmental audit legislation pending. See Barry Goode et al., The Environmental Self-Audit Privilege, Preventive Law Reporter 36 (Summer 1995).
  • Under most of these statutes, when an organization conducts an audit to determine whether it complies with environmental laws, all information and reports produced in that audit are protected from discovery in any civil, criminal, or administrative proceeding.
  • These statutes also require corporations to remedy violations discovered during environmental audits.
  • See, e.g., Colo. Rev. Stat. 13-25-126.5 (1994); Ind. Code Ann. 13-10-3-1 to -12 (Burns 1994); Ky. Rev. Stat. Ann. 224.01-040 (Baldwin 1994); Or. Rev. Stat. 468.963 (1994).
  • In its recently enacted statute, Kansas is the first state to require that the company maintain an effective program to prevent and detect violations of law before environmental audit information may be protected. See 1995 Kan. Sess. Laws 204 (S.B. 76).
  • Comparison of the common-law self-evaluative privilege and state statutes.
  • While many courts only protect subjective evaluations from discovery, state self-evaluative privilege statutes generally protect all information from all parties, including the government.
  • Under most state statutes, the privilege can only be waived intentionally.
  • State statutes often assess heavy penalties to persons who distribute privileged materials to third parties.
  • Direction of the self-evaluative privilege statutes.
  • Most statutes protect self-evaluations in only one area, such as medical review or environmental audits. However, Florida is considering a "blanket statute" which will protect all self-evaluative material from discovery. Self-Evaluative Privilege Act, S. 1440, 14th Fla. Leg., Reg. Sess. (1995); Self-Evaluative Privilege Act, H.R. 1545, 14th Fla. Leg., Reg. Sess. (1995).
  • Kansas recently enacted a self-evaluative privilege statute that requires a compliance program to be in place before information will be protected. 1995 Kan. Sess. Laws 204 (S.B. 76).
  • Conclusion.


MR. SWENSON: Our second presenter is Patricia Bangert. Ms. Bangert is Deputy Attorney General for Natural Resources for the State of Colorado. In this role, she oversees legal issues arising from the administration of Colorado's environmental laws, and her topic today is a Colorado statute that one might call ground-breaking. It was the first state statute that, under some circumstances, permits companies the privilege and immunity from liability for auditing and voluntary disclosure.

MS. BANGERT: Actually, I'm here with a partial answer to the disclosure problem, and specifically, in Colorado, it's Senate Bill 139. What Senate Bill 139 does in Colorado in the environmental area - and everything that I'm going to say is limited to the environmental area - is to do two general things: first is to give a privilege to audits, to self-evaluative reviews that companies voluntarily do in administrative, civil, and criminal contexts; and, secondly, to go a step further than many of the other laws, other state laws, and give a disclosure immunity, and the disclosure immunity is given to a company that does a voluntary audit and finds a violation, discloses that violation, and corrects the violation.

That's in general what the law does. Let me go into some specifics. One thing I need to tell you first. This is an experiment. This is in the best methods of states acting as laboratories for democracy, and that is, this law begins in June of 1994 and ends in July of 1999. It is a five-year experiment in audit privilege and disclosure immunity.

Specifically, as I said, it provides a privilege for environmental audits in administrative and judicial actions, and those are actions brought by the government or actions brought by third parties. There are a number of exceptions to that privilege, though, that I have to point out.

One is it's not applicable if it's waived. Two, it's not applicable if a court finds that the audit revealed violations which were not corrected. And we think that this is really a major part of the law and a major selling point of the law, and that is, that in order to get the privilege, companies must correct any violations that they find in the course of the audit.

Third, if a court finds that an audit is done or was done for a fraudulent purpose or to avoid discovery of a violation in an ongoing or imminent investigation, the privilege will not apply. The privilege will also be inapplicable if a court finds that there are compelling circumstances that would require disclosure. I know that is an exception that might swallow the rule, depending on how the courts define "compelling circumstances." Unfortunately, we don't have a track record on that yet.

Also, the privilege will not apply if a court finds that there is some danger to health or environment outside of the facility that would require the findings in the audit to be made public.

Also, I have to point out that the privilege doesn't apply to documents that are required to be reported to a government agency or documents that existed before or after the audit. That's the privilege with all of its many exceptions.

Turning to the disclosure immunity, what the law does, what S.B. 139 does, is to say that companies that do an audit, discover a violation, promptly report that violation, and correct the violation have immunity from administrative, civil, and criminal negligence penalties and fines. An important thing to point out is this does not preclude an agency from bringing injunctive or seeking injunctive relief, and that is, an agency could still issue a corrective action order under RCRA.

The disclosure immunity also does not apply to bad actors, and that's a provision that's worded in a fairly clumsy manner, but for the most part applies to people who have had multiple environmental violations over the past three years.

That's the Colorado statute in a nutshell. What I want to turn to next is how it has worked over the past year, since June of 1994. I would have to preface this by saying everyone has pretty much walked on eggshells. Everyone wants this to work. We've had about six instances in which companies have come into the Department of Health, the regulatory agency in this case, and have asked for disclosure immunity. We don't have any instances yet involving the privilege aspect. I guess the issues there would arise if we, the government, would go in and want information that was otherwise privileged under the statute. We haven't had any experience with that yet.

In the disclosure immunity area, the process generally works as follows. A company will send a letter to the Department of Health outlining in very general terms a violation and asking for immunity. The company will then meet with the Department of Health, who will ask for additional information about the violation and about the correction of the violation. At that point there will be some settled-upon method of correction, some path established toward compliance. It may be that the violation is fairly minor and it's already been corrected. Maybe it's a permit problem, operating without a permit. It may be a more complicated violation.

At that point, the Department of Health would likely put the company on some sort of a compliance schedule, either through a compliance order or some sort of a settlement agreement.

Expanding beyond Colorado, as I think the Commissioner said, 14 other states have audit

privilege bills. They may or may not also have disclosure immunity. Many other legislatures - I think I heard 23 not too long ago - are considering such legislation. We think that this is a very good sign that other states are considering or have enacted such legislation. The problem for you is you have a lot of different types of legislation out there, and that obviously creates problems for companies that are operating in different jurisdictions.

For example, you may be operating in one jurisdiction that has disclosure immunity and another that just has a privilege, or that has nothing whatsoever. Consistency between state laws is something yet to be achieved.

The other thing I'd want to mention in stark contrast to the states is the federal government position, and I assume you've heard a little bit about this. The federal government does not recognize the privilege officially and does not grant disclosure immunity. In the environmental area, this was vividly emphasized in EPA's interim draft policy on self-evaluations.

In that draft policy, which was released just a couple months ago, EPA said it does not recognize the privilege for audits; however, it will not routinely go after audits to trigger an investigation.

Secondly, it is not going to grant disclosure immunity, but as a policy it will reduce certain parts of the penalty in cases where a company has done an audit, disclosed violations, and corrected those violations. Again, this is a matter of policy. There was a long disclaimer at the end of their policy saying maybe we will, maybe we won't. This is just a policy.

Today, I heard an EPA speaker in another conference say they're thinking about trying to make this a little more firm, a little more certain. However, he is not making any promises. The thing that struck us in the EPA policy was that it came out very strongly against state laws that had privileges and immunities. They said they didn't like us very much. What was even worse, because we don't really care whether EPA likes us very much, is the fact that EPA said they're going to scrutinize enforcement more closely in those states with audit privilege laws.

What that has the potential to do is to pretty much scuttle state laws. Here's the scenario. You come to us. You say, I violated the Clean Air Act; my emissions are higher than my permit allows. We say, "Fine, correct the violation, and go on your merry way."

Unfortunately, staff so far - and this hasn't gotten up to the highest levels of the state, staff so far has interpreted the law as saying the following: "When you come in to give us the information and you get the disclosure immunity, the information you provide us is a public record." That causes a major problem, because if EPA wants that information, it can get the information. If EPA will not give a similar type of immunity, then the company is on the hook, at least for EPA. At the same time, it is off the hook for the state.

There are federal legislative efforts to try to correct that problem, and the Commissioner alluded to them. There is a bill in the House, 1047, and a bill in the Senate, 582, both sponsored by Colorado folks, that would create a privilege for environmental audits in any federal proceeding, and both bills would afford broad immunity from administrative, civil, and they may be read to say all criminal enforcement actions of any sort when a company finds a violation, discloses it, and corrects it.

The states are a little concerned about the bill or some states are a little concerned about the federal legislation because they see it as trampling on states rights. Like pretty much every issue within the environmental audit area, disclosure immunity area, this is one of great controversy and great uncertainty for the future.


MR. SWENSON: Do you think that attempts to apply the attorney-client privilege to compliance and audit information will impede the effectiveness of a compliance program because of an attorney's inclination to control information and perhaps to impede corrective measures needed for unfavorable audit results? Do attorneys get in the way of the process, I guess?

COMMISSIONER GOLDSMITH: I think that risk always exists, but in the end it's not ordinarily counsel's job to make these decisions. Counsel's job is to give the client advice, and then the client, the corporation itself and its officers, will be making this decision.

Beyond that, I think that oftentimes within this context the advice, frankly, will be to make a disclosure or to cooperate, precisely because of the carrot and stick approach adopted by the guidelines. The penalties are so severe, the downside risks are so heavy, that by a comparison the benefits of disclosure are many. And, indeed, it seems to me that in the situation in which you have made a full disclosure and attempted to rectify the problem and you've cooperated with the government, you have at least a decent argument to present to the Justice Department that the case ought not be prosecuted. The fines have been paid or full restitution has been made. Consequently, a criminal prosecution is not necessarily in order. So obviously the more you have done, the better off you are in terms of being able to make that argument.

MR. SWENSON: What do you think the public policy limits are on a self-evaluative privilege? That's an open-ended question but a pretty good one.

MS. BANGERT: In Colorado, we tried to strike a delicate balance between going after the bad actor and giving companies incentives to do self-reviews, find problems, and correct them. That's why we have so many exceptions to the rules.

The statute was a compromise after all parties had sat down to talk, and those included environmental interests, district attorneys, companies, and others, and state regulatory officials. I guess that we think that we have pretty much taken care of the public policy issues through the way the bill has been crafted. But, granted, there is always an issue of whether you're letting too many bad actors off the hook while still trying to create the incentive.


Michael Goldsmith

Q. What is the practical value (in the criminal context) of a privilege which must be waived if the prosecutor is demanding cooperation?

A. Even if a corporation eventually chooses to disclose its audit materials to the prosecutor, it still enjoys advantages unavailable to a non-auditing corporation. For example, an audit helps a corporation to better assess its potential criminal or civil liability, determine available legal defenses, and make knowledgeable legal and business decisions. As a result, an auditing corporation will usually better know the strength of the government's case, and can fight or settle accordingly.

An audit may also assist the corporation to avoid indictment. A comprehensive audit can help the corporation avoid a government investigation, and will often give the corporation more control over such an investigation if it occurs. Furthermore, if the corporation cannot successfully settle the dispute, the audit materials may enable the corporation to respond appropriately to the allegations of wrongdoing. Information gained from the audit can also help the corporation prepare its public relations campaign.

Finally, many cases do not involve government demands for disclosure. Absent such demands, the privilege serves to protect against disclosure to third parties in civil litigation (e.g., private plaintiffs, state regulators, etc.)

Q. The Department of Justice (DOJ) presentations this morning, and to some extent the sentencing guidelines, focus on cooperation and disclosure. How do the various privileges fit into this setting? (DOJ staff seemed to be saying they want all information, including privileged information, or else you get no credit for the compliance program.)

A. See answer to above question.

Q. Do you think that attempts to apply the attorney/client privilege to compliance and audit information will impede the effectiveness of a program - because attorneys' inclination to control information will impede corrective measures needed after unfavorable audit results?

A. Not necessarily. Depending upon the scope of the self-evaluative privilege, the attorney may not have any incentive to "control" information. Indeed, the privilege might be formulated to discourage such tight control by counsel.

Q. Could a strong self-evaluative privilege frustrate prosecutors sufficiently well to make compliance efforts unnecessary?

A. Any privilege can be made sufficiently strong to frustrate prosecutors, regulators, and the courts. It is unlikely, however, that Congress will enact self-evaluative privilege legislation that frustrates prosecutors to the detriment of compliance efforts. Federal legislation will probably resemble recent state environmental self-evaluative privileges, which provide protection only if the corporation meets a number of conditions. These conditions require corporations to conduct ongoing compliance audits that detect potential problems promptly. In some states, corporations must also repair the damage caused by the illegal activity before asserting the privilege; if the government demands production of audit materials before the corporation remedies the damage and becomes eligible for the privilege, the corporation may not rely upon the privilege. Additionally, environmental audit privileges limit their protection to the corporation's audit materials; any information obtained by the government independently of the corporate audit are still admissible. Accordingly, the audit privilege operates akin to the federal use immunity statute, which permits prosecutions based on evidence independent of a witness's immunized testimony (under the Fifth Amendment privilege against self-incrimination).

Q. If a quality assurance review of an organization's ethical and legal compliance processes is performed by an outside consultant or auditor, would reported findings and recommendations be "privileged communications" between client and service provider? (e.g., like the auditor/client privilege)

A. The answer to this question would depend upon the scope of the self-evaluative privilege that is ultimately enacted. In most cases, however, an auditor's report and recommendations should be researched and prepared at the direction of corporate counsel, thus invoking the attorney/client privilege.

In Search of Government's Ideal Role in Fostering "Good Corporate Citizenship"

Steven A. Herman, Assistant Administrator for Enforcement and Compliance Assurance, Environmental Protection Agency

Joseph E. Murphy, Senior Attorney, Bell Atlantic Corporation

Moderator: Win Swenson, Deputy General Counsel/Legislative Counsel, U.S. Sentencing Commission


MR. SWENSON: The presentations up to now, especially the ones that we have heard today, have raised an important question. If strengthening the good citizen corporation is a desirable goal of law enforcement efforts, how should government best go about trying to achieve this goal?

Our next two speakers are especially well qualified to discuss this topic. The Environmental Protection Agency has recently developed a range of new policies aimed at strengthening good corporate citizenship in the environmental arena. These policies include a new environmental leadership program and, although it attracted some criticism just a few moments ago, a March 31, 1995, interim policy on self-policing and voluntary disclosure.

Steven A. Herman is the Assistant Administrator for Enforcement and Compliance Assurance, which really makes him the top enforcement official, at the Environmental Protection Agency, and he has been responsible for overseeing the development of these new policies. I think whatever you think about the March 31 disclosure policy and whether it has gone far enough or needs to go further, I think there really can be little doubt that EPA has been doing some very interesting, innovative thinking in the area of what government's role should be in strengthening the good citizen corporation.

MR. HERMAN: Good afternoon. It is a pleasure for me to be here at this session on "In Search of the Government's Ideal Role in Fostering 'Good Corporate Citizenship'." I want to first thank Win and the Sentencing Commission for the work they have done on both the review we've done on our auditing policy and on numerous other issues. The work has been extremely constructive, and you've been a wonderful colleague to have, and we appreciate it very much.

I want to use this opportunity to discuss the many changes that are occurring throughout the Agency, and most importantly, focus on the Office of Enforcement and Compliance Assurance (OECA). I believe that many of the actions and new policies we have undertaken provide incentives for encouraging the good corporate citizen and protect the public from those who are not so good, or are in fact bad.

I also cannot appear here without acknowledging that our progress and accomplishments are jeopardized by the budget cuts proposed for EPA in the House Bill. The reductions are 35 percent for the agency and 50 percent for enforcement. A cut of 50 percent is designed to wreck the environmental enforcement program. It presents a danger not only to the public but also to law-abiding companies. Polluters, those who cut corners and break the law, will gain at the expense of good corporate citizens if there is no enforcement program.

Enforcement of environmental laws is not an end in itself; achieving compliance which protects human health and the environment is the end. Enforcement serves this goal in several ways: 1) it deters bad behavior; 2) it levels the playing field; 3) it ensures polluters do not profit; and 4) it punishes wrongdoers.

This Administration, this agency and its enforcement and compliance assurance program, recognized early on that we must move forward - strengthen our current programs and make changes where they are necessary. The initiatives and policies that I will discuss this afternoon present the regulated community, and small business in particular, with tremendous opportunities to improve the way in which they operate and relate to the agency.

Many of these initiatives, policies, and projects that the agency and my office are adopting involve risks to all interested parties. Change always involves risk. This risk should not be borne solely by the public. It must be shared by the government and the regulated community. The potential environmental and health benefits are great, and everyone stands to gain from these changes - but the public cannot bear the full brunt of these risks and different parties must be held accountable for their actions. These two factors - shared risk and accountability - represent the principles of fairness and responsibility underlying what we're doing.

The regulated community, and the EPA, must make these changes together if we are all to reap the many benefits of new approaches to environmental protection. This requires a fundamental level of trust and cooperation not heretofore achieved. This will not be easy but we must make the effort.


As I noted earlier, this Administration has been committed from the outset to change the manner in which the agency carries out its business. The first concrete manifestation of this commitment is embodied in the reorganization that created the Office of Enforcement and Compliance Assurance just over a year ago.

This reorganization is the realization of Administrator Browner's vision of enforcement as encompassing a spectrum of tools to assure compliance - from offering compliance assistance on the one hand, to seeking a criminal indictment on the other. It is our task to use the appropriate response and tool at the appropriate time. We recognize that our actions must be selective and discriminating.

It is important to recognize that OECA is not built upon an either/or principle when it comes to enforcement and compliance assurance. The solution to the problems of non-compliance - which we all face - can only be found when enforcement and compliance efforts work in tandem. It is this symbiotic relationship which allows us to be flexible and discriminating in our response when appropriate, yet firm when it comes to those companies that show a disregard for our laws, and the safety and health of our people and our environment. With this reorganization under our belt, we have moved quickly to embrace opportunities to improve compliance with our environmental laws. Several new policies serve to highlight some of these new directions.

Audit policy

On March 30th, I was very pleased to sign the interim agency policy on incentives for voluntary self-evaluation, disclosure, and correction. With an appropriate and voluntary self-audit, and disclosure, and prompt correction of any violations discovered, a company can expect the elimination of the entire punitive portion of any penalty. The goal of the policy is simple: we want to promote self-monitoring, self-disclosure, and self-correction by everyone in the regulated community. It is good corporate citizenship, and its focus is on results - more compliance and a cleaner environment.

We recognize that we cannot achieve full compliance without the cooperation of a regulated community willing to act responsibly by self-detecting, correcting, and preventing violations. The basic conditions set forth in the policy reward responsible corporate behavior; such companies should expect better treatment from the government than those who take no responsibility for their actions or violations. If you audit, disclose, correct, we will completely waive the gravity component of the penalty. We will reserve the right to collect any substantial economic benefit of a violation, as recommended by the Compliance Management Policy Group, which represents the oil, chemical and paper industries (the most heavily regulated). We also will not guarantee a penalty waiver if there is serious actual harm, a pattern of violations, imminent and substantial endangerment, or criminal conduct by the corporation or its employees.

I want to underscore that this new policy provides significant incentives for self-evaluation, disclosure, and correction, without the inherent secrecy and potential for litigation which is a part of any statutory or policy privilege.

The new policy is fair and provides opportunities for the agency and the regulated community to work together to ensure compliance. This is a partnership that can only thrive when communication is open and frank. The idea of a privilege, which we rejected in the course of our extensive reassessment, yields suspicion and mistrust among all the players, including the public, without any added benefits. We continue to work on the policy: the public comment period ended June 30, the agency expects the final policy to be issued in October.

We also recognize that this will not be enough. Thus we will also maintain strong traditional enforcement. Federal laws and regulations set minimum standards for protecting human health and achieving environmental protection goals such as clean air and clean water. We will continue to uphold these laws through tough civil and criminal enforcement actions that appropriately penalize violators and require the adoption of better environmental practices.

Interim Policy On Compliance Incentives For Small Business

Another policy that embodies the same basic principles behind our self-disclosure and correction policy is an outgrowth of the Clean Air Act Section 507 enforcement policy which was implemented a year ago. Section 507 of the Clean Air Act requires each state to establish a small business assistance program, designed to help small businesses meet their obligations under the law. In response to concerns expressed by many states that small businesses would not seek assistance if violations discovered during their participation resulted in enforcement actions, EPA issued its section 507 enforcement response policy.

Building upon the success of this policy, in June, we issued the Interim Policy on Compliance Incentives For Small Businesses which expands the principles in the section 507 policy to small businesses that operate in other media besides air. The concept is simple: small businesses that act in good faith to comply, ask the right questions regarding their own facilities and operations, and make the necessary changes and fixes if violations are discovered, will not be penalized.

The substantial benefits from this policy depend upon the regulated community's behavior. Everyone has a responsibility to comply with the law. Either through seeking and obtaining compliance assistance from a government-supported program, or through conducting a thorough evaluation of their own environmental practices, it is their responsibility to ensure they are operating in compliance. This policy provides substantial incentives to do just that, by eliminating any penalty under certain conditions, and focusing instead on the prompt correction of a violation. The Administration is committed to working with small businesses to improve the environment and the health of our people, and this policy demonstrates that.

Environmental Leadership Program

Related to these policies, is our Environmental Leadership Program (ELP), which was announced on April 7th. This program is piloting new ways to ensure multi-media compliance, third-party audits, and getting communities working with local industry to achieve environmental goals. As the Administrator said when she announced this program, these pilots will "demonstrate that environmental violations need not be simply an accepted cost of doing business. Pollution is not the price of progress. We can protect public health, protect our environment, and do it using common-sense and cost-effectiveness."

Finding better ways to ensure compliance, and prevent pollution in the first place, benefits everyone - businesses, municipalities, and of course, the public. Many of the pilots involve the sharing of information between the ELP participants and other businesses. One pilot in particular (Ocean State Power, in Rhode Island) is developing a mentor program, which identifies large companies that can assist smaller businesses with environmental, health, and safety issues.

Compliance Assistance Service Centers

Another example of how our Office intends to use compliance assistance techniques to ensure compliance is through the development of Compliance Assistance Service Centers - serving four specific industry sectors heavily populated with small businesses. The agency has already entered into a cooperative agreement with the National Institute of Standards and Technology (NIST) to develop a National Metal Finishing Resource Center. We plan to launch at least one more center this year, most likely for the printing sector.

These multi-media, sector-oriented Assistance Centers would provide a base for "one stop shopping" for its targeted sector - one place to get comprehensive, easy to understand information on all regulatory requirements affecting the industry. In addition, technical assistance and training would be available on applicable treatment technologies to help minimize waste production, maximize pollution prevention technologies, and increase overall market competition.

This is one way in which we are fulfilling our responsibility to you. We will help you understand the rules, and provide assistance where we can, but the responsibility to comply is yours. This feeds into an overarching theme of enforcement and compliance at the agency - we will make sure that information about compliance requirements is made available, but the regulated community, must take full advantage of these opportunities to expand their knowledge, and ensure their own compliance.


These policies illustrate how the agency has taken the initiative to have a solid and strong enforcement program that serves the public, including the good corporate citizen.

EPA's enforcement and compliance assurance program will continue to move forward, and ensure that regulations are understood, complied with, and that no one gains a competitive advantage by violating them. The new policies and programs at the agency are tremendous opportunities for the agency to improve its own operations, for the regulated community to improve its relationships with the public, the government, and the environment, and for the public to be assured that we are doing the maximum to protect its health and environment.

You can be certain that the agency as a whole is committed to implementing these new initiatives and policies because they make good sense for everyone. They fit hand-in-glove with our mission to protect the nation's environment and the health of our people. For this reason, the future of environmental protection and regulation depends, in large part, upon our successes with these new approaches today and in the months and years ahead. Thank you.


MR. SWENSON: Our next speaker is Joseph E. Murphy, who is Senior Attorney at Bell Atlantic where he specializes in compliance issues. Joe's voluminous writings on compliance issues have particularly focused on the theme of this segment, finding government's ideal role in fostering good corporate citizenship. He's the author and editor of several books - and those books' names are in the program - that explore this theme, and he's also the editor of Corporate Conduct Quarterly, which is an excellent journal dealing with compliance issues particularly. Because I really want to find out what he means by "beating them with carrots and feeding them with sticks," I'll be quiet and introduce Joe Murphy.

MR. MURPHY: I'd like to start by thanking the Commission for asking me to join in this excellent program, and I also want to thank and acknowledge the many familiar faces I see in the audience, people who have been my partners in the field of compliance; and, of course, especially my co-authors, Win Swenson and Jeff Kaplan, and one who is not here today, Jay Sigler of Rutgers University.

I also want to express my admiration for all of you who believe enough in this effort to be here today. And, of course, I should note that the views I express are my own, not necessarily those of any organization that I'm associated with.

There was a point that Senator Kennedy made yesterday that I thought was a good one and that I hope we can follow up on, and that was the need for people in government to learn more about compliance and ethics programs. I think the more knowledge there is in that sector, the more acceptance and support there will be for these efforts in organizations.

I think my title today may need some explanation - "Beating Them With Carrots and Feeding Them Sticks." We've all heard the sentencing guidelines described as using the carrot and stick. The idea is to reward good acts and to punish the bad. But, in fact, we may be somewhat off the mark. Companies today that take aggressive ethics and compliance steps run high risks of being beaten with their own acts, beaten with the carrots that were supposed to lure them to do good things. Moreover, what is offered as a reward may not really be a carrot. Instead of offering real incentives, for the most part we are only shortening the stick that will be used against companies.

When I look at the legal landscape, I see a system that seems designed to make the Sentencing Commission's bold experiment in promoting self-policing fail unless we take some determined steps to change it. To explain this, I'm going to show you what the future will look like through three reports from tomorrow's newspapers. I will talk about the need to move to a true carrot and stick and what that means, and I will touch on what happens inside the corporation when it comes to compliance efforts and why we need to change the approach.

In your materials are the three newspaper articles from the future. These are all make-believe facts. The stories are not true - yet.

The first story is the businessperson's nightmare to illustrate why we have trouble making more progress than we have already. I'm going to go through these a little quickly. The material is in the book. In this case, Synergy Company, known for its strong compliance program, gets nailed even though it entered into a voluntary self-disclosure.

The details of its own program are used against it, and the prosecutor just shrugs off the importance of the compliance program. And, of course, one of all of our great fears, he nails the company on a technical defect. If there's a manager with 220 employees reporting to him who's involved, you don't get the credit.

Of course, immediately, the piling on begins with the state attorney general, and competitors learn the obvious lesson. They discontinue this type of "foolish" activity. Who loses in this scenario? Those who want their companies to do the right thing, all those who are affected when a company does wrong, and in the long term, even those in enforcement who take short-term advantage of compliance efforts. Fear can paralyze the development of effective and aggressive compliance efforts. If this story does, in fact, appear in tomorrow's newspapers, people like me who believe in this work will be kicked out the door and replaced with people who know how to litigate and stonewall.

But we in business fool ourselves if we think this is the full story. There is also the prosecutor's nightmare. We need to understand this to see why government hesitates to do more to encourage and recognize compliance efforts. In this story, a congressional committee is investigating prosecutors who were hoodwinked by a sham program.

The protagonist here, Fasttech, has its lawyers fool the prosecutors with the clever use of privilege and immunity protections and the guidelines standards. I know this is Steve Herman's nightmare. In fact, the compliance program was a meaningless charade. And, of course, others in industry were quick to learn from this maneuver.

I think both sides are capable of gaming the system. Either way, the same people lose: those in government who believe in the value of self-policing and those in industry who want to see this work.

The third story is about an interactive compliance system that I think follows the real logic of the sentencing guidelines. Skysoft Services has just received national recognition for its compliance program.

The compliance officer, the CFO, explains that the company started with the guidelines, but then used management techniques to go from there. Compliance was part of appraisals and objectives. Managers and work units competed for recognition. Managers at every level of the company see this as everyday business. This program had, in fact, started as a legal insurance policy.

But it took off when government offered real incentives and started a competition for best in class. And one particular point here, because of compliance audit protections, audit reports that had previously been kept secret were now posted at the working facilities.

This is a story of how both sides can win and how we can get there, through a form of social compact between business and government. It calls for a positive role for government. Government must recognize the value of compliance efforts. It needs to make a commitment and reward those who take the risk of implementing effective ethics and compliance programs. To give this effort life, we need to use incentives that introduce competition. The desire to win and to achieve is a far stronger motivator than the criminal justice system's only weapon - fear.

What's wrong with what we do now? Our current model may seem designed to get companies to undertake self-policing. EPA talks about the value of environmental audits. The guidelines talk about effective programs to prevent violations. They say they are offering carrots. But are the carrots really bait for a trap? Are they just going to use those carrots to beat us over the head?

Let's look at what happens to a company that thinks these are real carrots and bites in. On the left are some things associated with compliance; on the right are some things that the legal system may do to these. For example, in one case, a company imposed a code of conduct. The National Labor Relations Board felt that this was an unfair labor practice. In the Lucky Stores case that Commissioner Goldsmith mentioned, people took notes in a discrimination seminar. In fact, the notes were their observations of examples of improper conduct in the workplace. One of the employees took notes and kept them. The court viewed those notes as appropriate smoking guns for the plaintiffs, not only allowed them into evidence but noted those very notes as a basis for punitive damages against the company. Is there a lesson there?

Similarly, one of the earlier speakers referenced the newspaper article about industry practice forums. This is something I participate in, I believe in, but it has been described as potentially involving collusion. And on self-disclosure, there is the example of the Coors case, a company that found its own problems and voluntarily reported them, only to be met by state enforcement action and the imposition of civil penalties. And the other items have similar histories.

I always think of the old saying, " Fool me once, shame on you; fool me twice, shame on me." Once government and the legal system beat a few companies like this, everybody gets the message. But there's a simple lesson here. The government should not exploit companies' compliance efforts against them, and they should not hold companies' compliance and ethics efforts to standards that no one could meet.

The first change needed is to complete what the Sentencing Commission started and shorten the stick for those who undertake rigorous compliance programs. Here are some of the primary examples. Sentence mitigation, of course, is a useful step. It has gotten people's attention. But things like the Colorado statute providing for immunity, privilege protection for compliance-oriented activities, including audits, ombudspersons, training, other areas, and removing the penalty provision from companies that have serious efforts in this area. These are critically important steps, but we need to recognize what they are not. They are not carrots.

Now, although I work in a city, I grew up in farm country. And we learned the difference between carrots and sticks. A stick is a hard thing that you beat people with. A carrot is a tasty thing that you want to eat. But on the list you see here, there are no pleasant things. There's nothing I would run to get to put on my plate. All that's on that list are things that government would otherwise use to punish me.

What's the difference between this and a carrot? A positive incentive does not use fear. It uses drive and competition. In fact, it uses the same motivators that lead most of us to do what we do each day. Competition is a driving force in society. What we need are incentives, positive incentives, real rewards. We need something people can strive for, that they can take back to their office and show off.

What kinds of things could this be? These are things that a compliance manager can point to as benefits here and now, for example, public recognition, tax benefits, bidding preferences, financing arrangements, agency liaisons. This is not insurance against a future hypothetical threat. It is a tangible incentive.

Now, the newspaper stories that I showed you also shed light on what happens within companies and what it takes to achieve ethical and compliant companies. When I first started in the corporate world, one of the biggest surprises to me was to find people within the company who were dedicated to doing the right thing. They may be internal auditors, industrial hygienists, environmental engineers, ombudsmen, compliance lawyers. These groups, these in-house compliance constituencies, can play a major role as a check against corporate misconduct. But they can only do this if they are empowered to have an effective voice. These compliance people, like others in companies, compete for attention and resources.

But under the current regime, with few real incentives offered, I want to show you what that competition looks like. This will also help you understand why there is so much burn-out and frustration among those who do in-house compliance work. Here's what the compliance function looks like. We bring bad news. We deal with bad news. To some of our managers, we are bad news. Is this a description of a job you would offer to your most talented and aggressive managers? Is this a post with great career prospects? What is it that this person celebrates? That another day passed without anyone being indicted?

Now, this is what a normal manager's job might look like. You notice I do have a bias. You see the same gap I described when I talked about carrots and sticks. There is no positive element. That weakens the ethics and compliance function. As a compliance person, I offer no fun, no rewards, no glory.

If we change our approach to compliance and offer real carrots, rewards, to companies that commit to implement effective compliance programs, this can dramatically change the organizational dynamics. That in turn can energize and empower those within companies who believe in effective compliance and ethics management.

Where does this take us? I want to warn against one detour first. We need to keep the focus on carrots and sticks and avoid red herrings. One of the most wasteful red herrings, I believe, is the misdirected debate between ethics and compliance, lawyers versus ethicists. Basically, this whole debate is off the trail. Both the compliance approach and the ethics approach have their own vocabularies and their own ways of talking past each other. I have never heard one side give an accurate description of the other, and for those in each camp who do bother to look at what really works in organizations, they're typically saying the same things, just using different terms.

Fundamentally, the issue is not law or ethics, compliance or integrity. It is: what affects organizational conduct? Do audits work? What training works, and what does not? What motivates actors in a group setting to engage in anti-social conduct, and what makes another group stop its members from harming customers?

Most of those engaged in debate about ethics and compliance need to start asking the much harder question: What really works in organizations to affect conduct?

I believe if an organization understands how to keep itself on the straight and narrow, it will follow both an ethical and legal path, regardless of whether you use ethics or compliance labels.

So what is the future for ethics and compliance programs? If we're going to harness the ability of organizations to self-police and we're serious, there are a few simple questions we have to ask ourselves honestly. First, is the company that does compliance work at greater or less risk than one that doesn't? Two, is the company that tries to improve its programs, test out new techniques, and lead the way better off or worse off than one who does not? Three, is the manager or lawyer who devotes attention to this area better off or worse off than one who does not? And as a test of whether your answers ring true, where would you put $1 million of capital or $10,000 of bonus money?

Until we can answer those questions in a way that makes sense, we're going to be like Sisyphus pushing the rock up the hill, only to have it slide down on us again.

Where does government fit in this? This is an area where government's role is crucial. The Sentencing Commission in its remarkable experiment has led the way, but it's up to the rest of government - agencies, legislatures, courts - to decide whether to stymie this or to offer support and encouragement. Will EPA relent in its opposition to the environmental audit privilege? Will the National Labor Relations Board look at codes of conduct with a clearer vision? Will the courts learn to stop seeing every bit of information as mere toys for the litigation game?

Government can strengthen those within corporations who share the commitment to doing the right thing. It can do this by using the strongest forces we know to get results, incentives and competition.

And what is your future? Will you be beaten up by carrots? Will you be made a victim in a front-page story if you support voluntary compliance and ethics programs?

This is a news story that we in this room will write. The Sentencing Commission has offered us the first carrot, or maybe just shortened the stick, but you and I are going to determine whether voluntary self-policing will be allowed to work. Thank you.


MR. SWENSON: Thank you, Joe. The question is: what is your response to Ms. Bangert's assertion - Patricia Bangert from the State of Colorado, whom you know, who spoke just before you - that EPA is stifling experimentation by the states? I guess with respect to its position on privilege.

MR. HERMAN: Our general approach has been to try and work very closely with the states, both on this issue and on numerous others. And, in fact, in the enforcement arena, I would venture to say that, in general, our relations with the states are as good - are better than they have ever been before, and I say that on the basis of conversations that I've had with state commissioners who serve on the state commissioner's enforcement committee.

Our position with regard to states that have passed various privileges and immunities statutes is that we will see how those statutes work. However, it is our responsibility to look at particular situations as they arise to make sure that the various programs are carried out in a way that is consistent with federal requirements. We have timely and appropriate standards, and is the state response appropriate for a particular situation? And that's what we're going to look at. We have not taken a blanket approach one way or the other, but we also - you know, I certainly don't - to the extent I can prevent it, I certainly would not like to see somebody who has committed criminal conduct go free because they come in and say here's an audit.

I certainly am not going - you know, to the extent that I have the ability to do it - would not stand aside and watch some company benefit significantly, you know, to the detriment of its competitors, because it goes, it pollutes, it profits, and then they come in and say, "We've polluted and we've profited and here's our audit." I don't think that's good policy.

That hasn't happened yet, and I think we'll just have to see how it works out. We are talking to the folks in Colorado and in other states to try and work this out amicably, as we have worked out many other problems over the past two years.

MR. SWENSON: Do you want to respond, Joe?

MR. MURPHY: Yes, if I could just make a comment about that. I'm afraid my colleague has basically set up a straw man and then shot it down. I listened to his description of what he's afraid of. I read most of the statutes. There's not a single one of those statutes that I know of where the scenario he just described could ever happen. They talk about good faith, requiring that you fix the problem. They have numerous exceptions. I'm sure that the representative from Colorado could verify what I'm saying.

If you're talking about an experiment, I would say let the states experiment. After all, we have 51 jurisdictions. They each have attorney-client privilege. There are significant variances among the states. They each have work product protection. There are significant variations among the states. I've never heard EPA say it's going to examine the state attorney-client privileges in those states. Let's give these experiments a chance to work. Read the statutes in good faith. They have built in a number of very, very serious protections.

MR. HERMAN: If I could just respond?

MR. SWENSON: Absolutely. Absolutely.

MR. HERMAN: I think this is important. I think if you do read the statutes carefully, there are statutes which potentially provide immunity for criminal behavior. That's the first thing.

Secondly, I think there are not a lot of privileges out there. There is attorney-client privilege. There is the husband-wife privilege, the doctor-patient privilege, and maybe, you know, priest-penitent. And that's it. And basically our society has taken a very restrictive and unfavorable view towards privileges, because as has been said, privileges are by their nature in derogation of the truth. And I think we should be very careful how we work with these.

Now, I also think that it is a mistake, a serious mistake - and I think this is really unfortunate that the debate has gotten off on the issue of privilege. The issue should be how - and the way I think we have tried to approach it, the way I frame the question is - how do we encourage self-monitoring, self-disclosure, and self-correction?

I guess the question is, "Can't it be done without secrecy? Can't it be done in the way you have described, I think, with incentives and with true carrots?" Which is, I think, what we are trying to provide.

I don't think holding out an exception for substantial economic benefit or for criminal behavior or where there has been serious environmental harm is an abuse or turns that carrot into a stick. I think what it does provide is some accountability, which is something I did not see on the slides. In other words, if somebody does - let's say you are doing - you have your policy and you're trying your best, yet you do have a major spill or you have a major discharge. You should be responsible for cleaning it up and for ensuring that it doesn't happen again, and there should not be some kind of blanket protection.

MR. SWENSON: Maybe that is a good segue into this question, Joe. Isn't your best in the class suggestion closely related to EPA's environmental leadership program? And isn't the environmental leadership program one of the best existing models for the kind of thing that you're talking about?

MR. MURPHY: I don't want to come across as too harsh on Steve. I think the EPA deserves a lot of credit for being willing to innovate. I would like to see them more willing to innovate. But I think it's important that they're starting down the road.

Actually, the model that I used was based on the same things the EPA model is based on. There's an OSHA program called the STAR program, which has been very successful, very innovative in this area, although the rewards are rather sparse. And another example that I use, although it's got some limitations, is the Baldridge Award. If you think of what the Baldridge Award did - when I started in business, the notion that government would award somebody for quality would have been ludicrous. The notion that government would be able to assess quality would have been ludicrous.

You look at the notion of the Baldridge Award, and for quite some time that had people running around like crazy trying to develop quality programs. And that's just a small example to me of what you can get by giving a positive reward to people.

I see this, by the way, the need - I also agree, I'm not particularly in favor of secrecy. What I'm in favor of is not having people beaten over the head with trying to do the right thing. I think there's a need for protection. Secrecy is not the issue. It's the use against companies of this type of material.

MR. SWENSON: Steve, I don't want to get too bogged down in this issue because we've already had a lot on it today. But is that where EPA seems to be heading, to some extent? Given your concerns, I mean, it seems to me you're saying that secrecy is not something that's particularly desirable, but that you think it may be relevant to the question of what the use or impact is of information when companies have tried to do the right thing.

MR. HERMAN: I think the real issue - secrecy is one issue, and I think that the public's right to know is very, very critical. In terms of use, I guess I don't - if the company is doing, you know, the work and has it, I don't think it should be a shield. We have said, though, that we will not initiate an investigation based - you know, we won't go out on a fishing expedition looking for an audit.

I would also say that the companies - and I'm sure many of you would acknowledge this - benefit tremendously from doing the audits, that there are many, many benefits in terms of making operations more efficient, preventing violations. There is a reason why some tremendous percentage, especially of large companies, do audits. We think there are also reasons why smaller companies haven't, and we're trying to address those concerns.

But one thing that I would mention is - some of you may know this - we have had for almost a year a very, very extensive process which Win has participated in and I know several other people in this room have participated in, in the re-evaluation of our self-audit policy. And I've attended several of the sessions. I went to one in San Francisco, which lasted two days, and there were representatives of industry and environmental groups and various state and local groups. And we broke up at one point into various smaller groups, and each addressed the same questions. And what was remarkable to me was that basically there was agreement on maybe 95 percent or 98 percent of the principles, and I agreed with much of what Joe was saying. And it was a similar kind of exercise where everybody, from environmentalists to corporate attorneys, was agreeing.

There were a couple of fundamental differences, one being the privilege issue, but in terms of some of the exclusions, like for criminal behavior or significant economic benefit, and encouraging companies to do audits, there was - you know, I think there's a tremendous amount of common ground, and we are in our effort, you know, trying to exploit that as much as possible.

I actually took away from that a fairly - you know, I was fairly optimistic and am fairly optimistic in terms of that, that ultimately there is going to be some very positive results from our effort and from discussions like this.


Steven Herman

Q. EPA's program directed at fostering environmental management systems in small companies sounds impressive. Why not take a similar approach with larger companies?

A. In the course of revising the interim "Self-Policing and Self-Disclosure" (Audit) Policy, EPA is seriously considering whether to provide substantial penalty mitigation for companies that discover violations through compliance management systems. The interim Audit Policy is applicable to all regulated entities, large and small. In addition, the Environmental Leadership Program is exploring compliance incentives for facilities that adopt environmental management systems and for facilities that adopt compliance management systems. I would also note that EPA's Office of Water and my office have agreed to provide funding for a grant to the NSF to develop guidance for small and medium-sized businesses implementing ISO 14000 environmental management system standards.

Q. Why does the EPA allow special interest groups to direct its (EPA's) attention to a particular industry rather than relying on data and scientific studies?

A. For those not familiar with the EPA process for selecting national priority sectors, I want to strongly emphasize the heavy reliance placed upon data and scientific evidence. In fact, over the last several years, EPA has streamlined its data systems to improve the environmental impact analysis that can be conducted for industrial sectors. Based upon this effort, EPA now has the data on the source, location, type and amount of release for every major toxic chemical. Pollutant release data is further informed by detailed analysis of industry-specific non-compliance patterns. These two factors are the two main components of EPA's national priority sector selection process. Special interest groups (e.g., environmentalists, industry groups) played no role whatsoever in this selection process. In the future, EPA will continue to improve data analysis capacity by adding risk-based targeting criteria - toxicological weighing of chemicals released, and estimates of human exposure to toxic chemicals.

Q. What is your response to Ms. Bangert's assertion that the EPA is stifling experiments by the states?

A. EPA has worked very closely with the states in developing and revising the interim Audit Policy. States have generally praised the process by which EPA has considered the views of all stakeholders. For example, states have commented: "As a preliminary matter, let me state that the process undertaken by EPA to formulate the Policy has been a model of thoroughness and thoughtfulness." Letter from Scott A. Harshbarger, Attorney General for the Commonwealth of Massachusetts to Carol Browner, Administrator, U.S. Environmental Protection Agency, June 27, 1995 (document #II-C-48). "Generally, we support EPA's new policy and applaud the open and deliberative process used to develop it." Letter from David A. Shorr, Director of the Missouri Department of Natural Resources to U.S. EPA, May 29, 1995 (document #II-C-53). In contrast, the federal audit privilege and penalty amnesty legislation which is modeled after the Colorado law appears designed to impose the Colorado model on other states.

Joseph Murphy

Q. How can you justify your "carrot patch of incentives" when all citizens have the obligation to comply with the law? That is, do you really think it's good public policy to offer "prizes" for compliance with the law?

A. There are a number of answers to this question; I will cover a few here. However, I would be happy to discuss this at length with anyone who is interested.

The first point is that the question misses what the incentives are intended to do. They are not to reward mere obedience with the law. Rather, they are to motivate organizations to develop and implement management systems to promote compliance and ethics. A company would not receive recognition merely because no one had caught it breaking any laws. Rather, the incentives would be given to those companies that had implemented the most effective ethics and compliance programs. Also, the rewards would not be limited to "prizes." While prizes have appeal, they do not have the same impact on all companies (e.g., consumer goods companies care more about public recognition than do manufacturers of industrial commodities). Other incentives with bottom-line impact also need to be added to the mix.

The second response is to recognize the inherent limits on law compliance. While the law tries to deal with some objectives, it can only set minimal objectives. For example, the law tries to protect equal employment opportunity, workplace safety, an honest marketplace and a clean environment. But the law sets minimums, and punishes those the government can prove crossed the line. The use of incentives allows society to use a more open-ended standard, i.e., the "best" in improving workplace safety or in cleaning up the environment. This can inspire creativity and a greater positive effort than can ever be achieved by the use of threats of punishment.

A third answer to this question is the recognition that companies are not individual citizens and do not act like individuals. While one might pause before offering rewards to individuals for doing their civic duties (although, even with individuals, governments do use various forms of incentives), it is an entirely different matter to deal with groups and organizations. Organizations are composed of a broad range of people - good, bad, honest, dishonest, indifferent, etc. The idea of incentives is to motivate the organization to empower those who will help assure the organization does the right thing, and to deter those who would otherwise do wrong. Organizations generally are formed for a purpose, so offering a reward that helps the organization advance toward its goals can change the way the organization acts.

The Baldridge Award is an example of how this works. One could say that any company should want to produce a quality product - it is the right thing to do, and the product will sell better. But many companies resisted emphasizing quality, and focused on where they saw the immediate payoff - short-term earnings. The Baldridge Award offered immediate recognition for having a quality orientation, and this helped change the way companies approached the subject of quality. Of course, the quality story is a more complicated one than just this award, but the Baldridge Award is a striking example of how a very modest reward can affect organizational behavior.

The last response is perhaps a bit more philosophical. I sense in the question a resentment toward the idea of rewarding people for doing what they are supposed to do. If something is right, people should just do it. Yet, unless I misread most religious doctrine, it seems that rewarding those who do right is a fundamental tenet of theology. All the religious parables I can think of involve bad actors being punished and good ones being rewarded. I see nothing morally questionable about using incentives and competition to motivate people to do things that benefit and protect society. If it works, everyone benefits. And it seems to have worked for millennia.

Q. It seems that you are critical of EPA's efforts to strengthen the good citizen organization, but, through the varied approaches Steve Herman has outlined, hasn't EPA been out front of most agencies in the enforcement community in this regard?

A. When we are looking for change, we should always recognize those who have shown the courage to step forward. EPA's efforts merit strong encouragement, and Steve Herman deserves our support and recognition. Because EPA is, in many respects, a pioneer, we should also point out where we think they are off the trail, and what routes others have taken that will get to the result more directly. That was what I intended to do.

I think EPA is starting to realize the value of voluntary compliance efforts and the potential for using incentives to improve industry practice. But there are some fundamental shortcomings in EPA's approach that threaten the success of these efforts. The first of these is the agency's reluctance to make a commitment. EPA is looking for companies to put their heads on the block by doing compliance audits and then voluntarily reporting violations that such audits uncovered. In exchange, EPA states its policy to take such good conduct into account, but offers no promises. But if EPA wants companies to trust the agency and to voluntarily search for, and disclose, problems, the agency must make a firm commitment that the company will not be penalized for taking these steps. Unfortunately, thus far, the disclaimers have tended to be the firmest parts of EPA's policy statements.

The EPA deserves praise for being outspoken in its support of voluntary compliance efforts. In the important area of voluntary disclosure, however, it has not kept pace with several other enforcement agencies. EPA does not have a binding commitment to give immunity to those who voluntarily disclose violations. Compare this to the Department of Justice's Antitrust Division's policy in this same area. If a company discloses to the Department of Justice that it has been involved in price fixing with other companies, and it meets the Department's stated conditions, there is a real commitment not to prosecute. This is not a "maybe" or a "we will consider in the exercise of our discretion." Companies who commit to self-disclose do so knowing they will not be ambushed in the process.

The EPA also needs to develop a deeper understanding of what happens to compliance efforts within organizations to realize why its hard line against a self-evaluative privilege is off the mark. Without such a privilege, we are left with a legal system bent on exploiting voluntary compliance audits against those who conduct them. Even if the agencies made a binding commitment not to do this (and EPA has never gone that far), private plaintiffs still can use these materials. Within any company that has to decide how much to commit to conducting internal audits, and how aggressive to make those audits, the lessen will not be lost. This opposition to a self-evaluative privilege will backfire on environmental enforcers and weaken those in companies who want to do audits. If EPA means what it says about the value of these audits, and it wants companies to self-inspect and self-remedy problems, why should companies be required to have that work handed over to the government to use against the companies? Does this result seem calculated to inspire anyone to conduct aggressive audits? Or will this just push those who do audits to use lawyers to fit under the mantle of the Upjohn decision, and to wrap their limited compliance activities in a cloak of secrecy and innocuous language?

In these two areas, self-disclosure and immunity for audits, the states have been showing leadership. There are now several interesting experiments with disclosure immunity and immunity for compliance audits. But EPA, instead of using these as test laboratories to see if such initiatives can increase voluntary compliance efforts, has fallen back on the litigator's aghast reaction to anything that infringes on their ability to rummage through everyone's files to find embarrassing documents.

EPA's interest in a "Leadership Program" holds great hope for recognition of good corporate citizenship. This is a model that OSHA has been pursuing with success for some years. Another example can be found in Camden County, New Jersey, with its Silver Platter program for restaurant sanitation. EPA should look at taking a more aggressive approach in offering incentives. If this requires legislative authorization, the agency should not be reluctant to make suggestions to Congress. Reward programs can do wonders as motivators, if they have real substance and they are carefully designed and implemented.

EPA deserves credit for starting down this path. But if it wants to blaze a trail to real results, it needs to leave its litigation lawyers back at the base camp and rely on different guides who are not reluctant to explore this new terrain.

Symposium Wrap-Up: Commentary on Ideas and Issues Raised During the Conference

Neal S. Cartusciello, Shanley & Fisher

Janet C. Cook, Assistant General Counsel, U.S. Air Force

Richard S. Gruner, Professor of Law, Whittier Law School

Lynn Sharp Paine, Associate Professor, Harvard Business School

Moderator: Win Swenson, Deputy General Counsel/Legislative Counsel, U.S. Sentencing Commission


WIN SWENSON: I present to you for this closing segment four brave people. They have been cribbing notes and thinking about what they've been hearing over two days, and we've asked them to talk to you a little bit about some of the things they thought were significant which I think is really overall an impossible task any way you look at it.

We've kind of typecasted this panel - and all of these folks are people who decided to come to this conference as attendees, but each really has a rather unique and, I think, in many ways very extraordinary background.

The typecasting works like this: Neal Cartusciello is going to go first, and Neal is our private defense attorney, if you will, but the reason the typecasting is particularly poor is that Neal is the former Chief of the Environmental Crimes Section at the Justice Department and spent many years as a prosecutor. And I suppose that's the other thing I should add about each of these folks, is that I think each one of them adds something, a real dimension beyond the typecasting.

Next is Janet Cook. Janet is our government representative, and she's the assistant general counsel of the Air Force for contractor responsibility and I think is widely recognized, certainly in the defense industry, but now much more broadly, as one of the real experts in government about what makes compliance work.

Richard Gruner, a Professor of Law at Whittier Law School, is our legal academic. However, Richard also spent a number of years in-house doing compliance work for a major corporation - IBM. You may have heard of them.

Batting clean-up is Lynn Paine, who is Associate Professor at the Harvard Business School where she's a member of the general management faculty. She's written some very thought-provoking articles extolling the virtues of integrity-based, law-centered compliance programs, notwithstanding the fact that she also has a law degree.

What we're going to ask each panel member to do, as I said, is offer some thoughts on what they thought was significant, and they are going to direct those thoughts to constituencies they particularly identify with or think of themselves as comfortably relating to. I don't know if that makes much sense, but it will probably become clearer as we go on.

We may have a little time at the end for the panel to respond to some of your thoughts about what you think was important. Hopefully we're going to capture that in those feedback forms that you get, and we're going to learn from that. And I tell you absolutely we are extremely interested in reviewing those forms from all of you. But during the course of this, if you would like this panel to respond to some things that you thought were significant, go ahead and jot it down on a card. If we can, we'll try and work some of that in.

We'll start with Neal Cartusciello.


NEAL S. CARTUSCIELLO: Thank you very much. At the risk of burning some of my five minutes, I want to say thank you to the Commission, not just for the opportunity to be here, for which I'm really thrilled, but because what I've seen has lived up to its billing. This has been an extraordinary symposium. It has been truly historic. I think the Commission is to be commended for having the wisdom and the courage to do this.

In that regard, to the extent that this symposium is so extraordinary, in some ways maybe it's simply a reflection of the extraordinary nature of the work that the Commission has done over the last six years and the work that it has spurred on.

I've talked to a number of attendees here who have said to me that this is the best program of its kind that they have ever attended, and many of these I know personally, and they are not given to that sort of hyperbole. I share that view. I was absolutely stunned at the depth and the quality of the substance that I heard. It's very difficult for me to do a five-minute wrap-up because I feel like I am not in a position where I've digested very much of what I've heard. I feel like I'm on information overload right now. I heard a lot of statistics yesterday. I'm usually not afraid of numbers, but for the life of me, I'm not really sure I can tell you what they mean.

What the four of us decided that we ought to do is attempt to focus on some of the nuggets that we each found in these two days, and maybe pick two or three each, zero in on them, and state why we think they're important to the particular audience segments that we feel we can identify with. Myself, I feel a kinship with the prosecutors, although in the tradition of the best defense lawyers, what I'm about to do is do what good defense lawyers do, which is spend most of my time whining about what the prosecutors are doing and telling you why I think it's wrong. And the others are going to attempt to represent their constituencies as well.

Now, since we have only five minutes, a lot of what I'm going to present to you is fairly elementary, and I apologize for it. You can think of it as sort of a Cliff Notes of the symposium from Swenson to Murphy.

The first point is corporate crime is different. I don't think there should be much debate about this anymore, but not only is it different in the sense of what causes corporate crime, I think we have developed a fairly broad consensus that the approaches to corporate crime and preventing corporate crime are fundamentally different from those that might or might not be effective in preventing or deterring individual crime.

For corporations, I don't think there should be any question anymore, and this gathering ought to be the best evidence of the fact, that specific deterrence works and general deterrence works. Specific deterrence in the sense that when we punish a particular corporation, that corporation changes its behavior in a fashion designed to diminish the likelihood that it will commit the same or similar crimes again. I really don't think that can be open to question anymore.

This gathering proves the effect of general deterrence. Punish one corporation as an example, others stand up and take note and make every effort to modify their behavior.

But one thing that struck me - I would like to put forth the hypothesis that punishment in the area of corporate crime, to quote Win Swenson, you can't put Allegheny Bottling in jail. Punishment is dollars. It's money. Money doesn't mean simply fines, but it means the monetary effects of prosecution, which can include loss of productivity, loss of business, loss of business relationships, loss of credit relationships, inability for a corporation or any other business entity to do what it's there to do, which is, by and large, earn a profit, or if it's a non-profit entity, at least do its job economically.

Given that, since general deterrence and specific deterrence work, I believe that government attempts to achieve specific deterrence and general deterrence are what lead and have led to compliance management systems. But here I believe a significant distinction has to be made, and this was brought home for me with the presentation of John Meyers about what he viewed as wrong with the court-imposed compliance system in the NME case. I can't remember what the name of NME is anymore. Tenet or - it's now Tenet. That's one way to rehabilitate a corporation, it seems to me. Change the name.

Compliance management is a response to deterrence and is aimed at preventing future violations, but should not be considered as a form of punishment. I think what Mr. Meyers brought home for us is that, to the extent that compliance management starts looking like punishment, it doesn't work. It's counterproductive. It's not good punishment, frankly, and it's not good compliance management.

Now, what lessons do I believe need to be drawn from that? I believe the prosecutive community, the law enforcement community, needs to draw the lesson that they should not seek and judges should not order compliance programs with elements that are inefficient, that don't work, or that may impede compliance by breeding cynicism. I think those things are really possible, and how do they prevent it? They prevent it, I believe, by devoting greater resources to doing what everybody here at this symposium is doing, which is educating themselves on the best current thinking and knowledge of what does and doesn't work and the reasons why.

I for one would like to see the Justice Department have its own centralized body, maybe a small group of people, devoted to the mission of gathering information about compliance management. And, by the way, I prefer the term "compliance management" because it connotes permanence over the term "compliance program" which to me connotes something more temporary. And that leads me into my next point, which is the next nugget that I believe I have taken out of this. That is, there is an extraordinarily broad consensus, I've heard, that the most effective corporate compliance systems view compliance as a management function, not as a policing or legal function.

I was going to go through everybody who said this, but I heard it over and over and over again for two days, and even Joe Murphy, who was our last speaker, emphasized that. What concerns me terribly about this point, as to which I believe there is broad consensus, is I didn't hear enough of it from the law enforcement community. And I find that terribly troubling. What I heard from the law enforcement community were terms like "failed compliance program," which to me is antithetical to the concept of a management system or good management practices.

I believe that management is not a guarantee of success. Management, I believe, is a performing art. Some might say an improvisational art. It is not, as one of our speakers said, Euclidian geometry. The mere fact that a corporation experiences an incident where an employee commits a crime is not a basis for concluding that the compliance management system has failed. I believe that that thinking can be dangerous, and is probably contrary to what will work the best in compliance management, which are good management practices.

Finally, what I would like to see is good management practices, not an adherence to a checklist du jour, not an insistence on 100 percent compliance as exerting the greatest influence on the thinking of the law enforcement community.

I have well overstayed my five minutes. There's plenty more that I could say, but the others have a lot to share with you as well. Thanks.


JANET C. COOK: Well, like Neal, I feel that this is really a daunting assignment to wrap up all of two days' seminar in five minutes. But let me give you a couple of thoughts. One is very general, and one is more specifically related to who I am and what I do.

I know many of you in the room. Most of you know what I do. In a sense my job is as an enforcer, but it's a little different from what the prosecutors do or what civil enforcers do. I am the debarring and suspending official for the Air Force, which means that I look at contractors who have been indicted and convicted, have had other kinds of problems, and assess whether they should remain eligible for government contracts. Some of them are debarred. Some of them are suspended. Some remain as government contractors.

I have a general comment on ethics and compliance programs and then something more specific. The general comment is that I heard throughout the seminar the terms "compliance program" and "ethics program." I want to be sure we recognize there's a difference. The ideas come from different mind-sets. A compliance program sets basic rules and procedures and can be summed up in a checklist. An ethics program addresses values and decisions in the grey areas. The sentencing guidelines in a sense lend themselves to a checklist type of approach. And a corporation can get good protection against the maximum penalties of criminal prosecution by meeting the different elements of that checklist.

I don't think, however, that a guidelines-based compliance program without more is likely to be an excellent internal management tool. As an aside, I agree that I don't like the term "program." An ethics officer at one of the leading defense companies refers to an ethics "process" rather than an ethics "program." In any case, a successful process must be a management process. It's not so important whether you say program or process, compliance or ethics. What is important is that your program or process be values-based and have some soul.

Somebody said yesterday that employees don't like you playing with their soul. I'm not so sure. I think they want you responding to their soul in the sense that people want to do the right thing, not just the compliant or lawful thing. In most cases, all you have to do is free employees to do the right thing, and compliance will follow. We heard at lunch a CEO who understands the difference between ethics and compliance. He not only knows the words of a compliance program but hears the soul in the music that goes behind it, and has moved beyond compliance to a value-based ethics program, to a good program that can really do the company some good.

It's going to be fairly expensive to put in a compliance program that will meet the guidelines. But that's not going to give the corporation a great deal of cost/benefit in the long run. How many corporations are ever sentenced under the guidelines? Not very many. You could almost self-insure by not having a compliance program and putting the money aside every year into a penalty fund. But let's assume you're going to have a compliance program and hope for some benefit over and above guidelines protection. Why not put a little more effort and maybe a little more money, and certainly a lot more thought into it, and have a real ethics program that is going to benefit the corporation internally. Create a values-based ethics program and you're going to get employees committed to an ethical way of business life, employees who care about their business integrity. The principal benefits are going to be internal. Benefits show up in workplace relationships, confidence in management, and dedication to quality. Ethical conduct feeds itself.

Someone mentioned the Baldridge Award. A lot of companies started out with so-called TQM programs because it was the flavor of the month and maybe they were competing for the Baldridge Award. But now, practically every corporation that's paying attention, even some very small businesses, have programs that have a lot of the elements that count as qualifications for the Baldridge Award. They are empowering their employees.

My observation is that if you are going to empower your employees, they had jolly well better be ethical. And you've got to set values for them. Not every tough issue that every employee faces, is going to be within a compliance kind of orientation. It's in the gray areas where companies and employees get into trouble, where they have the questions. Ethics education and discussions and a high ethical tone from management go a long way toward assuring empowered employees reach the right decisions.

A specific thought from an agency perspective: where are you when you come to the debarring official after indictment or conviction? The agency will look for compliance and ethics programs, but do not expect to use a compliance program as a sword against the debarring official. Don't argue that the agency can't debar your company because the Department of Justice gave full credit under the guidelines.

The guidelines are framed in a punishment context. Unlike the Department of Justice, the agency debarring official will assess your programs from the customer's point of view. When you're convicted of cheating your non-government customers, you don't expect those customers, because you have a compliance program, to continue doing business with you. But some companies seem to believe that the government should continue to do business with them because the prosecutor thought they had a good compliance program. The distinction between punishment and business responsibility fundamentally changes the analysis.

As many have noted today, most prosecutors are not experienced in recognizing a good compliance program. I think Neal's suggestion of an office at DOJ to serve as a center of compliance expertise is an excellent one. Private industry has established such centers to good effect. None of us is as expert in this line as we ought to be. I would also encourage openness between industry and government to share best practices and different viewpoints.

I am troubled by the emphasis some place on litigation privileges in regard to compliance programs. As a debarring official I'm not interested in hearing about litigation privileges. I understand privileges may be important in litigation contexts, but it's going to be very difficult to reestablish business integrity with a suspension or debarment official, if a contractor is not willing to provide full information about underlying facts and any related preventive or responsive steps. Suspension or debarment proceedings are just an example. If you're dealing with the FDA or OSHA or EPA, there will be similar issues of free and open access to compliance-related materials. Potential privileges involve hard choices. In many cases you're going to have to make the hard choice to waive a privilege and let the agency look into your programs in significant detail. The more forthcoming you are and the less you try to hold back, the quicker things are going to go and the easier it's going to be.

As a last thought I'd urge private industry to establish high-quality compliance and ethics programs that have some music to them as well as just the words on paper. Do try to reach the goal of a values-based ethics process, stretch your process or your compliance management system to get to a higher plateau that will better serve everybody: employees, management, and government in its many roles. If you do, we will all have better government contractors, and have better citizen corporations. Besides, it's worth doing for its own sake. Thanks.


RICHARD S. GRUNER: I want to start by echoing Neal's comments about the quality of this symposium. I have been to a number of programs on related topics and this one is extraordinary. It's not just extraordinary because of the quality of the symposium administration, which has been excellent, or the quality of the presenters, which has been top-notch. The defining feature of this symposium has been the quality of the idea around which this whole conference revolves - the need to develop distinctive, favorable legal treatment for the "good citizen corporation."

I submit to you that the concept of the good citizen corporation as a feature of our legal landscape is not only new, but fundamentally important. By a good citizen corporation I mean the type of corporation that has been the subject of our discussions here - a corporation that has undertaken due diligence to prevent offenses in its business operations. We are moving from a legal regime in which the concept of the good citizen corporation was irrelevant to a legal system in which this concept may be a central consideration in evaluating corporate liability. Currently, corporate criminal liability usually depends on respondeat superior principles. These principles effectively equate an employee offender with the offender's corporation. If an employee commits an offense within his or her scope of employment and for corporate benefit, then the corporation is liable for the offense as well as the employee. We are moving from these principles for measuring corporate liability towards a view that a corporation's responsibility for an offense should be evaluated separately. Under this new approach, the good citizen corporation that can show due diligence concerning law compliance may avoid liability for an occasional, aberrational employee offense. In short, the law is shifting towards a system in which the culpability of the organization matters.

This is a significant change that has broad implications. I want to sketch a few of the legal developments that may implement this new approach in the next few years. You have seen hints of some of these developments here at this symposium. My comments are aimed at suggesting how the good citizen corporation may figure in additional legal standards.

One type of change that seems likely is an expansion of the range of legal contexts in which good citizen corporations are exempted from liability. We have heard suggestions at this symposium of corporate criminal liability standards that would turn on whether a company undertook due diligence to prevent offenses before a particular employee committed an offense. Such standards would shift the assessment of the quality of a corporation's law compliance efforts from the sentencing stage

- where they reside under the Sentencing Commission's Organizational Sentencing Guidelines - to the liability determination phase of the criminal case.

There are several ways that this sort of change may be implemented. Standards may be changed so that the absence of corporate due diligence needs to be shown to establish corporate criminal liability. More plausibly, corporate due diligence of this sort may be recognized as a basis for an affirmative defense to corporate criminal liability. These sorts of changes need not be limited to criminal offenses. I think that we will see equivalent developments in regulatory settings in which definitions of regulatory violations are revised to turn on whether or not a corporation has undertaken diligent efforts to prevent violations.

This is still not a broad enough perspective, however. I think that we are going to see greater reliance on the good citizen corporation concept in law enforcement activities. In particular, the targeting of government investigations and regulatory oversight will increasingly depend on prior assessments of how extensively particular corporations are policing themselves. Experimental programs now being tried by the EPA illustrate how the good citizen corporation might be treated in this context. Under these programs, companies that submit to an intensive review of their compliance systems can qualify for later relaxation of governmental oversight. Once the internal policing within these companies is shown to be sound, the need for external reviews is correspondingly diminished. This sort of targeting of regulatory oversight makes sense not only as a means for allocating scarce regulatory resources, but also as a means to recognize and reward corporations that have pursued socially beneficial efforts to prevent offenses.

The status of a firm as a good citizen corporation may also have growing significance in other legal contexts. For example, it was suggested in Joe Murphy's presentation that punitive damages should not be assessed against a corporate defendant in a tort action if the corporation is found to have taken diligent steps to prevent the misconduct at stake. Withholding punitive damages on this basis would be a logical means to reserve such damages for the worst cases of irresponsible corporate conduct. In addition, standards diminishing punitive damages for good citizen corporations would strongly encourage diligent law compliance and harm prevention efforts in areas where tort actions and damages are real threats, but criminal sanctions are not.

Finally, a firm's status as a good citizen corporation may figure in day-to-day contracting and commerce. Perhaps the most significant activity discussed at this conference was the development of ISO 14000, a standard for measuring the sufficiency of environmental law compliance systems. Once issued, this standard is intended to figure in a system of privately enforced compliance system obligations in which one contracting party will insist that its contracting partners certify their compliance with ISO 14000. Maintaining an adequate compliance program - and being a good citizen corporation, at least in the respects addressed in ISO 14000 - will be a matter of contract obligations and incentives. Hence, a system of private contracting and rewards may ultimately drive the development of better compliance practices.

What other trends are going to affect this area? I believe that if we were to attend a conference like this one ten years from now, two new topics would be on the agenda as major considerations. First, corporate management techniques for addressing law compliance and liability risks will be improved, establishing a related domain of technical expertise among organizational management experts. Managerial specialists are just now beginning to give detailed attention to the features of good compliance programs and to assessments of what compliance program techniques work and don't work. We have seen some of the very first products of these efforts in the empirical research presented at this symposium. In the compliance system standards embedded in ISO 14000, we have also seen some organized efforts to describe how corporate managers should approach the construction and operation of compliance systems. However, there should be many improvements ahead in our understanding of how to manage law compliance so as to have a real impact on corporate workforces.

As our understanding of available techniques improves, corporate managers' appreciation of the need for those techniques should also increase. Sophisticated managers already appreciate the importance of careful management of corporate law compliance. You heard precisely that message at lunch today when Stephen Hammerman emphasized in his remarks that, for each business unit, the chief executive officer of that unit has to be responsible for law compliance. This to me is a signal that compliance programs must be initiated by line management and that they must operate through line management. Corporate managers will increasingly accept this in the future and turn away from non-line management compliance programs that are no more than half-hearted efforts to gain possible legal advantages.

Let me amplify this a bit. Managers who don't get this message, that don't pursue law compliance as an aspect of line management through the same types of management techniques that they utilize in other business areas, are hurting their firms in several respects.

First, they are spending money on compliance efforts that are unlikely to prevent offenses or reduce liability. Throwing money into ineffective compliance efforts is simply a waste of corporate resources.

Second, undertaking law compliance efforts poorly may be worse than doing nothing at all. We saw this demonstrated in some of the research that was presented at this symposium. Compliance programs that are treated by management as a sham tend to encourage cynicism by employees. Such cynicism, in turn, tends to cause employees to pay less attention to legal requirements and to be more willing to commit offenses. Hence, a poor law compliance program may actually increase levels of offenses, making it worse than doing nothing.

Third, operating a compliance program that is a sham will forfeit an opportunity for favorable treatment in regulatory and criminal proceedings. From the presentations of government officials at this symposium, it is obvious that prosecutors and regulators are becoming more adept at evaluating compliance programs. They are becoming more sophisticated in the proof they demand and in what they view as the necessary features of an effective compliance program. The likelihood that a sham program will pass muster is diminishing accordingly.

How does all this bear on the role of inside counsel? As was mentioned in the introduction to this panel, I am here in part as one who has acted as an inside counsel and who thinks a lot about the role of inside counsel as an academic. I believe that the challenge to inside counsel in the next few years is to help corporate managers pursue law compliance programs as aspects of day-to-day management processes. This is critical because there is no other effective law compliance program strategy. Management must pursue law compliance as a line management objective if corporations are to adopt compliance programs that both prevent offenses and meet government standards for favorable treatment.

What is counsel's role in helping corporate line managers pursue compliance systems? First of all, it's a new role. It's a role that many corporate counsel (both inside and outside counsel) aren't very familiar with. It's a role as part of a team constructing management processes, rather than just providing legal advice about relevant legal requirements and possible types of violations. Granted, construction of the necessary management processes will start with some traditional legal advice describing the sorts of legal risks confronting a firm. These are the legal risks that the resulting processes will need to address and minimize. However, beyond just providing this type of advice, counsel should also pose questions to line managers that help the managers think about the techniques they might use in the course of managing and diminishing legal risks. Counsel can also challenge the sufficiency of what management comes up with, by comparing a company's proposed law compliance practices with practices undertaken by other firms or required under management standards like ISO 14000. These types of comparisons are critical in evaluating the sufficiency of proposed compliance systems because similar comparisons will be undertaken when compliance systems are reviewed by regulatory agencies or sentencing courts.

I would like to offer one last thought on how corporate counsel might conceive of their role and the overall process of developing and pursuing corporate law compliance programs. Steps undertaken now regarding these programs should be seen as setting the stage for later reviews of those programs in contexts where corporate liability is at stake. To help define what to do now, a corporate counsel should imagine hypothetically that he or she is at the end of the process in the midst of a critical review of a compliance program by a regulatory official, a prosecutor, or a sentencing court. The question under discussion in this review is, "What kind of compliance program did your company have?" What would you like to be able to respond?

Well, what you'd like to be able to say is something like the following: "We felt law compliance was a critical aspect of corporate performance. We addressed compliance with the same types of techniques that we would use to address other critical management concerns. For example, our management techniques were similar to those we would use in a quality control or production system. Let me show you how we applied similar techniques to our law compliance efforts."

That's the sort of presentation which will convince regulators, prosecutors, and courts your company was serious about law compliance. The corporate operations necessary to make this sort of presentation a reality should be counsel's present objective. By helping line managers develop these operations, corporate counsel can ready his or her firm for the rigorous, but potentially rewarding compliance system reviews of the future. Thank you.


LYNN SHARP PAINE: This conference is special for many, many reasons. The things we're talking about represent some very important changes in how we encourage and support lawful conduct in our organizations, and particularly in our companies. Two changes stand out. The first is that managers are being asked to assume greater responsibility than in the past for insuring lawful behavior in their organizations. A second related aspect of this change is that government is being asked to demonstrate a greater willingness to recognize managers' efforts to encourage lawful behavior in their organizations. And this observation applies to government officials in a number of contexts.

If we look at this development from a broad historical perspective, we see that it's part of a sea of change in thinking about business-government relationships in this country. This, in general, is a very positive development, and it's one I have urged in my role as a management educator and a management researcher. In particular, I have urged that law compliance be treated as a management function, not a legal function. Law compliance is something managers should be concerned with on a routine basis. After all, the executive's job of is to define the goals and responsibilities of an organization and then to mobilize people and resources to achieve those goals and responsibilities.

I doubt that anyone here would quarrel with the idea that abiding by the law is an important organizational responsibility, though in practice it's not a responsibility that anybody embraces with great enthusiasm. To paraphrase both Joe Murphy and former SEC Chairman Richard Breeden, aspiring to get through the day without being indicted is not a very inspirational ethical standard.

So while I really do think we're moving in the right direction, I want to use my few minutes just to underline a few concerns I have. There are three in particular.

The first concern has to do with the search for guidance. In listening to discussions at the conference, I have felt that a lot of people, particularly representatives from companies, would like the Sentencing Commission to stop being vague and just tell companies what to do. Many feel the guidelines don't, in fact, give enough guidance. When I hear such comments, my reaction is - be careful what you wish for; you might get it. There is no single model for what managers should do on a day-to-day basis to ensure adherence to law in their companies. What motivates a Wall Street trader is different from what motivates a health care worker. And while it's very laudable and appropriate for the Sentencing Commission to spell out the specific compliance-related functions managers should undertake - and by functions, I mean activities like the setting of standards, education, motivation, assurance, audit, and other assessment systems - it would be a mistake for everybody if the Commission were to get into the business of laying out very specific steps for what managers should do.

Rather than providing a compliance cookbook directing companies to do A, B, C, and D, the government could stimulate innovation and experimentation by requiring companies to evaluate their own effectiveness in carrying out the compliance functions. Companies seeking relief or approvals would have the onus of demonstrating how they have evaluated effectiveness and what kinds of self-improvement efforts they have undertaken over time.

In the course of our conversations, we have at times moved up two quite different issues, both of which are very, very important and which should be looked at, but which in the first instance should be looked at separately. The first issue is the lawyer's concern about how a company proves that it's a good corporate citizen, and second is what should be the manager's concern, which is how actually to be a good corporate citizen.

Now, I have a bit of a bias here. I am convinced that the best and easiest way to seem to be a law-abiding company is actually to be a law-abiding company. So I believe that the management question should take priority, but I also am enough of a lawyer to realize that the issue of evidence and proof in various contexts is also very important.

So that brings me to my second concern: what companies should do to become law-abiding organizations. Here, we need a better understanding of the management practices followed in companies that actually are good corporate citizens with a good track record and who have built respect for law into the corporate value system.

The environmental leadership program that Steve Herman talked about is a good example of what I have in mind. It's something we should be paying more attention to. In our discussions, a lot of attention has been focused on corporate misconduct, understanding its origins and so on. I have done research in this area, and I believe it's very, very important. A lot can be learned from research on the fundamental origins of misconduct. Sometimes the findings can be surprising.

For example, I did research in one company which, if described in detail, I'm sure 80 percent of you would say was a good corporate citizen. That company, by the way, didn't have a compliance program like the ones that we have been discussing. Nevertheless, the company did get involved in misconduct related to the falsification of environmental reports.

Once one diagnoses why this occurred, it turns out that some of the employees had been asked to do a job for which they had not been trained very well. Now, you say, what do these employees need? Do they need a talk about ethics? Or do they need some job training? Well, probably they need both, but clearly they need job training. In my experience it's very common to find that organizational misconduct often goes back to poor management and to management practices that need to be improved. So it's quite important to push back and understand the origins of misconduct.

Nevertheless, while we need to understand that, we also need better research not on compliance programs per se, but on the management practices that are used in companies that are good corporate citizens. What this type of research will show, I believe, is that concern for law is reflected in all the core management systems that drive the organization, from its leadership, its supervision, its hiring, its promotion, its evaluation and rewards, its planning system, its resource allocation, information, communication, training, education, oversight, control.

When a company has truly integrated respect for law into the corporate value system, it shows up in every aspect of the management process and of the leadership of the organization. So I find it a bit troubling that so much attention has been focused on the willingness of employees to report misconduct as the leading hallmark of a good corporate citizen. There are lots of other things we should be looking at that are more positive and much more central to what makes a good corporate citizen.

An excessive focus on misconduct can also lead to recommendations that are in conflict with management's efforts today to empower employees, to build trust, to enable people to do their jobs better, and to strengthen personal accountability. We must not lose sight of our core objective here: namely how to build and maintain law-abiding organizations and to uphold high levels of adherence to law in our society.

The final issue I want to mention is my concern for the individual employee. As companies rush to prove to the government that they are good corporate citizens by voluntary disclosure and by zealous housecleaning after misconduct occurs, I hope they do not lose sight of the importance of fairness to the individual employees who may or may not be involved directly in the misconduct.

I recently heard a story praising a company's management for its exceptionally quick response to allegations of misconduct. Some individuals were accused of misconduct and dismissed within a matter of only 24 hours or something like that. They were gone, and the company was getting on with its business.

I don't know the facts of that case, and maybe the evidence was clear. But it's very, very important that managers take the time to think about the fact-finding process, about fairness and due process in their determinations before dismissing employees in their eagerness to be good corporate citizens. That's important not only for fairness to the individual employee, but also for the impact on other employees, particularly their willingness and their commitment to do their job.

Recently, I was reading about some research done by Professor W. Chan Kim at INSEAD, a business school in France. One of Professor Kim's findings was that employees in global organizations are most likely to implement corporate global strategy when they believe that due process has been followed in developing the strategy. There are other lines of research that suggest that if you want your employees to go the extra mile, to do the extra work, to take on the discretionary effort, you should be especially concerned about fairness. This research says that people are more likely to do their best to support the organization when they perceive their work environment to be a fair environment, where their efforts will be recognized and where due process is followed in making and implementing decisions of all sorts.

Clearly in today's environment, if we are going to compete effectively as individual companies and as a nation, we have to have lots of employees who are willing to go the extra mile, to do the extra work, to go above and beyond the call of duty. To the extent that treating people fairly and exercising due process is part of creating an environment in which people are willing to do that, we have to think carefully about how we approach compliance and how we deal with misconduct. We don't want to undercut those important motivations and commitments.

So, in conclusion, let me just say that, of course, adherence to law is a fundamental responsibility of companies, but it's not their only responsibility. And as we seek to build law-abiding companies, we need to select methods that recognize not only the obligation to obey the law, but also the responsibility to produce goods and services needed by society in an efficient manner. We must be careful to select methods that enable companies to compete effectively in a global marketplace. Thanks very much.

WIN SWENSON: Thank you. Those were really wonderful comments and they have given us a lot to think about. It's late, and so we'll stop. I'd like to just close with three very brief thoughts. One is in response to the question, "Does the Sentencing Commission have plans to do any further symposia in other parts of the country?" I think it will be some time before we do it. On the other hand, if you think it has been useful, you might want to note that on your feedback form. Maybe there's something that we should do from time to time.

Second, I wanted to say how grateful we are to International Meetings, Incorporated, IMI, which has done the production of this symposium and we think has done really a wonderful job.

Finally, I wanted to just say in parting to you all, I think Senator Kennedy had it right yesterday when he said that the issues and policies we've all been thinking about over the last couple of days are matters that each of us can positively influence in our own jobs. Whether we're in government or we work inside of companies, whether we're in law firms, in business schools, or in law schools, I think we can all make a contribution to thinking about these policies and making them work.

So keep in touch with each other and with us, and go well. Thank you.

Commission Questions & Answers

Q. What is the current status of environmental guidelines for organizations -- is there a time frame for implementation? Is anything in the works for food and drug crimes? What has slowed the Commission's actions?

A. Proposed environmental guidelines drafted by an outside panel of practitioners, known as the "Advisory Working Group on Environmental Sanctions," were submitted to the Sentencing Commission on November 16, 1993. Since that time, the President has appointed four new members to the Commission, including a new chairman. As newly constituted, the Commission has decided to complete a comprehensive review of the federal guideline system before undertaking any significant new amendments. For this reason, the Commission has not taken action on the Advisory Group's working proposal. After its comprehensive review of the guidelines, the Commission expects to evaluate this and other proposals on environmental guidelines that come to its attention. The earliest that work on environmental guidelines might recommence would be late 1996.

Regarding food and drug crimes, the Commission is now considering a staff proposal that would delete the existing separate guideline, 2N2.1, for these offenses and henceforth have them sentenced under 2F1.1, which generally governs fraud offenses. One effect of this change would be that the fines provision of the organizational guidelines would then apply to food and drug offenses. See USSG 8C2.1. This proposal recently was published for comment. See 61 Fed. Reg. 79 (1996).

Practitioners are reminded that it is only the fines provisions of the organizational guidelines (Part C) that do not now apply to environmental and food and drug offenses. For example, the restitution and probation provisions (Parts B and D, respectively) already apply to organizational offenses.

Q. It appears that guideline penalties treat organizational size in a backwards fashion -- i.e., a smaller organization is easier to police than a larger one, yet the larger employer gets a higher culpability score. Is this because of CEO involvement or because simply more is expected of larger organizations?

A. Under the guidelines, larger organizations do not, per se, receive higher culpability scores and penalties than smaller organizations. Under USSG 8C2.5(b), however, culpability scores (and thus potential fines) will increase if organizational officials with responsibility for relatively higher numbers of employees are found to have been involved in the offense. For example, if an official with responsibility for 200 employees was involved in the offense, the culpability score will be three points greater than it would have been if only low-level employees had been involved. If an official with responsibility for 5,000 employees was involved, the culpability score will be five points higher than it would have been if only low level employees had been involved.

The background commentary to this culpability score provision explains:

The increased culpability scores under subsection (b) are based on three interrelated principles. First, an organization is more culpable when individuals who manage the organization or who have substantial discretion in acting for the organization participate in, condone, or are willfully ignorant of criminal conduct. Second, as organizations become larger and their managements become more professional, participation in, condonation of, or willful ignorance of criminal conduct by such management is increasingly a breach of trust or abuse of position. Third, as organizations increase in size, the risk of criminal conduct beyond that reflected in the instant offense also increases whenever management's tolerance of that offense is pervasive.

Q. Mr. Swenson was quoted in a newspaper as observing that certain people have raised concerns that the practice in some industries of comparing notes on how to fight corporate misconduct could, in fact, lead to collusion among companies to lower compliance standards. What is the Commission's view on this? Is there an acceptable means by which a trade association can actually raise the standard, e.g., use an outside entity such as someone in (or formerly in) government or a law professor versed in this area to help develop a framework for an effective program for a particular industry?

A. The Commission applauds efforts by industry groups to share information on compliance program practices -- as long as the objective is to achieve "best practices," not the lowest common denominator. There is no single agreed upon approach as to how industries should proceed. The symposium segment entitled "Sharing 'Best Practices' Information" examined several possible models, and the Commission encourages further thinking and innovation in this important area.

Q. Assume a statute allows for fines up to $200,000 for a certain type of conduct, but the guidelines would require $500,000 in fines. Which prevails -- the statutory maximum ($200,000) or the guidelines ($500,000)? What legal basis permits additional burdens (e.g., a high-dollar restitution order) over and above the maximum statutory fine?

A. Consistent with congressional intent, the Sentencing Commission takes the position that statutory sentencing parameters "trump" the guidelines where a conflict exists. See USSG 5G1.1. Consequently, all guideline fines are subject to limits established by statute. On the other hand, it is expected that fine ranges generated by the organizational guidelines will infrequently exceed statutory maxima. For example, the highest fine range called for by the guidelines has a floor of two times the "base fine," which will often be the loss. See USSG 8C2.4, 8C2.6. Section 3571(d) of title 18, United States Code, specifically authorizes fines up to twice the loss. Thus, in most cases this statutory provision will authorize a fine within the highest applicable guideline range, and other statutes may provide even higher maxima.

By statute, restitution is a separate sanction from a fine. See 18 U.S.C. 3551, 3556. Thus, restitution may be ordered in addition to a fine.

Q. What if dollar amount of loss or pecuniary gain is low, but the product is defective and is a critical safety-of-flight aircraft part? Is risk of harm or bodily injury factored into an organization's sentence under the guidelines?

A. In fraud cases, risk of serious bodily injury may be directly reflected in the base fine. See 8C2.4(a)(1), 2F1.1(b)(4). In other cases, Chapter Eight authorizes an upward departure if the offense either resulted in, or involved a foreseeable risk of, death or bodily injury that is not adequately reflected in the fine. See USSG 8C4.2.

Q. Is there a protection so that by self-reporting the company does not significantly increase its exposure far beyond the benefit gained from the five-point culpability score reduction under the guidelines?

A. Disclosure of wrongdoing by companies is not only encouraged by the guidelines but now by a number of other governmental policies as well. At the symposium segment, "The Experience and Views of the Enforcement Community," representatives of the Justice Department's Criminal, Antitrust, and Environment Divisions all spoke about voluntary disclosure programs and policies administered by their respective Divisions. Eleanor Hill, the Inspector General at the Department of Defense (DOD), spoke about DOD's voluntary disclosure program in the "Finding Government's Message" segment of the symposium.

Recently, the Environmental Protection Agency finalized a new policy called "Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations" that provides for reduced civil penalties when companies disclose environmental violations and meet certain other criteria such as having a sound "compliance management program." See 60 Fed. Reg. 66, 706 (1995).

While, overall, these government programs clearly provide substantial benefits for self-reporting, some experts have posited that further policy or legal changes may be warranted. See, e.g., symposium remarks by William B. Lytton, Commissioner Michael Goldsmith, and Joseph E. Murphy.

Q. Can the judge include, as part of a sentence of probation, a requirement that the corporation submit to unannounced examinations of corporate records by probation officers or even agents to assure the court that the corporation has not returned again to criminal conduct?

A. The court may order as a condition of probation that the company submit to "a reasonable number" of such examinations for the purpose of ensuring that the company is either: (1) following the dictates of its compliance program, or (2) safeguarding its ability to pay a court-ordered monetary penalty. See USSG 8D1.4(b)(1) and (c)(4).

Q. Under the guidelines, will the entire benefit of an effective compliance program be lost if the offense is not promptly reported to the government?

A. Under USSG 8C2.5(f), the guideline benefit of having "an effective program to prevent and detect violations of law" -- a three-point reduction in the culpability score -- will be lost if the organization "unreasonably delayed" reporting the offense after becoming aware of it. In other words, this credit is not lost simply because the organization failed to report an offense if the organization was unaware of it -- although on these facts a court might infer that the organization's failure to detect the offense was unreasonable and therefore indicated that its compliance program was undeserving of culpability score credit. In terms of the automatic elimination of the credit, what counts is whether the organization unreasonably delayed reporting an offense after becoming aware of it.

Q. If an organization truly has an effective compliance program and self reports, why does not the fine range begin at $0.00 so that the incentive for self compliance is truly maximized?

A. During the development of the organizational guidelines the Commission debated, but ultimately rejected, building "zero fine" outcomes into the guidelines. Enforcement community representatives persuaded the Commission at that time that a guideline fine of zero would be unnecessary to encourage compliance and self-reporting and, moreover, could send an undesirable signal regarding the seriousness of criminal conduct. However, the Commission did structure the organizational guidelines such that relatively nominal fines apply when culpability is low. See USSG 8C2.5, 8C2.6. The Commission further adopted a policy statement authorizing courts to consider departing below the prescribed guideline fine range when culpability is especially low. See USSG 8C4.11, p.s. In theory, a departure pursuant to this policy statement can yield a zero fine.

Q. How is the Sentencing Commission going to ensure that federal prosecutors, probation officers, and judges use Chapter Eight effectively? How does a prosecutor analyze the "effectiveness" of a compliance program?

A. The Commission's enabling statute authorizes the Commission to "devise and conduct periodic training programs" for persons whose professions are affected by federal sentencing matters. See 28 U.S.C. 995(a)(17) and (18). Consistent with this authority, the Commission has sponsored or otherwise engaged in numerous nationwide training programs for probation officers, judges, prosecutors and private sector practitioners of various kinds. Training has covered both the individual and organizational sentencing guidelines.

That said, the Commission recognizes that a number of issues raised by the organizational guidelines, such as the meaning of an "effective" compliance program, are complex and relatively new to the criminal justice field. For this reason, the Commission will monitor training needs in the field and lend support as appears practical and necessary.

It might be noted that apart from Commission-sponsored training, the organizational guidelines anticipate that courts may acquire expertise in especially complex cases by appointing knowledgeable experts. See USSG 8D1.4(b)(2) and (c)(4). How federal prosecutors will approach these issues is ultimately, of course, a matter of within the purview of the Department of Justice. Views on how prosecutors may approach these issues were presented by Justice Department officials at the symposium segment entitled "The Experience and Views of the Enforcement Community."

Q. Joint ventures among major corporations are becoming more and more commonplace in many industries -- what thoughts should the participants/parents have regarding compliance programs of joint ventures?

A. In general, the guidelines' "carrot and stick" incentives -- e.g., to establish effective compliance measures -- would seem equally applicable to joint ventures. If a violation occurs within a joint venture and the joint venture is charged with and convicted of the offense, the joint venture's compliance track record and general response to the offense will be assessed under the guidelines in determining its penalty. For all practical purposes, the same would be true if a parent were instead charged with and convicted of the offense -- the joint venture's actions and conduct would be highly relevant in determining whether the parent had an "effective" compliance program with respect to its business endeavors.

Q. Does the Sentencing Commission provide certification or feedback on proposed compliance plans?

A. No. The Sentencing Commission is not involved in the adjudication of individual cases and has no authority to certify organizational compliance plans.

Q. Does the Sentencing Commission have any plans to sponsor similar symposia in other parts of the United States or to participate in conferences sponsored by universities or other entities?

A. Although a significant number of symposium attendees suggested that the Commission consider doing so, the Commission as yet has no plans to sponsor future symposia on strengthening good-citizen corporations. The Commission does, however, consider requests from outside entities for training assistance as resources allow. Over the past several years, Commission representatives have participated in a significant number of privately sponsored conferences around the country on these and related issues.

Q. Do the guidelines require an organization to: (1) waive the attorney-client privilege, (2) forbear from joint-defense agreements with employees and third parties, and (3) waive or toll the statute of limitations at any stage of the proceedings?

A. Although the submitted question does not specifically say, these issues are usually raised in connection with the question of whether an organization -- despite pursuing one of the rights or remedies referred to -- can nevertheless obtain culpability score credit for compliance efforts, cooperation, and acceptance of responsibility. See USSG 8C2.5(f),(g).

Each of the relevant culpability score factors -- "an effective program to prevent and detect violations of law" (i.e., a qualifying compliance program under the guidelines) evidence that the organization "fully cooperated in the investigation," and the organization's "acceptance of responsibility" -- is defined by the guidelines. See USSG 8A1.2, comment. (n.3(k)), 8C2.5, comment. (n.12, 13). Because the relevant definitions do not expressly speak to the three legal avenues asked about, a definitive answer is not possible. Barring further clarifying commentary from the Commission, courts will have to resolve these questions in actual cases.

What can be said is that answers to these questions are likely to be resolved on a case-by-case basis. For example, an organization might have a surpassingly strong compliance program, fully and promptly disclose all relevant information regarding the offense, and enter a joint defense agreement with an employee solely for the purpose of litigating a nonfrivolous legal issue unrelated to factual guilt (e.g., to address the applicability of a statute to the defendants involved in the joint defense agreement). In such circumstances, a court might well examine the definitional commentary in the guidelines and conclude that the organization qualifies for compliance program, cooperation, and acceptance of responsibility credit.

On the other hand, if the organization were to enter a joint defense agreement with an employee whom its own investigation showed was involved in criminal conduct, and then put the government to its burden of proof at trial by denying the essential factual elements of guilt, a court might conclude that the organization qualified for none of these mitigating factors. The possible barriers to credit for cooperation and acceptance of responsibility are relatively straightforward in this hypothetical; a court might conclude that credit for the compliance program also should be denied for such reasons as: (1) the organization failed to disclose an offense of which it was aware, see USSG 8C2.5(f); (2) the organization failed to appropriately discipline employees responsible for the offense, see USSG 8A1.2, comment. (n.3 (k)(6)); and (3) the organization failed to respond appropriately to the offense. See id., (n.3(k)(7)).

With respect to waiver of the attorney-client privilege, it might be noted that guideline credit for cooperation requires that "all pertinent information" be disclosed, not all potentially relevant documents. See USSG 8C2.5, comment (n.12)(emphasis added). Whether withholding a privileged attorney-client communication would still allow an organization to satisfy the guideline definition of "all pertinent information" -- and the related question of whether disclosure of all pertinent information would effect a legal waiver of the privilege -- are matters that must be resolved by the courts.

Q. Have there been difficulties encountered by companies endeavoring to implement compliance programs, getting such programs past unions or even less formal employee groups?

A. Commission staff have been advised informally of a few instances in which unions have sought to subject compliance plan formulation to collective bargaining. One NLRB case has held that codes of conduct are subject to collective bargaining in a unionized workplace. See American Elec. Power Co., 302 N.L.R.B. 1021 (1991), aff'd, 976 F.2d 725, 1992 WL 245880 (4th Cir. Oct. 1, 1992). Many companies reportedly find it desirable to involve employees in compliance plan formulation, and NLRB decisions suggest National Labor Relations Act standards can apply. See, e.g, Electromation, Inc., 309 N.L.R.B. 990 (1992), aff'd, 35 F.3d 1148 (7th Cir. 1994). For further discussion, see Albert F. Cacozza & David L. Gregory, Labor and Employment Issues, in Compliance Programs and the Corporate Sentencing Guidelines (Jeffrey M. Kaplan et al. eds., 1993).

Q. Have any companies been found to violate probation? What happened? How are assistant United States attorneys verifying probation requirements -- especially those dealing with compliance programs?

A. While the Commission comprehensively collects information on the sentencing of federal defendants, it currently has no mechanism for collecting information on probation violations. Further study may be warranted.

In a case involving Consolidated Edison in New York, the judge followed an approach anticipated by the guidelines, see USSG 8D1.4(c)(4), of placing the organization on probation and requiring as a condition of probation that a court-appointed monitor oversee the organization's development of the compliance program. This case was discussed by Kirk Jordan at the symposium. The court-imposed compliance plan in the Natural Medical Enterprises case discussed by several symposium participants demonstrates verification tools available in a non-probationary setting, i.e., under a consent decree. There, among other things, the government required scheduled independent audits, third-party verification of various activities and transactions, and specified reports and notifications.

Q. By giving five points for self-reporting/cooperation and only three points for an effective program, are we not undervaluing the need to have an effective compliance program?

A. Under the organizational guidelines, there are two ways that an organization may achieve maximum mitigation of the culpability score (and therefore of the fine). Method One: have an effective compliance program, fully cooperate, and accept responsibility. See USSG 8C2.5(f),(g). Method Two: voluntarily disclose the offense, fully cooperate, and accept responsibility. See USSG 8C2.5(g). Both methods lead to a five-point reduction in the culpability score. The difference is that credit for cooperation and acceptance of responsibility are required before credit for a voluntary disclosure can be given. Credit for "an effective program to prevent and detect violations of law" (three points by itself) does not depend on the organization's qualifying for the two-point reduction for cooperation and acceptance of responsibility.

United States Sentencing Commission