The endless cycle of corporate crime and why it’s so hard to stop
On Sept. 19, following the announcement that Wells Fargo & Co. would pay $185 million in fines for opening nearly two million bank and credit card accounts on behalf of customers without their consent, Chief Executive John G. Stumpf appeared before the Senate Banking Committee. Sen. Elizabeth Warren, D-Mass., a persistent critic of big banks, tore into the CEO and corporate sales incentive programs she said pushed low-level Wells Fargo employees to defraud consumers. Stumpf “squeezed … employees to the breaking point” to drive up the company’s stock and enrich himself and “should be criminally investigated,” she said. “The only way that Wall Street will change is if executives face jail time when they preside over massive frauds.”
Ten days later, when Stumpf testiﬁed in front of the House Financial Services Committee, he may have been hoping for a friendlier reception. The chairman of the panel, Rep. Jeb Hensarling, R-Texas, had recently introduced a bill to scale back the 2010 Dodd-Frank banking reforms. But instead of defending Wells Fargo, Hensarling chastised the bank and decried the broken record of corporate crime and punishment in America. “To the American people, this kind of feels like déjà vu all over again,” he said. “Some institution is found engaging in terrible activities. There is a headline, ﬁne, and yet no one seems to be held accountable.”
In the eight years since the collapse of the mortgage-backed securities market precipitated the worst ﬁnancial crisis since the Great Depression, authorities have gone after business misconduct with unprecedented vigor. They’ve levied an estimated $200 billion in ﬁnes on U.S. banks for conduct before, during, and after the crisis, including rigging interest rates and laundering money for drug cartels. They’ve gone after corporate titans and hedge-fund kings for insider trading. They’ve wrung massive penalties from General Motors for covering up faulty ignition switches and Volkswagen for cheating on emissions tests. And they’ve wrested a $20 billion settlement from BP over the Deepwater Horizon oil spill in the Gulf of Mexico.
More signiﬁcantly, Congress and the Obama administration have beefed up the investigative and enforcement capabilities of regulatory bodies addressing violations of environmental, product safety, securities, anti-bribery, and banking laws, including the new Consumer Financial Protection Bureau, which led the charge against Wells Fargo. The result: record numbers of enforcement actions, unprecedented ﬁnes, and greatly expanded payouts to whistleblowers.
Yet as Hensarling noted, this crackdown seems to have done little to stem the tide of bad behavior in American business. In scandal after scandal, going back at least to the insider trading wave of the 1980s, big corporations or their employees are found to be ﬂouting laws, often at the expense of consumers or investors, and the government vows to come down hard on the perpetrators. But despite public pressure and ever-expanding tools and powers to go after corporate wrongdoing, in most cases, the company pays a large ﬁne and promises to clean up its act while top executives escape punishment. Most notable among them have been the Wall Street CEOs at the center of the subprime mortgage market. (Stumpf, for his part, resigned on Oct. 12.)
Indeed, despite recent reforms implemented since the crisis, such as the DoddFrank Wall Street Reform and Consumer Protection Act, which imposed new regulatory requirements on ﬁnancial institutions and gave new tools to the Securities and Exchange Commission and other federal agencies to go after wrongdoers, the government is still constrained in its ability to ﬁght business crime. (For more on a new Dodd-Frank rule, see page 41.) Prosecutors have limited resources and generally only bring cases they believe they can win. Even then, the high evidentiary standards in federal criminal court make establishing culpability a challenge, particularly in large, complex corporations where decisions are often made by committee. And in industries such as ﬁnance, innovation has stayed a step ahead of the law, with managers incentivized to ﬁnd new ways to take risks without running afoul of authorities, even if they cause societal harm (such as the cross-selling push that appears to have inspired the fraudulent accounts at Wells Fargo). With fewer white-collar perp walks than many in the public would like to see, there is a widespread perception that the government hasn’t been willing to take on the real bad guys.
For many lawyers and legal scholars, this state of affairs represents a conundrum that is actually more confounding: Why does business crime continue to ﬂourish despite ever-expanding efforts to ﬁght it? “We look across the major industries and we’ve got some example in almost every one of them of a ﬁasco that results not from Enron-style corrupt management but from ineffective management and incentives that operate at lower levels of the company that in retrospect seemed almost inevitable to produce wrongdoing,” says Samuel W. Buell, the Bernard M. Fishman Professor of Law.
Before entering academia, Buell was the lead prosecutor on the U.S. Department of Justice’s Enron Task Force, which brought charges against more than 30 individuals following the energy company’s collapse, including its top two executives. As the 2008 ﬁnancial crisis unfolded and details emerged about the wrongdoing that precipitated it, which Buell describes as a “risk ﬁesta,” he was struck by the fact that the investment bank Lehman Brothers had used an accounting trick to hide its mounting debt as it spiraled towards bankruptcy, just as Enron had a decade earlier.
“The unprecedented vanishing of America’s seventh-largest company in 2001,” he writes in his new book, Capital Offenses: Business Crime and Punishment in America’s Corporate Age (W.W. Norton & Co. 2016), “the severe prosecutions with long prison times, the bitter congressional hearings, the regulatory reforms — none of it did anything to stop this. Enron was only a single canary in the cavernous coal mine of America’s ﬁnancial markets. From the bird’s death, nobody had learned a thing.”
The limits of the law
Buell has focused his teaching and scholarship on criminal law and the regulatory system, recently emphasizing how the criminal justice system treats corporations and white-collar offenders. To him, a key limitation that prosecutors face in cracking down on business crime is the law itself, speciﬁcally how society applies criminal law to business, an activity that is not inherently in conﬂict with our morals or values (unlike, say, robbery). In the zeal to prevent and punish wrongdoers across the economy, Congress has enacted many laws and regulations, he says. But there are still many unseemly behaviors that are tolerated in business, sometimes because they are not deemed harmful enough to outlaw, sometimes because they are considered an acceptable by-product of a desired behavior, sometimes because the law hasn’t yet caught up with them. And companies often incentivize their employees to get as close to the legal lines that exist as they can — without stepping over them.
Consider a “run-of-the-mill” white-collar crime, such as bribery or collusion. In a large corporation, it isn’t always easy to establish the fundamental requirement for culpability in our legal system, intention, particularly among managers or executives whose decision-making is far removed from the criminal act. And, Buell says, monitoring business actively closely enough to ensure blame can be established when wrongdoing happens would require an intrusion in the economy that our capitalist system would not abide. Add to that the higher standards for evidence in criminal court than in private lawsuits, the fear of the systemic impacts of dealing a blow to a company’s reputation or taking it down altogether, and the substantial discretion that federal prosecutors enjoy to pass on cases that they don’t think they can win, and the limitations of the law to address corporate malfeasance become apparent.
Buell cites fraud, which he calls “a simple idea with endlessly complex manifestations,” as the classic example of the challenges in prosecuting business crime that are inherent in the law itself. We all know what fraud is at its heart, he says: deception with the intent to gain something that doesn’t belong to us.
But the law of fraud leaves it to the courts to decide what constitutes intentional deception and what, in the context of business, is just aggressive marketing. And while fraud can be applied to all manner of business activities, actually proving it can be quite difﬁcult, even in cases where it seems all but certain to an outsider. An area of law that is both ﬂexible and unstable can cause problems for those tasked with applying it.
In the notorious mortgage-backed securities transactions that helped create the ﬁnancial crisis, banks sold ﬁnancial products based on subprime home loans despite knowing that a crash in the housing market was imminent and would render many of those loans insolvent. While that might look like deception to an outsider, Buell points out that prosecutors have uncovered little hard evidence that banks intended to deceive customers regarding securitizations. And, he argues, the traders who bought those securities were sophisticated enough to have known the risks they were taking, that they could lose a lot of money, and that big losses might threaten the stability of their banks. “Unless the seller of the security lied about the nature or quality of the mortgages underlying the product, even the late-in-the-game player who was still buying when the rest of the world was selling is dumb but not defrauded,” he says.
For Buell, the crash of that market, and its ultimate cratering of the global economy, was not the result of widespread criminal fraud, as many allege. Instead, he says, it was banks taking on too much risk and operating under too little regulation in their marketing of complex products that, while difficult for ordinary investors to understand, were not on their own illegal (not unlike Enron’s obscuring of its indebtedness, which also wasn’t deemed criminally fraudulent). Many in the government and private practice agree, which is why the suggestion of locking up Wall Street CEOs for defrauding investors is so often met with eye rolls. The evidence simply doesn’t support such a proposition, and in at least one recent case, a civil mortgage-fraud suit the Justice Department brought against Bank of America and one of its executives, an appellate court agreed, throwing out a judgment in May.
“In my experience over the 30 years of my practice, I think that fraud really plays a much smaller role in financial crises than people like to think,” says Michael H. Krimminger ’82, a partner at Cleary Gottlieb in Washington who served as general counsel of the Federal Deposit Insurance Corporation from 2010 to 2012 and earlier was a deputy to the chairman for policy. “This crisis was based upon a combination of factors and a failure of the market, failures of the regulators, failure of some of the market structures, and failures of some of the types of securitization structures. It was principally a product of the usual things that create crises: too much risk and the failure to accurately price the risk. As a result, people aren’t paying enough for the risk and therefore things continue to get riskier and riskier and riskier and eventually it collapses. That to me is the much bigger story rather than fraud.”
Of course, that hasn’t stopped the banks from paying massive settlements to the government to put probes of their crisis-related activities behind them. Krimminger, who spent 21 years at the FDIC and now helps large U.S. and international banks navigate the post-crisis legal and regulatory landscape, says the proliferation of fines and penalties has had an enormous impact on the conduct of management and employees within financial institutions. These include $16.65 billion paid by Bank of America, $5 billion paid by Goldman Sachs, and more than $23 billion paid together by Citigroup, J.P. Morgan Chase, and Morgan Stanley. In September, the Justice Department announced its opening bid in talks to settle its claims against Deutsche Bank: $14 billion.
“I think many, many institutions have made tremendous progress both in the way they compensate people as well as in the way they train people, because frankly, it’s become an enormous, expensive tax,” Krimminger says. “Some of the fines and penalties that have been imposed on institutions in the last five years are so much greater than any fines and penalties that have ever been imposed in the past, that it has gotten people’s attention, as it should.”
Increasingly, the government is settling criminal claims through deferred prosecution agreements (DPAs). Once a way for low-level drug offenders to avoid incarceration by accepting probation, in the early 1990s, corporations began negotiating DPAs that allowed them to escape conviction by accepting liability, paying a hefty ﬁne, and cooperating with the government. Typically, “cooperation” has meant the company conducts a wide-ranging internal investigation to ascertain what went wrong and who was at fault, sets forth a plan of reform, and submits to a government-designated monitor to ensure compliance.
DPAs have become a staple of white-collar cases and the vehicle by which the government has settled cases against many of the major banks as well as giants in the auto, pharmaceutical, energy, technology, and aviation industries. A Manhattan Institute report found that the government negotiated 303 DPAs and NPAs (non-prosecution agreements) between 2004 and 2014, and 16 of the Fortune 100 were under one in 2015. But defense attorneys complain that they represent nothing short of a threat — cooperate or die — and invite prosecutors into the executive suite to dictate how their clients reform. And scholars have noted that their proliferation has put prosecutors into the role of regulator, with little oversight.
“They can be frankly life-threatening and not always advantageous to shareholders either,” says Tom Hanusik ’90, an Enron prosecutor at DOJ and senior counsel in the SEC’s Division of Enforcement who is now co-chair of the white-collar and regulatory enforcement group at Crowell & Moring in Washington. “When DPAs get challenged, which has happened a few times, there are a few judges who really put the government to the task of demonstrating why certain types of agreements are in the public interest and I think when you see a little more of that we’ll see the government being more careful in how and when it applies them.”
But to others, the deals the government cuts are too often toothless and inefﬁcient, overly friendly to business, and a “get-out-of-jail-free” card for penitent CEOs. It would be better, say critics such as Judge Jed Rakoff of the U.S. District Court for the Southern District of New York, to limit criminal charges to individuals and corporate liability to civil claims.
Indeed, the larger question of assigning criminal liability to a corporation remains a matter of considerable controversy. Based on the tort law concept of respondeat superior — “let the master answer” — corporate criminal liability ﬁrst appeared in federal law during an earlier era of concern over unbridled business power and its harmful effects on society. The Elkins Act of 1903 stated that any misdemeanor committed by person employed by or acting on behalf of a railroad “shall also be held to be a misdemeanor committed by such corporation.” Six years later, the U.S. Supreme Court afﬁrmed the statute as constitutional, holding the New York Central & Hudson River Railroad liable for rebates on shipping that two employees illegally offered customers. The ruling made respondeat superior the standard for corporate criminal liability — holding companies responsible when employees or other agents commit crimes in the course of their employment — that has stood for over a century.
Legal scholars have railed against the doctrine for decades, says Sara Sun Beale, the Charles B. Lowndes Professor Law, an expert in federal criminal law and criminal procedure. Corporations cannot demonstrate mens rea and cannot be imprisoned, two concepts that are fundamental to criminal law. Other methods of punishment, such as large ﬁnes or debarment, may unfairly harm innocents such as shareholders or employees who played no role in the crime. And, these critics say, courts have applied it too broadly, sweeping all manner of crimes up under its umbrella. Some have even imposed it on corporations without charging any individuals with crimes on the theory that the companies bore responsibility for the collective knowledge or action of multiple employees who on their own were blameless. Beale, however, defends the use of corporate criminal liability as a necessary method with which the government can address wrongdoing in business, if not the only one. “To put it simply, you need every tool in the toolkit,” says Beale, who in her scholarship has noted a recent trend of European countries adopting corporate criminal liability where it hadn’t previously existed. “The decision in the U.S., as in other countries, should be a pragmatic one about the sanctions that are needed to deal with the enormous power wielded by corporations and the potential for harm to the public. Sanctions against corporations should not be judged by the same standards as those governing individual responsibility.”
Still, the trend of executives or managers skirting culpability for a company’s misdeeds strikes many in the public as both illogical and unfair, and that perception has put pressure on the government. In a September 2015 memo, the Justice Department instructed federal prosecutors to focus on individuals from the beginnings of investigations and refuse cooperation credit for corporations that fail to identify all individuals connected to wrongdoing. The guidance applied to civil attorneys, as well. The memo’s author, Deputy Attorney General Sally Quillian Yates, acknowledged the inherent challenges in establishing who was responsible for an act of corporate malfeasance, including piecing together information that is diffused around the organization and finding proof of knowledge and intent, particularly in the executive suite. “These challenges make it all the more important that the Department fully leverage its resources to identify culpable individuals working at all levels in corporate cases,” she wrote.
Despite being adopted as policy by lawyers focused on securities, antitrust, foreign bribery, and environmental prosecutions as well as on banking, the Yates Memo has not produced a significant uptick in prosecutions of individuals. Nor are there signs that government is reducing its reliance on corporate criminal liability to resolve major business cases. But that has not quelled concern among defense attorneys that the more aggressive pursuit of individuals will increase the burden on companies that choose to cooperate with the government and risks pitting them against their own employees, which could hinder the internal investigations required under DPAs.
Meanwhile, scholars and practitioners have begun to look more closely at an even more stringent approach: holding managers in some areas of corporate activity liable for crimes committed on their watch whether or not they were involved. In food and drug laws and some environmental laws, the Responsible Corporate Officer (RCO) doctrine establishes punishment of officers and directors if prosecutors can establish that they failed to act to prevent a misdeed by an employee on behalf of the company. In July, the U.S. Court of Appeals for the Eighth Circuit affirmed this doctrine as it applies to the Food, Drug, and Cosmetic Act when it upheld the conviction of two executives at a commercial farm company that sold eggs contaminated with salmonella. Buell says courts could expand its use but doing so could raise troubling questions depending on how far they went.
“RCO, at least as articulated in the holding of the foundational U.S. v. Park case, dispenses with both act and mental state to an alarming degree,” he wrote in a blog post in September. “I am aware of no other area in which American criminal law has imposed strict liability for omission to act — at least enduringly, modernly, and constitutionally.”
The role of regulation
Will criminalizing management neglect really stem the tide of businesses behaving badly? As Buell points out, after each new scandal, Congress has expanded the laws governing corporate conduct, opening up new avenues for enforcement actions or prosecution, and mirroring the impulse to overcriminalize seen in other areas of the law. Following the Enron and WorldCom meltdowns, it was Sarbanes-Oxley which, among other things, instituted extensive new requirements on public companies to disclose information to shareholders and prevent accounting fraud. And yet just six years later, another meltdown occurred. That leads many scholars to believe that it is regulation, and not prosecution, that must do a better job of policing business in the first place.
Federal regulators were widely criticized in the wake of the 2008 crisis — of a failure to act, of “capture” by industry, of corruption encouraged by the revolving door between government and regulated entities. Take the Securities and Exchange Commission. The agency has been far too friendly to the industry for the last 20 to 30 years, says James D. Cox, the Brainerd Currie Professor of Law, an expert in securities regulation. That has made it less willing than it was in the past to bring enforcement actions, such as those to restrain the fees that mutual funds charge retail investors or to crack down on companies that use alternative disclosure methods and non-standard accounting, which are violations of SEC rules.
“There is reluctance or a recalcitrance to push an investigation, push things a little bit further, go into the realm of uncertainty,” says Cox. “A big part of regulation is through enforcement and making law in the courts, and historically the enforcement staff has been a willing participant in pushing the envelope. You don’t see that as often now.”
In the wake of the financial crisis and the Bernard Madoff scandal, the SEC reorganized its enforcement division, moving about 20 percent of its enforcement staff into five specialized units, notes Julie M. Riewe JD/MPP ’99, T’93, who was co-chief of the Asset Management Unit from 2013 to 2016. In addition, the division began hiring securities market experts to help the staff become more proactive in uncovering wrongdoing, including by using data analytics to identify potential misconduct or rule violations.
“The agency hires experts directly from the industry because it believes they know how to identify possible hot spots in a way that lawyers at a government agency simply don’t,” said Riewe, who joined Debevoise & Plimpton in March as a litigation partner in the ﬁrm’s white collar and regulatory defense group. “The experts’ facility with data analytics has enabled the agency to be more sophisticated in how it targets potential violations, including by directing scarce staff resources to what the SEC believes to be high-risk areas.”
In fact, Riewe says, there is now a feeling in the defense bar, thanks in part to Dodd-Frank reforms that required most private fund managers to register with the SEC for the ﬁrst time and created a whistleblower program that rewards tips that lead to enforcement actions, that the agency is “willing to pursue any violation, no matter how small, particularly if the conduct or violation is novel or if the agency thinks that the case will send a broader message to the industry.” Indeed, last year, the SEC brought the highest number of enforcement actions in its history.
Cox says he would like to see the agency more frequently use its enforcement function to bring high-proﬁle attention to abuses that will deter future wrongdoers: “The SEC has a whole range of things it can do, but the most important thing it can do is get a headline.” But he sees an even more glaring area of weakness
at the Commodities Futures Trading Commission (CFTC). As the agency that regulates the derivatives market, the CFTC was the target of intense criticism for not raising red ﬂags about the proliferation of high-risk credit default swaps in the mortgage-backed securities market in the 2000s. Yet today, the agency remains understaffed, he says, with about one-sixth the personnel that the SEC has, despite the more volatile and dangerous nature of derivatives.
“What the SEC manages is kind of mundane — it’s unlikely to blow up the system,” Cox says. “What the CFTC manages, as we saw last time, did blow up the system, so I think that’s where they ought to put resources.”
In the future, it may not be enough to throw more bodies at regulatory weaknesses, says Lawrence Baxter, the William B. McGuire Professor of the Practice of Law and co-director of the Global Financial Markets Center. In a forthcoming article in Duke Law Journal, Baxter argues for using emerging technologies such
as automation, big data, and artiﬁcial intelligence to monitor ﬁnancial institutions. The development of “RegTech,” he says, would mirror the industry’s recent focus on “FinTech,” or ﬁnancial technology, to deliver services faster, more efﬁciently, and more ﬂexibly. It already exists in the way that the government monitors currency transactions and high-frequency trading. In Britain, the Financial Conduct Authority is working with the banks to test new ways of doing this, and Malaysia and Hong Kong have sponsored their own pilots.
“The tedious tasks, the ones that are manually performed now, need to be automated, so we don’t have so many people sitting there going through books all the time, so that the regulators can then exercise real discretion on the reports that come from automated monitoring,” Baxter says.
“Locked in this embrace”
Indeed, behind the argument for adopting more sophisticated methods of regula tion is a recognition of the failure of the justice system to stop bad behavior at the root of market turmoil. In particular, ﬁnancial institutions’ constant adaptation to market realities means that rules imposed from the top down will never be able to keep up with changes in conduct, Baxter says. The regulators can’t act as fast as the banks adapt. It’s also a recognition of the interdependence of government and big banks. It’s not just that the banks are so large that their failure would be catastrophic for the global economy, he adds. They are intertwined with government in a multitude of ways, from underwriting public debt to serving as the agents of bailouts when other institutions fail. In the banking industry, regulators are already constantly supervising institutions and perhaps even condoning bad behavior.
“We are locked in this embrace,” he says. “The big banks know the government can’t do without them. The government knows that they can’t do without the banks. And despite all the rhetoric and pressure the regulators have put on them, I don’t think we have any sort of silver bullets that would ﬁx the situation.”
The same could be said of giant corporations regardless of industry. The outsized role they play in society — employing workers, enriching investors, supporting communities — makes many of them “too big to jail.” As Buell notes, they have been massively successful at building wealth and driving innovation, but they are structured to help their owners avoid legal liability. Now that they are among the largest and most powerful forces in the world, and irreversibly enmeshed with the institutions of government that regulate and police them, it may be impossible to hold them to account when they or their employees behave badly.
Instead, Buell says, we may have to look at other remedies, such as stipulating the duties and obligations of corporate managers, including, perhaps, establishing that they have duties to the public and not just their shareholders, as proposed by Steven Schwarcz, the Stanley A. Star Professor of Law & Business. Or perhaps the government should draw lines to keep corporations from engaging in certain businesses, as the Glass-Steagall Act, which prohibited commercial banks from offering investments, did before Congress repealed it in 1999. But those ideas may now be non-starters: As this issue of Duke Law Magazine was going to press, President-elect Donald J. Trump was promising to dismantle much of the regulatory state, including Dodd-Frank, a nod to persistent complaints that corporations face too many constraints, not too few.
“It makes you wonder if this institution, the corporation, has developed in such a way and grown to such a scale that it’s beyond the capacity of individuals or small groups of individuals to manage,” Buell says. “We have been in this constant conversation about the criminal justice system’s relationship to corporations, which is by its structure a conversation about individuals and bad behavior. And the problem with that conversation is that it would lead one to think that the problem is we’ve just got badly behaving individuals, and if we could just get people to behave, these problems would go away, when in fact the people are fungible and the problems are a result of the incentives and the effects of the corporate institution at its current size and scope.”
— Andrew Park