Last week, VW blamed its “culture” for allowing “individual misconduct” that lead to the emissions-testing-evasion scandal engulfing the company. It reminded me of a couple of corporate-compliance mantras and of DOJ’s recent Yates Memo: To deter individual misconduct, you need a “Culture of Compliance” set by “Tone from the Top.” Volkswagen’s mea culpa bears that out: VW admitted it had neither and blamed both. See “VW Says ‘Culture’ Flaw Led to Crisis,” Wall St. J. at B1 (Dec. 11, 2015)
For years – decades, in fact – the United States Department of Justice and securities regulators have been preaching the need for organizations to develop a “Culture of Compliance” driven by “Tone at the Top.” The concepts are enshrined in the Sentencing Guidelines and the U.S. Attorneys’ Manual; they pervade the rules and practices of U.S. securities regulators (the SEC and FINRA).
The Justice Department’s “Filip Factors” include:
- the existence and effectiveness of the corporation’s pre-existing compliance program (see USAM 9-28.800)
- the corporation’s timely and voluntary disclosure of wrongdoing (see USAM 9-28.900);
- the corporation’s remedial actions, including any efforts to implement an effective corporate compliance program or to improve an existing one, to replace responsible management, to discipline or terminate wrongdoers, to pay restitution, and to cooperate with the relevant government agencies (see USAM 9-28.1000);
USAM § 9-28.000 “Principles of Federal Prosecution of Business Organizations” at http://www.justice.gov/usam/usam-9-28000-principles-federal-prosecution-business-organizations#9-28.900
Of compliance programs, the Manual says:
“While the Department recognizes that no compliance program can ever prevent all criminal activity by a corporation’s employees, the critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives. … The fundamental questions any prosecutor should ask are: Is the corporation’s compliance program well designed? Is the program being applied earnestly and in good faith? Does the corporation’s compliance program work?”
Id. at § 9-28.800. It also refers to Directors’ Caremark duties of oversight regarding risk management and compliance programs. See, e.g., In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 968-70 (Del. Ch. 1996). And DOJ’s recent “Yates Memo” puts in place the final piece, by requiring a truly effective corporate compliance program to ferret out and report the individuals who committed the wrongdoing. The Yates Memo is here.
The U.S. Sentencing Guidelines emphasize similar policies. See US Sentencing Commission Guidelines Manual §8B2.1. here.
The 2001 SEC “Seaboard Report” encouraged “credit” for good organizational behavior in the face of individual misconduct. The SEC’s “Enforcement Cooperation Program” contains those precise mantras in the Agency’s four broad measures of corporate cooperation:
- Self-policing prior to the discovery of the misconduct, including establishing effective compliance procedures and an appropriate tone at the top;
- Self-reporting of misconduct when it is discovered, including conducting a thorough review of the nature, extent, origins and consequences of the misconduct, and promptly, completely and effectively disclosing the misconduct to the public, to regulatory agencies, and to self-regulatory organizations;
- Remediation, including dismissing or appropriately disciplining wrongdoers, modifying and improving internal controls and procedures to prevent recurrence of the misconduct, and appropriately compensating those adversely affected; and
- Cooperation with law enforcement authorities, including providing the Commission staff with all information relevant to the underlying violations and the company’s remedial efforts.”
http://www.sec.gov/spotlight/enfcoopinitiative.shtml (emphasis added). The “Seaboard Report” is SEC Rel. Nos. 34-44969 and AAER-1470 (SEC Oct. 23, 2001).
The U.S. broker-dealer self-regulatory organization, FINRA, has rules requiring a reasonable system of supervision and compliance, tested annually and certified annually by a broker-dealer’s CEO:
“Each member shall have its chief executive officer(s) (or equivalent officer(s)) certify annually, …, that the member has in place processes to establish, maintain, review, test and modify written compliance policies and written supervisory procedures reasonably designed to achieve compliance with applicable FINRA rules, MSRB rules and federal securities laws and regulations, and that the chief executive officer(s) has conducted one or more meetings with the chief compliance officer(s) in the preceding 12 months to discuss such processes.”
FINRA Rule 3130(b). See generally Rules 3110, 3120 and 3130.
In last week’s announcement, the VW Group Chairman and its CEO said:
“Group Audit’s examination of the relevant processes indicates that the software-influenced NOx emissions behavior was due to the interaction of three factors:
- The misconduct and shortcomings of individual employees
- Weaknesses in some processes
- A mindset in some areas of the Company that tolerated breaches of rules.”
VW also admitted that its IT systems were not sufficient to police compliance with its supervisory procedures or maintain the integrity of some process designs. VW Press Release, here (Dec. 11, 2015).