DOs and DON’Ts for CEOs on Compliance Issues

This article was originally published on CCI on Nov. 2, 2010.

A CEO may ask why he or she should care whether there is an effective corporate compliance program, with emphasis on the word “effective”.  There are two answers.

First, the corporation can suffer huge fines and penalties if the compliance program is not effective.  The lead story in The New York Times of October 27, 2010 was the payment of $750 million by a large pharmaceutical company to settle criminal and civil complaints alleging that the company sold contaminated baby ointment and an ineffective anti-depressant.  According to the article, the whistleblower will collect $96 million from the federal government and additional millions from the states.  The article states that the whistleblower complained to top management executives but she was ignored even after warning that she would call the Food and Drug Administration.

ceo-compliance-issuesThe U.S. Department of Justice guidelines[1] state that a corporation may be held criminally liable for the illegal acts of its directors, officers, employees, and agents which are (i) within the scope of their duties and (ii) were intended, at least in part, to benefit the corporation.

For example, in United States v. Basic Construction Co.[2], the court held that “a corporation may be held criminally responsible for antitrust violations committed by its employees if they were acting within the scope of their authority, or apparent authority, and for the benefit of the corporation, even if… such acts were against corporate policy or express instructions.”

In United States v. Sun-Diamond  Growers of California[3], the D. C. Circuit rejected a corporation’s argument that it should not be held criminally liable for the actions of its vice-president since the vice-president’s “scheme was designed to – and did in fact – defraud [the corporation], not benefit it.”  According to the court, the fact that the vice-president deceived the corporation and used its money to contribute illegally to a congressional campaign did not preclude a valid finding that he acted to benefit the corporation.  See also United States v. Cincotta,[4] (upholding a corporation’s conviction, notwithstanding the substantial personal benefit reaped by its miscreant agents, because the fraudulent scheme required money to pass through the corporation’s treasury and the fraudulently obtained goods were resold to the corporation’s customers in the corporation’s name).  Moreover, the corporation need not even necessarily profit from its agent’s actions for it to be held liable.[5]

Second, the CEO can become, in rare cases, personally liable civilly and criminally for an ineffective corporate compliance program.  In some regulated industries directors and officers have been found personally liable for corporate wrongdoing in which they did not actively participate pursuant to the “Responsible Corporate Officer” doctrine[6].

The doctrine originally arose in cases involving the Food, Drug and Cosmetic Act which provided strict personal criminal liability for offenses, even though the corporate officers may not have known about the alleged wrongful conduct.  The doctrine has also been applied in connection with so-called public welfare offenses when a statute is intended to improve the common good and the legislature eliminates the normal requirement for culpable intent, resulting in strict liability for all those who have a responsible share in the offense, such as in the case of certain environmental statutes.[7]

Even in non-regulated industries, directors and officers can be held civilly liable for their mere failure to investigate criminal conduct.  However, generally, directors and officers of a corporation are criminally liable only if they actively participate in, conspire to commit, or aid and abet in committing a crime.

The U.S. Department of Justice Guidelines

The internal guidelines of the U.S. Department of Justice[8] state that there are nine (9) factors in determining whether or not to criminally indict a corporation, including “the existence and adequacy of the corporation’s compliance program.”  While the Department recognizes that no compliance program can ever prevent all criminal activity by a corporation’s employees, the critical factors in evaluating any program are whether the program is adequately designed for maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct to achieve business objectives.

The Department has no formal guidelines for corporate compliance programs.  The fundamental questions any prosecutor should ask, according to the guidelines, are: “Is the corporation’s compliance program well designed?” and “Does the corporation’s compliance program work?”

For example, do the corporation’s directors exercise independent review over proposed corporate actions rather than unquestioningly ratifying officers’ recommendations, are the directors provided with information sufficient to enable the exercise of independent judgment, are internal audit functions conducted at a level sufficient to ensure their independence and accuracy, and have the directors established and information and reporting system in the organization reasonably designed to provide management and the board of directors regarding the organization’s compliance with the law.[9]

According to the guidelines, prosecutors should therefore attempt to determine whether a corporation’s compliance program is merely a “paper program” or whether it was designed and implemented in an effective manner.  In addition, prosecutors will determine “whether the corporation has provided for a staff sufficient to audit, document, analyze, and utilize the results of the corporation’s compliance efforts.” [Emphasis Supplied][10] Moreover, prosecutors will determine “whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it.” [Emphasis Supplied][11] This will enable the prosecutor to make an informed decision as to whether the corporation has adopted and implemented a truly effective compliance program that, when consistent with other federal law enforcement policies, may result in a decision to indict only the corporation’s employees and agents, but not the corporation itself.

CEO Major Dos and Don’ts

The following are a few major “dos” for the CEO:

Do – Establish an effective whistleblower program, with whistleblowers reporting to the corporate compliance director, internal auditor, or legal department (with a courtesy copy to you and the appropriate committee of the board of directors) and receive periodic reports of the results of investigations (with a courtesy copy to the appropriate board committee.)  Keep in mind that an inadequate or cursory investigation can be worse than no investigation at all because it creates an inference of a cover-up.  Consider the use of independent forensic accountants, independent attorneys and other outside experts to conduct internal investigations who many times can be more effective in conducting investigations than internal personnel.

Do – Maintain a good “tone at the top” by periodically reporting to your staff the fact that the corporation has investigated whistleblower complaints (without necessarily naming names or the content of the allegation) so that employees understand that such complaints are treated seriously by top management.  Consider authorizing rewards to whistleblowers whose information provides a substantial benefit to the corporation.

Do – Pay attention to legal compliance disasters in the corporation’s industry.  It is likely that prosecutors of other firms in your industry will seek to determine whether your corporation is engaged in similar conduct

Do – Have the corporate compliance director report to you any increase in the activities of the federal, state, and foreign prosecutors.  According to The New York Times of October 27, 2010, the U.S. Department of Justice has opened more investigations in the last two years than in any other two-year period, and has under consideration hundreds of law suits.  The Dodd-Frank Wall Street Reform and Consumer Protection Act, effective in July 2010, creates substantial bounties for whistleblowers who provide “original information” relating to violations of federal securities laws, which include the Foreign Corrupt Practices Act, and these provisions are likely to produce a substantial increase in whistleblower activity in the future.

Do – Make certain that corporate compliance policies and procedures are reviewed and updated periodically for new laws or regulations affecting existing products and services.  New laws and regulation which can affect the corporation’s business are constantly being created and therefore compliance policies and procedures must be updated regularly.

Do – Advise the corporate compliance director and the legal department of all new proposed products and services so that there is adequate time before the launch date to perform the necessary research on applicable laws and regulations, and to create compliance procedures.

The following are a few major “don’ts” for the CEO:

Don’t – Fail to provide adequate resources for the corporate compliance director to conduct investigations.  Such a failure can be viewed as causing an ineffective compliance policy.  Remember that the U.S. Department of Justice guidelines require a determination of “whether the corporation has provided for a staff sufficient to audit, document, analyze and utilize the results of the corporation’s compliance efforts.”  The corporate compliance director should be encouraged to speak directly to you concerning staff or budget inadequacies.

Don’t – Fail to communicate a good “tone at the top” through your actions, including memoranda to employees concerning the corporation’s compliance program and its ethical culture, or fail to periodically meet with employees to demonstrate your personal concern with compliance.  Remember that the U.S. Department of Justice guidelines require a determination “whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it.”

Don’t – Undermine the “tone at the top” by having your personal actions be inconsistent with the ethical culture which you are advocating to employees.  Nothing is more damaging to an ethical corporate culture than a CEO who violates his own rules or permits or tolerates others in top management to violate the company compliance program.

Don’t – Fail to periodically schedule a presentation by the corporate compliance director to the board of directors or an appropriate committee of the board in charge of compliance.


  • [1] Memorandum from Paul J. McNulty, Deputy Attorney General, issued December 12, 2006, which replaced the earlier Thompson Memorandum dated January 20, 2003.
  • [2] United States v. Basic Construction Co., 711 F.2d 570 (45th Cir. 1983).
  • [3] United States v. Sun-Diamond Growers of California, 138 F.3d 961, 969-70 (D.C. Cir. 1998), aff’d on other grounds, 526 U.S. 398 (1999).
  • [4] See United States v. Cincotta, 689 F.2d 238, 241-42 (1st Cir. 1982).
  • [5] See United States v. Automated Medical Laboratories, 770 F.2d 399, (4th Cir. 1985); 770 F.2d at 407 (emphasis added; quoting Old Monastery Co. v. United States, 147 F. 2d 905, 908 (4th Cir.) cert. denied, 326 U.S. 734 (1945)).
  • [6] United States v. Dotterweich, 320 U.S. 277 (1943).
  • [7] See Commissioner, Indiana Department of Environmental Management v. RLG, Inc., 755 N.E.2d 556, 560 (Ind. 2001) citing Matter of Dougherty, 482 N.W.2d 485, 489 (Minn. Ct. App. 1992).
  • [8] See Note 1.
  • [9] In re: Caremark, 698 A.2d 959 (Del. Ct. Chan. 1996).
  • [10] See Note 1.
  • [11] See Note 1.

**********

About the Author

fred lipmanMr. Frederick Lipman is an internationally known authority on business law and has authored 12 books on the subject. He has appeared on CNN, CNBC, Bloomberg, and Chinese television and has been quoted in the Wall Street Journal, USA Today, Forbes, and other publications.

Mr. Lipman was a lecturer in the MBA program at the Wharton School of Business for five years and at the University of Pennsylvania Law School for ten years.  A graduate of Harvard Law School, he has more than 40 years of experience in corporate governance (including special committee and controlling shareholder representation), trust law, mergers and acquisitions, insurance, private equity, and IPOs.

Mr. Lipman can be contacted via email at Lipman[at]BlankRome[dot]com.)

About the Author

Fred Lipman

Frederick D. Lipman is an internationally known authority on corporate governance, risk management, and business topics, and is a senior partner at the international law firm of Blank Rome LLP.  The author is also President of the Association of Audit Committee Members, Inc., a non-profit organization with a website located at www.aacmi.org.  This article contains excerpts from his book entitled “Whistleblowers: Incentives, Disincentives and Protection Strategies” (John Wiley & Sons, Inc., 2012), which are reprinted with permission of the publisher.  Mr. Lipman has authored 15 books, including 3 other books on corporate governance, namely, Audit Committees (The Bureau of National Affairs, Inc. 2013), Executive Compensation Best Practices (John Wiley & Sons, Inc. 2008), and Corporate Governance Best Practices (John Wiley & Sons, Inc. 2006), as well as other books on initial public offerings, valuing and selling businesses and employee incentives.  Mr. Lipman’s Executive Compensation Best Practices book was cited by the SEC in its decision to change the compensation chart for all public companies.  His Corporate Governance Best Practices book is used as either required or supplemental reading in a number of universities around the world.  Mr. Lipman has lectured on corporate governance topics at the United Nations in Geneva, Switzerland, and in China, Thailand and India.  Mr. Lipman held faculty positions in the MBA program at the Wharton School of Business and at the University of Pennsylvania Law School for a combined total of 13 years and at Temple University of Law School for 5 years.

One Comment

  1. November 4, 2010

    CEOs should be very concerned about their company’s ethics and compliance program, as any effective program requires a strong commitment from the uppermost management. The fact that the CEO can be held personally reliable in some cases should make them pay more attention to compliance issues in the workplace. This is a great list of dos and don’ts for any CEO. Their commitment to ethics and compliance issues needs to be strong in order for their employees to follow.