Corporate Crime and Prosecution

An interview with Win Swenson

Win Swenson can legitimately be called the father of the U.S. corporate sentencing guidelines. He was general counsel at the U.S. Sentencing Commission during the early 1990s and was instrumental in the development of the guidelines to help judges determine sentences for corporate criminals. The sentencing guidelines were later used as a model for the Holder and Thompson memos — U.S. Justice Department memos that give guidance to federal prosecutors on whether to charge a corporation with a crime. In 1996, he went to work for the accounting/consulting firm KPMG, to head up its national compliance and ethics consulting practice. He left in 2000 and became a partner in Compliance Systems Legal Group, a law firm which focuses exclusively on providing legal advice on compliance and ethics programs. The full and original text of this interview is available from Corporate Crime Reporter.

Multinational Monitor: KPMG recently entered into a deferred prosecution agreement with the Justice Department, with KPMG admitting it committed fraud, but the department agreeing to drop charges against the firm if it fulfills promises, including to maintain an effective compliance and ethics program. It is a case where there was egregious criminal wrongdoing, the company admits to it, there is alleged obstruction of justice, there are reports that the U.S. Attorney in Manhattan actually wants to pursue the prosecution to conviction, but is overruled by the Department of Justice. Instead, it gets a deferred prosecution agreement. Was that a legitimate use of a deferred prosecution agreement?

Win Swenson: I don’t have enough facts to have a definite opinion on it.

But there is a legitimate question as to whether this was an appropriate use of a deferred prosecution. And I would look to the Department of Justice’s own charging criteria in what is commonly referred to as the Thompson memo.

And if you run through those criteria — pervasiveness of the misconduct, past history and so on — there are a number of factors that would point strongly toward prosecution. And there are also some factors that point the other way. The most notable Thompson memo factor supporting prosecution is that there is no indication that KPMG had an effective compliance program.

In fact, based on my experience there, it is pretty clear that KPMG would have a tough time making the case that it did have such a compliance program.

And to me, this factor is as important as any in deciding whether to prosecute. Why? Because a key question to resolve in making the prosecution/no prosecution decision is whether the offense was, on the one hand, aberrational — in other words, it happened despite the firm’s best efforts to prevent and detect these kinds of things — or whether the offense actually reflected the way things were really done there, with a cavalier attitude toward preventing and detecting misconduct.

If you are going to prosecute and thereby impact employees and owners of an entity, partners in partnerships and shareholders in companies, gauging whether the offense accurately reflected the core of the company is highly material. Bad things do happen at good companies.

But bad things also happen because the company didn’t seriously care. And the quality of the company’s or firm’s compliance program is the best way to measure how seriously it did care.

MM: You headed up the compliance consulting practice at KPMG for four years. Was the reason you left because they weren’t taking it seriously enough?

Swenson: That was a consideration. It would be unfair to say that that was the reason, but it was something that did bother me. In my view, KPMG did not have a compliance program that could possibly meet the standards set by the Department of Justice in the Thompson memo or in the federal sentencing guidelines. I didn’t feel comfortable advising other companies to adopt such programs when my firm hadn’t. I am told that KPMG has, to their credit, accomplished considerably more in the compliance arena since then. But at the time, it was clear that it was not doing what it should have been doing.

MM: What was missing?

Swenson: Work at the Big Five or Final Four accounting firms had evolved from pure audit practices into broad consulting practices. Within the audit profession before the consulting services were added to their portfolios, my sense is that there were pretty tight standards for conduct within the profession.

But as you started bringing in consulting practices, and also started leaning on audit partners to sell these additional consulting services, you began introducing a whole range of new risks which KPMG and its competitors had not particularly accounted for.

So, the first thing that was missing was a risk assessment, which is required in the sentencing guidelines, as a predicate to determine what kinds of compliance and ethics systems they needed.

If they didn’t know what the risks were, they certainly weren’t training people on how to avoid the risks, auditing to detect misconduct in those risk areas or providing mechanisms by which people could get answers to questions relating to those risks. These are the very basics of a compliance program.

MM: Most federal prosecutors say that evidence of obstruction of justice will tilt a close case from no prosecution to prosecution. But then again, you also hear that you can’t convict a company the size of KPMG, because you will drive it out of business, thus injuring so-called innocent shareholders, employees and other third parties. If you drive KPMG out of business, you go from the Big Four to the Big Three. And pretty soon, there is only one major accounting firm left in the country.

Swenson: I don’t think it is a small issue. This is why I said initially I can’t say whether or not they should have been prosecuted. One of the criteria in the Thompson memo that is cited as pointing against prosecution is this notion of collateral consequences to innocent people.

In the instance where you might put a company or a firm out of business, the collateral consequences are high. The impact on so-called innocent third parties — employees, partners or shareholders — should be considered.

On the other hand, if the Department of Justice fails to follow through with its policy to prosecute when the Thompson memo criteria favor prosecution, the impression is given that once a company makes a mistake, if they throw a few people under the bus and otherwise cooperate, they get a free pass.

It is sort of a slap on the wrist, except for the people who are thrown over the side, and the Thompson memo is in danger of being seen as policy on paper only. Only after misconduct is discovered by the government does the company have to take its compliance and ethics program seriously.

Again, I agree that the so-called innocent third party argument is something that should be considered, just as the Thompson memo states. But — and I think this is critical — it generally should not be determinative.

Here is why. We need to get to a place where investors in capital markets and employees deciding for whom to work ask — and are given probative answers to — these kinds of questions: what kind of company is this; does it have strong commitment to compliance; does it report externally on its program’s activities and results; does it embrace internal whistleblowers or retaliate against them?

In the wake of Andersen and Enron, it was powerful to see employees of those firms who said they just wanted to work somewhere that cared about ethics. There was a famous picture of a displaced Enron employee outside of Enron headquarters after the bottom fell out holding a sign saying, “Wanted: A Company with Integrity.”

When the Department of Justice follows through on these prosecutions, future employees, shareholders, partners will begin to ask the question, “Do I want to cast my lot with this company? Do they have a strong commitment to compliance and ethics and what is the proof of that?” That, in turn, will impact on how these big firms are run.

MM: You were deputy general counsel of the Sentencing Commission at the time of the creation of the organizational sentencing guidelines. The Thompson and Holder memos seem to parallel the organizational sentencing guidelines.

Swenson: I headed up the staff unit at the Commission that developed the organizational sentencing guidelines. Under the broad reach of vicarious corporate criminal liability, very different kinds of corporations can be convicted of a crime. We wanted the guidelines to determine — what kind of a company do we have here?

The guidelines set up criteria for imposing penalties based upon whether a company tends to be toward the good end of the spectrum, where this is an aberrational kind of thing, but basically the company is trying to do things the right way, or whether, on the other end of the spectrum, the company is not trying to do the right thing. The criteria include compliance programs, voluntary disclosure, cooperation, and how serious is the offense, measured in a variety of ways, importantly including the seniority of the people involved in the offense.

Initially, when the guidelines came out, the Justice Department seemed concerned that companies would get a slap on the wrist after essentially hoodwinking the sentencing court into believing that the company had a good compliance program and the penalties would be light.

Over time, however, the Department of Justice seemed to embrace the theory of the sentencing guidelines — this notion that different kinds of companies can be susceptible to criminal prosecution and that it is important to disentangle what kind of a company you have in front of you before you make that decision — when it adopted the Holder memo and subsequently the Thompson memo.

Both the Holder and Thompson memos parallel the criteria of the sentencing guidelines. The same factors that drive the decision on whether to prosecute or not, also drive the severity of the penalty that is going to ultimately be imposed if there is a prosecution.

MM: There is a fear that if you convict one of these big companies, corporate death will result. That is what is driving many of these deferred and non prosecution agreements. The conventional wisdom is that the criminal prosecution of Arthur Andersen drove the firm out of business. But Columbia Law School Professor John Coffee says that Andersen killed itself. Prosecution or not, it would have gone out of business because no one wanted to be audited by a firm that was the accountant to Enron.

Swenson: Coffee is probably right. Andersen would have had a very tough time staying in business whether or not criminal charges were brought based upon the conduct it had engaged in and how it was being understood by the public.

Companies didn’t want their auditor to be the audit firm that helped take down one of the largest corporations in America by being complicit in misconduct that directly related to the integrity of the audit process itself.

In answer to the first part of your question, though, I don’t think the corporate death penalty typically results from the conviction of a crime. In fact, it is unfortunate that when corporations are prosecuted and convicted, the markets will often shrug it off to a fair degree. It’s not always that big of a deal, unless there is some secondary impact, as where you also have a huge misstatement of earnings.

MM: Often the stock price goes up, because people feel that the global settlement puts the company’s problem behind them.

Swenson: True.

Getting back to the Department, I want to make clear that the Justice Department deserves a lot of credit for coming up with the criteria in the Thompson memo.

The policy itself is an excellent one, and it may be that the Department’s application of the Thompson memo is far more rigorous and consistent than those of us outside the Department know. But the problem is that it is not clear from the public statements that the Department of Justice makes when they announce these settlements.

It is hard to overstate this: It would be enormously helpful if the Department of Justice would talk more directly about how the Thompson memo’s criteria applied and led to the outcome of each case.

Prosecutors are reluctant to create any sense of discretion-limiting accountability, but I think they owe the public more of this kind of analysis if the system is to be seen as comprehensible and fair.

MM: Often they do cite the factors of the Thompson memo and say — this is why we have decided to reach a deferred prosecution agreement.

Swenson: But — and this is critically important — they virtually never talk about the company’s compliance program. References to this Thompson memo criterion are almost non-existent.

They don’t say, “We have analyzed the compliance program of this company, and it is understandable how this happened, because the program was poor, it was not supported by management, there was no training, there was no risk assessment, a large number of people knew about the offense but didn’t report it to management or the board of directors because there were no systems in place to address these concerns.”

This is not difficult to do — prosecutors can even ask an outside expert to help with this evaluation if necessary. I have done these type of evaluations. It would be profoundly valuable if the Department did talk about this criterion.

And here’s why. While many companies have stellar, committed compliance programs, there is a dirty little secret going on inside of many others.

Inside of many companies today, people who are responsible for spearheading compliance programs are, truth be told, marginalized.

The message they hear is, “If you want to get along, you better go along. Don’t push too hard.”

Unfortunately and sadly, I’m aware of a number of cases where compliance officers seek to become the diligent, independent professionals they are supposed to be to protect the company from misconduct, and are told by senior management to cool it. The rules don’t apply to the brass, or we aren’t really interested in providing the needed resources to make this work effectively — resources that are typically small compared to any other corporate function. So the compliance officer is caught in the middle of a constant battle between his conscience and a practical desire not to blow up his or her career by taking the needed stand.

How does what the Department of Justice does matter here? The degree to which the Department demonstrates the importance of compliance programs in making real prosecution/non-prosecution decisions, the greater the clout of compliance officers who are slugging it out every day in the corporate trenches.

They can tell their management and board, this is what happens to companies that don’t do this by the book. Managements and boards need to know how seriously to take all this compliance stuff. Real cases provide the answer.

MM: Sarbanes Oxley — the major reform after the recent wave of criminality — is now a couple of years old. Are things getting better or worse?

Swenson: It is getting better but it is not good enough or getting better fast enough. I work with a lot of companies that are coming from a place of good faith. I am present in management meetings and board meetings. We have serious discussions about these topics. A lot of companies want to do this the right way. I see more of that.

That is why I’m arguing for the Department of Justice to apply the Thompson memo in a transparent way — so that the companies that are trying to do this the right way get the benefit and the free riders don’t get the benefit. I also am aware of companies where these kind of things are not taken as seriously as they should be.

MM: Maybe because you are representing companies that have compliance officers who want to do the right thing, you are looking at too narrow of a sample. Do you ever get the sense that companies who want to do the right thing will hire you and companies that don’t won’t hire you?

Swenson: I do. But along the way, we also get hired by companies that press us to say only good things and are resistant when we don’t, even though we understand the complexities of all this and try to make our advice practical and achievable.

We are also asked to do work for companies who try and negotiate up front the outcome of our review, which signals that they are not very serious about it. We don’t do work for those companies. We have declined work for companies where we think the management is trying to put its thumb on the scale of objectivity.

MM: How does it work? What kinds of things are said by a company that’s not serious?

Swenson: The company will say — we are doing the following things and we assume that you will tell us that those are the right things to do. We don’t really want you talking with our employees. We don’t want you to go out and probe too much. We want to screen what you are going to say before it is presented to anybody important within the company. It is something you get a feel for. And there have been occasions where we either have said we won’t do the work, or more typically, we have helped the company conclude that we are not the ones for the job.

MM: Isn’t there a pervasive double standard with prosecutions, where corporations simply are not prosecuted for inflicting harm on others, when similar actions by individuals would result in prosecution?

Swenson: That is a problem. I am arguing that the Thompson memo should be applied transparently, rigorously and across the board. But assuming they make these decisions according to the Thompson memo and shareholders get hurt as the result of a prosecution, what is going to happen?

Shareholders in the future will look to invest in companies that are a lower risk of having these kinds of problems. That’s a good thing. Market forces will support good citizen corporations.

Today we have a lot of corporate responsibility investment funds, which are all over the board and overall do a poor job of evaluating compliance programs. Yet, many companies are becoming much more transparent in terms of their compliance and ethics programs in annual reports and elsewhere. Why not ask that companies do more of this kind of thing?

Why shouldn’t investors get information about how companies manage compliance and ethics? BP for example has recently adopted a program that ties a significant chunk of the incentive compensation of its top 600 leaders to their tangible support for compliance within the company.

If I am a potential investor, that’s relevant to me because it means management is actively engaged in trying to keep the company out of trouble.

If shareholders are asked to bear the burden of corporate malfeasance to some degree, in cases where the victims are outside the company, for example, then shareholders are going to press the companies in which they own stock to take compliance more seriously.

MM: The United States is one of the few western countries that has corporate criminal liability. And many legal scholars and defense attorneys don’t like it at all. They believe only individuals can commit crimes, institutions can’t. Is corporate criminal liability defensible?

Swenson: Yes. Corporate cultures do create an environment in which individuals engage in misconduct. People with generally good ethics can go to work for a company where there is a tremendous amount of pressure to cut corners. And they will cut corners. People who might be a little more inclined to take risks and do things the wrong way — if they work inside a company where there is a strong contrary signal from management — then they are far less apt to.

We now know that there are formal management systems that companies can employ that will yield a good outcome. It’s important that public policy support the companies that adopt these systems — and punish those that don’t.