top of page

Riesenfeld Symposium Special: Fireside Chat

Article by Sarang Shah

Photo of guest speaker Leo Cunningham who is a partner in Wilson Sonsini Goodrich & Rosati's litigation department. Photo taken from

Closing the 2019 Berkeley Journal of International Law (BJIL) Riesenfeld Symposium was a conversation between Leo Cunningham, Partner at Wilson Sonsini Goodrich & Rosati and Amelia Miazad, Director of the Business in Society Institute at Berkeley Law. After a keynote and panel discussion exploring the broader policy and politcal contexts of corruption, the discussion between Cunningham and Miazad was a welcome opportunity to talk specifically about corruption in the corporate context and how corporations respond to it.

Broadly defined, corruption is a falling away from an ideal. What do we do though when people are perpetually falling? From an institutional perspective, the answer is compliance. Post-Enron and post-financial crisis, compliance programs are now everywhere, but before the 1970s they were practically non-existent. The Foreign Corrupt Practices Act of 1977 (FCPA) was one of the first pieces of legislation to will these compliance programs into existence. According to Professor Hana Ivanhoe, one of the foundational premise of the FCPA is the idea that using a public office for private gain is corruption. When those subject to US jurisdiction try to sway agents of foreign governments to act in their favor, they not only fuel a culture of corruption in that country but also interfere with American foreign policy aims, albeit indirectly.

The FCPA, of course, does not punish the public officer in a foreign jurisdiction, but the person or company under US jurisdiction who feeds the foreign official’s private gain. It essentially tries to combat corruption by starving the beast. By requiring broadly that companies monitor their agents transactions and behaviors, the FCPA created a serious institutional risk of liability that could not be solved at a strategic level. Following passage of the FCPA, companies now had to ensure that even its lowest level employees did not offer any cash or gifts to an agent of a foreign government. Simply put, corporations had to become their own cops.

Why does a corporation require compliance programs to begin with? For example, few individuals would concede that they need a compliance program to avoid breaking laws. So why does a company need such an internal watchdog? One reason is simply that companies are large and complex, and so the existence of one bad actor could expose the entire company to risk of liability even when it isn’t company policy to break the law. Another reason is that sometimes the law is unclear at an individual level. Also, while it may be clear that lavishing a government official with gifts on behalf of the company is a violation of the FCPA, is buying my government client a round at the pub after work similarly a violation?

So what works when it comes to compliance? Brute surveillance and enforcement can certainly be effective, but requires a vast amount of time and resources. What works better, according to compliance professionals, is cultivating a culture of compliance that emanates from the top of the organization and on downwards. Such a remit places an enormous burden on the compliance team, which may or may not be the general counsel’s office within a corporation, to shift the outlook and mindset of the company itself.

Despite this enormous burden, there has nevertheless been a dramatic increase in compliance programs and enforcement on the part of federal authorities over the past decade for the following reasons. First has been the promulgation of defined US sentencing guidelines. Another factor has been the proliferation of deferred or non-prosecution agreements (DPAs/NPAs). A majority, 63%, of corruption cases end in settlement with the Department of Justice (DOJ). Many of these settlements require the expansion or reform of a corporation’s existing compliance program. Finally, the creation of whistleblower programs has incentivized employees to reveal to federal authorities the existence of corrupt transactions when a corporation chooses not to willfuly disclose their violations of federal law.

Cunningham called the cultural effect of corruption as “the virus of anticompliance,” and the role of compliance programs as combating that virus like an inoculation or a well-honed immune system. Cunningham believes that “if you can be corrupted, you can also be anticorrupted.” Or as Miazad put it at the top of her discussion with Cunningham, there are “no bad people, just bad corporate governance.” In the immunological metaphor, compliance is the responsive mechanism to harms that emerge when the corporeal system it is a part of go haywire.

Alas, no matter the vigorous efforts of companies to remedy corruption, the core conflict at the heart of compliance remains. Compliance means resisting a choice that carries some sort of incentive, whether that is a tactical gain for an employee within their own institutional hierarchy or a broader gain of profit for the corporation itself. When it comes to compliance, the phone call is coming from within the house.

Cunningham strongly suggests that incentivizing compliance, rather than merely disincentivizing violations of it, is an effective remedy for this problem. Alas, incentives tend to work for actions you can demonstrate, and not so much for actions you don’t commit, especially when there’s a chance you can get away with it without anyone knowing. So I suspect that incentivizing compliance merely returns us to the expense of brute-force surveillance and enforcement all over again.

The constant struggle of attempting to remedy corruption is reminiscent of the great theodicies of the past. These apologetics sought to reconcile the existence of evil in a perfect world engraved by God. In our current dominant belief system, profit-seeking and shareholder maximization are seen by many, even still, as efficient and reasonable ways to direct our publicly-chartered enterprises. Corruption is not an intended consequence of this system. Rather, it is but a pesky result of our own individual human failings. Compliance teams are in a sense merely a besuited ministry situated within the corporaton, neither beloved nor despised (except by the most driven to sin). Even when the compliance team doesn’t directly monitor or punish the behavior of the other employees, its presence serves as a talisman against the possibility of corruption within a system that drives people to it.

Who then, as Miazad and Cunningham discussed, bears responsibility for violations and what is the role of the board of directors of a company? Given their fiduciary duty, they have a straightforward role of limiting the liability to which the company is exposed to. But the board can also direct the culture of a company on behalf of compliance, and even incentivize compliance through financial or other means. As Cunningham exclaimed, “culture eats strategy for breakfast.” Nevertheless, the question of moral responsibility and fiscal liability remains the great unanswered question about our complex, global capitalist system. It is clear in the age of climate change, environmental degradation, and poor labor conditions in the global supply chain that severe collective harms have resulted from the pursuit of individual profit and efficiency. Perhaps the experience of the FCPA and compliance programs can serve as a model for a broader moral, political, and legal framework that can translate the responsibility for global harms due to neoliberal capitalism down to an individual level. Or perhaps the FCPA and compliance programs are merely one more symptom of a diseased system heading toward radical systemic change.



bottom of page