Short-Changing Compliance

Our paper Short-Changing Compliance argues for a refashioning of the rules of director liability for failures of compliance oversight, the so-called Caremark standard, in light of changing patterns of executive and director compensation that create short-termist pressures to under-invest in compliance. We propose a regime of fact-finding and clawbacks that runs through an alternative dispute resolution process that could be implemented through a shareholder by-law initiative.

The goal is to offer a different answer to this question: How can we ensure corporations play by the “rules of the game”—that is, laws encouraging firms to avoid socially harmful conduct? Corporate compliance programs play a central role in society’s current response. Prosecutors give firms incentives—through discounts to penalties—to implement compliance programs that guide and monitor employees’ behavior.

However, focusing on the incentives of firms overlooks the perspective of managers, who decide how much firms invest in compliance. A series of recent corporate scandals follow a depressingly similar pattern: directors and officers appear to have short-changed compliance with law in the pursuit of short-term financial gains. For example, Wells Fargo, one of the largest US banks, was recently found to have engaged in widespread consumer credit violations for over a decade. An after-the-fact special committee investigation identified failures in its compliance program as a contributing cause to the corrosion of the firm’s culture. The consequences for Wells-Fargo have since been severe: hundreds of millions in fines and a cap placed on its growth by the Fed until its governance and compliance functions have been fixed. These penalties have brought the social costs of the firm’s misconduct home to its shareholders. Yet the problem seems not so much to be shareholders profiting at society’s expense, but failures in corporate governance and compliance harming both society and shareholders.

Stock-based pay, ubiquitous for corporate executives, creates systematic incentives to short-change compliance. Compliance is a long-term investment for firms, whereas managers’ time-horizon is truncated at the date they expect to liquidate stock. Of course, distortions in managerial incentives created by stock-based pay would not be a problem if the present value of compliance investment were reflected in the stock price.

In Short-Changing Compliance, however, we suggest a theory of compliance failure caused by stock-based pay by showing that why markets cannot assess the present value of compliance investment. Investors likely find it hard to value compliance programs, because firms routinely disclose little or nothing about their compliance activities. We model how stock-compensated managers prefer not to disclose compliance, because it can reveal private information about a firm’s propensity to misconduct: the greater a firm’s misconduct risk, the more valuable to it is an investment in compliance. As a result, both managers and markets are likely myopic about compliance.

Oversight by boards of independent directors can help to control managerial agency costs, including as respects compliance. However, we show that boards’ incentives to engage in compliance oversight have suffered a parallel weakening to those of managers. Directors traditionally received fixed compensation, giving them only ‘low-powered’ incentives to engage with the strategic and operational decisions of the firm. This provoked concerns that boards were too passive. Since the mid-1990s, there has been a consequent sea-change in directors’ compensation practices. Directors of US public companies now receive the majority of their compensation in the form of stock-based pay, similar to managers in structure, albeit less in absolute amount. While this gives directors more “skin in the game”, encouraging engagement, it paradoxically undermines their incentives to report corporate misconduct, for the same reasons we identify for managers. Rather than serving to rein in managers’ excesses, boards risk becoming their connivers.

We argue that the tendency to short-change compliance can be addressed through a more assertive potential liability regime for compliance oversight failures. Of course, if managers knowingly sanction corporate crime, then they will face individual criminal penalties. But targeting them for liability is difficult because most enforcement measures against persons require proof of intent, and knowledge is diffuse within the firm, sometimes strategically so. As regards civil liability for directors under corporate law, the current Delaware position was established in 1996 by Chancellor Allen in Caremark. His well-known opinion articulated two things: First, that boards needed to assure the existence of:

“[I]nformation and reporting systems … that are reasonably designed to provide to senior management and to the board itself timely, accurate information sufficient to allow management and the board, each within its scope, to reach informed judgments concerning both the corporation’s compliance with law and its business performance.”

But second, liability would be triggered only by a failure of oversight so comprehensive as to call into question the board’s good faith. The necessary degree of oversight failure to trigger liability was later characterized by the Delaware Supreme Court as an “utter fail[ure] to implement any reporting or information controls.”

Caremark was an innovation in its time, introducing for the first time the idea of a general duty to implement a system of monitoring and controls. Prior Delaware caselaw had suggested that directors were “entitled to rely on the honesty and integrity of their subordinates until something occurs to put them on suspicion that something is wrong”—that is, a “red flag”. Chancellor Allen articulated the new standard against a background of rapid increases in fines for corporate crimes coupled with the introduction in 1994 by the US Sentencing Commission of sentencing discounts for firms with an effective compliance system in place.

We argue that the Caremark standard is no longer sufficient to carry the freight assigned to it. In particular, it insufficiently addresses the distorted incentives created for compliance investment and oversight by the rise of stock-based pay. The present regime is likely to engender “box-ticking” compliance programs. Liability standards must work to offset the incentives to avoid compliance with applicable legal rules. The compliance oversight standard of Caremark has become a poor match for the greatly-intensified incentives of both managers and directors.

Moreover, by setting the hurdle for directors so low, the Caremark standard effectively precludes judicial consideration of compliance issues. One of the historical roles of the Delaware Chancery Court has been to build out the substance of fiduciary duty in wide-ranging contexts, not just through liability determinations but through developing ideas of “best practice” in the course of detailed analysis of particular cases. The almost-invariable dismissal of cases alleging the board’s failure of compliance oversight per the Caremark standard has cut off this path for development. This has left a vacuum in best practice of compliance into which federal prosecutors have stepped, increasingly requiring firms to upgrade their compliance programs as a condition for a settlement. Unfortunately, this discretionary “regulation by settlement” is seemingly ill-equipped to guide boards how to discharge their responsibilities.

We propose more assertive directors’ liability for compliance failures, limited in quantum to a clawback of stock-based pay. This would realign directors’ interests with shareholders’—directors would stand to lose in parallel with shareholders when a compliance failure materializes—but limiting liability in this way would avoid pushing boards to overinvest in compliance. We outline ways in which this proposal could be implemented either by shareholder proposals or judicial innovation.

The complete paper is available here.