Mozart’s timeless question
In the film Amadeus, the Emperor tells Mozart: “Your work is ingenious. It’s quality work. And there are simply too many notes, that’s all. Cut a few and it will be perfect.” The composer responds: “Which few did you have in mind, Majesty?” This exchange was brought to mind by an essay in Stanford Law Review On Line by Todd Hough, who teaches at Indiana University’s business school, “Cadillac Compliance” Breakdown.
Hough argues that “Corporate America wants—and believes it is getting—top notch compliance programs. But instead of the Cadillac, companies are ending up with a Chevy. Why is this? My research suggests the answer stems from two interrelated phenomena. First, corporate compliance is becoming increasingly ‘criminalized’; that is, corporations are now approaching compliance primarily through a criminal law lens. Second, as compliance programs become more criminalized they impose unintended behavioral consequences on corporate employees by creating opportunities for them to rationalize their unethical and illegal acts. Understanding these phenomena provides insight into the current failures of corporate compliance, but also how companies can best devise effective means of combating future corporate wrongdoing.”
I am generally sympathetic with his point of view, and indeed view Hough’s article as valuable for the C&E field. But still I have two concerns.
First, I think it is incorrect to suggest that compliance programs are becoming criminalized. In fact, they have been that way from the beginning – which, most C&E practitioners would say, was the advent of the distinctly criminal Corporate Sentencing Guidelines in 1991. The notion of a golden age of truly voluntary compliance is essentially a myth, as noted in this prior post (although I should stress Hough does not put it that way).
Moreover, the fact that compliance programs are driven by criminal law does not mean that they are shaped by criminal law. The various components of compliance programs (such as risk assessment or auditing) are, in my view, based on ideas and experience involving management more so than law.
Second, his principal recommendation for enhancing compliance programs is to build on the learnings of the behavioral ethics field. I certainly don’t disagree with this. It is indeed a point I have been making for many years in this blog and elsewhere and which has informed my advisory work for companies for even longer. Moreover, his particular suggestions in this regard – concerning training, incentives and other C&E program elements – seem sound.
Note that while the recommendations do seem useful, having developed similar approaches for corporate clients I don’t see behavioral ethics as transforming corporate compliance in profound ways. A personal metric on this point: in a typical 100-page compliance assessment report I draft, on average only two of those pages will be devoted to behavioral ethics. (If there was more to say I would definitely say it.)
Moreover, Hough argues that conventional compliance programs can essentially contribute to wrongdoing. There are various aspects to this, and I won’t try to address them all here, but in large measure they come down to the view that too much emphasis on controls combined with the very large capacity to rationalize that we all have delegitimizes compliance programs and thereby contributes to wrongdoing. In an earlier post regarding a similar argument made by another scholar (whose work Hough indeed cites) I questioned whether this is really what happens in cases of corporate crime: “According to his paper, laboratory experiments have shown that assuming a distrustful attitude toward individuals (which controls inherently do) causes those individuals to act in a less compliant/ethical manner. I have not read the research that he cites, but question whether anything done in a laboratory can sufficiently replicate the effect of the real-world conditions – particularly the pressures and risks, both of which can be extreme – that business people face when it comes to dealing with corruption. Indeed, in my – concededly anecdotal – experience, many business people welcome controls, as controls can help minimize the prospect of going to prison for making a wrong decision or having one’s employer economically ruined based on a colleague’s malfeasance. (This is particularly true with risk areas involving complex, often non-obvious rules – such as corruption, and also competition law and export controls.) Viewed in this light, having anti-corruption controls is no more disrespectful than is going to a doctor for an annual checkup.”
Coming back to where we started, for those would propose major cutbacks on controls, I’d respond with Mozart’s question: Which ones?
Finally, and at the risk of being redundant, I should stress that I found Hough’s article very helpful and I encourage you to read it. And, I don’t want to diminish the curiosity practitioners may have for the behavioral ethics field. Rather, my goal is purely one of expectations management.