For many years, law and economics scholars, as well as politicians and regulators, have debated whether corporate criminal enforcement deters too much beneficial corporate activity or lets corporate criminals off too easily. This debate has recently grown more polarized: On the one hand, academics, judges, and politicians have excoriated enforcement agencies for failing to send individual bankers to jail in the wake of the financial crisis; on the other, the Justice Department has since relaxed policies aimed at holding individuals liable and reduced the size of fines imposed on corporations.

A crucial and yet understudied piece of evidence in this conversation is how federal enforcement has affected crime. Indeed, unlike every other type of crime, the government does not collect data about corporate crime levels. Therefore, we cannot tell how corporations are responding to the DOJ’s changed enforcement practices.

In our recent paper, “The Cost of Doing Business: Corporate Crime and Punishment Post-Crisis,” we take important first steps in determining how corporate crime, and financial institution crime in particular, is responding to the federal enforcement regime and its shifting priorities. Specifically, as proxies for financial crime, we use three novel sources: the Financial Crimes Enforcement Network (FinCEN) Suspicious Activity Reports (SARs), consumer complaints made to the Consumer Financial Protection Bureau (CFPB), and whistleblower complaints made to the Securities and Exchange Commission (SEC). SARs are required to be filed by financial institutions under certain circumstances that are highly suggestive of malfeasance, while the CFPB data are generated by aggrieved consumers of financial products. Whistleblower complaints are generally filed by employees of banks and companies who suspect that financial crime has occurred; if the information leads to a successful enforcement action, the whistleblower is eligible for a large bounty.

Our results are summarized as follows. In the period from 2012 to 2019, we document a steep upward trend in SARs filed across every agency that collects them: the OCC, the FDIC, the FHIFA, the NCUA, the FRB, the IRS, and the SEC. This means that financial institutions flagged a greater number of transactions suggestive of money laundering, fraud, or other financial crimes in each year for the past five years. In addition, we document a steep upward trend in consumer complaints about financial misconduct submitted to the CFPB from November 2014 to August 2019. Finally, we observe a steady increase in whistleblower tips submitted to the SEC from 2011 to 2018. In sum, our data suggest a steep increase in reports of financial misconduct in three unrelated places.

We also examine levels of public company recidivism, which are also on the rise. And we document a potential cause: Recidivist companies are much larger than non-recidivist companies, but they receive smaller fines than non-recidivist companies (measured as a percentage of assets and revenue). In theory, high fines can supply adequate deterrence by themselves, but our results indicate that it might not be politically feasible or legally possible to levy a sufficiently high fine to deter future incidents of corporate crime. Put differently, for large companies, criminal penalties may be just another cost of doing business—and quite a reasonable cost at that.

We posit that those who embraced entity-level liability and large financial penalties as the most efficient means of securing deterrence neglected the practical realities of enforcement. In theory, a large fine will cause the people at the top to take steps to prevent future instances of harm across the entity. But the size of the fine necessary to lead to adequate deterrence might not be possible to calculate (What is the social cost of 86 lives?) or politically feasible. (What if the optimal fine puts the firm into bankruptcy? What if the optimal fine for a large company is tens of billions of dollars?)

Not only that, there are practical limitations to the corporation’s ability to adequately deter future incidents of crime. That is because there is a disconnect between the recipient of the punishment and the bad actor when the only punishment is an entity-level fine. Quite obviously, an entity-level fine primarily affects shareholders, not necessarily the individuals who committed or even benefited from the crime. In theory, shareholders should have an incentive to take steps to deter criminal activity, but rationally apathetic shareholders might not recognize the problem nor understand how to address it. In addition, the ultimate deterrent effect of fines against corporations and their shareholders may be muted by several factors. For example, although a company’s stock price falls after the imposition of the penalty, it usually bounces back very quickly. Therefore, shareholders might not demand an appropriate reduction in activity levels, nor the right amount of firm-wide monitoring, to avoid future instances of crime.

In sum, we theorize that an over-reliance on entity-level fines is likely inadequate from a deterrence perspective. Even though the average fine is higher today than ever before, fines are still too low to make up for uneven enforcement. The optimal entity-level penalty is likely to be very large and potentially infinite – well beyond the realm of possibility for those negotiating these settlements. Even if enforcers could levy the optimal fine, the effect would be muted – dispersed shareholders would bear the brunt of the harm, but collective action problems limit their ability to discipline wayward management. In other words, the managers who agree to pay fines out of shareholders’ pockets might not bear any consequences.

We recognize, however, that our data do not allow us to precisely identify the aspects of our enforcement regime that are failing us, nor the appropriate course of action to correct them. Therefore, our principal policy recommendation is for the government to treat corporate crime like any other type of crime and study it. With better data, policymakers would be better positioned to calibrate enforcement to deter corporate misconduct. If, however, our results are confirmed with further study, the normative implications seem to be clear. To increase deterrence, enforcement agencies should look for other ways to deter corporate misconduct, including by pursuing culpable individuals.

This post comes to us from professors Dorothy S. Lund at the University of Southern California’s Gould School of Law and Natasha Sarin at the University of Pennsylvania Law School. It is based on their recent article, “The Cost of Doing Business: Corporate Crime and Punishment Post-Crisis,” available here.