Last year marked the 20th anniversary of Congress’ enactment of the Sarbanes-Oxley Act, legislation that arose in response to Enron’s demise and the accounting scandals that followed, and which coincided with the successful and much-heralded prosecution of a string of high-level corporate executives. For a brief moment, our legislative, executive, and judiciary branches all seemed to work in tandem to ensure that corporate executives were held accountable for the losses and mayhem they caused.
Two decades later, numerous scholars have begun to assess Sarbanes-Oxley’s legacy. In October 2022, UCLA Law School conducted a symposium examining these questions and published the resulting papers in the ABA’s Business Lawyer. My own contribution, Corporate Compliance’s Achilles Heel, considers Sarbanes-Oxley’s impact on corporate compliance.
Compliance is the activity a corporation undertakes to ensure its employees’ adherence to statutory and common law. As I write in my paper, in the years since Enron became a household name, compliance has “matured into a complex and well-respected function that supports diverse monitoring and governance goals. Everyone is in favor of it and few could imagine a world without it.”
It would be a mistake to attribute all this success to Sarbanes-Oxley. Indeed, many of corporate compliance’s foundational triggers preceded Congress’ 2002 statute. The federal Organizational Sentencing Guidelines, promulgated in 1991, encouraged judges to consider whether a corporate defendant had maintained an internal compliance program at the time of its employee’s transgression. Delaware Chancellor Allen’s famous Caremark opinion, written in 1996, bluntly charged the board of directors with ensuring that the firm had deployed a system of detecting and responding to material legal violations. And finally, the U.S. Department of Justice, perhaps the strongest catalyst of the compliance industry’s growth, released its famous Holder Memo in 1999, advising prosecutors when (and when not) to prosecute corporate entities credibly accused of crimes.
In sum, long before Enron’s precipitous rise and fall, compliance was already on many executives’ minds. Even so, Sarbanes-Oxley’s sprawling provisions increased compliance’s salience. It required corporate executives to attest to their financial and internal controls; it introduced anti-retaliation protections for whistleblowers; and it dramatically increased the maximum prison penalties for violations of the mail and wire fraud statutes.
Based on everything that has happened to the compliance industry since 2002, one might conclude that Sarbanes-Oxley succeeded in bringing compliance into the C-suite. For all its faults, compliance has become an essential corporate governance function, supported by a massive industry. Even if not yet a full-blown profession, compliance has nevertheless become a venerable occupation studied by academics across multiple disciplines.
Much of the scholarship in this area treats compliance as a structural puzzle that can be solved by drawing on considerations of psychology, economics, and organizational theory. As I argue in Achilles Heel, this curiously apolitical approach ignores our country’s increasingly highly partisan and politicized atmosphere. It is a curious phenomenon that, despite major changes in our political system and electorate, the compliance literature has remained apolitical. Scholars have only begun to explore how differences in political parties might affect high-level corporate teams, much less responses to particular instances of corporate wrongdoing.
This reluctance to assess polarization’s impact, my paper argues, is a mistake. Our failure to reflect phenomena such as polarization and politicization impoverishes our discussion of compliance and minimizes the dilemmas inherent in emerging workplace debates.
Consider two issues in the news: machine learning and remote work. Both developments generate predictable cost-benefit analyses. Machine learning can maximize a firm’s ability to monitor and detect wrongdoing, but it can also induce the company’s employees (who fear AI’s encroachment on their positions) to cut corners and ultimately violate laws. Remote work follows a similar trajectory. It improves an employee’s life, which arguably redounds to the company’s benefit. But remote work also provides employees with enhanced opportunity to violate the rules, and to do so with a lower risk of detection and accountability.
Ordinarily, we might assume that “compliance” will map the optimal zone between fully human and artificial intelligence, or between in-person and remote work. Our ideal compliance officer might weigh, along with the rest of the corporate team, a given tool’s productivity benefits versus its misconduct risk.
So far so good. But if we stop here, we ignore the political cleavages that underlie these debates. Perhaps the reason companies embrace machines over humans is that machines don’t fight with each other about politics. And perhaps some employees cling to remote work because it allows them to avoid uncomfortable conversations that signal their political or social identities.
Polarization alters the way we conceptualize and solve major workplace developments. It affects far more than that, as evidenced by the UCLA symposium’s 20-year look-back exercise. It is doubtful that Congress would enact, in so quick and bipartisan a fashion, the statute it rushed to approve in the wake of Enron’s unraveling. It is equally questionable that the public would applaud the Department of Justice’s prosecution of high-level corporate actors with nary a word about the prosecutors’ politics or that of their corporate targets.
Corporate Compliance’s Achilles Heel, written in honor of Sarbanes-Oxley’s 20th anniversary, represents my initial foray into this area. Future work will explore polarization’s impact, not just on corporate compliance departments, but also on the intermediaries and government actors who comprise the broader compliance network. This work will further theorize the steps the network might adopt to neutralize polarization and its impact. A politicized atmosphere may in fact be compliance’s Achilles’ heel, but there is no reason to allow it to become compliance’s fatal flaw.
 I leave the Financial Crisis and whether it reflected compliance failure writ large, or prosecutorial failures in its wake, for another day. Readers may be interested in Chapter 5 of my recently released book, Myths and Misunderstandings in White-Collar Crime (Cambridge 2023), which addresses the latter question at length.
This post comes to us from Professor Miriam H. Baer at Brooklyn Law School. It is based on her recent article, “Corporate Compliance’s Achilles Heel,” available here.