Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The Department of Justice (DOJ) "Yates Memo" in 2015 renewed the federal government's commitment to hold individuals accountable for corporate wrongdoing and offered related incentives. Companies, looking to minimize their enforcement risks and avoid indictment, are incentivized to provide the government information about employees and executives, sometimes to support a claim that a rogue employee acted against company policy. These incentives apparently have been successful; individual prosecutions for corporate malfeasance have increased in recent years. See, "The Yates Memo is Here to Stay: Signs of Increasing Efforts to Hold Individuals Criminally Liable for Corporate Wrongdoing," Business Crimes Bulletin (June 2019).
However, criminal liability remains a concern for all companies and organizations, and prosecuting corporate wrongdoers continues to be a "high priority" for the DOJ. See, Justice Manual §9-28.010. Consistent with its Principles of Federal Prosecution of Business Organizations, DOJ focuses criminal prosecutions on those corporate actions that endanger consumers, public health and safety, the environment and free markets. Id. Many of these violations can also give rise to civil regulatory enforcement, and companies must be mindful of the risk that a compliance failure could cross the line from civil to criminal (and possibly result in parallel civil and criminal enforcement). This happened to two companies in the food industry — Chipotle Mexican Grill and Blue Bell Creameries LP — who recently resolved criminal probes (through a deferred prosecution agreement and guilty plea, respectively) related to food safety failures that sickened customers.
The risk that a compliance or regulatory violation could result in customer illness could become a criminal matter is heightened in the ever-changing COVID-19 landscape, which presents novel challenges for operations and customer safety. For example, as the pandemic started, the media began questioning cruise ship companies' preventive measures regarding coronavirus transmission and passenger safety. Government investigations soon followed. Jacquie McNish et al., "Cruise Ships Set Sail Knowing the Deadly Risk to Passengers and Crew," Wall St. J. (May 1, 2020) (U.S. Coast Guard investigating whether cruise ships violated federal law by failing to alert health authorities to sick travelers disembarking at U.S. ports).
This article outlines the principles of corporate criminal liability, including the factors prosecutors consider when making charging decisions, and the potentially available sanctions in light of applicable U.S. Sentencing Guidelines, and offers strategies for minimizing risk, including lessons from recent criminal enforcement actions.
|Recognizing that organizations can only act through people, the foundational principle for corporate criminal (and civil) liability is agency — respondeat superior. Under federal law, a company can be held criminally liable for the actions of any of its employees, so long as the violation was done within the scope of the employee's employment and with "an" intention to aid the company. New York Central & Hudson Railroad v. United States, 212 U.S. 481 (1909). Vicarious corporate liability is potentially expansive, as the requisite intent to help the company need not be the employee's sole or primary purpose and has been interpreted to include trying to positively impact the company's stock price or evading government enforcement. Moreover, under this almost strict liability standard and in some jurisdictions, a company's compliance program, no matter how robust or rigorously enforced, will not necessarily shield the company from liability, even if the employee's actions were clearly prohibited by it. See, e.g., United States v. Automated Med. Labs., 770 F.2d. 399, 407 (4th Cir. 1985) (corporation held vicariously criminally liable despite employee acting contrary to company policy); United States v. Twentieth Century Fox Film Corp., 882 F.2d 656 (2d Cir. 1989) (affirming lower court's refusal to admit evidence of corporate defendant's compliance program to rebut scienter); but see, United States v. Ionia Management S.A., 555 F.3d 303, 310 (2d Cir. 2009) (corporate compliance program could be relevant to scope of employment element).
However, most jurisdictions have recognized a good faith defense, allowing the company to introduce evidence of its compliance efforts. For example, the Third Circuit's model jury instructions provide that an agent "was not acting within the course and scope of [his/her] employment if [s/he] performed an act which [corporate defendant], in good faith, had forbidden [agent] to perform. A corporate defendant is not responsible for acts which it tries to prevent." Third Circuit Model Criminal Jury Instructions 7.06. However, "a corporate defendant … may not avoid criminal responsibility by meaningless or purely self-serving pronouncements," i.e., window-dressing compliance. Id. See also, e.g., United States v. Ionia Management S.A., 555 F.3d 303, 310 (2d Cir. 2009). Companies thus have significant incentives to implement effective compliance programs, not only to deter and address wrongdoing by insiders, but also to lay the foundation for a potential good faith defense.
|A company's compliance program can also be a significant factor in the government's decision of whether to charge the company. DOJ's Principles of Federal Prosecution of Business Organizations (Principles), found in the Justice Manual, set forth 10 criteria for prosecutors to consider when deciding whether to charge a company or seek alternative disposition, two of which speak to a company's compliance and remedial efforts:
Justice Manual §9-28.300. These criteria are not exhaustive, and the weight that any given factor has varies from case to case.
Although (as noted above) the existence of a corporate compliance program may not prevent conviction at trial, it might prevent indictment. As factors 5 and 7 demonstrate, prosecutors consider the adequacy of a company's compliance program, and any improvements and remedial actions taken in light of the violation, when making a charging decision. The DOJ has released detailed guidance for prosecutors, updated in April 2019, on evaluating corporate compliance programs. Prosecutors are instructed to consider, inter alia, whether the company has made significant investments in compliance, if compliance-related funding requests ever were denied, whether controls testing has been done to ensure that similar misconduct will be detected in the future, and whether employees are tested – not only trained – on compliance, and what remedial measures are in place for employees who fail. See, DOJ Criminal Division, Evaluation of Corporate Compliance Programs; see also, R. Levine and C. Kendall, "The DOJ's New Parameters for Evaluating Corporate Compliance Programs," Business Crimes Bulletin (July 2017). The April 2019 changes, similar to the Third Circuit's model jury instructions, make clear that a "paper" compliance program is not enough, and that even a well-designed program "may be unsuccessful in practice if implementation is lax or ineffective." Id. Accordingly, the guidance stresses the importance of regularly reviewing the compliance program, performing a root cause analysis for any episodes of misconduct, and incorporating policies and procedures to reflect lessons learned and new risk areas. The sufficiency of a target company's compliance program at the time of and after the offense can play a significant role in determining the appropriate sanction — including imposition of a monitor or compliance enhancements.
The Principles also instruct that under certain circumstances, a corporate criminal case may be resolved by means other than indictment, such a non-prosecution agreements (NPAs) or deferred prosecution agreements (DPAs), which "occupy an important middle ground between declining prosecution and obtaining the conviction of a corporation." Justice Manual §9-28.200.
|Companies that are convicted of — or, more often, plead guilty to — federal offenses can be fined, sentenced to up to five years' probation (with attendant conditions), ordered to make restitution and issue public notices of conviction, and are subject to applicable forfeiture statutes. According to the U.S. Sentencing Commission, in FY2018, 75.8% of organizational offenders were sentenced to probation and 81.8% were sentenced to pay a fine, restitution, or both. U.S. Sentencing Commission, Quick Facts FY 2018, supra.
An organizational defendant can obtain a mitigating credit and reduce its potential fine range significantly — up to 95% — by demonstrating that it has an "effective compliance program," within the meaning of the Guidelines. The Guidelines' broad criteria for an "effective compliance program" include appropriate oversight by high-level personnel; effective communication to employees at all levels; ongoing compliance monitoring and auditing; facilitating reporting suspected wrongdoing without fear of retaliation; and consistent enforcement of standards, including discipline. U.S.S.G. §8B2.1. However, if high-level personnel of a small company or anyone with substantial authority in an organization of any size participated in the violation, there is a rebuttable presumption that the organization did not have an effective compliance program. U.S.S.G. §8C2.5(f)(3)(B).
If an organization's compliance program is found ineffective or insufficient, a recommended condition of probation is the development or improvement of the compliance and ethics function, overseen by the court or probation officer. U.S.S.G. §8D1.4(b). This is frequently imposed. In FY 2018, a quarter (25.3%) of offenders were ordered to develop a compliance and ethics program, see, Quick Facts FY 2018, supra, and in FY 2017 22.1% of offenders were ordered to do so, see, Quick Facts FY 2017. Other conditions include regular and unannounced examinations and audits of relevant books and records, and interviews of key personnel to ensure appropriate remedial measures have been put, and remain, in place. U.S.S.G. §8D1.4.
|The coronavirus presents many novel challenges for businesses, and its mechanism and attendant risks are not yet fully understood. However, prosecutors may draw parallels between companies' coronavirus responses and more traditional cases where failure to follow required safety procedures or alert the proper authorities causes harm to consumers, workers, or the general public. In a recent extreme example, in March 2020, in a state prosecution, California utility PG&E pleaded guilty to 84 counts of involuntary manslaughter in connection with deaths caused by a wildfire. State regulators determined that the fire was caused by PG&E's equipment, which allegedly was not inspected or maintained as required by law. PG&E Corp. Form 8-K (March 17, 2020). In May 2020, Blue Bell Creameries L.P. pleaded guilty to distributing ice cream that was manufactured in unsanitary conditions and seriously sickened several customers with listeria. Despite receiving positive listeria test results, the company failed to notify customers of the potential danger. The company's president, who allegedly instructed employees to remove contaminated ice cream from store shelves without telling stores the true reason for the removal, has been separately charged. DOJ, Blue Bell Creameries Agrees to Plead Guilty and Pay $19.35 Million for Ice Cream Listeria Contamination – Former Company President Charged (May 1, 2020).
The challenge for companies facing widespread and/or serious customer or employee illness, or accusations of facilitating coronavirus's spread, is ensuring that these issues are resolved civilly or, if not possible, resolving the case without indictment, such as by entering into a DPA. An April 2020 DPA entered into by Chipotle Mexican Grill (Chipotle), a fast-casual dining chain, offers potential insight into how prosecutors apply the principles discussed above when confronted with multiple food safety compliance failures that sickened over 1,100 people. A copy of the DPA is available at https://bit.ly/2TnvrXJ.
Chipotle entered in a three-year DPA in connection with outbreaks of norovirus and toxic bacteria. According to the stipulated Statement of Facts, at least five food safety incidents occurred at Chipotle restaurants around the country, stemming primarily from restaurant employees' failure to follow food safety policies and procedures. These events sickened more than 1,100 people between 2015 and 2018. The Statement of Facts also detailed training and compliance failures related to food safety protocols, with the result that some restaurant-level employees did not know or follow these protocols.
Chipotle agreed to pay a $25 million criminal fine and implement a number of company-wide changes to its food-safety procedures. Chipotle is required to develop and implement an enhanced compliance program to ensure compliance with all applicable food safety laws and must, in conjunction with an outside consultant, conduct a thorough review of its training, internal auditing, and staffing procedures. The DPA notes that, prior to and during the investigation, "Chipotle significantly enhanced its food safety policies and procedures in the wake of the food safety incidents at issue here." These prior improvements included developing new food safety practices, implementing a Food Safety Advisory Council with independent safety experts, and regular internal and third-party food safety inspections and audits. The Statement of Facts also emphasizes that the violative conduct was done by lower, store-level rather than corporate employees and was contrary to Chipotle's policies. The presence of continuously-improving procedures and an absence of higher-level personnel involvement in the conduct at issue seems to have played a role in the government's decision to agree to a DPA rather than indictment.
|Prosecutors likely will focus on companies whose actions or omissions may have exposed customers and employees to COVID-19 and/or facilitated its spread, especially if required disclosures to health officials and remedial actions were untimely or incomplete. Companies should consider the following proactively:
*****
Carolyn H. Kendall ([email protected]) is an Attorney in Post & Schell, P.C.'s Internal Investigations and White Collar Defense Group, where she defends individuals and corporations facing criminal and civil investigation in highly-regulated areas such as health care, pharmaceuticals, and finance. Connect with her on LinkedIn @carolynkendall.
|ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.