What law school ought to be.



Preventive Law for an Organizational Era

by Richard S. Gruner (1)


From its beginnings only a few years ago, the NCPL has achieved remarkable successes. The notion that preventive law, like preventive medicine, can help persons and organizations avoid problems and injuries is now widely understood. With the help of the NCPL, attorneys and their clients are increasingly adopting forward-looking, long-term perspectives in shaping client affairs. These new approaches are aimed at reducing risks of liability rather than just resolving disputes as they arise.


I have the greatest appreciation of these developments as they have affected corporate organizations and counsel. For a number of years, I served as an inside counsel with the IBM Corporation. As a sophisticated organization with extensive management expertise, IBM applied considerable management attention and resources to the pursuit of law compliance. The result was an excellent record in this area.


Organizations of all types -- from corporations, to non-profits, to government entities -- are discovering what IBM executives knew then: good compliance requires good compliance management. In part, such management provides its own rewards by reducing instances of illegal conduct and related liability.


However, recent legal developments have given managers of corporations and other organizations a new reason to pursue systematic compliance management. These developments involve distinctive, favorable legal treatment for firms that undertake due diligence to prevent offenses in their organizational activities. Such organizations -- dubbed "good citizen organizations" by the U.S. Sentencing Commission -- are being rewarded in various ways.


For example, where employees or members of organizations commit offenses in the course of organizational activities despite substantial organizational efforts to prevent those offenses, the organizations will often avoid charges altogether or receive minimal sanctions at most.


The emergence of the good citizen corporation as a feature of our legal landscape is not only new, but fundamentally important. We are moving from a legal regime in which the concept of the good citizen corporation was irrelevant to a legal system in which this concept may be a central consideration in evaluating corporate liability.


Currently, corporate criminal liability usually depends on respondeat superior principles. These principles effectively equate an employee offender with the offender's corporation. If an employee commits an offense within his or her scope of employment and for corporate benefit, then the corporation is liable for the offense as well as the employee.


We are moving from these principles for measuring corporate liability towards a view that a corporation's responsibility for an offense should be evaluated separately. Under this new approach, the good citizen corporation that can show due diligence concerning law compliance may avoid liability for an occasional, aberrational employee offense. In short, the law is shifting towards a system in which the culpability of the organization matters.


This is a significant change that has broad implications. I want to sketch a few of the legal developments that may implement this new approach in the next few years. My comments are aimed at suggesting how the good citizen corporation may figure in additional legal standards.


One type of change that seems likely is an expansion of the range of legal contexts in which good citizen corporations are exempted from liability. Under this new type of liability standard, corporate criminal liability would turn on whether a company undertook due diligence to prevent offenses before a particular employee committed an offense. Such standards would shift the assessment of the quality of a corporation's law compliance efforts from the sentencing stage -- where they reside under the Sentencing Commission's Organizational Sentencing Guidelines -- to the liability determination phase of the criminal case.


There are several ways that this sort of change may be implemented. Standards may be changed so that the absence of corporate due diligence needs to be shown to establish corporate criminal liability. More plausibly, corporate due diligence of this sort may be recognized as a basis for an affirmative defense to corporate criminal liability. These sorts of changes need not be limited to criminal offenses. I think that we will see equivalent developments in regulatory settings in which definitions of regulatory violations are revised to turn on whether or not a corporation has undertaken diligent efforts to prevent violations.


This is still not a broad enough perspective, however. I think that we are going to see greater reliance on the concept of the good citizen corporation in law enforcement activities. In particular, the targeting of government investigations and regulatory oversight will increasingly depend on prior assessments of how extensively particular corporations are policing themselves.


The status of a firm as a good citizen corporation may also have growing significance in other legal contexts. For example, some commentators have suggested that punitive damages should not be assessed against a corporate defendant in a tort action if the corporation is found to have taken diligent steps to prevent the misconduct at stake. Withholding punitive damages on this basis would be a logical means to reserve such damages for the worst cases of irresponsible corporate conduct. In addition, standards diminishing punitive damages for good citizen corporations would strongly encourage diligent law compliance and harm prevention efforts in areas where tort actions and damages are real threats, but criminal sanctions are not.


Finally, a firm's status as a good citizen corporation may figure in day to day contracting and commerce. This sort of consideration of compliance programs has expanded significantly with the issuance of ISO 14000, a standard for measuring the sufficiency of environmental law compliance systems. This standard figures in a system of privately enforced compliance obligations in which a contracting party can insist that its contracting partners certify their compliance with ISO 14000. Maintaining an adequate compliance program -- and being a good citizen corporation, at least in the respects addressed in ISO 14000 -- is then a matter of contract obligations and incentives. Through standards and contracting processes such as this, systems of private contracting and rewards may ultimately drive the development of better compliance practices.


What other trends are going to affect this area? I believe that ten years from now, two new topics will be major considerations. First, corporate management techniques for addressing law compliance and liability risks will be improved, establishing a related domain of technical expertise among organizational management experts. Managerial specialists are just now beginning to give detailed attention to the features of good compliance programs and to assessments of what compliance program techniques work and don't work. In the compliance system standards embedded in ISO 14000, we have seen some organized efforts to describe how corporate managers should approach the construction and operation of compliance systems. However, there should be many improvements ahead in our understanding of how to manage law compliance so as to have a real impact on corporate workforces.


As our understanding of available techniques improves, corporate managers' appreciation of the need for those techniques should also increase. Sophisticated managers already appreciate the importance of careful management of corporate law compliance. Effective compliance programs must be initiated by line management and must operate through line management. Corporate managers will increasingly accept this in the future and turn away from non-line management compliance programs that are no more than half-hearted efforts to gain possible legal advantages.


Let me amplify this a bit. Managers who don't get this message, that don't pursue law compliance as an aspect of line management through the same types of management techniques that they utilize in other business areas, are hurting their firms in several respects.


First, they are spending money on compliance efforts that are unlikely to prevent offenses or reduce liability. Throwing money into ineffective compliance efforts is simply a waste of corporate resources.


Second, undertaking law compliance efforts poorly may be worse than doing nothing at all. Compliance programs that are treated by management as a sham tend to encourage cynicism by employees. Such cynicism, in turn, tends to cause employees to pay less attention to legal requirements and to be more willing to commit offenses. Hence, a poor law compliance program may actually increase levels of offenses, making it worse than doing nothing.


Third, operating a compliance program that is a sham may forfeit an opportunity for favorable treatment in regulatory and criminal proceedings. Prosecutors and regulators are increasingly adept at evaluating compliance programs. They are becoming more sophisticated in the proof they demand and in what they view as the necessary features of an effective compliance program. The likelihood that a sham program will pass muster is diminishing accordingly.


The NCPL has contributed significantly to the better understanding and description of effective law compliance programs. In 1997, the NCPL published its Corporate Compliance Principles. The product of a blue ribbon panel of leading attorneys, compliance program managers, and academics, the Principles describe the major elements of successful compliance programs, considerations in implementing these elements, and concrete examples of how some companies have put these elements into place. The Principles continue to serve as a highly valuable source of practical guidance for companies and other organizations that wish to establish or improve their systematic efforts to comply with the law. By preventing unnecessary organizational liability, these systematic compliance efforts represent a critical component of preventive law practice in our organizational era.


1. Richard Gruner is a Professor of Law at the Whittier Law School. Professor Gruner is a member of the New York and California state bars and a graduate of the Columbia University School of Law (LL.M. 1982), the USC Law School (J.D. 1978), and Caltech (B.S. 1975).