Corporate Compliance on a Global Scale

The purpose of this concise and brief paper, which is deliberately slim in size and bibliography, is contained. First of all, it aims to show the existence of several forms of compliance characterized by different geneses and purposes and, therefore, to highlight the ambiguity of a term that is not always used in a univocal sense, due also to its links with other issues that are currently highly debated. Moreover, it argues that despite the different forms and meanings that compliance can assume, it is possible to identify a common unifying thread. On the basis of a positive assessment of the development of compliance, especially in relation to the ever-increasing importance of legal and reputational risks associated with economic activity, the paper ends with a brief overview of the legal instruments available to support this trend or, more properly, to ensure that the proclaimed importance of compliance is accompanied by effective implementation suitable to positively affect business management.

Although the virtues of corporate compliance are widely acknowledged, co-regulation and compliance management schemes constantly meet with failure, as emerges from the empirical records. This chapter is about the structural limits of corporate compliance and the factors that make it inevitable that in some cases the programs to prevent corporate wrongdoings will fail. The failure of existing compliance models should therefore not come as a surprise, since these models suffer from three structural limits. The understanding of these limits is crucial to identify what corporate compliance can realistically achieve and to isolate those deviant behaviors that require different and more effective measures. First, compliance is an imperfect science when it comes to rulemaking, resulting in the fact that no compliance program can perfectly avert failures of all sorts. Second, from a criminological point of view, compliance presents a second structural weakness in its inability to prevent the individuals in control of a company from acting illegally. Finally, the third limit stems from the economic framework in which compliance models are applied and the fact that these models, designed for large public companies, are frequently unfit for small- and medium-sized entities (SMEs).

This paper deals with the need for a specific legal analysis, from a criminal law perspective, concerning multinational enterprises (MNEs), given their involvement in illicit conducts that transcend the territorial boundaries of any single State and generate negative effects of enormous dimensions. The topic presents a high degree of complexity in terms of territorial and material scope: indeed, MNEs face a “dilemma” between undercompliance and overcompliance, since even the most cooperative entity, honestly seeking to fulfil its legal duties, is confronted with a fragmented and uncoordinated legal and regulatory scene. The risk thus arises of setting an insufficient standard for compliance, or vice versa, making an effort that is counterproductive in terms of efficiency while being supererogatory from the legal point of view. The present analysis thus addresses how MNEs might strike the right balance in combining the different sets of regulations, first of all by fulfilling the requirements applicable in the "home country" as well as those applicable in the "host country": to do this, the need arises for an MNE to compare the legislative requirements it has to abide by under the legislation applicable to the mother company and the ones applicable to the foreign entities it controls. A further layer of complexity relates to the extensive reach of certain pieces of criminal legislation issued by “third countries,” especially concerning anticorruption policies. Moreover, other emerging elements have to be taken into account by MNEs: on the one hand, private bodies and organizations increasingly define the compliance standards, the main example being represented by the ISO standards; on the other, international or transnational soft law and hard law rules are in the process of being elaborated, as the field of human rights clearly shows. In conclusion, the analysis reveals a progressive tendency among MNEs to comply with the higher legal standards set in home countries or at the international level, instead of the lower ones provided at the local level. Yet this tendency is far from general and admits a large number of exceptions, in particular where the procedural and institutional dimensions of compliance rules are concerned.

The tension between the global reach of capital markets and the local (national or at best regional) scope of financial services regulation is well known in business and regulatory circles. International financial institutions, and in particular global banks, serve clients across multiple jurisdictions but face increasing risks in complying with divergent regulatory requirements around the world. The existence and magnitude of this cross-border compliance risk is a key determinant of a global institution’s ability to intermediate international capital flows. Building on recent international reports on regulatory fragmentation, this chapter starts by exploring the nature of the cross-border compliance risk for global banks offering investment services in wholesale securities and derivatives markets. It argues that in order to manage this risk, global banks need to implement global compliance programmes where the institution’s Compliance function plays a key role. This chapter further describes what role and activities the Compliance function should perform for such programmes to be effective and elaborates on what conditions they should have in order to be value-enhancing. Finally, it provides additional details regarding the relationship between the Compliance function and other control functions (specifically Legal and Internal Audit functions) when dealing with the cross-border compliance risk.

International treaties and transnational practices suggest convergence around a model for preventing and prosecuting corporate crime based, among other features, on corporate liability, incentives for corporations to prevent corruption through the implementation of compliance programs and internal controls, and incentives offered to individuals and corporations to supply evidence to prove the offence and/or to recover the proceeds of the crime, in exchange for lenient sanctions or even immunity. The institutions required to implement this enforcement model were, until recently, absolutely alien to Latin American legal systems. Nevertheless, in an unprecedented shift, the leading Latin American economies introduced corporate liability regimes and incentives for preventing, policing, self-reporting, and remedying corporate crime, particularly corruption offences. This chapter analyzes how these legal institutions are being received and adapted to Latin America’s legal and institutional landscapes.

One of the most important issues pertaining to the role and duties of corporations is certainly the duty to take into account the interests of stakeholders, even in the modern era of “shareholder primacy.” In current practice, this issue manifests as an essential element of corporate social responsibility (CSR) theory. Recently, two further issues have emerged. The first concerns the duties of company directors as regards the management practices (and related risks) adopted in environmental, social, and governance (ESG) matters. The second concerns the “sustainability” of a business activity in terms of (i) the sustainability of the impact of that activity on stakeholders and (ii) the duty of the company to pursue the sustainable development of business operations and thus, in particular, to set a medium- to long-term profit goal.

By taking into account the full range of contexts involving a relationship between victims and corporations, this chapter investigates the role of corporate compliance in preventing primary and repeated victimization in the field of crimes pertaining to safety in workplace and environmental crimes. In the first part, the chapter sets out the forms of victimization typically caused by so-called corporate violence and identifies the health, safety, and environment (HSE) management standards which are the compliance references used in managing the risks which lie at the root of such misconduct. The standards have attained an impressive degree of harmonization on a global scale. The motivations for and benefits of adopting them are analyzed in the light of regulatory frameworks as well as economic or organizational factors. In the second part, the chapter aims to demonstrate that the implementation of an HSE management system compliant with the international standards, together with a victim-sensitive attitude, allows not only the better prevention of adverse events but also the better handling of the resulting forms of victimization. To this end, the provisions of the most common international HSE standards that specifically deal with victims’ or potential victims’ rights, needs, and expectations are examined. Limitations in implementing the requirements and expected improvements are also investigated.

This article highlights the fact that the positive and negative consequences of corporate compliance are not limited to those consequences which are connected directly to the application of such a discipline. Close consideration of the effects related to the implementation of corporate compliance is therefore necessary to better understand the real effects of this corporate function.

This chapter assesses the current state of behavioral compliance, expressing support for the behavioral approach but arguing that some of the enthusiasm for it as producing a great step forward in the efficacy of corporate compliance is unrealistic. Though findings have contributed to a better sense of “what works” in compliance, this is slow-going, and the behavioral insights often seem to do better at helping understand why compliance sometimes fails—notwithstanding the significant resources directed toward that task—than establishing a clear roadmap toward getting things right. The problem is that the academic roadmap requires what to businesspeople seem like radical changes in beliefs, cultures, and practices. This new gospel has won relatively few converts in the hyper-competitive global economy. In that sense, the embrace of behavioral compliance is half-hearted and incomplete. The chapter reviews the subject of behavioral compliance, its academic support, and the promise and pitfalls going forward of adopting a more nuanced view of human nature in the compliance setting.

Starting out from the idea that deference, rather than deterrence, could foster higher and more effective levels of compliance, this chapter questions how individual choices within a corporation could be not only controlled but also directed toward law-abiding behavior on a voluntary basis.

On this premise, the paper offers a critical discussion of how the concept of “deference” can be applied within the context of a complex organization to inspire the development of an articulated legal framework which is connected to corporate compliance.

Indeed, two different normative levels can be distinguished: one involving the public sphere, according to which the corporation must adhere to the regulations that are set by law, and one concerning the private—or internal—sphere, by which the corporation expects that norms drafted through the self-regulation approach will be respected and that individuals will adopt law-abiding attitudes.

In this respect, among the different models of self-regulation presented and discussed, responsive regulation seems a promising strategy for fostering effective crime prevention while combining and integrating the main features of the other approaches (voluntary self-regulation; coerced self-regulation). Concerning internal regulation, the challenge is to foster value-based commitment to the voluntary assumption of law-abiding behaviors by individuals. Such a goal can be pursued by recognizing the value of legitimacy and morality inside the corporation according to the procedural justice model, whereas rule infringements should be enforced through the tools provided by restorative justice, which shares the same rationale as procedural justice.

Together with their undeniable advantages, the new technologies of the Fintech Revolution bring new risks. Some of these risks are already known but have taken on a new form; some are entirely new. Among the latter, one of the most relevant concerns the opacity of artificial intelligence (AI).

This lack of transparency generates questions not only about measuring the correctness and efficiency of the choices made by the algorithm, but also about the impact of these choices on third parties. There is, therefore, an issue of the legitimacy of the decision thus made: its opacity makes it arbitrary and insensitive to the rights of third parties affected by the choice.

Thus it is essential to understand what level of explanation is needed in order to allow the use of the algorithm. Focusing on the AI transparency issue, there are grounds for believing that, at least in the EU, the costs deriving from a lack of transparency cannot be passed on to third parties and must instead be managed inside the enterprise. Therefore, the task of the enterprise, its directors, and in particular its compliance function must be dynamic, taking into account all foreseeable AI risks.

The grounds for ascribing criminal responsibility to legal persons may be understood in two fundamentally different ways. The first, the imposition of a sanction, constitutes a form of regulation, similar to the taxes or other types of incentives used by lawmakers or governmental agencies. From this perspective, criminal sanction provides an incentive for the entity’s managers to establish effective internal procedures to prevent and detect illegal behavior. The punishment of the legal entity does not imply any kind of reproach, or at least this is a secondary aspect. The regulatory view of the criminal responsibility of legal persons contrasts with a genuinely criminal understanding, according to which criminal liability implies true culpability, and the imposition of the punishment therefore entails social and ethical censure.

The introduction and development of mandatory anti-corruption compliance for large companies in the French legal system, as an alternative to the voluntary compliance models incentivised by other jurisdictions, raises fundamental issues about these approaches’ strengths and weaknesses. These models reflect different strategies for allocating legal controls among public and private actors, which affect the overall distribution of costs and benefits in preventing offences. Notwithstanding the existence of distinctions between systems based on mandatory and incentivised compliance programmes, this chapter argues that there is a common trend towards creating obligations to reform and effectively implement compliance. In light of these recent developments, critical analysis is devoted to the ever-growing public control exercised over corporations that has resulted in the introduction of compulsory or quasi-compulsory compliance requirements through laws or non-trial resolutions. A final reflection focuses on whether the introduction and expansion of mandatory compliance can positively impact crime prevention, or might have the paradoxical effects of increasing public and private costs, breaking the public–private partnership, and reducing effective compliance with the law.

This chapter focuses on the relevance that corporate remediation, as fostered by the compliance paradigm, has in the sanctioning of corporate crime. The phenomenon of remediation can be considered to be a consequence of the interaction between compliance and corporate criminal law: on the one hand, the origins of compliance from within the field of regulatory law are mirrored in its aim to stimulate law-abiding behavior within companies even after illicit conduct occurs—by compensating victims, the restoration of damage, and implementing internal compliance systems to avoid the same crime happening again in the future. On the other hand, the “criminalization process” undergone by compliance has had an impact on its voluntary dimension. In some cases, public authorities impose compliance mandates on corporations as a condition of their continuing their activity. With settlements, criminal prosecution and conviction are used as threats to push companies toward adopting compliance measures, and external monitors can be appointed to oversee the compliance mandates. Settlements and monitorship then represent a privileged standpoint for investigating corporate remediation and its positive impact on the principle of culpable liability for corporations. The topic of corporate remediation indeed offers us an opportunity to consider the diachronic nature of corporate activity and provides a framework for modeling corporate punishment according to the “personality” of companies.