Like many, I have followed the news of the deadly Rana Plaza building collapse in Dhaka, Bangladesh with sadness and dismay.
Entries in Associative Liability (3)
These are good days for FCPA junkies like us. More is written now about enforcement and compliance in a week than used to appear in a year. And a lot of it is original and well outside the conventional wisdom. Among the people producing work in that category (and who have appeared on the FCPA Blog before) are:
David Hess, an assistant professor at the University of Michigan's business school. He thinks about incentives for corporations to keep themselves clean -- through the use of sustainability reports, the Federal Sentencing Guidelines, and deferred prosecution agreements, among others.* * *
Rebecca Walker, a private practitioner, whose ideas on “associative liability” and extending codes of conduct to third parties are important to anyone in the compliance business. And she's humble and charming.
David C. Weiss, a law student at the University of Michigan. He wrote a terrific article for the January 17, 2009 Michigan Journal of International Law. It asks why the Securities and Exchange Commission uses disgorgement in FCPA enforcement actions, where the remedy came from, and where it's going. Great questions, and he's got some answers too.
Andy Spalding, a lawyer and Fulbright scholar. He argues that the Foreign Corrupt Practices Act -- are you ready? -- causes corruption and hurts poor people. Andy respects the rule of law but also spends time trying to understand how laws really work. You've got to love a smart, well-spoken policy-wonking lawyer. As we said when we first heard his ideas, they're a real mind bender.
Two blogs with full-time FCPA coverage:
wrageblog, where Alexandra Wrage of TRACE has created a bulletin board for the compliance community. She and her contributors dish some great advice. We received a nice invitation to pen a few words there and we're planning to do that soon.
Mike Koehler's fcpa professor is a new resource. He had an FCPA practice for ten years and now teaches business law at Butler University. Many times over the years Mike has helped us understand FCPA enforcement practices, particularly at the SEC. We enjoy his view of the statute itself and what he thinks the words in it are supposed mean.
* * *
And two veteran blogs that only sometimes cover the FCPA but are always worth reading:
Kevin LaCroix's D & O Diary. A reviewer might call his work authoritative, influential, magisterial, and quirky enough to always be inviting. We'll just say it's a must-read site.
Here's a recent excerpt we liked:
It might well be asked why anyone should bother reading both the Wall Street Journal and the New York Times business pages. After all, both usually cover the same stories. Indeed, on Friday, both ran stories discussing the fact that year-to-date bank failures are at the highest level since 1992.
However these same-day articles about the number of bank failures in fact were a great illustration of the value of reading both publications, because the two newspapers presented very different explanations for the run of failed banks . . . . hereGabe’s Guide to the e_Discovery Universe. It's wild. There can be nearly a hundred posts a month, and its artwork and headlines are reason enough to visit (Crazy woman comes up with notion that e-discovery professionals should be “qualified”).
Our favorite times are when Gabe Acevedo, the blog's creator, hits the road. Then it becomes the world's best (and only?) law-related travelogue. Like his dispatch in April from Chicago:
As everyone knows, the most important part about any conference is the free stuff you get to take home with you, and the ABA Techshow did not disappoint. CDW gave away little mini toy race cars and notepads as well as some other stuff . . . The ABA handed out 2 gig thumbdrives. Definitely one of the cooler types of schwag there. . . . hereGabe is bursting with enthusiasm and goodwill, and he's always generous with his praise and attributions.
We'll have more to say about other friends and neighbors later.
When the student is ready, the proverb says, the teacher will appear. We must have been ready last week because two great teachers appeared. First, David P. Burns, who helped us understand the charging decisions in the Halliburton / KBR enforcement actions. Then came Rebecca Walker, left. We mentioned her concept of “associative liability” in a discussion about extending codes of conduct to third parties. She noticed that our perspective was limited to the Foreign Corrupt Practices Act (guilty as charged). And she generously helped by sending the primer (below) on the broader application of her ideas. We've read it a half dozen times and it keeps getting better. Here's what she said:
Dear FCPA Blog,
I took a look at the discussion in your post Extending Compliance To Third Parties, and I would like to point out that the survey and my article were not actually limited to the FCPA context. Indeed, in the FCPA context, when companies are often dealing with agents for whom liability for misconduct is pretty much a given, I would encourage organizations to implement appropriate compliance program controls, including pre-relationship due diligence, contractual requirements, written policies, auditing, monitoring, and all those tools that you are undoubtedly very familiar with (even including, in some instances, special approaches to training and encouraging reports of violations directed to relevant third parties.)
But, as mentioned, the survey was a general survey, asking organizations in a wide variety of industries about third party codes. In that, more general, context, I do think that it is important that organizations exercise caution when extending compliance requirements to third parties. Part of my concern flows from the fairly well-accepted theory in the compliance world that standards that are neither monitored nor enforced can be detrimental to a compliance program. They can corrode employees’ and other stakeholders’ belief in the program and cause a general loss of program credibility. So to the extent that an organization promulgates a code but doesn’t take any steps to implement or monitor compliance with the code, it can actually be detrimental to the organization’s compliance program and the culture of compliance and ethics more generally.
In addition, and to get to the question you posed, there is the “associative liability” risk that I mention in the article – an important consideration in some settings (although, I should stress again, it is not really relevant to FCPA compliance). That is a term that I like to think I coined, but I Googled it, and I found a couple of references to it before I first used the term a few years ago.
The manner in which this risk most often arises for organizations is in the context of third parties who are temporary employees or employees of a contractor or subcontractor of the organization. These employees may claim an employment relationship based in part on compliance program elements (typically policies, codes and/or training) that the organization sought to apply to them, and bring a claim based in part on that alleged relationship. In the supplier context, there have been a few suits claiming that supplier codes have created liability for the misconduct of the suppliers, but they have been largely unsuccessful. For example, there was a fairly famous case against Wal-Mart a few years ago (Doe v. Wal-Mart, Cal. Sup. Ct. Los Angeles (Sep. 13, 2005)), in which the International Labor Rights Fund brought suit against Wal-Mart on behalf of a purported class of Bangladeshi, Chinese, Indonesian, Nicaraguan, Swazilander and U.S. workers for alleged violations of Wal-Mart’s code of conduct for suppliers. The allegation was basically that Wal-Mart assumed a duty (in contract) to the employees of the suppliers when it promulgated the code and made it a part of the supplier contracts, and that it breached its contractual duty (claiming that the employees are third-party beneficiaries). However, in Chen v. Street Beat Sportswear, Inc., 226 F.Supp.2d 355 (E.D.N.Y. 2002), the court did find liability, although the facts of that case are fairly unique.
There is also the risk that I mention in the article of reputational harm. There are examples of organizations receiving bad press for promulgating standards for third parties that they fail to monitor or enforce, including, e.g., Levi-Strauss and Starbucks.
As you indicate in your blog post, I in no way seek to discourage organizations from extending any compliance standards to third parties. In my view, third-party compliance standards can be extremely helpful in decreasing the risk of third-party misconduct, which can harm an organization as much as the misconduct of its own employees. I simply suggest that they do so carefully, in light of the particular risks caused by the particular category of third party, the practicalities of whether it is possible to monitor or enforce the standards they seek to apply, and the potential associative liability risks
A note to our readers: Rebecca's book, Conflicts of Interest in Business and the Professions: Law and Compliance, is available here. The publisher's description says, "This treatise covers how to identify, detect, manage and resolve conflicts of interest. It details the knowledge gap about conflicts of interest by discussing various situations and analyzing compliance steps to cope with conflicts. The goal is to help those who deal with conflicts of interest in the business and professional worlds do so more effectively. Discussion includes conflicts of interest within organizations including corporations, employer/employee relationships, shareholders, partnerships, associations and government, as well as professional conflicts including lawyers, investment advisors, retail brokerage, auditors, lobbyists, journalists, research analysts and trustees."