Abstract: A firm’s ‘reputation’ reflects the expectations of its partners of the benefits of trading with it in the future. An announcement by a regulator that a firm has engaged in misconduct may be expected to impact negatively on trading parties’ (i.e. consumers or investors) expectations for a firm’s future performance, and hence on its market value. How can we identify reputational losses from share price reactions? How large are these losses for different types of misconduct? The chapter seeks to answer the above questions in the light of recent empirical evidence and draws implications for regulatory enforcement policy.

Abstract: This chapter examines what is known about corporate crime deterrence in hopes of identifying legal strategies that can prevent such crimes and their often-immense harms against consumers, competitors, employees, creditors, and owners. In this chapter, we rely heavily on results from a meta-analytic study of corporate crime deterrence research but also examine the extant literature in an effort to summarize what formal mechanisms might be effective in promoting compliance. Despite increasing awareness of the frequency and consequences of these violations, research has produced almost no conclusive recommendations. We find that simply making new corporate crime laws is ineffective, while actual criminal justice sanctions (e.g., arrest, incarceration) seem to be inconsistently effective. There is some support for the use of fines and monetary sanctions (both civil and criminal) in producing compliance, but financial penalties seem to be effective only in the short term and only when they are very high. Furthermore, in our review, regulatory sanctions seem to be effective against individual-level offending, but these sanctions have wildly inconsistent impacts when leveled against corporations. We discuss the dire need for more research, offering specific suggestions for scholarship.

Abstract: This chapter, cowritten by senior members of the bar who teach in the leading public procurement law program in the United States, discusses corruption, compliance, and debarment in government procurement. When a government procures goods or services, it must decide questions of price and quality, and – equally importantly – whether the contractor is qualified (“responsible” in US federal contracting), that is, whether the contractor possesses the requisite physical and financial capability, a record of satisfactory performance, and integrity. For the government buyer, the question is whether the prospective contractor poses disqualifying performance or reputational risks to the government. When those risks are severe, suspension (temporary exclusion) and debarment (exclusion for a term of years) are tools that a government can use to exclude nonqualified individuals and companies from competing for public contracts. Suspension and debarment can be economically devastating – a “death sentence” for contractors. As this chapter reflects, remedial corporate compliance efforts – “self-cleaning,” as it is termed in European procurement law – play a central role in a government’s decision on whether to debar or suspend a contractor. For US federal contractors, the basic requirements for compliance efforts match the emerging worldwide standards for compliance systems. This chapter focuses on suspensions and debarments under the US federal system, while drawing on illustrative comparative examples from other procurement systems.

Abstract: This chapter studies the implications of behavioral ethics research to questions of legal compliance. Behavioral ethics emphasizes the concept of bounded ethicality, referring to a long list of biases and cognitive limitations that prevent people from making a full and candid evaluation of the ethicality of their own actions. In other words, people often act unethically not because they made a conscious choice to behave badly but because they were able to ignore, downplay, or justify their own misconduct. This chapter explores the meaning of behavioral ethics findings for questions of compliance with the law. That is, if people often ignore or downplay their own unethical choices, how can lawmakers and regulators act to improve compliance with the law? The chapter describes the central relevant findings of behavioral ethics research and the challenges these findings pose for legal compliance, and outlines possible solutions. In particular, we advocate a novel regulatory approach utilizing ethical nudges: regulatory interventions that are designed to improve ethical deliberations by potential wrongdoers.

Abstract: Despite the federal Department of Health and Human Services’ provision of considerable guidance and technical assistance to covered entities and business associates regarding their responsibilities under the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA), little is known about the extent of compliance across the healthcare industry as well as reasons for noncompliance. This chapter reviews academic, industry, and government studies assessing HIPAA compliance and presents relevant insights. These insights relate to the extent to which small numbers of covered entities comply with the HIPAA Privacy Rule’s plain language requirement, the HIPAA Privacy Rule’s access to protected health information requirement, the HIPAA Security Rule’s addressable encryption standard, and the HIPAA Security Rule’s audit logs and access reports requirement. Additional insights relate to the extent to which covered hospitals and health systems believe that they are complying with the HIPAA Privacy and Security Rules, the impact of HITECH on data breaches involving business associates, the organizational strategies and institutional environments that influence compliance, and the extent to which institutional pressures and internal security needs assessments influence investment in security compliance.

Abstract: Over the last three decades, self-control theory has established itself as one of the leading explanations of criminal and deviant behavior. At its core, the theory asserts that those with low self-control will be less likely to comply with the law (as well as other social norms). This chapter reviews the self-control perspective in terms of: (1) its origin and development within criminology, (2) its empirical status with respect to how well the theory predicts compliance/failure to comply with the law, (3) recent theoretical and empirical developments in the self-control model, and (4) what future research would be most useful to continue to explore in this theoretical tradition.

Abstract: Focusing on collusive behavior, this chapter outlines the complexity associated with both the ex ante design of antitrust compliance programs and the ex post assessment of their impact. Following an interdisciplinary review of relevant literature, the chapter provides a structured cost–benefit approach to compliance and challenges the idea that compliance cannot be rationalized. We recognize that measurement of compliance programs may be particularly difficult in light of the importance of less-tangible factors such as corporate culture. Yet, the chapter proposes that a principled approach to compliance would considerably support the work of practitioners. Future research should concentrate on studying the interaction effects of compliance mechanisms and corporate culture. Such large-scale empirical studies on individual and firm-specific factors of compliance might be promoted and coordinated by competition authorities.

Abstract: The study of compliance is enriched when it is analysed as part of a contested landscape over the rules governing business conduct. This analysis requires going beyond the assumed connection between compliance and specific regulatory obligations, authorised actors or legal rules to interrogate its entanglement with multiple economic, social and political goals. The contours of this entanglement are often shaped by the tension between and within economic and social goals, tension that can be resolved either by supporting or challenging the status quo. Governments, and state authorities more broadly, bear primary responsibility for the management of the tension between economic and social demands. By modulating compliance obligations, these authorities can achieve temporary resolution of this tension, modulation that often, but not always, retains existing power relations. The chapter then focuses on which actors can challenge the status quo governing business behaviour by authoritatively calling attention to that behaviour as either compliant or non-compliant with legal obligations. Finally, the chapter explores the phenomenon of compliance independent from any connection to hard law, state-based regulatory regimes or courts and instances where acceptable behaviour, or a state of compliance, is not determined by regulators, laws or courts. Being able to define compliance independently from governments or law provides an alternative means to challenge the status quo governing business obligations. Here the chapter looks to international efforts to hold multinational businesses accountable for the harm they cause across borders. Efforts by local communities to demand that business meet social and not just legal expectations, namely that they comply with a social licence, provide a second example of compliance expectations beyond the law. Ultimately compliance, unmoored from a specific regulatory regime, actor or type of rule, becomes part of a fluid contested political landscape aimed at determining the rules governing business and commerce rather than a technocratic and restricted policy dilemma.

Abstract: Regulatory compliance is vital for promoting the public values served by regulation. Yet many businesses remain out of compliance with at least some of the regulations that apply to them – not only presenting possible dangers to the public but also exposing themselves to potentially significant liability risk. Compliance management systems (CMSs) may help reduce the likelihood of noncompliance. In recent years, managers have begun using CMSs in an effort to address compliance issues in a variety of domains: environment, workplace health and safety, finance, health care, and aviation, among others. CMSs establish systematic, checklist-like processes by which managers seek to improve their organizations’ compliance with government regulation. They can help managers identify compliance obligations, assign responsibility for meeting them, track progress, and take corrective action as needed. In effect, CMSs constitute and structure firms’ own internal inspection and enforcement responsibilities. At least in theory, CMSs reduce noncompliance by increasing information available to employees and managers, facilitating internal incentives to correct instances of noncompliance once identified, and helping to foster a culture of compliance. Recognizing these potential benefits, some government policymakers and regulators have even started to require certain firms to adopt CMSs.

But do CMSs actually achieve their theoretical benefits? We review the available empirical research related to CMSs in an effort to discern how they work, paying particular attention to whether CMSs help firms fulfill both the letter as well as the spirit of the law. We also consider lessons that can be drawn from research on the effectiveness of still broader systems for risk management and corporate codes of ethics, as these systems either include regulatory compliance as one component or present comparable challenges in terms of internal monitoring and the shaping of organizational behavior. Overall, we find evidence that firms with certain types of CMSs in place experience fewer compliance violations and show improvements in risk management. But these effects also appear to be rather modest. Compliance in large organizations generally requires more than just a CMS; it also demands appropriate managerial attitudes, organizational cultures, and information technologies that extend beyond the systematic, checklist processes that are characteristic of CMSs. We address implications of what we find for policy and future research, especially about the conditions under which CMSs appear to work best, the types or features of CMSs that appear to work better than others, and the possible value of regulatory mandates that firms implement CMSs.

Abstract: The perceptual features of criminal penalties are crucial to their capacity to deter, at least in theory. This chapter devotes attention to the accuracy of people’s perceptions about criminal penalties. The empirical findings from so-called perceptual calibration studies are summarized, focused on people’s understanding of the statutory applicability of criminal sanctions, as well as the certainty and severity of punishments applied in practice. While the average citizen is reasonably well informed about what criminal penalties are statutorily allowed, he or she does a poor job estimating the probability and magnitude of the penalties. On the other hand, studies which inquire about more common offenses (alcohol and marijuana use) from more crime-prone populations (young people, offenders) reveal that perceptions are consistently better calibrated to actual punishments.

Abstract: Whistleblower reward programmes, or ‘bounty regimes’, are increasingly used in the United States. The effectiveness of these programmes has been questioned, and empirical evidence on their effectiveness has been scarce likely due to their relatively recent introduction. In recent years, however, empirical and experimental evidence on their effectiveness has become more available and robust. We review the (rather encouraging) evidence on whistleblower reward programmes, in terms of amount of additional information generated, deterrence effects, and administration costs, and consider the possibility of extending them to accomplice witnesses in antitrust cases.

Abstract: In psychological theory and research, compliance is generally seen as the most superficial and weakest form of behavioral adaptation. The current contribution examines how the social context of work – the organizational culture – can be organized to stimulate ethical business conduct. By reviewing social psychological theory and research, we illustrate how an ethical culture can be developed and maintained through ethical leadership and by mainstreaming ethics into existing business models. This is markedly different from more common legal approaches. It requires that a commitment to ethical business conduct is visible from the tone at the top, that organizational leaders “walk the talk” on the work floor, and that this matches the implicit messages that organizational members receive on a day-to-day basis about what really matters and what should be prioritized. Attempts to increase rule compliance are bound to fail when organizational incentives and rewards focus on individual bottom-line achievement regardless of how this is done. Empirical evidence supports the claim that organizational culture is an important factor in stimulating ethical conduct. By creating an ethical culture, organizations develop an “ethical mindset” in organizational members, which helps them not only to understand and internalize existing guidelines in their current work but also to apply the “spirit” of these guidelines to new dilemmas and emerging situations. This makes investing in an ethical culture a sustainable business solution.

Abstract: Regulatory compliance is crucial to ensure that regulation and related public policies achieve their intended public outcomes – that is, safeguarding key elements of public welfare in a given country, while supporting economic and social development. Although this often remains implicit, promoting regulatory compliance is an important aspect of international development work. Nonetheless, the need to treat “compliance” or behavior change as a specific object has taken time to emerge, as has the understanding of the entire process between inputs (regulations, resources) and outcome (compliance or behavior change, or the absence thereof). Research shows that compliance is not an automatic consequence of regulations, that it does not always produce the desired outcomes, and that the “volume” and severity of enforcement do not necessarily correlate with compliance and regulatory outcomes. Significant evidence also suggests that poorly designed regulation, regulatory administration, procedures and systems can be both a hindrance to economic growth and a source of corruption.

This chapter looks at the specific aspects and challenges of regulatory compliance in a broad “development” context – characterized by a vast informal sector or significant “gray economy,” regulatory burden and barriers, and overall insufficient regulatory compliance (and thus effectiveness). In this context, “regulatory delivery” – that is, how the whole range of state activities aiming at improving or securing compliance is designed, structured, resourced and implemented – particularly matters. A more risk-based, focused, responsive regulatory delivery helps to maintain institutional integrity while taking into account actual issues and demands and can also support good governance and the rule of law.

Abstract: This chapter argues that organizational compliance is best illustrated not by a compliance versus noncompliance dichotomy but by a processual model in which organizations construct the meaning of both compliance and law. I argue that organizations must be understood as social actors that are influenced by widely institutionalized beliefs about legality, morality, politics, and rationality. I review the empirical research in this vein and show how institutionalized conceptions of law and compliance first become widely accepted within the business community and eventually come to be seen as rational and legitimate by public legal actors and institutions and thus influence the very meaning of law. Through two distinct waves of research, I offer a theoretical framework for understanding compliance as a process and by specifying the institutional and political mechanisms through which organizations shape the content and meaning of law. First wave studies laid out the initial framework for how to understand organizations as constructers of legal meaning while second wave studies refined and extended the theory in multiple ways. I suggest that the increasing complexity and ambiguity of legal rules provides legal intermediaries greater opportunities to influence what compliance means by filtering what law means through nonlegal logics. I conclude by discussing the implications of organizational construction of law and compliance for studies of law, business, and the state and suggest directions for a third wave of research.

Abstract: The governance of global supply chains is a ripe area of study for legal scholars. As part of an analysis of the governance of multi-tiered global supply chains and the implementation of recent supply chain transparency laws, this chapter analyzes the central role of supply chain auditors. These actors conduct human rights due diligence and implement supply chain policies on behalf of companies, which are in effect outsourcing their compliance obligations. In this chapter, I first discuss the emergence of a supply chain-audit regime in response to recent legislation, industry standards, and reputational pressure on companies to enhance their social and environmental performance. Next, I analyze concerns over the efficacy of supply chain auditors in incentivizing improvements in corporate compliance and behavior. Among the critiques are that audits advance the interests of downstream buyers; auditors are reluctant to report fraud; audits do not move beyond first-tier suppliers; audits are of limited duration; auditors fail to engage with workers; audit results are not released to the public; and suppliers have an incentive to cheat. Finally, I briefly offer remedies that have been proposed to address some of the major critiques and thereby enhance the effectiveness of the supply chain-auditing regime.

Abstract: Compliance – from the root “to comply” – is “the set of rules, principles, controls, authorities, offices, and practices designed to ensure that the organization conforms to external and internal norms.” But toward what ends does management use an organization’s compliance system? Compliance ideally has aspirational goals to at least discourage outright violations of the law, if not to encourage ethical behavior more generally. The methods through which management enforces compliance, however, can increase unethical behavior within the corporation and, in some cases, have incubated and helped perpetuate illegal behavior. As with all other tools, the tools of compliance can be abused. This chapter explores management abuse of corporate compliance systems, and it provides a caution about the dark side of compliance.