Corporate Crime and Punishment: An Empirical Study

Article - Volume 100 - Issue 2

For many years, law and economics scholars, as well as politicians and regulators, have debated whether corporate punishment chills beneficial corporate activity or, in the alternative, lets corporate criminals off too easily. A crucial and yet understudied aspect of this debate is empirical evidence. Unlike most other types of crime, the government does not measure corporate crime rates; therefore, the government and researchers alike cannot easily determine whether disputed policies are effectively deterring future incidents of corporate misconduct. In this Article, we take important first steps in addressing these questions. Specifically, we use three novel sources as proxies for corporate crime: the Financial Crimes Enforcement Network (FinCEN) Suspicious Activity Reports (SARs), consumer complaints made to the Consumer Financial Protection Bureau (CFPB), and whistleblower complaints made to the Securities and Exchange Commission (SEC). Each source reveals an increase in complaints or reports indicative of corporate misconduct over the past decade. We also examine levels of public company recidivism and find that they are likewise on the rise. And we document a potential explanation: recidivist companies are much larger than nonrecidivist companies, but they receive smaller fines than non-recidivist companies (measured as a percentage of market capitalization and revenue). We conclude by offering recommendations for enforcement agencies and policymakers. In particular, our results suggest that enforcers are unlikely to achieve optimal deterrence using fines alone. Enforcement agencies should therefore consider other ways of securing deterrence, such as by seeking penalties against guilty individuals and the top executives who facilitate their crimes.


Throughout the COVID-19 pandemic stimulus negotiations, corporate liability was a sticking point. Senate Majority Leader Mitch McConnell and other Senate Republicans demanded that any additional support to struggling households be paired with federal liability shields that would restrict pandemic lawsuits from targeting corporations and their employees.[1] Democrats contended that liability shields would precipitate negligence by businesses, universities, and hospitals that knew they would never be held accountable for misbehavior.[2]

Although the pandemic brought these issues to the surface, they are not new, and indeed, the standards by which we hold businesses accountable for malfeasance is a significant area of public concern. Complex trade-offs govern the existing legal framework: on the one hand, forceful punishment for firms may chill beneficial economic activity; on the other, the failure to hold businesses and their employees accountable for misconduct can encourage future bad behavior. These arguments were at the forefront of the conversation during the financial crisis of 2008, when the Department of Justice’s (DOJ) lax approach to pursuing individual bankers precipitated public outrage.[3] And they will surface again.

A crucial and yet understudied component of this debate is understanding how corporate misconduct fluctuates in response to changes in enforcement and punishment. Perversely, however, the government makes no attempt to measure corporate crime.[4] Compare this dearth of data to what exists for public-order crime: each year, two government agencies provide detailed crime statistics for each category.[5] This data allows researchers to evaluate changes in litigation and other enforcement practices and consider whether they are optimally deterring criminal conduct. When it comes to corporate crime, however, the same body of research does not exist.

The importance of this asymmetry should not be understated. Most basically, the lack of statistical data surely hampers corporate criminal enforcement efforts. Suppose that the police in your city took no steps to measure the number of robberies each year. As such, if there was a steady increase, the police (and the government agencies with authority over the police) would not know about it, nor would they be able to develop an adequate response. In reality, government bodies take great pains to measure the level of violent crime in their jurisdiction because it helps them calibrate whether or not additional steps need to be taken to increase deterrence.[6] But for corporate crime—which can affect millions of people’s lives and bring down entire economies—enforcement plows forward blindly, subject to political winds rather than taking a clear look at whether crime is being adequately deterred.

Even more importantly, the lack of corporate crime statistics contributes to inequity in our criminal justice system. It is evident that the U.S. operates a two-tier criminal justice system that disproportionately affects people of color.[7] In particular, blue-collar offenders generally serve jail sentences for public-order crimes; white-collar criminals are rarely prosecuted, and when they are, they generally bear less severe consequences.[8] Much has been written about the reasons for this inequity, and we offer an additional explanation: crime statistics play an important role in fueling policing efforts. If the public notices an upward trend in crime, it clamors for additional enforcement—increased monitoring of vulnerable areas, a quicker response time when calls are received, stronger charges in cases against arrestees—and police and prosecutors generally respond. There is no such information to guide public opinion when it comes to corporate crime. Not only that, the lack of statistics for corporate crime insulates enforcement agencies that take a lenient approach to corporate punishment. Without any information about whether crime is increasing, agencies can hide behind statements that their enforcement policies are adequately, or even optimally, deterring crime. Indeed, as the 2008 financial crisis shows, enforcement agencies rarely face a reckoning unless their lax policies contribute to an environment that nearly brings down the global economy.

This Article takes important steps toward addressing this asymmetry. It first offers an empirical analysis of the shift in the legal landscape over the past decade that not only decreased the likelihood that corporations would be prosecuted and that individuals would be held criminally liable, but also increased the size of monetary fines imposed on corporations. It then identifies three novel data sources that shed light on the question of whether crime has risen at U.S. public companies in the wake of these changes. Specifically, it identifies three proxies for corporate misconduct in order to study trends over time. Proxy data are particularly useful in this context—unlike most violent crime, corporate crime can be harder to observe and is often defined by broad and amorphous criminal statutes, complicating its measurement.

To proxy for corporate crime, we utilize three distinct data sources: the Financial Crimes Enforcement Network (FinCEN) Suspicious Activity Reports (SARs), consumer complaints made to the Consumer Financial Protection Bureau (CFPB), and whistleblower complaints made to the Securities and Exchange Commission (SEC).[9] These data come from a variety of vantage points: SAR reports are required to be filed by financial institutions under certain circumstances that are highly suggestive of malfeasance, while the CFPB data are generated by aggravated consumers of financial products.[10] Whistleblower complaints are generally filed by employees of banks and companies who suspect that financial crime has occurred; if the information leads to a successful enforcement action, the whistleblower is eligible for a large bounty.[11] By examining both reports by employees who report observed crimes and consumers who are harmed by misconduct committed by institutions with which they do business, we can usefully extrapolate information about overall crime trends.

Our results are summarized as follows: In the period from 2012 to 2019, we document a steep upward trend in SARs filed across every single agency that collects them (the OCC, the FDIC, the FHIFA, the NCUA, the FRB, the IRS, and the SEC). We focus only on those cases where SARs report insider involvement in financial crimes; thus, our data indicate that financial institutions flagged their own involvement in a greater number of transactions suggestive of money laundering, fraud, or other financial crimes in each year for the past five years.[12] In addition, we document an upward trend in consumer complaints submitted to the CFPB from November 2014 to August 2019, in all but a single category. Finally, we also observe a steady increase in whistleblower tips submitted to the SEC from 2011 to 2018. In sum, our data suggest an upward trend in reports of financial misconduct from three distinct sources that cover a broad range of crimes.

We recognize, however, that the implications that can be drawn from this data are necessarily limited due to imperfections in these datasets. For one, our data proxy for corporate misconduct, which may not correlate perfectly with corporate crime. We infer, however, that broader evidence of misconduct generally infers broader criminal activity and allows us to estimate trends in corporate criminality over time. However, factors that impact the incidence of misconduct reporting can confound our results. For example, it is possible that following the financial crisis, financial institutions were more careful to report suspicious activity, and therefore SAR filings increased for that reason. Likewise, perhaps whistleblower tips trended upward not because of an increase in criminality, but because of growing recognition of the large bounties available. Finally, perhaps consumers of financial products were simply becoming familiar with a new tool provided by a new agency, and that fact explains the increase in complaints made to the CFPB. Regarding the latter concern, however, we document a decrease in consumer complaints related to mortgages after July 2016; all other complaint types increase. This fall in mortgage complaints is consistent with increased scrutiny from the federal government about mortgage practices in the years following the financial crisis, as new regulations and regulatory oversight helped eliminate abusive practices.[13] Although this is not the only plausible explanation—it could be attributable to a fall in mortgage delinquencies, for example[14]—it suggests that the increase in other types of complaints is not solely attributable to an increase in consumer familiarity with the consumer complaint resource. If that were the sole cause, we would expect to see an increase in complaints across all dimensions.

In general, the volatility in our data series suggests that we are picking up on something more than changes in reporting practices. Taken together, our data show that corporate crime levels rise postcrisis, but in a non-monotonic way. It is certainly possible that this volatility is a by-product of changes in enforcement priorities, but it is likely that at least a portion of the uptick we document reflects an increase in the underlying level of criminal behavior. And given the features of the federal enforcement regime that we observe—the near disappearance of individual liability, especially for top executives, and the low number of corporate prosecutions—our results are unlikely to strike many as surprising.

As further support for our interpretation of the data, we study public company recidivism, relying on data provided by Brandon Garrett.[15] We define a corporate recidivist to be a public company that was prosecuted more than once between 2001 and 2018. We normalize fines by three measures of firm size—assets, revenue, and headcount. And we document a steep rise in recidivism during this time period, across public companies in all industries.[16]

We also observe some interesting characteristics of recidivist firms and their penalties. We find that larger firms tend to be recidivists; firms that offend only once are much smaller (as measured by market capitalization and number of employees) than recidivist firms. In addition, although recidivist firms bear fines that are, on average, twice the size of those borne by non-recidivist firms, these penalties are miniscule when scaled by the company’s assets or employees. For large firms, therefore, it may be more appropriate to think of these fines as inconsequential “parking tickets”[17] rather than meaningful deterrents.[18] For smaller firms, fines represent a greater burden.[19] This may explain why their deterrent value (as measured by the likelihood of offending again) is higher than the relatively lower fines ascribed to their larger counterparts. Perversely, therefore, concern about the potential adverse effects of criminal prosecution on large firms and their shareholders and the ramifications for the broader economy may insulate the malfeasance that is most socially disruptive from adequate punishment.[20]

In sum, our data indicate that corporate misconduct is on the rise, and we theorize that the current federal enforcement regime has a share of the blame. Although high fines imposed irregularly could result in efficient and adequate deterrence under certain circumstances,[21] our results indicate that fines are too low or imposed too sporadically to effectively deter crime.[22] In theory, a fine that is set equal to the social cost of the crime, adjusted upward to account for the probability of underdetection, will cause management to optimally prevent future instances of harm.[23] But the optimal fine might not be possible to calculate (what is the social cost of eighty-six lives?) or legally or politically feasible to levy (what if the optimal fine puts the firm into bankruptcy or is well beyond the statutory cap?).[24]

Not only that, there are also practical limitations to the corporation’s ability to adequately deter future incidents of crime when the only punishment is an entity-level fine.[25] Quite obviously, a fine primarily affects shareholders, not necessarily the individuals who committed the crime and who may have garnered private benefits from its commission. In theory, shareholders should have an incentive to demand reforms that would deter future criminal behavior that will depress the value of their shares, but rationally apathetic shareholders might not recognize the problem or understand how to address it.[26] In addition, the ultimate deterrent effect of fines against corporations and their shareholders may be muted: although a company’s stock price generally falls when charges are filed, it usually bounces back very quickly and tends to rise upon the fine’s announcement.[27] Therefore, shareholders might not demand an appropriate reduction in activity levels or the right amount of firm-wide monitoring to avoid future instances of crime.[28]

Our Article therefore makes two primary contributions. First, we use three novel data sources as a proxy for corporate crime. Importantly, we are one of the only papers to look beyond enforcement data, which is subject to endogeneity concerns, when evaluating corporate criminal enforcement.[29] And we generate several pieces of evidence indicating that corporate crime is on the rise. Second, we identify flaws in enforcement practices that are likely responsible for this underdeterrence, and in particular, an overreliance on fines as the primary penalty. We recognize, however, that our crude proxies do not allow us to precisely identify the aspects of the U.S. enforcement regime that are failing us nor the appropriate course of action to correct it. Therefore, our principal policy recommendation is for the government to treat corporate crime like any other type of crime and measure it. If our results are confirmed with further study, the normative implications are clear: enforcement agencies should increase the deterrence punch of each penalty by moving beyond fines and pursuing culpable individuals. We recognize that it is often difficult to charge individuals, and especially the top executives who are insulated from the commission of the crime, which may explain the dearth of actions against them. Indeed, we view this as a principal failing of the federal corporate crime enforcement regime and one that very likely contributes to the trends that we observe. Therefore, in Part III, we discuss one potential path forward: a new cause of action that would make it easier for prosecutors to pursue executives who facilitate crimes by lower-level employees.

Our Article proceeds as follows. Part I describes the U.S. enforcement regime and notable trends over the past decade, including declining corporate and individual prosecutions and (until 2018) rising fines. It then notes the puzzling absence of reported crime rates, the principal tool used to evaluate criminal enforcement in other areas and offers some theories as to why such data does not exist. Part II describes our proxy data and results that indicate that corporate crime is on the rise. Part III discusses implications for lawmakers. It urges the government to make additional data available for researchers to study and further contends that enforcement agencies should move beyond entity-level fines as the primary mechanism for punishment.

I. Corporate Criminal Enforcement

In the United States, corporations can be held criminally liable for crimes committed by agents in the scope of employment through the doctrine of respondeat superior.[30] When we discuss “corporate crime,” we are referring to crimes committed by corporate agents that could be attributed to the entity under this doctrine. If convicted of a crime, the corporate entity can be subject to a wide range of penalties, including fines, restitution, community service, and a loss of charter (of course, the guilty agents can also be subject to liability).[31]

In this Part, we describe major trends in federal corporate criminal enforcement in the past two decades. We then consider whether these enforcement practices could be consistent with optimal deterrence under law and economics theory. Finally, we observe a unique aspect of corporate criminal law scholarship: while legal scholars elsewhere study changes in underlying crime rates to evaluate enforcement, corporate criminal law scholars work backwards, studying enforcement to glean insights about crime rates.

A. Enforcement Data

This subpart provides data showcasing major trends in enforcement practice over the past two decades. To summarize, since the early 2000s, enforcement agencies have pursued fewer cases against corporations, brought fewer actions against individuals, increased the number of settlements, and obtained increasingly higher fines.[32] First, corporate prosecutions and convictions have been steadily falling. For example, the number of corporate prosecutions filed by the DOJ fell 29% between 2004 and 2014.[33] This trend has continued since then, and in 2018, the number of corporate convictions fell to ninety-nine, breaking a record for the lowest number ever recorded.[34]

Second, although the number of prosecutions has declined, the number of settlements has increased—especially among the largest companies.[35] From 2006 to 2019, for example, only twelve corporations were convicted after a trial.[36] Traditionally, the DOJ would settle cases with companies using a plea agreement after charges were filed in court.[37] Today, an increasing share of corporate criminal enforcement actions are settled without a plea, using non-prosecution agreements, or “NPAs,” and deferred prosecution agreements, or “DPAs.”[38] The use of these settlements reached a high point of 101 in 2015, which represented approximately a tenfold increase from 2005.[39] That number has since fallen somewhat, but the percentage of corporate criminal cases that are settled remains much higher than early-2000 levels.[40] Relatedly, the number of corporate declinations, where the DOJ determines that a case has merit but is not pursued because of the company’s “voluntary disclosure, full cooperation, remediation, and payment of disgorgement, forfeiture, and/or restitution,”[41] are rising for FCPA cases.[42] This type of settlement is especially lenient for defendants, as the government essentially determines that it will not take on a case that it thinks has merit.[43]

Figure 1: Deferred and Non-Prosecution Agreements (Share of Total Prosecutions)[44]

Third, individuals are rarely charged when charges are settled. In a study of DPAs and NPAs entered into from 2001 to 2014, Brandon Garrett found that only 34% involved individual prosecutions.[45] Most of those individuals were low-level employees.[46] This is true outside of the settlement context as well. Even in the wake of the Yates memo, which admonished enforcement agencies to pursue individuals more often,[47] not much changed—“[i]f anything, individual charging has declined in the years since [the memo] was adopted.”[48] In addition, the Trump Administration amended the Yates memo to emphasize that investigations should not be delayed “merely to collect information about individuals whose involvement was not substantial, and who are not likely to be prosecuted.”[49] As a result, in 2018, white-collar prosecutions fell to their lowest level in twenty years.[50] Even when individuals are charged, they are more likely than not to get off without jail time: Of the 414 individuals prosecuted from 2001 to 2014, only 30.9% received a prison sentence.[51]


Figure 2: DPAs and NPAs with Corresponding Individual Suits (Share of Total)[52]

Fourth and finally, although individual punishment has declined, entity-level fines have steadily increased over the past two decades, falling off slightly to return to precrisis levels in 2018. This reversal in a decades-long trend toward increased fines is reflective of a skeptical DOJ attitude toward large financial penalties. In 2018, then-Deputy Attorney General Rod Rosenstein stated that corporate prosecutions should “avoid imposing penalties that disproportionately punish innocent employees, shareholders, customers and other stakeholders.”[53] In a separate speech, he described a new policy that would help enforcement agencies avoid the “piling on” that occurs when multiple regulators impose fines involving the same conduct, again, out of a concern for “innocent employees and shareholders.”[54]

Figure 3: Aggregate Annual Corporate Criminal Penalties for All Prosecutions[55]

In sum, over the past two decades, the DOJ has generally forgone individual liability in favor of entity liability, favored settlements over trials, and until 2018, sought higher and higher fines.

If we look at the subset of prosecutions that involve banks, these trends are especially stark. Before 2008, banks were rarely prosecuted. That changed in the wake of the financial crisis, where the DOJ secured a number of record-breaking fines against financial institutions.[56] Indeed, nearly $7 billion of the total $9 billion paid in corporate penalties in 2015 came from financial institutions.[57] But these penalties are composed of a handful of blockbuster cases—the overall number of prosecutions has generally remained steady in the past few years, and it has fallen since 2017.[58] In addition, the vast majority of fines were secured via settlement, rather than after trial and conviction.[59]


Figure 4. Financial Institution Penalties, 2001–2018[60]

In addition, when banks are pursued, individual bankers are rarely charged. As Judge Jed Rakoff complained, as of 2014, no high-level executives had been successfully prosecuted in connection with the financial crisis.[61] From 2001 to 2014, of the sixty-six DPAs and NPAs entered into with financial institutions, only twenty-three cases, or 35%, featured individual prosecutions.[62] Most of these involved low-level employees.[63] For certain types of financial institution crime, there is a complete dearth of individual prosecution. As an example, no individual employees or officers were prosecuted in cases involving alleged violations of the Bank Secrecy Act, which proscribes money laundering.[64]

B. Evaluating Enforcement

Is the current U.S. federal enforcement regime, with its emphasis on large fines and lack of individual liability, supplying adequate deterrence? The answer to this question is subject to much debate. On the one hand, many politicians,[65] judges,[66] academics,[67] and journalists[68] are skeptical. For example, Judge Jed Rakoff has been a vocal critic of prosecutorial efforts in the wake of the 2008 financial crisis.[69] As discussed, the DOJ under the Trump Administration has taken the opposite view, adopting policies that decrease the likelihood of individual prosecutions[70] and limit the size of fines and other penalties in favor of securing “reasonable and proportionate outcomes in major corporate investigations.”[71] In this subpart, we first briefly consider how the DOJ’s efforts fare under law and economics theory. We then discuss a puzzling divergence between the corporate criminal law literature and that of public-order crime: a lack of empirical study of corporate crime rates.

1. Theory.—

The principal aim of corporate criminal liability is deterrence—other goals, such as retribution or incapacitation, make less sense when the subject of the penalty is a legal entity. Therefore, law and economics scholars have been influential in theorizing how to efficiently deter corporate misconduct. And under the classic model for criminal enforcement developed by Gary Becker, high fines might well be the most efficient way to deter crime.[72] Under Becker’s model, identifying the optimal level of criminal enforcement requires comparing the benefits to society from punishing and deterring crime with the costs of catching and punishing offenders.[73] Therefore, punishment by fine might deter crime most efficiently because fines avoid the social costs created by other forms of punishment, such as imprisonment. In sum, according to Becker’s model, fines are sufficient, and even preferable, so long as they are set equal to the social cost of crime multiplied by the probability of detection.[74]

However, this is not how fines are calculated.[75] The sentencing guidelines instead require the organization to remedy harm and then set the fine range based on “the seriousness of the offense” (reflected by the amount of pecuniary loss) as well as the corporation’s “culpability.”[76] Organizational culpability is based on, “(i) the involvement in or tolerance of criminal activity; (ii) the prior history of the organization; (iii) the violation of an order; and (iv) the obstruction of justice.”[77] The guidelines also allow penalty mitigation whenever the company has “an effective compliance and ethics program” or cooperates with authorities.[78] In other words, the sentencing guidelines adjust penalties based on culpability rather than the probability of nondetection.[79] And the fact that fines are often decreased as a reward for compliance rather than multiplied to compensate for the low probability of punishment suggests that fines alone will not supply adequate deterrence.

More importantly, time has revealed flaws in the Beckerian model. In particular, Jennifer Arlen and Renier Kraakman have argued that “the state cannot deter misconduct simply by setting liability high enough to ensure that firms cannot profit from it.”[80] Their position is that individual liability is a necessary component of corporate criminal enforcement because entity-level fines are unlikely to burden employees who are not shareholders, or who have small stakes in the company.[81] Instead, employees will be motivated to commit crimes that increase corporate profitability so long as the chance of detection is low because doing so will allow employees to reap personal benefits—increased job security, higher pay, and promotion.[82]

Therefore, under Arlen and Kraakman’s model, it is critical that the government detect and punish individual wrongdoing. However, information asymmetries limit the government’s ability to do this.[83] Therefore, entity liability can be usefully employed to induce companies to produce information that would help the government detect and punish guilty individuals.[84] According to Arlen, an optimal enforcement regime would enlist companies to detect crime, identify wrongdoers, and report to federal agencies, therefore making it easier for the government to pursue and convict guilty individuals.[85]

Arlen’s precept that cooperation between firms and enforcement agencies can be used as a means of punishing and deterring bad actors has not been embraced by the DOJ. Instead, as the previous subpart reveals, the government has mostly abandoned individual-level punishment.[86] When the government prosecutes employees, it primarily pursues only low-level actors.[87] This disparity is likely because it is very difficult to successfully prosecute top executives.[88] In addition, it may be unrealistic to rely on corporate cooperation as the primary mechanism for accountability because management will likely be motivated to shelter employees, especially their top executive colleagues. Therefore, viewed from the lens of law and economics theory, it is unlikely that the federal enforcement regime is optimally deterring crime.[89]

2. Data.—

In other areas of criminal law, theory is bolstered by data analysis. Although theory is certainly important for predicting how and understanding why certain enforcement practices affect criminal behavior, these conversations progress alongside an evaluation of how changes in enforcement affect overall crime rates.[90] To take an infamous example, consider the “broken windows” theory and the literature it generated. In 1982, James Wilson and George Kelling suggested that targeting misdemeanor offenses could reduce more serious crime.[91] This idea caught on like wildfire, influencing the enforcement practices of police in New York, Chicago, and Los Angeles, with some apparent success—crime rates mostly declined in these places.[92] But an exhaustive literature evaluating the link between the implementation of a broken windows policy and falling crime rates soon cast doubt on the efficacy of this theory, and by the early 2000s, multiple empirical studies had concluded that there was little evidence to support the claim that broken windows policing contributed to the sharp decrease in crime in the 1990s.[93]

By contrast, the corporate criminal law literature tends not to evaluate enforcement based on changes in crime rates. What explains the divergence between these two areas of scholarship? The principal cause is the fact that the government does not provide estimates of corporate crime levels, as it does for other types of crime, making it difficult to study. Likewise, the government does not attempt to measure aggregate levels of white-collar crime—the last time the government issued a comprehensive report of white-collar crime was in 1986, and this report summarized the characteristics of enforcement actions against white-collar criminals.[94] Compare this dearth of data to the statistics that are available for public-order crime: each year, both the FBI and the Bureau of Justice Statistics (BJS) collect data and present reports documenting the number of murders, rapes, sexual assaults, robberies, and assaults. The FBI collects this information by pooling reports by law enforcement agencies on a monthly basis; the BJS collects data by interviewing roughly 160,000 people in 95,000 households.[95]

Given the significance of corporate crime and its adverse economic consequences, it is certainly surprising that there has been no recent government attempt to estimate overall corporate crime rates. There are likely a few reasons why. First, the act of tallying corporate crime is more difficult than that of tallying public-order crime. When windows break, glass shatters; corporate crime, by contrast, can be difficult to observe. Not only that, but as Samuel Buell explains, violent crime tends to be more easily specified than white-collar crime, the latter of which tends to be defined under amorphous and broad criminal statutes.[96] Consider corporate fraud as an example. Some is easy to recognize, like the fraud perpetrated by Bernard Madoff. Other frauds are more difficult to determine. For example, what about an executive who technically complies with accounting rules but bends them in a way that ends up misleading shareholders about the financial health of the company? In the case of WorldCom CEO Bernard Ebbers, this was deemed criminal behavior despite his argument that he had broken no law.[97] Ultimately, the act of estimating corporate crime rates may require a number of difficult judgment calls about the types of misconduct that count as criminal.

Second and relatedly, public-order crimes tend to have identifiable and sympathetic victims, and those victims aid in statistical collection by reporting crime. For white-collar crime, by contrast, “the class of victims is typically diffuse, in the sense of being spread far and wide and standing at some distance removed in a chain of causation from the acts of the principal offender, whom the victims may never see, deal with, or even identify.”[98] This is not always the case: in the high profile cases of fraud, such as the Wells Fargo fake account scandal, the victims were easily identifiable and could alert regulators to misconduct.[99] Compare such fraud to the typical FCPA violation, where a company pays a bribe to a foreign government in order to secure a contract. There, the harm is quite diffuse—as then-President Jimmy Carter explained when he signed the bill, “[c]orrupt practices between corporations and public officials overseas undermine the integrity and stability of governments and harm our relations with other countries.”[100] In the case of a bribe, there will not always be victims who are poised to file a report.

We recognize that these hurdles to corporate crime data collection exist, but do not view them as entirely insurmountable. Although certain violent crimes are fairly easy to observe and measure, not all are. Consider rape as an example. Often, rape goes unreported; even when the victim reports, determining whether a rape occurred may require judgment calls about whether there was consent.[101] In addition, the answer may differ depending on the law of the particular jurisdiction, complicating the job of estimating an underlying rate. But these limitations do not stop the government from supplying an estimate each year. In Part III, with full recognition of the complications inherent to this project, we discuss paths that the government could take to provide data that would aid researchers in measuring corporate crime rates.

In the meantime, despite the substantial limitations that complicate the project of measuring corporate crime, several paths forward exist for researchers. One approach is to rely on survey data.[102] Indeed, public-order crime data provided by the BJS is gleaned from surveys; private organizations provide similar data for organizational crime. For example, the Ethics Resource Center surveys employees “understand how they view ethics and compliance at work.”[103] Every few years, the center also polls employees of Fortune 500 companies. These studies have been used by researchers to argue that rates of corporate criminality are increasing.[104] But a major limitation with survey data is that respondents might not honestly answer about their criminal behavior. This problem plagues researchers studying violent crime,[105] and there are a few reasons to think it would be an issue in this context. For example, employees—whether they be low-level workers or top executives—might feel pressure to give an overly rosy report about the company’s compliance. Not only that, survey design is also enormously important.[106] Without careful planning, surveys can be plagued with sampling errors and undercoverage issues.[107] For an example of a possible source of selection bias, the Ethics Resource Center survey is optional, and most employees who are selected decline to fill it out, leading to the inference that those who do submit answers have a reason to provide an especially extreme view. For these reasons, we are reluctant to rely on a single survey of corporate employees as an accurate measure of underlying crime rates.

We believe that researchers should instead identify and measure proxies for corporate crime to supplement information gleaned from survey data. Studying proxies for criminal misconduct avoids the problems that come from asking researchers to measure crime that is generally unobservable, rarely reported, or difficult to specify. Therefore, proxy data, though limited by the fit between the proxy and criminal misconduct, offer a promising avenue for scholars who seek to measure crime trends over time.

Corporate criminal scholars have generally relied on corporate criminal enforcement as a proxy for crime levels—the number of prosecutions, convictions, and settlements, as well as their terms.[108] We are skeptical that this information tells us much about underlying crime rates.[109] Enforcement data is subject to a host of exogenous variables: enforcement agency priorities, enforcement resources, and technological advances, to name a few.[110] A rise in enforcement actions against corporate criminals could mean a rise in underlying crime, or it could mean that the agency has decided to take a tougher stance on corporate crime. The usefulness of enforcement as a proxy for corporate criminal behavior is further diminished in our context because we know of (and indeed aim to study the effect of) substantial changes in enforcement over our sample period. Therefore, enforcement data is a poor proxy for underlying rates of corporate crime.[111]

Researchers in finance have thus far identified a few alternative proxies for financial misconduct: accounting restatements, securities class action lawsuits, and auditing enforcement releases.[112] These databases provide a proxy for securities and accounting fraud and have been useful in establishing that only a tiny fraction of such fraud is detected and punished.[113] Our analysis in the next Part considers additional proxies for misconduct based on reporting (both mandated and voluntary) by firm employees and their customers. Our goal is to say something about corporate crime trends more broadly, beyond the relatively narrow inquiry of this prior work.

II. Corporate Crime on the Rise

In this Part, we identify three novel proxies for corporate criminal behavior based on reported instances of misconduct. Specifically, we rely on data from the Financial Crimes Enforcement Network (FinCEN) Suspicious Activity Reports (SARs), consumer complaints made to the CFPB, and whistleblower complaints made to the Securities and Exchange Commission (SEC). Each dataset in our sample is unique—it represents reports by different groups of individuals made to different regulatory agencies and implicates different types of misconduct. First, SARs are an anonymous filing required by the Bank Secrecy Act to be filed whenever a bank employee suspects a violation of that Act. Because our focus is on corporate crime, we isolate those SARs that flag misconduct by bank employees. Second, CFPB complaints are lodged by aggrieved customers of financial products. Third, corporate employees file whistleblower tips with the SEC to tip the agency off to possible corporate misconduct. In each subpart, we describe these datasets and the trends that we observed over time. We explain why we believe these proxies correlate with corporate criminality, and also discuss the many problems that complicate and weaken our interpretation. In the last subpart, we study public company recidivism, relying on enforcement data from Brandon Garrett. In so doing, we are able to learn more about the principal enforcement tool used by the DOJ—the fine—and whether or not it is deterring future incidents of institutional crime.

A. Suspicious Activity Reports

SARs are an anonymous mechanism to report financial crimes used by institutions subject to the Bank Secrecy Act.[114] The intuition behind the SAR requirement is that financial institutions are best positioned to detect illegal use of the financial system; as such, they should be enlisted in helping the government root out financial crime.

SARs are required to be filed whenever an employee or other individual[115] suspects that an agent within the institution has attempted to perform a transaction in furtherance of money laundering or other violation of federal law.[116] “Agent within the institution” is defined broadly to include not only insiders, but also bank customers and suppliers.[117] However, suspicious transactions below a $5,000 threshold do not require a SAR.[118] The failure to comply with SAR filing requirements is punishable by criminal and civil penalties, including large fines, loss of the bank’s charter, and imprisonment.[119] As a result, all financial institutions train employees on how to identify and flag suspicious activity.[120]

SARs are confidential, meaning that the person who is the subject of the report is not told about it, nor is anyone outside of the institution privy to the information. Any unauthorized disclosure is punishable as a criminal offense. In addition, the SAR filer need not disclose their name and is awarded immunity during the discovery process.[121]

A SAR describes the suspicious behavior, the crime categories to which the behavior pertains,[122] and the agent’s relationship with the institution. After the institution receives a report, it must undertake a multistage review process, which ultimately entails sending it to the bank’s financial investigators, management, and attorneys.[123] Financial institutions are required to file SARs within thirty days after the detection of suspicious behavior at their institution.[124] Finalized SARs are sent to one of seven federal agencies—the FRB, the IRS, the SEC, the OCC, the FDIC, the NCUA, or the FHFA.[125] Under certain circumstances, such as when the SAR implicates national security, the SAR may be sent to a fusion center that makes the information available to state and federal agencies that may be interested in acting.[126]

There have been a few important changes in SAR filing requirements in the past few decades. Most importantly, in 2002, the USA Patriot Act made SAR reporting requirements mandatory for broker-dealers who suspect any violation of law or regulation (including state law), therefore subjecting broker-dealers to broader requirements than those of financial institutions.[127] Immediately following the enactment of the Patriot Act, there was a spike in SAR filing, even by banks who were subject to the same requirements as before (an earlier analysis of SARs shows that the spike eventually tapered off around 2010, just before our analysis begins).[128] A former Treasury official speculated that the acceleration in filing may have been the result of financial institution concern about reputational risk after 9/11.[129] Since 2002, however, SAR reporting requirements have been relatively stable.[130]

We secured all available SAR enforcement data from the U.S. Treasury FinCEN.[131] The SAR data comprise both business-related and individual suspicious activity. To proxy for financial-institution crime (rather than individual crimes that could not be attributed to the entity under respondeat superior), we isolate SARs where suspects are institutional insiders (employees, directors, agents, officers, and owning or controlling shareholders).[132] The underlying data are reported monthly and exhibit a high degree of volatility; to aid with data visualization and interpretation, we perform one-sided winsorizing at the 90% level and take a twelve-month moving average of the series.[133]

Figure 5 reveals an increase in SARs filed across all agencies studied, which suggests an increase in crimes committed by bank insiders. We acknowledge that there is not a one-for-one relationship between SARs and underlying financial crime; however, we think that this data is a better proxy for violations than Bank Secrecy Act enforcement data. As discussed, measures of criminal enforcement—such as arrests and prosecutions—are dependent on factors like the ability to detect criminal behavior, the availability of admissible evidence, and agency resources. By contrast, bank employees are required to file SARs whenever they suspect that malfeasant behavior is occurring, and therefore, the data collected is not subject to the same endogeneity concern. Thus, while SARs may overstate the amount of crime (i.e., contain false positives), we doubt that they systematically and directionally err in reflecting aggregate financial crime trends.

Figure 5: SAR Counts by Agency

It is important to note that SAR filings are not exogenous to the enforcement environment. Earlier data highlight this reality directly: the 2001 Patriot Act did not change the reporting requirements for banks but instead expanded them to other entities.[134] Yet, even for banks, there was a substantial uptick in SAR reporting. This uptick may have resulted from increased concern about bank reputation, or increased SAR filing enforcement by regulators. The uptick in reporting that we observe necessarily conflates both changes in the level of criminal behavior and in the reporting of that behavior by financial institutions.

Two helpful facts minimize this endogeneity concern. First, unlike the lax enforcement of the early 2000s, FinCEN took SAR filing seriously during the entire period of our sample. Before 2005, FinCEN had not consistently pursued enforcement actions for the failure to file SARs; that changed in 2005 after the agency prosecuted Riggs Bank criminally for the willful failure to file SARs, ultimately securing a $16 million fine and five years of criminal probation for the bank.[135] Since that time, the agency has regularly brought enforcement actions against banks that fail to file SARs.[136]

Second, although it is true that there has been a level shift upward in SAR reporting across agencies, it is not the case that these patterns are identical. Even within an agency, trends in SAR filings differ across categories. In 2012, mortgage loan fraud reported by depository institutions decreased by 29 percent—after having risen each year since 1996.[137] In that same year, banks saw increases in 12 of the 21 other suspicious activity categories.[138] This volatility suggests that something other than an increased willingness to report is driving our results.

A related concern is that our results may be driven by heightened regulatory scrutiny of bank compliance following the financial crisis, which caused banks to dramatically expand compliance programs and rendered employees much more sensitive to the risk of enforcement. This regulatory scrutiny came from multiple directions. For example, the DOJ began pursuing banks and securing record-breaking fines in the immediate aftermath of the crisis, as discussed in Part I. In addition, bank compliance failures came under a spotlight from the OCC, the FRB, and the New York Department of Financial Services, which was created only in 2011. These agencies supplemented FinCEN’s efforts by penalizing banks that failed to adopt effective anti-money laundering controls.[139] In addition to increased regulatory scrutiny, banks were subject to a host of new regulations that required them to dramatically expand their compliance programs. And we recognize that the combination of heightened scrutiny, as well as larger and more sophisticated compliance programs, could lead to an increase in reporting unrelated to any underlying crime. Regarding compliance, however, the largest increases in bank spending on compliance occurred in the immediate aftermath of Dodd–Frank—from 2009 to 2012.[140] If the increase in reporting was solely caused by increased resources spent on compliance, we would expect to see a spike in reports from 2009 to 2012 (and possibly in the years that followed) and then a levelling off. This is not what our data shows.

However, it is entirely possible that SAR reporting increased because employees rightly perceived that bank regulatory scrutiny was on the rise and would continue in the wake of the financial crisis, leading to excessive cautiousness. But a few facts counsel against interpreting employee cautiousness and regulatory scrutiny as the sole cause of the increase we see. For one, we do not see an immediate increase in the wake of the crisis, when bank regulatory scrutiny was at its highest point. This may be because SAR filing had increased dramatically in the wake of 9/11 and remained at high levels. It is likely, therefore, that banks were already filing a large number of SARs well before the financial crisis, meaning that we could expect to see less of an impact from this next wave of bank scrutiny. In addition, there is ample variation in the data following the financial crisis, and the SAR counts begin their uptick at different periods for different agencies—the SEC data begins to rise in 2014, while the FRB shows a steep increase in 2017, and the OCC data shows an increase in 2012. This variation suggests that the data is picking up on something other than employee sensitivity to regulatory scrutiny, which began in earnest in the immediate wake of the financial crisis.

In sum, although we recognize that our data likely overstate the level of criminal misconduct at banks, we do not believe that the rise in SARs is solely explained by an increase in resources spent on compliance, nor by concerns about the increased risk of regulatory enforcement; instead, we think it suggests that financial institution crime, and Bank Secrecy Act violations in particular, are trending upward.

B. CFPB Consumer Complaint Database

Under Dodd–Frank, the CFPB is required to maintain a consumer complaint database that allows consumers to submit complaints about unfair, deceptive, or abusive acts or practices by financial services companies.[141] These complaints give the agency “insights into problems people are experiencing in the marketplace and help [it] regulate consumer financial products and services under existing federal consumer financial laws, enforce those laws judiciously, and educate and empower consumers to make informed financial decisions.”[142] The CFPB also intends that the database will be used by researchers to identify harmful business practices that might harm consumers.[143] The CFPB has accepted complaints regarding credit cards since its first day of operations in July 2011, and it has since expanded to several categories: mortgages, bank accounts and services, private student loans, vehicle loans, other consumer loans, credit reporting complaints, and money transfers.[144]

After receiving a consumer complaint, the agency confirms that the consumer is actually a client of the financial institution in question, that the complaint has not been filed already, and that the complaint was submitted by the consumer. However, the agency does not take steps to verify whether the complaint has merit. Complaints are forwarded to the appropriate company and/or regulatory agency,[145] and the company has an opportunity to respond.[146]

In Figure 6, we show the number of complaints by product type from January 2015 to July 2019.[147] These graphs reveal an upward trend in complaints by each product type, with the exception of mortgages.

Figure 6: CFPB Complaints by Product Type

What to make of these results? CFPB complaints are distinct from SAR filings in an important way: they are voluntary reports made by consumers who believe themselves to be victims of crimes and other misconduct, rather than mandatory reports by bank employees. Thus, the endogeneity concern detailed above—that the increase in SAR reporting reflects changes in the enforcement regime—is irrelevant in this context. Instead, with respect to the CFPB database, a competing explanation for the uptick in consumer complaints is that the increase in reporting is driven by an increase in consumers’ likelihood of reporting and not a change in the underlying level of malfeasance. Although there certainly is some learning at play in the data, as evidenced by the large spike in the first two months of our dataset, we would expect uniform increases in complaint counts across all product types if this were the only operative effect. The steady decrease in mortgage complaints after 2016 suggests that the database may be picking up on something else.

Why do we observe a decrease in mortgage complaints? Several possibilities exist. The fall in mortgage complaints is consistent with increased scrutiny from the federal government about mortgage practices in the years following the financial crisis, as new regulations and regulatory oversight helped eliminate abusive practices.[148] This is not the only possible explanation—it could be attributable to a fall in mortgage delinquencies, for example[149]—but in any event, we think that it helps debunk the view that the increase in other types of complaints is solely attributable to an increase in consumer familiarity with the consumer complaint resource.

In related work, Kaveh Bastani, Hamed Namavari, and Jeffrey Shaffer study in greater detail the narratives that consumers report to the CFPB when they file complaints.[150] They too document interesting shifts in topic popularity over time, which experienced substantial volatility over their year-long sample.[151] It is hard to see how shifts in consumers’ ease of reporting could drive these results. In fact, the authors suggest that regulators should do more to use the CFPB data to aid enforcement efforts, such as by applying machine-learning techniques to consumer complaints to identify problems in consumer financial markets more quickly.

There is an additional concern that consumer reports are not appropriate proxies for financial institution misconduct because consumers can report annoyances (e.g., “the late fee charged by my credit card company is high”) alongside crimes (e.g., “I was defrauded”). Indeed, the database does not distinguish between “major” and “minor” complaints, nor does it verify the accuracy of each complaint lodged before making it publicly available.[152] However, analysis of the CFPB complaints data suggests that a nontrivial amount of these complaints tracks misbehavior. Although the majority of complaints are closed by companies with an explanation, 17% are closed with some type of relief, including “monetary relief” or “non-monetary relief,” the latter of which includes “changing account terms, correcting submissions to a credit bureau, or coming up with a foreclosure alternative.”[153]

Figure 7: CFPB Resolved Complaints by Resolution Type (2014–2019)

In addition, we studied time trends for consumer complaints in each of these four categories. If the underlying uptick in consumer complaints is driven by an increase in grievances rather than corporate malfeasance, we would expect to see an increase in reports closed without relief or closed with explanation. We would not necessarily expect to see an increase in instances of misconduct that firms have difficulty responding to, nor would we expect to see increases in misconduct that require monetary relief. Instead, as Figure 8 reveals, we see complaints trend upward in each category. And although the vast majority of cases are closed with explanation or with non-monetary relief, a substantial portion falls into the more severe categories.

Figure 8: CFPB Complaints by Disposition

As a final check, we manually classify complaints into three categories: petty, mild, and severe. We determine severity by studying the “issue” and “sub-issue” categorizations that the CFPB provides.[154] Our assessment of severity is based on two factors: (1) assuming the allegations are true, how serious is the underlying corporate misconduct, and (2) how likely is it that the allegations are true? There is inherently ample discretion in this manual categorization exercise. Since we are focused on measuring trends in corporate criminality, we are conservative and tend to exclude categories of complaints where the possibility of underlying criminal activity is uncertain.

As Figure 9 reveals, we observe that across the “non-petty” consumer categories (“moderate” and “severe” on our scale), there is a substantial uptick in both moderate and severe cases. This data supports the notion that there has been an uptick in consumer reports of troubling corporate misconduct, rather than simply petty grievances.

Figure 9: Trends in Non-Petty Consumer Complaints

Further support for the view that our data are picking up on overall rates of illegal behavior comes from analyzing the raw student loan data shown in Figure 10. In late February 2016, CFPB updated its complaint form to capture information about federal student loan servicing, in addition to private student loan servicing.[155] That precipitated an immediate increase in the count of student loan complaints, suggesting that learning effects flow through relatively quickly. The large spike in early 2017, on the other hand, reflects the criminal behavior underlying the CFPB’s major enforcement action against Navient, the largest student loan company in the United States, alleging illegal practices that thwarted borrowers’ ability to make accelerated repayments.[156] Again, the spike is immediate and short-lived. Taken together, these pieces of evidence suggest that learning about the existence of the consumer complaint database is unlikely to be the sole driver of increased traffic across the database’s many categories of financial products. To the extent that learning—about the database as a resource or about potential criminal behavior that a customer has fallen victim to—drives the decision to seek recourse, this occurs immediately.

Figure 10: Raw CFPB Complaints for the Student Loan Category

However, we recognize that complaints of misconduct do not correlate perfectly with complaints involving crime. Nonetheless, the more severe the misbehavior, the more comfortable we are suggesting that the uptick in misconduct we observe correlates with an uptick in crime. Further, anecdotal evidence supports the notion that there is a relationship between consumer use of the complaint database and financial crime. Between October 2016 and December 2016, credit card complaints by customers of Wells Fargo increased by nearly one hundred percent relative to the same period the year prior, an increase contemporaneous with the bank’s fake accounts scandal.[157]

Therefore, while we do not believe that there is a one-to-one correlation between the number of complaints filed and aggregate crime levels, we do believe that consumer complaints can serve as a useful proxy for overall misconduct committed by consumer-facing financial institutions.[158]

In sum, two distinct proxies for financial institution misconduct—consumer complaints to the CFPB and SAR reports filed by banks themselves—document an increase in complaints that are indicative of crime by financial institutions. This evidence suggests that the federal enforcement regime, which in the past decade has prioritized entity liability and fines over individual liability, may not be adequately deterring financial crime.

C. SEC Whistleblower Tips

In addition to creating the CFPB, Dodd–Frank amended the Securities and Exchange Act of 1934 to create Section 21F, which directs the SEC to make monetary awards available to individuals who provide original information that leads to successful enforcement actions against perpetrators of financial fraud.[159] To implement this program, the SEC created the Office of the Whistleblower.[160] The whistleblower program went into effect in 2011, and as Figure 11 reveals, the number of tips received has increased in nearly every year since the program’s inception.[161] Most of these tips involve allegations about improper corporate disclosures and financial statements, offering fraud, or market manipulation.[162] Whistleblowers have also helped the SEC bring enforcement cases “involving an array of securities violations, including offering frauds, such as Ponzi or Ponzi-like schemes, false or misleading statements in a company’s offering memoranda or marketing materials, false pricing information, accounting violations, internal controls violations, and Foreign Corrupt Practices Act (FCPA) violations, among other types of corporate misconduct.”[163]

Figure 11: SEC Whistleblower Tips Over Time

Whistleblower tips may be filed whenever individuals observe violations of the law, and therefore, the more violations, the more tips we would expect to see. However, many factors could confound the results. As with the CFPB data, the increase could be due to changes in reporting practices, and specifically, an increase in reporting due to a heightened awareness of the program and the awards that successful whistleblowers can reap. Whistleblowers can receive 10% to 30% of any recovery in excess of $1 million, and headlines of multimillion dollar victories could encourage reticent employees to come forward (indeed, this is the goal of the program).[164] In addition, law firms anxious to capitalize on the bounties have begun to advise whistleblowers to file complaints in the past few years. This increased awareness of potential awards could contribute to the increase that we observe.

Another confounding factor is the SEC’s effort to remove barriers to whistleblowing imposed by employers. For example, in 2015, the SEC began pursuing companies that used confidentiality agreements in employee contracts to discourage employees from filing whistleblower complaints. In one such case, an employee contract required departing employees to forfeit their severance if they filed a complaint with the SEC.[165] The SEC has since secured cease-and-desist orders and financial penalties against several companies with such language in their employee contracts, which caused law firms to advise companies with similar language to eliminate it.[166] The removal of barriers to whistleblowing could be a partial cause of the increase that we observe. We doubt, however, that it would be the sole cause—lawyers had been advising whistleblowers long before the SEC enforcement actions that such clauses were not enforceable.[167]

As in the previous two datasets, it is likely that the tips we record include false positives. Indeed, in light of the massive awards that are possible, the incentive to file an unsubstantiated whistleblower tip might be quite high.[168] However, the SEC does put some barriers in the way of frivolous tips—to be eligible for the SEC’s anti-retaliation protection, tippees must have a “reasonable belief” that the action they are reporting reveals a legal violation.[169] In addition, anonymous tips are ineligible for awards (unless the anonymous tippee works with an attorney).[170] More than that, there are many negative consequences for employees who report workplace misconduct, such as isolation at work and job loss. Indeed, most whistleblowers go to great lengths to report and attempt to resolve wrongdoing internally to avoid the negative repercussions that come from whistleblowing.[171] Therefore, we believe that these features of the enforcement environment somewhat check the rate of false positives.

* * *

To summarize, each of our proxies indicates that reported misconduct has risen in the past decade. We recognize that reported misconduct does not correlate perfectly with actual misconduct: regarding whistleblower tips and SAR reports, employees may underreport known criminal behavior in order to avoid enforcement agencies’ attention. By contrast, disgruntled employees may report petty grievances. With respect to consumer complaints, much of what is reported falls under the category of grievances (e.g., consumers are struggling to pay their mortgage, or financial institutions are spamming with repeated advertising calls) rather than misconduct (e.g., credit reporting companies misusing consumer data or fraudulently opening accounts). Therefore, we do not suggest that these data provide an accurate measurement of overall crime rates; indeed, we find it likely that other factors affect the upward trends that we observe.

In particular, these data are necessarily responsive to the enforcement regime that governs these filings. For SAR data, for example, it is possible that we are capturing an increase in reporting because institutions are more carefully policed after the financial crisis of 2008. Likewise, whistleblowers may be responding to increased financial incentives for reporting criminal behavior, rather than any uptick in criminality. We understand there are reasons to believe that our results conflate levels of crime with an increase in incentives for reporting bad behavior, but we suspect that our results are at least partially explained by an uptick in underlying levels of criminality. Importantly, we observe volatility in each of our data series—levels of malfeasance ebb and flow over time in a way that is inconsistent with a one-time shock to reporting incentives. In sum, although we do not claim to provide a measure of overall crime rates, we do believe that in the aggregate, the data indicate that corporate crime has been trending upward over our sample period.

The evidence that crime has increased in the past eight years is consistent with what theory predicts would happen in response to the changes in enforcement that we observe: fines have risen, but the overall number of prosecutions and individual penalties have fallen. These trends are even starker when we focus in on financial institutions. In the wake of the financial crisis, only one guilty executive was sent to jail, and very few employees were prosecuted.[172] In addition, enforcement against institutions was sporadic, and certain crimes—including violations of the Bank Secrecy Act—were ignored altogether. In light of these trends, our results are not surprising. Criminals weigh the individual benefits of crime against the costs of bad behavior. Once the costs of offending are lowered, the benefits are more likely to outweigh them.

Of course, the DOJ did secure a handful of large fines against corporate criminals during the period we studied. Were these fines large enough to make up for sporadic enforcement and the lack of individual penalties? The next subpart describes our study of corporate criminal recidivism and the evidence that supports our interpretation that even these record-breaking fines were still too low to deter future instances of misconduct.

D. Recidivism and Fines

To study corporate recidivism, we relied on public company enforcement data from Brandon Garrett. Garrett has studied recidivism by financial institutions, noting that federal prosecutors repeatedly settle criminal cases with the same banks over a short period. These financial institution recidivists include AIG (which was the subject of enforcement proceedings in 2004 and again in 2006), Barclays (2010, 2012, and 2015), Credit Suisse (2009 and 2014), HSBC (2001 and 2012), J.P. Morgan (2011, 2014, and 2015), Lloyds (2009 and 2014), the Royal Bank of Scotland (twice in 2013 and again in 2015), UBS (2009, 2011, 2012, 2013, and 2015), and Wachovia (2010 and 2011).[173] He suggests that this evidence of recidivism casts doubt on whether prosecutors take financial institution misconduct seriously and whether corporate penalties are sufficiently deterring corporate actors from engaging in crime.[174]

Anecdotal evidence provides a further glimpse into the scope of the recidivism problem. To take just one example, in 2012 HSBC admitted to helping launder money for South American drug cartels. It received a record $1.9 billion fine and secured an agreement with prosecutors that would defer criminal sanctions.[175] The year after that agreement expired, HSBC entered into another do-not-prosecute agreement with prosecutors, this time for fraud in the foreign exchange market.[176] As part of this agreement, HSBC paid $110 million dollars, and no individuals were charged.[177] And in 2019, before this second agreement expired, the bank entered into yet a third agreement deferring charges for helping American clients evade taxes.[178] No individuals were charged, and the bank again paid a fine—this time of $192 million.[179] In at least this case, the do-not-prosecute agreements and accompanying penalties did not appear to deter future misdeeds. As Brandon Garrett put it in his article studying bank recidivism: “They are recidivists, but they do not receive harsher penalties despite their growing criminal records. . . . Individual criminal defendants are not so lucky.”[180]

We expand on Garrett’s inquiry more systematically by studying recidivism by all publicly traded corporations over the last two decades, focusing on the relative size of the penalty for recidivist firms versus one-time offenders.[181] We define a corporate recidivist to be a public company that was prosecuted more than once between 2001 and 2018. We begin with a list of 384 corporate prosecutions naming publicly traded corporate defendants. We identify any fines paid by the corporations, including restitution, forfeiture, disgorgement of profits, and other monetary penalties and payments to enforcers in parallel civil suits. We normalize fines by three measures of firm size—assets, revenue, and employee headcount—each of which is available from Compustat. We normalize this variable because we believe that fine size should scale with firm size, although we recognize that this will not always be the case. In general, larger firms have the ability to commit crimes that cause greater social harm because of their larger size and scale of operations. Consider the Volkswagen cheating scandal as an example. In that case, the company had sold millions of cars across the globe that misled regulators about their environmental emissions.[182] Quite obviously, a similar violation committed by a smaller company without global reach would have a less socially harmful impact simply by virtue of the smaller scale of its operations. In addition, the larger the company, the higher the costs of compliance, indicating that a larger fine would be necessary to induce a large company to spend adequate resources to root out socially harmful behavior across the organization. Again, this generalization is not necessarily true in all circumstances—a small company could in theory commit a crime that is more socially harmful than the crime committed by a much larger company—but in general, we believe that social harm of crime should scale with firm size.

Of the 384 prosecutions, we matched defendants from 372 of them to firms in Compustat. We were also able to match five prosecutions to public corporations not in Compustat; we pulled assets, revenue, and headcount data for these firms from SEC filings via EDGAR.[183] Where possible, subsidiary firms were matched to parents, as long as the parent had acquired the subsidiary at the time of settlement. For international firms, annual assets, revenue, and headcount data were pulled from Compustat’s Global Daily database;[184] for U.S. listed firms, from Compustat’s North American Daily database.[185] As Compustat reports international data in local currencies, we converted size data to dollars using end-of-year conversion factors from FRED’s daily foreign exchange series.[186] International firms were queried via ISIN numbers; U.S. listed firms, via CUSIPs where possible and CIK numbers otherwise. All dollar figures were converted to 2018 dollars using the CPI series from FRED.

We maintain three different Boolean measures of procedural toughness. The first indicates whether an agreement required a corporate monitor; the second, periodic audits of compliance programs; and the third, either of the first two. In other words, we ensure that a company is not more likely to be a recidivist because the enforcement agency has greater knowledge about the company and its operations as a result of penalties secured in the first enforcement action. We observe in Table 1 that a recidivist is as likely as a one-time offender to have a corporate monitor or audit imposed, and in subsequent offenses, is actually less likely to have either imposed.

Table 1: Boolean Measures of Procedural Toughness

Table 2 summarizes the fines, data, and characteristics of recidivist and non-recidivist firms. Recidivists face larger penalties on average ($256 million versus $122 million for non-recidivists), but recidivist firms are also much larger than non-recidivist firms when measured by assets and revenue, as well as market capitalization, which is shown in Figures 12 and 13.[187]After normalizing fines, we construct a measure of recidivism to gauge whether the increase in fines operates as a deterrence mechanism. First, we sorted the resulting public corporation database by unique parent entity and date. For each firm, we manually cross-referenced prosecutions settled within one year of each other against filings provided by the Corporate Prosecution Registry (CPR); if multiple prosecutions in the CPR cited the same underlying malfeasance, we counted this as a single prosecution and summed the associated penalties. This procedure reduced the number of prosecutions from 372 to 348, implicating 272 parent entities. Of these, 221 unique firms were one-time offenders, and 51 unique firms (or 18.7%) were recidivists.

Figure 12: Distribution of Non-Recidivist Firms by Market Capitalization


Figure 13: Distribution of Recidivist Firms by Market Capitalization at First Offense

As a share of assets, revenue, and total employees, recidivists in fact face less stringent penalties (0.22% of assets for recidivists, versus 16.84% of assets for one-time offenders, or approximately 1/80th the size; 0.55% of revenue for recidivists, versus 19.28% for one-time offenders, or approximately 1/35th the size; 0.42% of market capitalization for recidivists, versus 19.67% for one-time offenders, or approximately 1/40th the size). Therefore, although big public companies pay large fines, those fines are much smaller relative to the size of fines paid by smaller public companies (when normalized to account for their different size). Of course, this could be because smaller public companies commit more socially harmful crimes relative to larger institutions. But as mentioned, there are reasons to suspect that is not the case. First, somewhat mechanically, the ability to perpetuate harm against one’s customers is a by-product of the size and scope of the company’s operations. For crime by a consumer-facing financial institution, the severity of the harm should scale upwards by the number of employees or customers. For example, if Wells Fargo had just a few customers—rather than their estimated 70 million[188]—then the scope of their criminality with respect to the fake accounts scandal would have been much more limited. Further and relatedly, the most socially harmful crimes are less likely to be perpetuated by small firms, which generally lack the scale and scope to create systemic harm. For example, a bribe by a small company is surely less likely to “undermine the integrity and stability of governments and harm our relations with other countries,” whereas bribes paid by a prominent company could.[189] Likewise, if only small banks had originated fraudulent mortgages during the crisis, there would not likely have been the same degree of harm to the global economy.

As with much of the descriptive data that we present, it is impossible to rule out that smaller firms are simply committing larger crimes. But the more likely interpretation of the data is that they show an upper bound on corporate fines—for example, it might not be politically feasible to levy an $81 billion fine on Volkswagen (or 16% of the company’s assets).[190] More importantly, it might not be legally permissible because fines are often limited by statute.[191] And even if they could secure massive fines, prosecutors may have little incentive to do so when a smaller fine will garner substantial fame and attention: for example, Wells Fargo’s $1 billion settlement was celebrated as the most aggressive bank penalty of the Trump era, despite representing only 0.1% of firm assets.[192]

Table 3 shows the same data for recidivist public companies by offense count. As one might expect, dollar fines increase with offense count; however, fines are more lenient (when measured as a percentage of assets or revenue) for second and subsequent offenses than for first offenses.[193] In other words, this evidence suggests that prosecutors treat recidivist firms more leniently than non-recidivists. What explains this behavior? Perhaps these later crimes are unrelated to the first and the DOJ is levying fines that scale appropriately with the social cost of the crime. Another possibility is that criminal enforcement is a repeat game, and the companies get better at negotiating for leniency the more times that they interact with prosecutors as defendants. Or, again, perhaps an upper bound exists (at least in the mind of prosecutors) that restricts the aggregate amount of fines that can be levied on any one firm.

Table 2: Penalties and Measures of Firm Size for Public Corporations

Table 3: Penalties and Measures of Firm Size for Recidivist Public Corporations by Offense Count

As additional support for this interpretation, we observe an increase in recidivism between 2001 and 2018. In particular, as Figure 14 reveals, the share of crimes committed by recidivist companies jumps from 7% in 2010 to 28% in 2011 and continues to rise after that, hitting a high point of 50% in 2015. This means that a greater share of prosecutions involved companies that had offended more than once in the immediate aftermath of the financial crisis. As Table 1 explains, this result is not explained by the presence of a corporate monitor or audit requirement in the first prosecution. In addition, although the growth of recidivism in the early years of our sample is not surprising—in 2002, for example, there were fewer years to commit crimes and be deemed a recidivist—the shift at the end of the sample is indicative of a real trend. Before 2010, the share of crimes committed by someone who committed a crime in any of the prior years was very low—only 7%. The next year, the share of recidivist crimes jumps up even as total crime falls. In sum, these data indicate that there is an increase in recidivism in 2011 that is explained by neither enforcement nor our definition of recidivism. And that jump persists for the next six years, even as overall enforcement falls. In sum, our study of public company recidivism indicates that smaller public companies are subject to more burdensome fines than their larger public company counterparts, and they are also less likely to offend again. By contrast, larger public companies are more likely to receive a relatively small fine, and more likely to offend again, than smaller firms. Indeed, the largest firms in our sample were most likely to be subject to several enforcement actions during our sample period. Consistent with our analysis, Public Citizen reported in 2019 that of the thirty-eight repeat offenders they were able to identify, thirty-six were on the Forbes 2000 list and three had held the top spot as the largest corporation in the world.[194] Again, this could be because large firms have more opportunities to offend (more employees, more business activity) or have more difficulty policing their ranks. Or perhaps they are equally likely to offend but are more likely to be pursued by the DOJ when they do. The latter hypothesis is particularly compelling: prosecutors garner more fame and attention from prosecutions against large, well-known companies than they do from prosecutions of smaller companies. This reality likely explains some of our results, but the fact that relative fines are so much lower for large firms than smaller firms also suggests that the first penalty may not serve as a sufficient deterrent.

Figure 14: Number of Corporate Prosecutions and Recidivist Prosecutions

Corporate recidivism appears to be on the rise, even as the number of enforcement actions declines. And our results indicate two potential causes: recidivist penalties become more lenient over time, and recidivists receive more lenient fines than one-time offenders. Our analysis therefore indicates that the use of fines by federal enforcers may be resulting in sub-optimal deterrence, especially for the largest companies.

III. Implications

Part II suggested that corporate crime is trending upward, and in this Part, we discuss two primary implications. First, we explore the aspects of the DOJ’s enforcement regime that could be contributing to an uptick in crime. We also offer suggestions about what the DOJ and other policymakers should do to improve deterrence going forward. Second, and more broadly, we highlight the inadequacy of the existing data on corporate criminality that complicates our project and leads to our most forceful recommendation: that the government should do more to study and provide data about corporate criminality. We also offer suggestions for future research in this area.

First, our evidence offers crude support for the view that the DOJ’s enforcement regime that privileges entity liability and fines over individual liability is not adequately deterring crime by corporate employees. Of course, it is possible that rising crime levels would be consistent with an optimal deterrence regime. The optimal level of crime is likely higher than zero,[195] and perhaps there was too much deterrence (and too little crime) in the period before our sample. But we do not think this is likely for a few reasons. For one, the 2008 financial crisis precedes our sample, and many commentators view lax regulatory oversight and policing of fraud and misconduct as contributing factors to the global economic collapse.[196] In other words, it is unlikely that the government was over-deterring financial institution misconduct in the period preceding the 2008 financial crisis. Compounding this view is the evidence that, before 2008, prosecutions of banks were quite rare. Indeed, from 2001 to 2007, the DOJ only brought thirty-four enforcement actions against financial institutions—most of which were settled with small fines.[197]

Therefore, we believe that our evidence supports the view that the federal enforcement regime is not optimally deterring misconduct by financial institutions and other corporations. And this is despite the fact that the DOJ was, until 2018, securing record-breaking fines. Our results in subpart III(D) provide a possible explanation as to why these fines may be failing to deter future incidents of misconduct: it appears that the overall size of the fine may be limited by political or legal forces, especially for larger public companies. For one, massive fines ultimately penalize shareholders, making enforcers wary to come down too hard on them.[198] Relatedly, prosecutors may lack an incentive to push for massive fines; firm punishments are judged based on their dollar value, and for large enough firms, prosecutors can chalk up a major win after imposing a fine that is quite small relative to the company’s revenue and size. In addition, enforcement agencies may be limited by statutes that cap the amount of fines that can be levied.

The consequence, however, is that for the largest firms, even sky-high penalties are likely viewed as just another cost of doing business—more of a pinprick than a meaningful deterrent. Perversely, therefore, the U.S. enforcement regime is treating the largest institutions more leniently than smaller institutions, despite the fact that large institutions are more likely to commit crimes that result in widely felt public harm.

In addition, we are skeptical that fines, and even very large ones, are capable of adequately deterring future incidents of crime by themselves.[199] Again, when a large public company bears a fine, the shareholders bear the brunt of the penalty. In theory, those shareholders should have an incentive to demand reforms to deter future crimes that will cost them money; in reality, rationally apathetic shareholders have little capacity to police malfeasance, especially when crimes may well have been committed years before punishments are handed down.[200] In addition, the ultimate deterrent effect of fines against large public corporations and their shareholders may be muted by several factors. In particular, although a company’s stock price falls after the announcement of an investigation or the filing of charges, it usually bounces back very quickly, which could further discourage shareholders from taking action.[201] For these reasons, even very large fines imposed on the entity might not induce the company to deter future incidents of wrongdoing.[202]

In sum, our data support the law and economics scholars who argue against utilizing fines as the sole penalty for corporate crime: Even as fines have risen, our data indicate that corporate crime has increased, too. Therefore, we suggest that prosecutors supplement entity-level fines with other punishments. Although several options would increase the deterrence punch of an entity-level punishment—governance reforms,[203] corporate monitors,[204] shaming mechanisms,[205] etc.—we focus on reforms that would make it easier for prosecutors to pursue guilty individuals, as well as the individuals that enabled their crimes. We make this our focus because we believe (and our data suggest) that imposing penalties at the entity level is unlikely to deter crime by agents of widely held companies. Although governance reforms and corporate monitors are intended to target compliance problems directly, enforcers are limited by a lack of information and expertise, making it easy for insiders to game the system.[206] By contrast, pursuing guilty individuals ensures that there is no disconnect between the recipient of the punishment and the bad actor, increasing the likelihood of both general and specific deterrence.[207]

However, the information asymmetries that limit the efficacy of externally imposed compliance reforms also limit the government’s ability to detect and punish individual wrongdoing. In the wake of a corporate scandal, it is often challenging to determine who was responsible for the crime. Corporate decisionmaking is diffuse, made by many different actors at different levels, which makes it difficult to hold any individual responsible beyond a reasonable doubt.[208] This problem is especially challenging in heavily regulated industries, including banking, where legal requirements often mandate that decisions be made by multiple decisionmakers. In addition, across all industries, it can be difficult to distinguish beneficial corporate risk-taking from intentional criminal activity.[209] And often, the only feasible charges involve low-level employees rather than the executives who create cultures that foster criminality.[210] Therefore, demanding additional individual-level prosecutions alone, without finding a way to ascribe indirect liability to those at the top, is likely to fall hardest on low-level employees who follow orders, rather than top executives who give them.[211] As an illustration of this reality, consider that former Wells Fargo CEO John Stumpf testified to the Senate in September 2016 that the firm responded to the fake accounts scandal by firing 5,300 low-level bankers and tellers.[212] His resignation came only a month later and was a response to missteps before the Senate during this testimony, rather than accountability for the scandal directly.[213]

The sporadic targeting of low-level employees is unlikely to supply adequate deterrence, as our data suggest. More regular punishment of crime by low-level employees would obviously make the decision to offend less appealing, but there are practical reasons why enforcement agencies might not be inclined to do this. For one, enforcement agencies are resource constrained and unable to pursue every instance of individual misconduct. In addition, the decision to increase punishment for low-level offenders to account for the low probability of detection and punishment is quite unpalatable, especially given the complex nature of organizational crime. A mid-level manager who opens a fake account in the face of unrelenting sales pressure from senior management has committed a crime, but we might think that her culpability is lessened by the fact that senior management has created an environment where offending is the most attractive option. We are not inclined to suggest that prosecutors seek a lengthy prison sentence for that mid-level manager to account for the low probability of detection (nor would prosecutors be inclined to follow such a suggestion).

As this example further reveals, low-level offenders tend to commit crimes in response to organizational pressure,[214] and yet there is almost no way to pin criminal charges on the top executives who are responsible for that culture. Recall that in the wake of the financial crisis, no senior management went to jail. Across all industries, senior executives rarely face criminal penalties in the wake of a crime. And we believe that this reality contributes to our empirical findings that corporate crime is trending upward. Indeed, we think a central failing of the federal corporate criminal justice regime is a lack of a cause of action that is responsive to the complex nature of organizational crime. Both as a matter of equity and as a matter of deterrence, it is important to punish high-ranking executives who create environments that facilitate criminal behavior. These individuals have substantial control over corporate culture and can incentivize (or disincentivize) misconduct. Their punishment also has more deterrence value because individual punishment—be it public shaming, financial clawbacks, or in the extreme, jail time—is more likely to be noticed when executives, rather than relative unknowns, are sanctioned.

Some have recognized this problem and proposed a legislative solution. For example, Senator Warren has introduced a bill that “would authorize prosecution of an executive officer of any corporation that generates more than $1 billion in annual revenue for ‘negligently permit[ting] or fail[ing] to prevent’ either a criminal or civil violation by the company” that affects “the health, safety, finances, or personal data” of one percent or more of the population.[215] Put simply, Senator Warren has proposed to enable prosecutors to hold negligent corporate executives criminally responsible for corporate crimes that affect a large number of people.[216]

This is a controversial proposal. A bedrock of the U.S. criminal justice system is that an individual who acts without mens rea is not liable under criminal law—indeed, criminal justice reformers have focused on increasing the burden on prosecutors to prove a defendant’s guilty mental state.[217] The Warren proposal would replace the requisite criminal intent with a much lower standard, requiring only that a corporate executive be negligent.[218] Doing so could entice federal prosecutors to pursue top executives by easing the prospect of a victory. But expanding criminal liability to include negligent conduct is contrary to our legal tradition and strikes many as unfair and unjust.[219]

An alternative would be to model future legal reform after existing causes of action that place legal responsibility on individuals who facilitate crimes by others. One possibility would be to look at control person liability, which is established under Section 20(a) of the Securities Exchange Act.[220] That provision imposes liability on those who control individuals who violate securities laws, unless the control person can establish that they acted in good faith and did not induce the violation.[221] Courts have found that the affirmative defense is met when the control person has put in place “a reasonable and proper system of supervision and internal control.”[222] Put simply, executives and directors who facilitate securities fraud by others can be pursued so long as they control the wrongdoer and fail to meet the affirmative defense. A similar cause of action could be used to give the DOJ power to pursue executives and directors who control individuals who commit a broad swath of crimes. Doing so would provide incentives for executives and directors to serve as gatekeepers and root out crime by subordinates, rather than encourage criminality or tolerate corporate cultures that allow crime to flourish.

Another possibility would be to model reform on 18 U.S.C. § 2(a), which makes it a crime to aid or abet the commission of a crime.[223] This provision is more regularly used by the SEC than Section 20(a) to pursue secondary liability for individuals who facilitate securities fraud;[224] it is also used by prosecutors seeking charges for individuals who could not be held directly liable for crimes that are committed by others. For the latter, the prosecutor must establish that the aider and abetter (1) committed “an affirmative act in furtherance” of the crime and (2) had the “intent of facilitating the offense’s commission.”[225] In other words, the prosecutor need not show that the individual committed the crime, which removes a substantial hurdle. Instead, the prosecution must prove that the executive acted to further the crime with the intent of facilitating it—a challenging task. Therefore, legislators could modify the elements of the crime to encompass executives who knowingly facilitate crimes by subordinates—by their action or inaction. Specifically, when arguing that a senior executive aided and abetted crime by subordinates, the prosecution could be required to establish that the senior executive (1) committed an affirmative act or omission in furtherance of the crime and (2) did so with the knowledge that crime was taking place.

Consider how this cause of action could be used in the hypothetical prosecution against John Stumpf for the fake account scandal at Wells Fargo. From 2011 to 2015, Wells Fargo created as many as two million unauthorized accounts.[226] It is illegal to open a fake account for a customer, and yet no individuals were charged criminally—presumably because the DOJ could only successfully pursue low-level employees, many of whom had already been fired.[227] Stumpf likely knew about the illegal sales practices for some time: complaints about illegal and unethical sales activity throughout the bank were submitted directly to his office, and he was “frequently informed” by bank employees about sales practice issues.[228] Although the bank terminated employees who were caught opening accounts, one of the complaints submitted to Stumpf’s office alleged that the extent of the misconduct was much more widespread than Stumpf realized and that it involved many more consumer-facing bankers than had been caught and punished.[229] And yet, the bank did not investigate or respond. Stumpf’s compensation tells us something about his motivation: In 2015 alone, several million dollars of his bonus were attributable to “growing ‘primary consumer, small business and banking checking customers.’”[230]

Of course, it would be impossible to charge Stumpf for the illegal act of creating the accounts. But what about an aiding and abetting claim, as we envision it? Prosecutors could argue that Stumpf’s failure to act to root out the widespread misconduct consisted of a knowing omission that furthered the commission of crime. In addition, there is evidence that Stumpf protected wrongdoers and even endorsed the illegal activity.[231] After customers and city attorneys began suing Wells Fargo over its practice of opening fake accounts, Stumpf emailed the following to another executive: “We do such a good job in this area. I will fight this one to the finish. Do you know only around 1% of our people lose their jobs [for] gaming the system . . . . Did some do things wrong—you bet and that is called life.”[232] These facts would also likely suffice for liability under an expanded control person liability standard; Stumpf surely had control over the wrongdoers, and his failure to implement a reasonable system of supervision would deprive him of an affirmative defense.

In sum, modeling a cause of action off of either aiding and abetting or control person liability would be a plausible path forward for legislators who recognize that organizational crime is complex and that culpability may ultimately lie with the top executives who incentivized and supported the commission of the crime. And employing these causes of action would do much to improve deterrence: top executives who fear that they could be held responsible for crimes would do more to prevent them from occurring in the first place. At the same time, concerns about overdeterrence also exist: for both control person liability and aiding and abetting liability, the person found secondarily liable is “punishable as a principal.”[233] And the prospect of steep penalties and jail time could have adverse consequences, especially if the cause of action penalizes an executive’s failure to notice and address criminality by subordinates. Because executives only receive a portion of the upside from underlying misconduct, but could conceivably bear substantial downside, individual punishment for such conduct may encourage executives to be overly cautious and discourage beneficial risk-taking.[234] In addition, qualified executives might even refuse to work for large or floundering companies to avoid the risk of penalties.[235] Or they might do more to cover their tracks.[236]

This risk is one of the reasons why we prefer a modified aiding and abetting rule to Senator Warren’s proposed legislation: the imposition of a negligence standard almost certainly would lead to these perverse consequences.[237] Another way to allay these concerns would be to limit the penalties associated with secondary liability. A potential model comes from the certification requirement mandated by Section 302 of the Sarbanes–Oxley Act of 2002.[238] Under the SEC’s adopting rules, top executive and financial officers at public companies must certify that the companies’ annual and quarterly reports are accurate and complete.[239] Certifying false reports can lead to civil penalties, and willfully false certifications could result in criminal prosecution.[240] This rule helpfully induces executives to play a greater role in oversight of financial statements and also eases the prospect of charges against executives who participated in financial statement manipulation or failed to monitor those who did. In addition, the statute caps the criminal penalty: the maximum penalty for willful certification is $5 million and/or twenty years in prison.[241] To avoid the prospect of overdeterrence, legislators could likewise cap the penalty for any new cause of action aimed at penalizing executives who facilitate criminality by subordinates.

The Sarbanes–Oxley certification requirement was borne out of a recognition that more should be done to encourage corporate management to serve as gatekeepers for corporate misconduct. Likewise, the Delaware Supreme Court has been increasingly receptive to Caremark claims, which allow shareholders to challenge monitoring deficiencies at the board level by suing individual directors.[242] In the decision that initially embraced this claim, the Court of Chancery recognized that it would encourage boards of directors to proactively adopt adequate compliance systems and stay abreast of their workings.[243] And in the past several years, several Caremark claims have survived motions to dismiss, indicating a growing judicial receptiveness to individual liability for compliance failures and underscoring the importance of board engagement in compliance issues.[244]

We believe that further moves in this direction, such as the use of an aiding and abetting claim to pursue high-level executives, would do more to deter corporate crime than any entity-level punishment. And our data suggests that such additional deterrence is warranted. However, we recognize that our data allow us to make only limited normative recommendations. And this brings us to our second implication: policymakers and researchers need better data. Therefore, we urge the government to do what it does for all other types of crime and measure corporate crime levels. The asymmetry between public-order crime and corporate crime statistics is deeply problematic. Most basically, the lack of data hampers corporate criminal enforcement. The principal goal of corporate criminal liability is deterrence, but without an understanding of whether criminality is rising or falling, we cannot know whether this goal is being achieved. And identifying the right enforcement framework is critically important. Measures of white-collar crime in the United States estimate that it costs anywhere from $426 billion to $1.7 trillion annually.[245] Put simply, corporate crime affects all of us—as consumers, employees, and investors who increasingly save for retirement by investing in the stock market. Critics of corporate criminal liability have focused too much on the harm to shareholders when corporations are forced to pay fines and too little on the harm to the entire economy when corporate crime is not effectively deterred.[246] Better data would enable a better understanding of the aspects of the federal enforcement regime that are succeeding or failing and where additional attention and resources should be directed. It would also facilitate efforts by those who are critical of corporate criminal enforcement to effectively advocate for policy changes, like those we discuss earlier in this Part.

Beyond their import for evaluating our enforcement regime, adequate data on corporate crime could also help attenuate inequalities in our criminal justice system. Blue-collar offenders generally serve jail sentences for public-order crimes; by contrast, white-collar criminals are rarely prosecuted and, when they are, generally bear less severe consequences.[247] Much has been written about the reasons for this inequity, and we offer an additional explanation: Crime statistics play an important role in fueling policing efforts. Not only that, the lack of statistics for corporate crime insulates enforcement agencies that take a lenient approach to corporate punishment. Without any information about whether crime is increasing, agencies can hide behind statements that their enforcement policies are adequately, or even optimally, deterring crime.

Although data estimating corporate crime rates would be difficult to collect, it is not impossible. Data on non-white-collar crime provide a hint of where to begin. As discussed, both the BJS and the FBI make annual crime reports available each year.[248] These data are aggregated from surveys of police officers and households. We think a similar approach could be taken with regard to corporate crime, and perhaps white-collar crime, as a starting point. Instead of surveying police officers, the government could work with prosecutors and other enforcement agencies to document incidents of corporate crime that prosecutors suspect had occurred but chose not to pursue. Data on leniency programs, such as the program run by the Antitrust Division of the DOJ, which allows corporations and individuals who self-report bad behavior to avoid criminal conviction, would also provide useful information.[249] But as discussed, data provided by enforcement agencies are subject to endogeneity concerns. Therefore, a useful complement to this effort would be to survey compliance officials within institutions who could speak about the rates of underlying crime that were detected, under the condition that they would receive full anonymity and that their statements could not be used against them in an enforcement action.

In addition, the government could improve the data that already exist, aiding in research like our own. For example, the government could offer more detail about the claims reported by corporate whistleblowers and the information contained in SARs. Although anonymity for individuals and firms contributes to the willingness to self-report, the choice of anonymity over data access has significant consequences for our understanding of the landscape of corporate crime. The tradeoffs should be weighed carefully.

We also offer suggestions for academics studying this question with the limited data that exist. For one, exogenous shocks to corporate crime regimes provide an opportunity to study how legal regime change alters corporate behavior. Several studies have relied on shocks to study corporate compliance (e.g., following Arthur Andersen’s demise, which forced corporations to change auditors[250]) and insider trading.[251] Future work could follow a similar approach to study changes in criminal enforcement. Making use of exogenous shifts in legal environment and tracing out their impact on reported crime will not paint a full picture of corporate crime levels, but doing so can help provide micro-level evidence on the pervasiveness of corporate crime, as well as the consequences for corporate institutions of our under (or over) deterring it.

Beyond exploiting exogenous shifts to trace out causal relationships between legal institutions and crime levels, researchers can be creative about aggregating data from a variety of sources to draw inferences about corporate criminal behavior. In this Article, we have reported data from complaints by corporate customers, self-reporting on malfeasance by firm employees, and data studying corporate prosecutions. And this is just the tip of the iceberg. There is much more that could be done, for example, by working with individual firms to acquire proprietary data about internal employee malfeasance. Generating additional survey data could also be useful, provided that the methodological issues discussed in Part II(B) are addressed. Ultimately, our hope is to encourage others to engage with the messiness of the data that exist—and to push for new data sources made available by private and public actors—so that we can better estimate the level of criminal behavior by corporate actors and how it responds to evolving legal regimes.


This Article takes important steps toward determining whether corporate crime is on the rise. Our analysis of three distinct and novel data sources indicates that aggregate levels of certain types of corporate misconduct have risen in the wake of the financial crisis of 2008. And our study of corporate criminal recidivism suggests a cause: an over-reliance on fines as a penalty. Our principal normative recommendation is for the government to supply, and researchers to analyze, better data on this subject. If our results are confirmed after further study, however, the answer is clear: An enforcement regime that is limited in its ability to levy fines at an optimal level must rely on other forms of punishment—such as the imposition of liability on guilty individuals and the top executives who facilitate their crimes—to increase deterrence. Only then will corporate criminal punishment be seen as more than a cost of doing business.

  1. .Interview by Neil Cavuto, Anchor, Fox News, with Mitch McConnell, Sen., U.S. Senate (Apr. 28, 2020), https://‌‌/v‌/6152708313001#sp=show-clips [https://‌‌/J269-KG27]; see also Sarah Jones, Why Is Mitch McConnell So Obsessed With
    Liability Shields?
    , N.Y. Mag.: Intelligencer (Dec. 11, 2020), https://‌‌/
    intelligencer‌/2020‌/12‌/what-is-mitch-mcconnells-covid-19-liability-shield.html [https://‌‌/
    RS4M-96QE] (explaining Senator McConnell’s support for liability shields); Diana Ransom, The GOP Wants to Pass Greater Liability Protections. Do Businesses Need Them?, Inc. (Aug. 18, 2020), https://‌‌/diana-ransom‌/liability-protection-heals-act-phase-4-stimulus.html [https://‌‌/6F4H-AY4S] (describing the liability shields proposed by Republicans).
  2. .See Patrick Gleason, Democrats Say Covid-19 Legal Liability Protection Is a Dealbreaker in Congress, But Not in the States, Forbes (Dec. 11, 2020, 12:42 PM), https://‌‌/sites‌/patrickgleason‌/2020‌/12‌/11‌/democrats-say-covid-19-legal-liability-protection-is-a-dealbreaker-in-congress-but-not-in-the-states‌/?sh=2eb759565fd4 [https://‌‌/W8TV-8WFV] (“Speaker [Nancy] Pelosi, Senate Minority Leader Chuck Schumer, and fellow Democrats have insisted such liability protection is a deal breaker for them in the past . . . .”).
  3. .See, e.g., Wall Street Reform: Oversight of Financial Stability and Consumer and Investor Protections: Hearing Before the S. Comm. on Banking, Hous., & Urb. Affs., 113 Cong. 29–30 (2013) (remarks of Sen. Elizabeth Warren, Member, S. Comm. on Banking, Hous., & Urb. Affairs) (asking why large financial institutions are not taken to trial) (video available at https://‌‌/watch?v=mavB1lbtIow [https://‌‌/54AX-7WEX]); Jed S. Rakoff, The Financial Crisis: Why Have No High-Level Executives Been Prosecuted?, N.Y. Rev. Books, Jan. 9, 2014, at 4, 4 [hereinafter Rakoff, Why Have No High-Level Executives Been Prosecuted?] http://‌‌/articles‌/2014‌/01‌/09‌/financial-crisis-why-no-executive-prosecutions‌/ [https://‌‌/WUY5-CFQX] (pointing out that financial institution executives were not prosecuted in the aftermath the Great Recession); Brandon L. Garrett, The Rise of Bank Prosecutions, 126 Yale L.J. F. 33 (2016) [hereinafter Garrett, Bank Prosecutions] (describing how federal judges asked why so few prosecutions were brought against large financial institutions); David Zaring, Litigating the Financial Crisis, 100 Va. L. Rev. 1405 (2014) (noting that private sector actors were not sanctioned in courts in the aftermath of the financial crisis).
  4. .Likewise, the government has only sporadically offered limited estimates of white-collar crime. See Donald A. Manson, U.S. Dep’t of Just., Bureau of Just. Stats., NCJ 102867, Tracking Offenders: White Collar Crime (1986), https://‌‌/content‌/pub‌/pdf‌/to-wcc.pdf [https://‌‌/WR29-SJVH] (showing the last estimate of white-collar crime by the BJS); see also Cindy R. Alexander & Mark A. Cohen, George Mason Univ. Sch. of Law: Law & Econ. Ctr., Trends in the Use of Non-Prosecution, Deferred Prosecution, and Plea Agreements in the Settlement of Alleged Corporate Criminal Wrongdoing 28 (2015), https://‌‌/site‌/rte‌_uploads‌/files‌/Full%20Report%20-%20SCJI%20NPA-DPA%
    2C%20April%202015%281%29.pdf [https://‌‌/AJM5-ELL2] (“In comparison with street crime, where victimization rates can be tracked over time through victim surveys and by crimes reported to police, there is relatively little documentation of the harm from corporate crime or its victims or frequency of occurrence.”).
  5. .See infra note 95 and accompanying text.
  6. .One exception is data about gun violence, which, as a result of industry lobbying, has been quite limited since 1996. Samantha Raphelson, How the NRA Worked to Stifle Gun Violence Research, NPR (Apr. 5, 2018, 3:01 PM), https://‌‌/2018‌/04‌/05‌/599773911‌/how-the-nra-worked-to-stifle-gun-violence-research [https://‌‌/6LT4-T4SX].
  7. .See Paul Butler, Race and Adjudication, in 3 Reforming Criminal Justice: Pretrial and Trial Processes 211 (Erik Luna ed., 2017) (discussing how people of color are disproportionately affected by every step of adjudication in the criminal justice system); David Cole, No Equal Justice: Race and Class in the American Criminal Justice System 8–9 (1999) (same); The Sent’g Project, Report of The Sentencing Project to the United Nations Special Rapporteur on Contemporary Forms of Racism, Racial Discrimination, Xenophobia, and Related Intolerance: Regarding Racial Disparities in the United States Criminal Justice System 1 (2018), https://‌‌/publications‌/un-report-on-racial-disparities‌/ [https://‌‌/9AAS-P9AJ] (same). In its discussion of two distinct criminal justice systems in the United States, The Sentencing Project states:The wealthy can access a vigorous adversary system replete with constitutional protections for defendants. Yet the experiences of poor and minority defendants within the criminal justice system often differ substantially from that model due to a number of factors, each of which contributes to the overrepresentation of such individuals in the system.Id.
  8. .See generally Cole, supra note 7 (discussing the disparity between prosecution rates between types of criminals); Jeffrey H. Reiman, The Rich Get Richer and the Poor Get Prison (1979) (arguing that “crimes unique to the wealthy are either ignored or treated lightly, while for the so-called common crimes, the poor are far more likely than the well-off to be arrested, if arrested charged, if charged convicted, and if convicted sentenced to prison”); John L. Hagan & Ilene H. Nagel, White-Collar Crime, White-Collar Time: The Sentencing of White-Collar Offenders in the Southern District of New York, 20 Am. Crim. L. Rev. 259 (1982) (demonstrating “a strong correlation between lenient sentencing practices and white-collar offenses”).
  9. .We are not the first to try to extrapolate levels of financial misconduct from sources other than enforcement data. Indeed, an extensive literature attempts to measure the specific types of financial misconduct using one of three databases: accounting restatements, securities class action lawsuits, and accounting and auditing enforcement releases. E.g., Jonathan M. Karpoff, Allison Koester, D. Scott Lee & Gerald S. Martin, Proxies and Databases in Financial Misconduct Research, Acct. Rev., Nov. 2017, at 129, 142. We decided to study different datasets for several reasons. For one, we in many ways prefer our datasets because they allow us to study the time trend of post-crisis financial institution misconduct across several dimensions beyond securities and accounting fraud. In addition, the accounting restatement data are also known to be incomplete and misleading. See id. (explaining the misleading aspects of these databases). Of course, any data exercise on these questions is imperfect—including the analysis contained in our Article, which is why our claims are ultimately quite limited. For example, we do not claim to measure actual crime levels, but instead document trends that suggest a rise in financial institution crime over time. Cf. Alexander Dyck, Adair Morse & Luigi Zingales, How Pervasive Is Corporate Fraud? (Rotman Sch. of Mgmt., Working Paper No. 2222608, 2013), https://‌‌/abstract=2222608 [https://‌‌/PW2T-243Q] (providing an estimate of the undetected share of corporate fraud).
  10. .Consumer Complaint Database, Consumer Fin. Prot. Bureau, https://‌www‌/data-research‌/consumer-complaints‌/ [https://‌‌/43AW-TD6V]; Suspicious Activity Report Statistics Database, Fin. Crimes Enf’t Network, https://‌‌/reports‌/sar-stats [https://‌‌/N2SP-FRUU].
  11. .See U.S. Sec. & Exch. Comm’n, 2019 Annual Report to Congress: Whistleblower Program 4 (2019) [hereinafter Whistleblower program], https://‌‌/files‌/sec-2019-annual-report-whistleblower-program.pdf [https://‌‌/T46T-6XR4] (“Awards must be made in an amount that is 10 percent or more and 30 percent or less of the monetary sanctions collected.”).
  12. .SAR data comprises both business-related and individual suspicious activity. To proxy for corporate crime, we isolate SARs referencing institutional insiders (employees, directors, agents, officers, and controlling shareholders). See discussion infra subpart II(A).
  13. .See Andreas Fuster, Matthew Plosser & James Vickery, Fed. Rsrv. Bank of N.Y., Staff Report No. 857, Does CFPB Oversight Crimp Credit? (2018), https://‌‌/medialibrary‌/media‌/research‌/staff‌_reports‌/sr857.pdf [https://‌‌/EP9X-7N37] (finding that the CFPB’s regulatory oversight affects mortgage credit supply and reduces risky bank behavior).
  14. .See Mortgages 90 Days or More Delinquent, Consumer Fin. Prot. Bureau, https://‌‌/data-research‌/mortgage-performance-trends‌/mortgages-90-or-more-days-delinquent‌/ [https://‌‌/8QHG-L54N] (documenting mortgage delinquency trends over time).
  15. .Brandon L. Garrett & Jon Ashley, Legal Data Lab at the Univ. of Va. Arthur J. Morris L. Libr. & Duke Univ. Sch. of L., Corporate Prosecution Registry (Aug. 16, 2019) [hereinafter Garrett, Corporate Prosecution Registry], http://‌‌/Garrett‌/corporate-prosecution-registry‌/index.html [https://‌‌/B9EG-VJU4].
  16. .This is not driven by the fact that the time horizon grows as years pass, e.g., a firm committing a crime in 2002 has only one year of prior criminal history, versus a firm in 2018 has 17 years. In fact, in the immediate aftermath of the crisis, the share of crimes committed by a recidivist jumps from 7% in 2010 (averaging around 10% in the decade prior) to 28% in 2011 (averaging over 30% in the decade that follows). See infra fig.14.
  17. .Oversight of the Federal Trade Commission: Strengthening Protections for Americans’ Privacy and Data Security: Hearing Before the Subcomm. on Consumer Prot. & Com. of the H. Comm. on Energy & Com., 116th Cong. 51 (2019) (statement of Rohit Chopra, Comm’r, Fed. Trade Comm’n).
  18. .See Marshall B. Clinard & Peter C. Yeager, Corporate Crime 124–25 (1980) (“The $437,500 fine imposed against General Electric in the electrical equipment conspiracy was said to be the equivalent to a parking fine for many citizens.”). Of course, another explanation is possible—perhaps larger companies are more likely to be pursued by the government. We observe, however, that recidivists are not more likely to have a corporate monitor or audit requirement imposed by the government in the first enforcement action. This indicates that our results are not explained by the ease of prosecution, although it does not rule out the hypothesis that enforcement agencies prefer to target larger companies for multiple rounds of enforcement actions.
  19. .Note that this is the opposite of the approach taken by countries in Scandinavia, which scale up fines for certain crimes based on the offender’s income. Joe Pinsker, Finland, Home of the $103,000 Speeding Ticket, Atlantic (Mar. 12, 2015), https://‌‌/business/
    archive‌/2015‌/03‌/finland-home-of-the-103000-speeding-ticket‌/387484‌/ [https://‌‌/7JK5-MY6Z].
  20. .See, e.g., Eric Holder, U.S. Att’y Gen., Remarks Before the Senate Judiciary Committee (Mar. 6, 2013), https://‌‌/news‌/transcript-attorney-general-eric-holder-on-too-big-to-jail [https://‌‌/Q949-YF9T] (acknowledging the difficulty in prosecuting large institutions for fear that it will negatively impact national and world economies).
  21. .See Richard A. Posner, An Economic Theory of the Criminal Law, 85 Colum. L. Rev. 1193, 1206 (1985) (“If the costs of collecting fines are assumed to be zero regardless of the size of the fine, the most efficient combination is a probability arbitrarily close to zero and a fine arbitrarily close to infinity.”); Gerard E. Lynch, The Role of Criminal Law in Policing Corporate Misconduct, 60 L. & Contemp. Probs. 23, 32, 36 (1997) (discussing fines as a means of deterring criminal conduct).
  22. .See Rakoff, Why Have No High-Level Executives Been Prosecuted?, supra note 3, at 4, 6, 8 (arguing that the imposition of fines is not effective at deterring corporate crime).
  23. .Shavell and Polinsky provide the classic view, that “[i]f firms are made strictly liable for their harms, they will design rewards and punishments for their employees that will lead employees to reduce the risk of harm, since firms will want to reduce their liability payments.” A. Mitchell Polinsky & Steven Shavell, Should Employees Be Subject to Fines and Imprisonment Given the Existence of Corporate Liability?, 13 Int’l Rev. L. & Econ. 239, 240 (1993).
  24. .See Lawrence Summers, Companies on Trial: Are They ‘Too Big to Jail’?, Fin. Times (Nov. 21, 2014), https://‌‌/content‌/e3bf9954-7009-11e4-90af-00144feabdc0 [https://‌‌/7PW9-PFBG] (noting the collateral consequences that occur when corporations are punished, including harm to innocent employees and shareholders, and observing that these consequences have affected enforcement policy).
  25. .See Jennifer Arlen, Corporate Criminal Liability: Theory and Evidence, in Research Handbook on the Economics of Criminal Law 144, 170–71 (Alon Harel & Keith N. Hylton eds., 2012) [hereinafter Arlen, Corporate Criminal Liability], http://‌‌/pdf‌/textes‌_2012‌/LEC-Arlen‌_Chapter-7.pdf [https://‌‌/7VLD-DN4N] (discussing why the government cannot rely on corporate liability alone to optimally deter crime by employees of publicly held firms).
  26. .According to Arlen, management might not respond to the penalty if they have only a small equity stake in the company or if the firm cannot easily control employees. Id. We offer additional reasons to believe that an entity-level fine may fail to serve as an adequate deterrent by itself—affected shareholders are unlikely to take corrective action.
  27. .John C. Coffee, Jr., Corporate Crime and Punishment: The Crisis of Underenforcement 65 (2020) (“In response to the fine’s announcement, the stock market price of the defendant corporation has generally gone up (often significantly) and seldom down to any significant degree.”); Jonathan M. Karpoff & John R. Lott, Jr., The Reputational Penalty Firms Bear from Committing Criminal Fraud, 36 J.L. & Econ. 757, 759 (1993) (finding evidence that initial allegations of corporate fraud correspond to an average decrease of 1.34% in stock price).
  28. .See Jennifer Arlen & Reinier Kraakman, Controlling Corporate Misconduct: An Analysis of Corporate Liability Regimes, 72 N.Y.U. L. Rev. 687, 700 n.30 (1997) (“Shareholders of publicly held firms may be less able to rely on managers to implement optimal preventive and policing measures because managers bear much of the cost of prevention and policing but do not directly bear the firm’s expected liability for any wrongdoing that occurs.”); Summers, supra note 24
    (“Shareholders who have no direct role in corporate decision-making, and who often were not even holding shares at the time of the crime, are an odd target for retribution.”).
  29. .See, e.g., Corp. Fraud Task Force, Second Year Report to the President (2004), https://‌‌/archive‌/dag‌/cftf‌/2nd‌_yr‌_fraud‌_report.pdf [https://‌‌/KDB2-5MGZ] (outlining the actions taken by the Corporate Fraud Task Force in 2004, including criminal and civil enforcement actions); Transactional Recs. Access Clearinghouse (TRAC), http://‌‌/ [https://‌‌/HLH3-NRAJ] (providing “comprehensive, independent and nonpartisan information about federal enforcement”). Some have also relied on survey data to attempt to estimate base rates of misconduct. See William S. Laufer, A Very Special Regulatory Milestone, 20 U. Pa. J. Bus. L. 392, 421 n.90 (2017) (relying on survey data of observed misconduct by employees). See supra section II(B)(2) for a discussion of this approach and its flaws.
  30. .V.S. Khanna, Corporate Criminal Liability: What Purpose Does It Serve?, 109 Harv. L. Rev. 1477, 1489 (1996).
  31. .See id. at 1529 (explaining the range of penalties that exist for corporate criminals). Of course, criminal prosecutions are not the only way to encourage socially beneficial corporate behavior. New regulation and compliance systems to enforce them can help address problems like financial misconduct, workplace sexual harassment, etc. However, the empirical evidence suggests that the efficacy of these ex ante compliance management systems is limited. See Cary Coglianese & Jennifer Nash, Compliance Management Systems: Do They Make a Difference?, in Cambridge Handbook of Compliance 571, 581 (Benjamin van Rooij & D. Daniel Sokol eds., 2021) (“The evidence overall is limited and mixed. Some existing empirical research supports the theoretical expectation that [compliance management systems] can improve compliance, but other research also tends to reinforce a degree of skepticism about whether formal compliance systems lead to substantial improvements.”). Therefore, corporate criminal law has developed to fill a gap between criminal law and corporate regulation. Samuel W. Buell, Criminally Bad Management, in Research Handbook on Corporate Crime and Financial Misdealing 59, 60 (Jennifer Arlen ed., 2018) [hereinafter Buell, Criminally Bad Management].
  32. .Note that this Article focuses on enforcement at the federal level, where “the most significant and complex cases have long been brought.” Brandon L. Garrett, Declining Corporate Prosecutions, 57 Am. Crim. L. Rev. 109, 110–11 (2020) [hereinafter Garrett, Declining Corporate Prosecutions].
  33. .Justice Department Data Reveal 29 Percent Drop in Criminal Prosecutions of Corporations, TRAC Reports (Oct. 13, 2015), https://‌‌/tracreports‌/crim‌/406‌/ [https://‌‌/HQH4-L8HK]; see also Garrett, Declining Corporate Prosecutions, supra note 32, at 121–23 (noting the DOJ’s softening of its corporate prosecution policy from the later years of the Obama Administration into the Trump Administration).
  34. .Rick Claypool, Pub. Citizen, Soft on Corporate Crime: DOJ Refuses to Prosecute Corporate Lawbreakers, Fails to Deter Repeat Offenders 9 (2019), https://‌‌/wp-content‌/uploads‌/soft-on-corporate-crime-dpa-npa-repeat-offenders-report.pdf [https://‌‌/E4CT-6PFM].
  35. .See id. at 5, 15 (arguing that the largest companies are treated most leniently and contending that this is the result of the Holder Doctrine, which directed prosecutors to consider “potential adverse effects on a corporation’s shareholders and employees when deciding whether to bring charges against a corporation”).
  36. .Id. at 36–38.
  37. .See Bruce H. Kobayashi, Case Selection, External Effects, and the Trial‌/Settlement Decision, in Dispute Resolution: Bridging the Settlement Gap 17, 17 (David A. Anderson ed., 1996) (noting the efficiency gains from settlement versus trial in the case of corporations).
  38. .The main difference between NPAs and DPAs is that DPAs require charges to be filed in court—the prosecutor agrees to defer the prosecution of charges during a predefined time period. By contrast, NPAs are not required to be filed in court, and therefore, the judge does not approve the terms of the settlement. Jennifer Arlen & Marcel Kahan, Corporate Governance Regulation Through Nonprosecution, 84 U. Chi. L. Rev. 323, 332–33 (2017). For a critique of these tools, see Jennifer Arlen, Prosecuting Beyond the Rule of Law: Corporate Mandates Imposed Through Deferred Prosecution Agreements, 8 J. Legal Analysis 191 (2016). Note that the rise in DPAs and NPAs has also corresponded with an increase in imposition of a corporate monitor, which helps ensure compliance at the firm going forward. Vikramaditya Khanna & Timothy L. Dickinson, The Corporate Monitor: The New Corporate Czar?, 105 Mich. L. Rev. 1713, 1714, 1740–41 (2007).
  39. .Claypool, supra note 34, at 7. By contrast, the DOJ almost never settles charges against individual offenders using a DPA or NPA. See id. at 5 (showing that less than 1% of individuals received “pre-trial diversions from federal prosecutors” in 2018).
  40. .Garrett, Declining Corporate Prosecutions, supra note 32, at 132. As Brandon Garrett explains:[T]he main reason [for the 2015 increase] is the large number of non-prosecution agreements entered in 2015 with Swiss banks as part of a program to offer lenient settlements rewarding self-reporting and cooperation. None of those cases involved individual charges filed, including for practical and jurisdictional reasons, as the banks tended to be small or mid-sized Swiss banks (albeit ones providing tax shelters to U.S. taxpayers).Id. (footnote omitted).
  41. .Id. at 119.
  42. .Id. at 119–20.
  43. .Id. at 119.
  44. .Garrett, Corporate Prosecution Registry, supra note 15.
  45. .Brandon L. Garrett, The Corporate Criminal as Scapegoat, 101 Va. L. Rev. 1789, 1791 (2015) [hereinafter Garrett, Corporate Criminal as Scapegoat].
  46. .Id. However, individual employees can be implicated in wrongdoing in the settlement documents. Asaf Eckstein & Gideon Parchomovsky, The Reverse Agency Problem in the Age of Compliance 4 (U. of Penn. L. Sch. Inst. for L. & Econ., Research Paper No. 19-38, 2019), https://‌‌/sol3‌/papers.cfm?abstract‌_id=3460064 [https://‌‌/2WAT-AS24]. And these admissions can lead to reputational harm and expose the individuals to follow-on civil suits. Id. Gaining a better understanding of these effects will be important for calibrating deterrence going forward.
  47. .Memorandum from Sally Yates, Deputy Att’y Gen., U.S. Dep’t of Just., on Individual Accountability for Corporate Wrongdoing to All U.S. Att’ys 1–2 (Sept. 9, 2015), https://‌‌/archives‌/dag‌/file‌/769036‌/download [https://‌‌/Y7BV-Y5NR] (advising attorneys to focus on individuals in criminal and civil investigations, since “[o]ne of the most effective ways to combat corporate misconduct is by seeking accountability from the individuals who perpetrated the wrongdoing”).
  48. .Garrett, Declining Corporate Prosecutions, supra note 32, at 133.
  49. .Rod Rosenstein, Deputy Att’y Gen., U.S. Dep’t of Just., Remarks at the American Conference Institute’s 35th International Conference on the Foreign Corrupt Practices Act (Nov. 29, 2018), https://‌‌/opa‌/speech‌/deputy-attorney-general-rod-j-rosenstein-delivers-remarks-american-conference-institute-0 [https://‌‌/2V8N-LTE8]; see also U.S. Dep’t
    of Just., U.S. Att’ys’ Manual § 9-28.210 (2018), https://‌‌/jm‌/jm-9-28000-
    principles-federal-prosecution-business-organizations#9-28.210 [https://‌‌/8K8P-EGRC] (“Prosecutors should not allow delays in the corporate investigation to undermine the Department’s ability to pursue potentially culpable individuals.”).
  50. .See White Collar Prosecutions Fall to Lowest in 20 Years, TRAC Reports (May 24, 2018), https://‌‌/tracreports‌/crim‌/514‌/ [https://‌‌/B364-UJXF] (finding that in 2018 the number of criminal white-collar criminal prosecutions fell 4.4% from the previous year and 40.8% from 1998).
  51. .See Garrett, Corporate Criminal as Scapegoat, supra note 45, at 1791–92 (finding that only 128 of the 414 individuals prosecuted received a prison sentence).
  52. .Garrett, Corporate Prosecution Registry, supra note 15. The year 2015 shows a slight increase from the previous years, but we view this as an anomalous year, because this is the year where the DOJ rolled out its Swiss Bank Program targeting banks that sheltered U.S. income. That program allowed banks to secure NPAs in exchange for disclosure of information relating to those accounts, which accounts for both the increase of individual prosecutions as well as the record-breaking total of DPAs and NPAs in that year. See supra note 40.
  53. .Rod Rosenstein, Deputy Att’y Gen., U.S. Dep’t of Justice, Remarks at the 32nd Annual ABA National Institute on White Collar Crime (Mar. 2, 2018), https://‌‌/opa‌/speech‌/deputy-attorney-general-rosenstein-delivers-remarks-32nd-annual-aba-national-institute [https://‌‌/7XWS-PJJL]; Ben Protess, Robert Gebeloff & Danielle Ivory, Trump Administration Spares Corporate Wrongdoers Billions in Penalties, N.Y. Times (Nov. 3, 2018), https://‌‌/‌2018‌/11‌/03‌/us‌/trump-sec-doj-corporate-penalties.html [https://‌‌/6DJ4-H5V4].
  54. .Rosenstein, supra note 49.
  55. .Garrett, Corporate Prosecution Registry, supra note 15. Note that the penalty amount is the total of fines paid to the U.S. government, and does not include amounts paid to settle investor lawsuits or to foreign governments.
  56. .We use Brandon Garrett’s definition for financial institutions, which includes “a range of types of companies that focus on financial transactions, including commercial banks, investment banks, insurance companies, and brokerages.” Garrett, Corporate Criminal as Scapegoat, supra note 45, at 1816.
  57. .Garrett, Declining Corporate Prosecutions, supra note 32, at 116, 123. Most of these bank settlements were part of the Swiss Bank Program discussed in note 40.
  58. .Garrett, Declining Corporate Prosecutions, supra note 32, at 115 (noting that in the last twenty months of the Obama Administration, seventy-one financial institutions were prosecuted, while only seventeen financial institutions were prosecuted during the first twenty months of the Trump Administration, excluding legacy cases filed during the Obama Administration).
  59. .Garrett, Corporate Prosecution Registry, supra note 15.
  60. .Garrett, Declining Corporate Prosecutions, supra note 32, at 123 fig.2.
  61. .Rakoff, Why Have No High-Level Executives Been Prosecuted?, supra note 3. Only one mid-level banking executive went to jail in the wake of the financial crisis. Jesse Eisinger, Why Only One Top Banker Went to Jail for the Financial Crisis, N.Y. Times Mag. (Apr. 30, 2014), https://‌‌/2014‌/05‌/04‌/magazine‌/only-one-top-banker-jail-financial-crisis.html [https://‌‌/76GK-W73N].
  62. .Garrett, Corporate Criminal as Scapegoat, supra note 45, at 1815–16. Brandon Garrett observes:Those cases involved deferred and non-prosecution agreements with Baystar Capital Management LLC (fraud); ConvergEx Group, LLC (securities fraud); Deutsche Bank AG (tax fraud); Diamondback Capital Management LLC (securities fraud); GE Funding Capital Market Services, Inc. (FCPA); German Bank HVB (tax fraud); Jefferies Group LLC (fraud); JPMorgan Chase & Co. (antitrust); Louis Berger Group (fraud); Mellon Bank, N.A. (theft); Merrill Lynch (false statements); Mirant Energy Trading (false commodities reporting); NETeller PLC (illegal gambling); Omega Advisors (FCPA); Prudential Equity Group (securities fraud); Rabobank (wire fraud); and UBS AG (three separate cases involving tax fraud, antitrust, and wire fraud).Id. at 1816 n.110.
  63. .Garrett, Bank Prosecutions, supra note 3, at 44.
  64. .Garrett, Corporate Criminal as Scapegoat, supra note 45, at 1816. As Federal District Judge Emmett G. Sullivan stated when considering a DPA against Barclays Bank PLC for Bank Secrecy Act violations: “No one goes to jail, no one is indicted, no individuals are mentioned as far as I can determine . . . there’s no personal responsibility.” Id. at 1817.
  65. .See, e.g., Corporate Executive Accountability Act, S. 1010, 116th Cong. (2019) (proposing the establishment of criminal liability for negligent executive officers of corporations).
  66. .See, e.g., Rakoff, Why Have No High-Level Executives Been Prosecuted?, supra note 3, at 8 (suggesting that the “future deterrent value” of prosecuting individuals would outweigh the “prophylactic benefits” of internal compliance measures).
  67. .See, e.g., Brandon L. Garrett, Too Big to Jail: How Prosecutors Compromise with Corporations 18 (2014) (“We need to look beyond the press releases announcing eye-catching fines and ask whether adequate criminal punishment is imposed and whether structural reforms are working.”); Samuel W. Buell, The Responsibility Gap in Corporate Crime, 12 Crim. L. & Phil. 471, 475 (2018) (suggesting that using criminal law to deter corporate wrongdoing compromises the principles of wrongdoing); Garrett, Declining Corporate Prosecutions, supra note 32, at 135–37, 144 (“[I]f we still have not learned the lessons of the last financial crisis, the next one cannot be far ahead.”); Garrett, Corporate Criminal as Scapegoat, supra note 45, 1790–91, 1796 (“[F]ar too many corporate cases lack individual prosecutions.”).
  68. .See, e.g., Jesse Eisinger, The Chickenshit Club: Why the Justice Department Fails to Prosecute Executives, at xvii (2017) (“Today’s Department of Justice has lost the will and indeed the ability to go after the highest-ranking corporate wrongdoers.”).
  69. .See Rakoff, Why Have No High-Level Executives Been Prosecuted?, supra note 3, at 6; Jed S. Rakoff, Justice Deferred Is Justice Denied, N.Y. Rev. Books, Feb. 19, 2015, at 8, 10 https://‌‌/articles‌/2015‌/02‌/19‌/justice-deferred-justice-denied‌/ [https://‌‌/UE5K-SS7S] (“But the broader point . . . is that for the past decade or more, as a result of the shift from prosecuting high-level individuals to entering into ‘cosmetic’ prosecution agreements with their companies, the punishment and deterrence of corporate crime has, for all the government’s rhetoric, effectively been reduced.”).
  70. .See Garrett, Declining Corporate Prosecutions, supra note 32, at 110–12 (“In 2017 and 2018, however, the DOJ made a series of policy changes designed to reduce the impact of criminal prosecution on corporations.”).
  71. .Rod Rosenstein, Deputy Att’y Gen., U.S. Dep’t of Just., Remarks to the New York City Bar White Collar Crime Institute (May 9, 2018), https://‌‌/opa‌/speech‌/deputy-attorney-general-rod-rosenstein-delivers-remarks-new-york-city-bar-white-collar [https://‌‌/G7XB-J2FR].
  72. .Gary S. Becker, Crime and Punishment: An Economic Approach, 76 J. Pol. Econ. 169, 170 (1968) (stating that the optimal penalty should adjust to reflect the “cost of catching and convicting offenders, the nature of punishments—for example, whether they are fines or prison terms—and the responses of offenders to changes in enforcement”); see also Daniel R. Fischel & Alan O. Sykes, Corporate Crime, 25 J. Legal Stud. 319, 324 (1996) (“[F]irms will then anticipate a penalty equal to the social cost of their agents’ crimes, so that the private gains from monitoring and the social gains will converge.”).
  73. .Becker, supra note 72.
  74. .Id.; see also A. Mitchell Polinsky & Steven Shavell, Enforcement Costs and the Optimal Magnitude and Probability of Fines, 35 J.L. & Econ. 133, 133 (1992) (“The optimal fine equals the harm, properly inflated for the chance of not being detected, plus the variable enforcement cost of imposing the fine.” (emphasis omitted)); Posner, supra note 21 (arguing that the probability and severity of crimes must be considered for fines to be effective deterrents).
  75. .See Arlen, Corporate Criminal Liability, supra note 25, at 189. Professor Arlen writes:Nevertheless, current practice does not fit all the requirements of an optimal corporate liability system in that federal authorities have not adopted clear guidelines to ensure that civil regulators and the DOJ impose optimal residual sanctions on firms—sanctions that take full account of the variety of ways in which firms bear the social costs of crime.Id.
  76. .U.S. Sent’g Guidelines Manual § 2B1.1(21) background (U.S. Sent’g Comm’n 2018).
  77. .U.S. Sent’g Guidelines Manual ch. 8, introductory cmt. (U.S. Sent’g Comm’n 2018).
  78. .Id. For a critique of this mitigation system, see Jennifer Arlen, The Failure of the Organizational Sentencing Guidelines, 66 U. Mia. L. Rev. 321, 325 (2012) [hereinafter Arlen, Organizational Sentencing Guidelines].
  79. .Of course, as the previous Part made clear, most fines are imposed not by courts, but by agencies pursuant to a settlement. However, most settlements provide a guidelines-informed fine range, indicating that the guidelines are affecting the determination of the fine size. Alexander, Trends in the Use of Non-Prosecution, supra note 4, at 38–41. This same study found that the base guideline fine was higher for DPAs and NPAs, but there was also much more variability across crimes that were the subject of DPAs and NPAs. Id. at x (finding base fines of $189 million and $219 million for DPAs and NPAs, respectively, as compared to the $75.7 million for pleas at the mean).
  80. .Arlen & Kraakman, supra note 28, at 690–91.
  81. .See id. at 700 n.30 (“Shareholders of publicly held firms may be less able to rely on managers to implement optimal preventive and policing measures because managers bear much of the cost of prevention and policing but do not directly bear the firm’s expected liability for any wrongdoing that occurs. Thus, in these cases all corporate liability regimes become less attractive on the margin.”).
  82. .See Arlen, Corporate Criminal Liability, supra note 25, at 159, 170–71 (discussing why the government cannot rely on corporate liability alone to optimally deter crime by employees of publicly held firms); Jonathan R. Macey, Agency Theory and the Criminal Liability of Organizations, 71 B.U. L. Rev. 315, 325 (1991); Cindy R. Alexander & Mark A. Cohen, Why Do Corporations Become Criminals? Ownership, Hidden Actions, and Crime as an Agency Cost, 5 J. Corp. Fin. 1, 30–31 (1999) (discussing the efficacy of management in monitoring and deterring criminal activity).
  83. .Becker would advise that punishment could be increased to account for infrequent detection; however, even he recognized that if the probability of detection is low enough, the optimal sanction will exceed the amount that can be optimally imposed on individuals given that they will likely be judgment proof, and that prison imposes high social costs. See Becker, supra note 72, at 196–97 (making this argument). Behavioral economics further shows that because individuals often discount low probability events to zero, rare punishments may not adequately deter individuals. Eric A. Posner, Probability Errors: Some Positive and Normative Implications for Tort and Contract Law, 11 Sup. Ct. Econ. Rev. 125, 127–28 (2004).
  84. .Jennifer Arlen, The Potential Promise and Perils of Introducing Deferred Prosecution Agreements Outside the U.S., in Negotiated Settlements in Bribery Cases: A Principled Approach 156, 160 (Tina Søreide & Abiola Makinwa eds., 2020) [hereinafter Arlen, Promise and Perils]; see also Arlen, Organizational Sentencing Guidelines, supra note 78, at 322 (“[T]he government cannot effectively deter corporate crime by large firms on its own. Federal authorities need to induce firms to help them detect and sanction.”).
  85. .Because corporate policing measures are costly, the government should find ways to induce companies to do it, such as by promising that firms that do not cooperate or police misconduct will face higher sanctions. See Arlen & Kahan, supra note 38, 346–47 (“A regime in which corporate liability is duty based—such that firms with deficient policing face higher sanctions—can provide firms with the requisite incentive to adopt optimal policing.”).
  86. .See supra notes 60–64 and accompanying text.
  87. .See Garrett, Bank Prosecutions, supra note 3, at 44 (concluding that in prosecutions involving banks, the individuals prosecuted were usually “low-level employees”).
  88. .Buell, Criminally Bad Management, supra note 31, at 70 (“The most common observations about the limitations of criminal prosecutions with respect to senior corporate managers are that cases are hard to win and there have not been enough of them to make a difference.”).
  89. .Cf. id. at 60 (positing that corporate criminal liability is used by the DOJ to effect changes in managerial practices, in order to deter “criminally bad management” when pursuing executive liability is not a possible option); Arlen & Kahan, supra note 38, at 328 (discussing how governance reform can be used whenever “[p]olicing agency costs” exist that allow senior management to benefit from wrongdoing or defective policing).
  90. .See generally Aaron Chalfin & Justin McCrary, Criminal Deterrence: A Review of the Literature, 55 J. Econ. Lit. 5 (2017) (analyzing research regarding how policing practices and punishment affect crime rates).
  91. .George L. Kelling & James Q. Wilson, Broken Windows: The Police and Neighborhood Safety, Atlantic (Mar. 1982), https://‌‌/magazine‌/archive‌/1982‌/03‌/broken-windows‌/304465‌/ [https://‌‌/QU6E-UL53].
  92. .Bernard E. Harcourt & Jens Ludwig, Broken Windows: New Evidence from New York City and a Five-City Social Experiment, 73 U. Chi. L. Rev. 271, 272 & n.3 (2006).
  93. .Id. at 315 (finding “no empirical evidence to support the view that shifting police towards minor disorder offenses would improve the efficiency of police spending and reduce violent crime”).
  94. .Manson, supra note 4 (showing that the last estimate of white-collar crime was in 1986). The FBI released its own report of white-collar crime in 2000, which was based on FBI arrest records. Cynthia Barnett, U.S. Dep’t of Justice, Fed. Bureau of Investigation, NCJ 202866, Measurement of White-Collar Crime Using Uniform Crime Reporting (UCR) Data (2000), https://‌‌/nibrs‌/nibrs‌_wcc.pdf [https://‌‌/48VJ-N4CW]. This report provides only broad categories for white-collar crime and does not enable researchers to distinguish between credit card theft and massive corporate malfeasance, nor does it distinguish between individual crime and corporate crime that could be attributed to the entity. Id.
  95. .Violent Crime, Bureau of Just. Stats., U.S. Dep’t of Just. (Feb. 18, 2021), https://‌‌/index.cfm?ty=tp&tid=31 [https://‌‌/NX2X-MP4F]. Note that these databases have problems of their own: for example, there can be disagreement across jurisdictions about what offenses count as criminal activity, and this means that, from time to time, each database has presented a different picture of the overall crime rate. See Gary F. Jensen & MaryAltani Karpos, Managing Rape: Exploratory Research on the Behavior of Rape Statistics, 31 Criminology 363 (1993) (analyzing how the disparity in rape rates reported by two different crime databases suggests the databases either measure a distinct phenomenon or have methodological problems that preclude an adequate comparison). The National Academies of Sciences, Engineering, and Medicine has convened a panel to modernize these data collection efforts so that they are more accurate. Nat’l Acads. of Scis., Eng’g, & Med., Modernizing Crime Statistics: Report 2–New Systems for Measuring Crime (Janet L. Lauritsen & Daniel L. Cork eds., 2018), https://‌‌/read‌/25035‌/ [https://‌‌/Q78N-9EFY].
  96. .Samuel W. Buell, “White Collar” Crimes, in The Oxford Handbook of Criminal Law 837, 837, 841–42 (Markus D. Dubber & Tatjana Hörnle eds., 2014) [hereinafter Buell, “White Collar” Crimes].
  97. .Id. at 842. There are other legal nuances that complicate the act of tallying. White-collar cases tend to turn on questions of mens rea (whether the defendant had a guilty state of mind) more often than violent crimes, which generally focus on questions of actus reus (whether the defendant committed the prohibited act). Id. at 844–45.
  98. .Id. at 840.
  99. .See Matt Egan, 5,300 Wells Fargo Employees Fired Over 2 Million Phony Accounts,
    CNN Money (Sept. 8, 2016, 3:07 PM), https://‌‌/2016‌/09‌/08‌/investing‌/
    wells-fargo-created-phony-accounts-bank-fees‌/index.html?iid=EL [https://‌‌/S3L8-AMTP] (exemplifying how fake accounts were associated with customers’ existing accounts).
  100. .Statement by President Jimmy Carter on Signing S. 305, the Foreign Corrupt Practices and Investment Disclosure Bill, into Law (Dec. 20, 1977) [hereinafter Statement by President Jimmy Carter], Am. Presidency Project, https://‌‌/node‌/243095 [https://‌‌/44JS-XLW6].
  101. .Buell, “White Collar” Crimes, supra note 96, at 842 (citing Peter Westen, The Logic of Consent: The Diversity and Deceptiveness of Consent as a Defense to Criminal Conduct (2004)).
  102. .Part III considers additional possibilities for researchers addressing this question.
  103. .Ethics Res. Ctr., National Business Ethics Survey of Fortune 500® Employees: An Investigation into the State of Ethics at America’s Most Powerful Companies (2012), https://‌‌/berkley-center/120101NationalBusinessEthicsSurveyFortune
    500Employees.pdf [https://‌‌/GH4W-Q4PJ].
  104. .See William S. Laufer, A Very Special Regulatory Milestone, 20 U. Pa. J. Bus. L. 392, 421 nn.88–91 (2017) (citing various surveys, including some by the Ethics Resource Center, that indicate increasing prosecution and crime reporting rates). Private companies also supply survey data about corporate criminal behavior. See, e.g., Kroll, Global Fraud and Risk Report 2019‌/20 (2019), https://‌‌/en‌/insights‌/publications‌/global-fraud-and-risk-report-2019 [https://‌‌/MY84-Q7D6] (describing the risk management strategies used by business executives).
  105. .See Terence P. Thornberry & Marvin D. Krohn, Comparison of Self-Report and Official Data for Measuring Crime, in Measurement Problems in Criminal Justice Research 43, 63 (John V. Pepper & Carol V. Petrie eds., 2003) (observing that self-report data is generally valid but “there appears to be a substantial degree of either concealing or forgetting past criminal behavior”).
  106. .Id. at 44, 46, 48 (describing the thirty-year evolution of self-report surveys in the domain of criminal law and early methodological shortcomings).
  107. .See Jelke Bethlehem, Selection Bias in Web Surveys, 78 Int’l Stat. Rev. 161, 161–62 (2010) (describing the methodological problems of surveys).
  108. .See Garrett, Corporate Prosecution Registry, supra note 15 (providing information about corporate criminal prosecutions).
  109. .Note that using enforcement to measure deterrence can also lead to perverse consequences. Cf. EPA Water Enforcement: Are We on the Right Track? Hearing Before the Subcomm. on Energy Pol’y, Nat. Res. and Regul. Affs. of the Comm. on Gov’t Reform, 108th Cong. 102 (2003) (statement of Shelley H. Metzenbaum, Dir., Env’t Compliance Consortium) (“[E]ven when enforcement targets are not formally established, agency staff tend to assume they must meet or exceed the previous year’s enforcement levels. This can create a pressure to find enforcement cases just to meet the target . . . .”).
  110. .See, e.g., Matthew Hutson, The Trouble with Crime Statistics, New Yorker (Jan. 9, 2020), https://‌‌/culture‌/annals-of-inquiry‌/the-trouble-with-crime-statistics [https://‌‌/BSD2-SCQN] (describing how crime statistics are difficult to interpret).
  111. .Cf. Thornberry & Krohn, supra note 105, at 44 (“‘[T]he value of a crime rate for index purposes decreases as the distance from the crime itself in terms of procedure increases.’ Thus, prison data are less useful than court or police data as a measure of actual delinquent or criminal behavior.” (citing Thorsten Sellin, The Basis of a Crime Index, 22 J. Crim. L. & Criminology 335, 346 (1931))).
  112. .See, e.g., Karpoff, supra note 9, at 129–30 (listing these databases that identify and report on financial misconduct); Dyck, supra note 9, at 4–6 (describing the approach used by various proxies to identify and measure financial misconduct).
  113. .See, e.g., Arlen & Kahan, supra note 38, at 345 n.71 (citing Alexander Dyck, Adair Morse & Luigi Zingales, Who Blows the Whistle on Corporate Fraud?, 65 J. Fin. 2213, 2225–26 (2010)) (highlighting Dyck, Morse, and Zingales’s “data that suggest that industry regulators discover only 13 percent of fraud cases that come to light”).
  114. .See Suspicious Activity Reports (SARs), Off. Comptroller Currency, https://‌‌/topics‌/supervision-and-examination‌/bank-operations‌/financial-crime‌/suspicious-activity-reports‌/index-suspicious-activity-reports.html [https://‌‌/ZVK2-8E9T] (describing the Bank Secrecy Act’s requirements for financial institutions in filing suspicious activity reports).
  115. .Individuals other than bank employees have duties to file SARs, including stockbrokers, insurance companies, and travel agencies. Steven Pelak, Putting the ‘Enforcement’ into the Financial Crimes Enforcement Network, Holland & Hart (Oct. 1, 2013), https://‌‌/putting-the-enforcement-into-the-financial-crimes-enforcement-network [https://‌‌/64NJ-WSUG].
  116. .Id.
  117. .What Is a Suspicious Activity Report?, Thomson Reuters, https://‌legal‌/en‌/insights‌/articles‌/what-is-a-suspicious-activity-report [https://‌‌/
  118. .Generally, a SAR must be filed:[I]f the transaction involves $5,000 or more and the covered institution or business knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part) (1) involves illegal gains or an effort to evade federal law or regulation, (2) has no business or apparent lawful purpose or (3) is not the sort in which the particular customer would normally be expected to engage.Pelak, supra note 115.
  119. .What Is a Suspicious Activity Report?, supra note 117.
  120. .Id. Note that this Article focuses only on U.S. regulatory efforts, although the UK has been increasingly focused on SAR reporting, culminating in a record-breaking number of reports filed in March of 2018. Samuel Rubenfeld, U.K. Receives Record Number of Suspicious-Activity Reports, Wall St. J. (Jan. 10, 2019, 4:27 PM), https://‌‌/articles‌/u-k-receives-record-number-of-suspicious-activity-reports-11547155674 [https://‌‌/EX8D-SVR7].
  121. .What Is a Suspicious Activity Report?, supra note 117.
  122. .Filing categories have expanded over time, with a modest impact on the nature of reports filed. For example, in April 2013, FinCEN introduced an electronic SAR filing that includes “elder financial exploitation” as a category, and such filings tripled in the following years. Suspicious Activity Report Statistics Database, supra note 10 (follow “Suspicious Activities Report Statistics Database” hyperlink; then select “Filing Trend Data”; then select “Other”). For this reason, we focus only on filing categories that have been available since the beginning of our sample period.
  123. .What Is a Suspicious Activity Report?, supra note 117.
  124. .Id.
  125. .U.S. Gov’t Accountability Off., GAO-19-582, Bank Secrecy Act: Agencies And Financial Institutions Share Information but Metrics and Feedback Not Regularly Provided 1–2, 3 n.6 (2019).
  126. .What Is a Suspicious Activity Report?, supra note 117.
  127. .Bruce G. Leto & Bibb L. Strench, Anti-Money Laundering Initiatives Under the USA Patriot Act, FindLaw, https://‌‌/litigation-disputes‌/anti-money-laundering-initiatives-under-the-usa-patriot-act.html [https://‌‌/8TPF-QPEK] (Mar. 26, 2008).
  128. .Aaron Klein & Kristofer Readling, Acceleration in Suspicious Activity Reporting Warrants Another Look, Bipartisan Pol’y Ctr. (Sept. 15, 2015), https://‌‌/blog‌/acceleration-in-suspicious-activity-reporting-warrants-another-look‌/ [https://‌‌/8P6F-X9A8]; Fin. Crimes Enf’t Network, The SAR Activity Review – By the Numbers 11 (2013) [hereinafter SAR Activity Review], https://‌‌/sites‌/default‌/files‌/sar‌_report‌/sar‌_by‌_numb‌_18.pdf [https://‌‌/Z2AU-ZSP5].
  129. .Juan C. Zarate, Treasury’s War: The Unleashing of a New Era of Financial Warfare 146–47 (2013).
  130. .Klein & Readling, supra note 128.
  131. .Before 2012, SAR reports are not available electronically, and so we were not able to secure data before this date.
  132. .This measure may leave us with reports involving individual crime, rather than corporate crime, in our dataset; for example, if a bank employee engaged in insider trading to benefit herself, rather than the bank, this misconduct could not be attributed to the entity under respondeat superior. At the same time, we recognize that slicing the data in this way excludes some corporate criminal activity that we would like to study; for example, money laundering or bribes paid by corporate actors would not be captured in our dataset. If the government were able to provide more information about the content of the SAR filings, we could obtain clearer and more comprehensive results.
  133. .Winsorizing the series excludes large outliers from the analysis, which can obfuscate trends. The use of a moving average also helps smooth the data series, as we analyze the observations by taking rolling means of twelve-month subsets of the full data series.
  134. .See 31 U.S.C. § 5312(a)(2) (defining “financial institution” broadly to include not only banks, but also credit unions, thrift institutions, loan companies, travel agencies, businesses engaged in real estate transactions, and more).
  135. .Pelak, supra note 115.
  136. .Id.; see Alan M. Wolper & Frances Floriano Goins, SEC Civil Penalty Against Charles Schwab Reflects New Trend in Enforcement of SAR Requirements, Lexology (Aug. 13, 2018), https://‌‌/library‌/detail.aspx?g=350d2cd9-e2c4-47b8-b091-c25998e1b8fb [https://‌‌/26PG-SH6Y] (describing the SEC’s shift in pursuing financial institutions that fail to file SARs); David S. Cohen, Franca Harris Gutierrez, Sharon Cohen Levin, Ronald I. Meltzer, Jeremy Dresner, David M. Horn, Zachary Goldman, Michael Romais & Semira Nikou, Anti-Money Laundering and Sanctions: Trends and Developments Emerging Under the Trump Administration, WilmerHale 1 (July 25, 2019), https://‌‌/-‌/media‌/5be3841edb2948
    e0ba8d16bacd2d1a5a.pdf [https://‌‌/3KJ4-T6FB] (“[T]he story of the Obama and Trump Administrations on AML and sanctions is one of general continuity.”).
  137. .SAR Activity Review, supra note 128, at 5.
  138. .Id. at 5–6. It is again possible that the increase in enforcement that prompts extra SARs to be filed differs within each category. This seems less plausible, and certainly, in the immediate aftermath of the crisis, it is hard to imagine a category where enforcement would be higher than for mortgage loan fraud at banks.
  139. .For a prominent example, see Brian N. Kearney, Standard Chartered Bank Enters Combined $1 Billion+ Settlement with U.S. and U.K. Authorities over Iranian Financial Transactions, Ballard Spahr: Money Laundering Watch (Apr. 17, 2019), https://‌‌/2019‌/04‌/standard-chartered-bank-enters-combined-1-billion-settlement-with-u-s-and-u-k-authorities-over-iranian-financial-transactions‌/ [https://‌
  140. .See Thomas L. Hogan & Scott Burns, Has Dodd–Frank Affected Bank Expenses?, 55 J. Regul. Econ. 214, 216–19, 223, 234 (2019) (showing that compliance expenses at both small and large banks increased in the Dodd–Frank period of 2009–2012).
  141. .Consumer Complaint Database, supra note 10.
  142. .Consumer Complaint Entry, Consumer Fin. Prot. Bureau, https://‌‌/complaint‌/ [https://‌‌/Q7VK-UMFH].
  143. .Richard Cordray, Dir. of the Consumer Fin. Prot. Bureau, Prepared Remarks of Director Richard Cordray at the Consumer Response Field Hearing (Mar. 28, 2013), https://‌‌/about-us‌/newsroom‌/prepared-remarks-of-director-richard-cordray-at-the-consumer-response-field-hearing‌/ [https://‌‌/UCN5-AQM5]; Ian Ayres, Jeff Lingwall & Sonia Steinway, Skeletons in the Database: An Early Analysis of the CFPB’s Consumer Complaints, 19 Fordham J. Corp. & Fin. L. 343, 347–52 (2014).
  144. .Consumer Fin. Prot. Bureau, https://‌‌/ [https://‌
  145. .Note that consumer rights law is enormously complex and subject to enforcement at the state and federal level. At the federal level, consumers have two agencies charged with protecting their interests—the FTC’s Bureau of Consumer Protection and the CFPB. See id. (stating that the CFPB “makes sure banks, lenders and other financial companies treat you fairly”); Bureau of Consumer Protection, Fed. Trade Comm’n, https://‌‌/about-ftc‌/bureaus-offices‌/bureau-consumer-protection [https://‌‌/B5P9-PM4T] (“The FTC’s Bureau of Consumer Protection stops unfair, deceptive and fraudulent business practices by collecting reports from consumers and conducting investigations, suing companies and people that break the law, developing rules to maintain a fair marketplace, and educating consumers and businesses about their rights and responsibilities.”). Although the agencies cannot bring criminal charges themselves, they can refer criminal matters to the DOJ and often coordinate investigations with the DOJ.
  146. .Ayres, Lingwall & Steinway, supra note 143, at 357. The company must respond within 15 days to be considered “timely.” Id.
  147. .Again, to aid in visualization and interpretation, we performed one-sided winsorizing of the data at the 90% threshold level. See supra note 133 and accompanying text.
  148. .See supra notes 13–14 and accompanying text.
  149. .See Mortgages 90 Days or More Delinquent, supra note 14 (illustrating a decline in mortgage delinquencies from January 2008 to December 2020).
  150. .Kaveh Bastani, Hamed Namavari & Jeffrey Shaffer, Latent Dirichlet Allocation (LDA) for Topic Modeling of the CFPB Consumer Complaints, 127 Expert Sys. with Applications 256 (2019).
  151. .Id. at 264–65.
  152. .Consumer Fin. Prot. Bureau, Docket No. CFPB-2012-0023, Notice of Final Policy Statement: Disclosure of Consumer Complaint Data (2013). Industry lobbyists tried (and failed) to convince the CFPB to end the publication of the database on this basis, arguing that “[f]or too long, the bureau’s unverified compliant [sic] database has functioned to paint a picture of guilt through government press releases and statements, despite the CFPB reporting the overwhelming majority of complaints being self-corrected by banks.” Jacob Passy, In a Blow to Financial-Services Industry, the CFPB Will Keep Consumer Complaints Database Public, MarketWatch (Sept. 22, 2019, 9:27 AM), https://‌‌/story‌/in-a-blow-to-financial-services-industry-the-cfpb-will-keep-consumer-complaints-database-public-2019-09-18 [https://‌‌/8CLU-GGLH] (quoting the Consumer Bankers Association).
  153. .Press Release, Consumer Fin. Prot. Bureau, CFPB Launches Consumer Complaint Database (June 19, 2012), https://‌‌/about-us‌/newsroom‌/consumer-financial-protection-bureau-launches-consumer-complaint-database‌/ [https://‌‌/VEF9-MWMU]. Note that 98% of complaints receive a timely response from the financial service provider. Consumer Complaint Database, supra note 10.
  154. .Id. There are eighty-one issue categories, with the most common between 2018 and 2021 being: “Incorrect information on your report” (357,916 complaints), “Problem with a credit reporting company’s investigation into an existing problem” (126,675 complaints), “Attempts to collect debt not owed” (73,393 complaints), “Managing an account” (42,693 complaints), and “Improper use of your report” (41,385). Id. All issue categories are available on the CFPB’s Consumer Complaint Database. Id. Each category has sub-levels that we also rely on for categorization (e.g., for “Incorrect information on your report,” these sub-levels include: “Information belongs to someone else,” “Account status incorrect,” “Account information incorrect,” “Personal information incorrect,” “Public record information inaccurate,” “Old information reappears or never goes away,” “Information is missing that should be on the report,” “Information is incorrect,” and “Information that should be on the report is missing”). Id. As an example of what our categorization process entails, consider the following examples. “Petty” complaints include consumers who take issue with receiving calls before 8 am and after 9 pm or being charged fees for account closure. “Moderate” complaints include instances where consumers report billing disputes with financial services providers and the use of high-pressure sales tactics. “Severe” complaints include allegations that firms impersonated law enforcement or government officials, or made fraudulent loans.
  155. .Consumer Fin. Prot. Bureau, Midyear Update on Student Loan Complaints: Income-Driven Repayment Plan Application Issues 2 (2016), https://‌files‌/f‌/documents‌/201608‌_cfpb_StudentLoanOmbudsmanMidYearReport.pdf [https://‌‌/4W4P-L923].
  156. .Press Release, Consumer Fin. Prot. Bureau, CFPB Sues Nation’s Largest Student Loan Company Navient for Failing Borrowers at Every Stage of Repayment (Jan. 18, 2017), https://‌‌/about-us‌/newsroom‌/cfpb-sues-nations-largest-student-loan-company-navient-failing-borrowers-every-stage-repayment‌/ [https://‌‌/DK6T-C3ZK]. The agency alleged that the company had violated the Dodd–Frank Wall Street Reform and Consumer Protection Act, the Fair Credit Reporting Act, and the Fair Debt Collections Practices Act. Id. Although these were all civil allegations, it would have been possible for the federal government (as well as state agencies) to pursue criminal charges for the student loan provider’s allegedly deceptive, abusive, and fraudulent practices.
  157. .Ashlee Kieler, Complaints About Student Loan Servicing Increased 429% in Past Year, Consumer Reports: Consumerist, https://‌‌/consumerist‌/complaints-about-student-loan-servicing-increased-429-in-past-year‌/ [https://‌‌/SF6Q-G3UZ] (Mar. 28, 2017).
  158. .Federal law confers criminal jurisdiction over a variety of consumer financial protection matters; however, the CFPB lacks authority to bring criminal actions and is required to make criminal referrals to the Attorney General: “If the [CFPB] obtains evidence that any person, domestic or foreign, has engaged in conduct that may constitute a violation of Federal criminal law, the [CFPB] shall transmit such evidence to the Attorney General of the United States, who may institute criminal proceedings under appropriate law.” 12 U.S.C. § 5566. In furtherance of this goal, the DOJ and the CFPB have entered into a Memorandum of Understanding (MoU) that details their partnership. See Memorandum of Understanding Between the Consumer Fin. Prot. Bureau and the U.S. Dep’t of Just. Regarding Fair Lending Coordination (Dec. 6, 2012), http://‌‌/f‌/201212‌_cfpb‌_doj-fair-lending-mou.pdf [https://‌‌/MF9W-ZATK] (detailing the agreement between the CFPB and DOJ); J.H. Jennifer Lee & John R. Marti, Consumer Protection, the CFPB, and Prison: How Jail Sentences Arose Out of Civil Consumer Financial Protection Matters, Antitrust, Summer 2017, at 20, 21, https://‌‌/~‌/media‌/Files‌/Uploads‌/Images‌/Smmr17LeeC [https://‌‌/6ZUQ-HRHS] (describing the framework of the MoU, which “addresses information sharing, joint investigations and coordination, and referrals and notifications between the agencies”).
  159. .15 U.S.C. § 78u-6; Whistleblower Program, supra note 11, at 6.
  160. .Office of the Whistleblower, U.S. Sec. & Exch. Comm’n, https://‌
    whistleblower [https://‌‌/KP7N-GLS5].
  161. .The fact that the program began in 2011 is likely why the number of tips was so much lower in that year than other years.
  162. .Whistleblower Program, supra note 11, at 23.
  163. .Id. at 18.
  164. .15 U.S.C § 78u–6; Program, supra note 11, at 6.
  165. .KEEPING CURRENT: SEC Enforcement Expands Scope of Prohibited Provisions in Employment-Related Agreements, Am. Bar Ass’n: Bus. L. Today (Oct. 20, 2016), https://‌‌/groups‌/business‌_law‌/publications‌/blt‌/2016‌/10‌/keeping‌_current‌/ [https://‌‌/GVB8-GH4M].
  166. .Id.
  167. .Richard Moberly, Jordan A. Thomas & Jason Zuckerman, De Facto Gag Clauses: The Legality of Employment Agreements That Undermine Dodd–Frank’s Whistleblower Provisions, 30 ABA J. Lab. & Emp. L. 87, 89 (2014).
  168. .See, e.g., Anthony J. Casey & Anthony Niblett, Noise Reduction: The Screening Value of Qui Tam, 91 Wash. U. L. Rev. 1169, 1175 (2014) (noting that a concern in the Dodd–Frank whistleblower program is the over-provision of tips because of the absence of a mechanism that imposes some cost on whistleblowers).
  169. .17 C.F.R § 240.21F-2(b)(1) (2020); Lisa M. Noler, Pamela L. Johnston & Bryan B. House, Foley & Lardner LLP, A Review of Recent Whistleblower Developments (Oct. 29, 2019), https://‌‌/en‌/insights‌/publications‌/2019‌/10‌/a-review-of-recent-whistleblower-developments [https://‌‌/64GA-S92T].
  170. .15 U.S.C § 78u–6(d)(2).
  171. .Roomy Khan, Whistleblower: Warrior, Saboteur or Snitch?, Forbes (July 5, 2018, 1:03 PM), https://‌‌/sites‌/roomykhan‌/2018‌/07‌/05‌/whistleblower-warrior-saboteur-or-snitch‌/#676fa9b36362 [https://‌‌/J5JR-HRG4].
  172. .Eisinger, supra note 61.
  173. .Garrett, Bank Prosecutions, supra note 3, at 42.
  174. .Id. (“One wonders how seriously prosecutors take recidivism among major financial institutions and how effective prosecutions have been in changing any underlying culture of law-breaking.”).
  175. .See, e.g., Aaron Elstein, Third Time’s a Charm? HSBC Enters into Yet Another
    Deferred Prosecution Agreement
    , Crain’s N.Y. Bus. (Dec. 11, 2019, 4:00 PM), https://‌‌/markets‌/third-times-charm-hsbc-enters-yet-another-deferred-prosecution-agreement [https://‌‌/B8S2-MR3E].
  176. .Id.
  177. .Id.
  178. .Id.
  179. .Id.
  180. .Garrett, Declining Corporate Prosecutions, supra note 32, at 125.
  181. .We rely on the Garrett dataset as a starting point and build on it to address some limitations. In particular, we conduct our analysis of recidivists at the parent company level, which required us to link subsidiaries of the same parent company manually. On occasion, the dataset contains duplicates of the same prosecution, for example, because additional individual charges are resolved close in time to, but not on the same day as, the underlying corporate prosecution. We manually investigate each entry to be sure we are capturing unique events.
  182. .See Coral Davenport & Danny Hakim, U.S. Sues Volkswagen in Diesel Emissions Scandal, N.Y. Times (Jan. 4, 2016), https://‌‌/2016‌/01‌/05‌/business‌/vw-sued-justice-department-emissions-scandal.html?searchResultPosition=17 [https://‌‌/A5YW-QMC5] (providing an overview of the Volkswagen cheating scandal).
  183. .EDGAR Company Filings: Company and Person Lookup, U.S. Sec. & Exch. Comm’n, https://‌‌/edgar‌/searchedgar‌/companysearch.html [https://‌‌/VJ4B-6E52].
  184. .Wharton Rsch. Data Servs., https://‌‌/ [https://‌
  185. .Id.
  186. .Bd. of Governors of the Fed. Rsrv. Sys. (US), U.S.‌/Euro Foreign Exchange Rate, FRED, Fed. Rsrv. Bank of St. Louis, https://‌‌/series‌/DEXUSEU [https://‌
    25ZH-UPD8] (updated daily).
  187. .Our results are therefore consistent with Claypool, supra note 34, at 5 (“The biggest corporations get the most lenience.”).
  188. .Rey Mashayekhi, Can Anyone Fix Wells Fargo?, Fortune (Feb. 3, 2021, 5:30 AM), https://‌‌/longform‌/fixing-wells-fargo-charles-scharf-ceo-regulatory-issues-privacy-fake-account-fraud-scandal-covid‌/ [https://‌‌/L5N9-MBXS].
  189. .Statement by President Jimmy Carter, supra note 100.
  190. .Indeed, the DOJ secured only a $2.8 billion fine in the wake of the company’s emission scandal. However, this fine was the largest criminal fine ever negotiated between the U.S. government and an automaker. Paul A. Eisenstein, Volkswagen Slapped with Largest Ever Fine for Automakers, NBC News (Apr. 21, 2017, 4:33 PM), https://‌‌/business‌/autos‌/judge-approves-largest-fine-u-s-history-volkswagen-n749406 [https://‌‌/SSY2-CGHG].
  191. .To take just one example, the FCPA sets the amount of entity-level fines for bribery to be $2 million for each violation, but states that the maximum fine can be increased to $25 million for willful violations. 15 U.S.C. §§ 78dd-1, 78dd-2(g)(1)(A), 78dd-3(e)(1)(A), 78ff(c)(1)(A), 78ff(a); see also Cary Coglianese, Bounded Evaluation: Cognition, Incoherence, and Regulatory Policy, 54 Stan. L. Rev. 1217, 1220 (2002) (noting statutes that impose penalties on regulated actors “typically provide for maximum penalties that can be imposed”).
  192. .Renae Merle, U.S. to Fine Wells Fargo $1 Billion – the Most Aggressive Bank Penalty of the Trump Era, Wash. Post (Apr. 19, 2018), https://‌‌/business‌/economy‌/regulators-planning-to-slap-wells-fargo-with-1-billion-fine‌/2018‌/04‌/19‌/ec1f58c6-4415-11e8-ad8f-27a8c409298b‌_story.html [https://‌‌/DU2R-HBTP].
  193. .As a percentage of market capitalization, fines are roughly the same for the first and second offenses, and smaller for the third.
  194. .We find more recidivists because our sample period is larger and also our matching of subsidiaries to parent firms is potentially more precise. Claypool, supra note 34, at 42.
  195. .Eliminating all corporate crime would be very expensive, and the benefit would likely be dwarfed by the cost. See Christopher Carrigan & Cary Coglianese, Oversight in Hindsight: Assessing the U.S. Regulatory System in the Wake of Calamity, in Regulatory Breakdown: The Crisis of Confidence in U.S. Regulation 1, 10 (Cary Coglianese ed., 2012) (“[T]he complete elimination of all harms . . . is not possible without stopping altogether the very activities that give rise to these harmful events.”).
  196. .E.g., Maria Krambia-Kapardis, Corporate Fraud and Corruption: A Holistic Approach to Preventing Financial Crises 5–6 (2016); Nicholas Ryder, The Financial Crisis and White Collar Crime: The Perfect Storm? 21 (2014); Henry N. Pontell, William K. Black & Gilbert Geis, Too Big to Fail, Too Powerful to Jail? On the Absence of Criminal Prosecutions After the 2008 Financial Meltdown, 61 Crime L. & Soc. Change 1, 3 (2013) (describing fraud, corruption, and corporate crime as contributing factors to national and global financial crises).
  197. .Garrett, Bank Prosecutions, supra note 3, at 48–50 app. A.
  198. .See Rosenstein, supra note 49 (noting that “[i]t is important to impose penalties on corporations that engage in misconduct,” but “[c]orporate cases often penalize innocent employees and shareholders without effectively punishing the human beings responsible for making corrupt decisions”).
  199. .Polinsky and Shavell provide the classic law and economics view that “if firms are made strictly liable for their harms, they will design rewards and punishments for their employees that will lead employees to reduce the risk of harm, since firms will want to reduce their liability payments.” Polinsky & Shavell, supra note 23. We join Jennifer Arlen and Reinier Kraakman in pushing back on the assumption that firms will necessarily respond in this way. Arlen & Kraakman, supra note 28, at 692–93 (discussing the flaws with a strict liability regime for corporate liability).
  200. .See Arlen & Kahan, supra note 38, at 357 n.96 (noting that shareholders are often not in the most effective position to reform corporate practices); Robert Charles Clark, Corporate Law 390–92 (1986) (discussing rational apathy among shareholders); Bernard S. Black, Shareholder Passivity Reexamined, 89 Mich. L. Rev. 520, 536–42 (1990) (discussing proxy rules and the burdens these rules create for collective shareholder action). Of course, the modern corporation’s shareholder base is largely comprised of institutional investors with large stakes in the underlying company. In theory, the presence of large and sophisticated investors could ameliorate our concerns; however, there is evidence that agency problems may compromise the efforts of these investors. E.g., Lucian Bebchuk & Scott Hirst, Index Funds and the Future of Corporate Governance: Theory, Evidence, and Policy, 119 Colum. L. Rev. 2029, 2075–116 (2019); Dorothy S. Lund, The Case Against Passive Shareholder Voting, 43 J. Corp. L. 493, 506–23 (2018).
  201. .Jonathan M. Karpoff, Does Reputation Work to Discipline Corporate Misconduct?, in The Oxford Handbook of Corporate Reputation 361, 368 (Michael L. Barnett & Timothy G. Pollock eds., 2012); Coffee, supra note 27.
  202. .Note, however, that the dollar amount of the penalty may understate the total amount. For example, a criminal penalty may cause the company to suffer reputational harm, and consumers may distrust and shun a corporation that is punished publicly for malfeasance. The extent of these more amorphous aspects of corporate criminal penalties is disputed. See Cindy R. Alexander & Jennifer Arlen, Does Conviction Matter? The Reputational and Collateral Effects of Corporate Crime, in Research Handbook on Corporate Crime and Financial Misdealing 87, 88 (Jennifer Arlen ed., 2018) (discussing the indirect costs of criminal conviction). Ultimately, our results indicate that the total impact of penalties—monetary and non-monetary alike—are not sufficiently deterring future criminality.
  203. .See Arlen & Kahan, supra note 38, at 353 (discussing how governance reforms secured in pretrial diversion agreements can be used to help address managerial-policing agency costs, which occur when management benefits from tolerating wrongdoing). Examples of such reforms “include restricted stock (or bonuses) that would vest (or be paid) only after a specified tenure of ‘clean’ (crime-free) management; provisions for clawing back compensation in the event of corporate crime; and even abandonment of equity compensation altogether.” Buell, Criminally Bad Management, supra note 31, at 66.
  204. .Largely descriptive work exists on the potential importance of corporate monitorships, but relatively little exists by way of measuring the extent to which monitors deter future criminal behavior. See generally Veronica Root, Modern-Day Monitorships, 33 Yale J. on Regul. 109 (2016) (describing modern-day corporate monitorship); Khanna & Dickinson, supra note 38 (discussing recommendations for the use of corporate monitors). Our data on corporate recidivism indicate that the presence of a monitor is not deterring future malfeasance.
  205. .See David A. Skeel, Jr., Shaming in Corporate Law, 149 U. Pa. L. Rev. 1811, 1831 (2001) (suggesting shaming sanctions would encourage corporations to self-monitor and punish corporations that fail to do so); Jayne W. Barnard, Reintegrative Shaming in Corporate Sentencing, 72 S. Cal. L. Rev. 959, 970 (1999) (observing that shame can be a substantial deterrent to corporate crime and is most effective when aimed at the corporate entity); Brent Fisse & John Braithwaite, The Impact of Publicity on Corporate Offenders (1983) (emphasizing shaming as a means to control corporate crime). But see Khanna, supra note 30, at 1503 (noting that reputational penalties create social costs).
  206. .See Holger Spamann, Monetary Liability for Breach of the Duty of Care?, 8 J. Leg. Analysis 337, 344, 356–57, 360–61 (2016) (suggesting judicial evaluations are subject to information manipulation and face unique challenges when assessing business decisions).
  207. .See Arlen, Corporate Criminal Liability, supra note 25, at 170–72 (arguing individual liability deters individual wrongdoing and enhances the deterrent effect of corporate liability); Kelli D. Tomlinson, An Examination of Deterrence Theory: Where Do We Stand?, Fed. Prob., Dec. 2016, at 33, 33 (“The concept of specific deterrence proposes that individuals who commit crime(s) and are caught and punished will be deterred from future criminal activity. On the other hand, general deterrence suggests that the general population will be deterred from offending when they are aware of others being apprehended and punished.”); Honorable Jed Rakoff, U.S. Dist. Judge, S. Dist. of N.Y., Address at the NYU School of Law Conference on Corporate Crime and Financial Misdealing (Apr. 17, 2015), https://‌‌/fw8Y2hqyOrk?t=1975 [https://‌‌/PB8F-Y9JM] (advocating individual prosecutions for corporate crime to promote deterrence and accountability).
  208. .Samuel W. Buell, Capital Offenses: Business Crime and Punishment in America’s Corporate Age, at xv (2016).
  209. .Id.
  210. .Buell, Criminally Bad Management, supra note 31, at 72 (noting that in most cases “individuals close enough to the execution of the product or transaction to know enough for criminal liability will not be the senior managers (and certainly not the board members) who bear responsibility for designing and implementing systems for the prevention of crime”).
  211. .The reality that low-level employees often take the brunt of criminal investigations is unfortunate for another reason: it may discourage reporting and complicate corporate compliance efforts.
  212. .An Examination of Wells Fargo’s Unauthorized Accounts and the Regulatory Response: Hearing Before the S. Comm. on Banking, Hous., & Urb. Affs., 114th Cong. 6 (2016) (statement of John Stumpf, Chairman and Chief Exec. Officer, Wells Fargo & Co.).
  213. .Matt Egan, Jackie Wattles & Cristina Alesci, Wells Fargo CEO John Stumpf Is Out, CNN Money (Oct. 12, 2016, 7:31 PM), https://‌‌/2016‌/10‌/12‌/investing‌/wells-fargo-ceo-john-stumpf-retires‌/index.html [https://‌‌/ZC2W-DAGG].
  214. .See Mark Colvin, Crime and Coercion: An Integrated Theory of Chronic Criminality 130–32 (2000) (noting the correlation between organizational pressure and various types of crime).
  215. .Robert Anello, Employee Liability for Corporate Misconduct—Elizabeth Warren Style: Can Negligence Become Criminal?, Forbes (Sept. 18, 2019, 6:01 PM), https://‌‌/sites‌/insider‌/2019‌/09‌/18‌/employee-liability-for-corporate-misconduct-elizabeth-warren-style-can-negligence-become-criminal‌/#3a1605da67f1 [https://‌‌/3WQM-VCE8]. Note that under the existing Responsible Corporate Office Doctrine, criminal liability can be expanded to “executives whose subordinates engage in criminal activity, even if the executives are not aware of it, so long as the executives can be deemed responsible for the actors who commit the crime.” Lev L. Dassin, Jennifer Kennedy Park & David E. Wagner, Bill Proposal—Corporate Executives Criminally Accountable for Negligent Conduct, Harv. L. Sch. F. on Corp. Governance (Apr. 18, 2019), https://‌‌/2019‌/04‌/18‌/bill-proposal-corporate-executives-criminally-accountable-for-negligent-conduct‌/ [https://‌‌/4DLD-DC26]. However, this doctrine is “applied narrowly in the context of offenses against the public health and welfare.” Id.
  216. . Anello, supra note 215. Senator Warren also proposed the “Ending Too Big to Jail Act,” which would have focused enforcement resources on financial institutions in three main ways (the bill was proposed in March 2018 and died in committee). S. 2544, 115th Cong. (2018). First, the bill would have created a permanent law enforcement agency within the Treasury Department charged with investigating financial institution fraud. Second, the bill would have required certain financial institution executives to certify that the institution had not committed criminal conduct or civil fraud. And third, the bill would have required courts to make a determination that DPAs are in the public interest before allowing them to go forward. Id.
  217. .Benjamin Levin, Mens Rea Reform and Its Discontents, 109 J. Crim. L. & Criminology 491, 510–12, 524–25 (2019); Timothy Lynch, Polluting Our Principles: Environmental Prosecutions and the Bill of Rights, in Go Directly to Jail: The Criminalization of Almost Everything 45, 65 (Gene Healy ed., 2004).
  218. .Dassin, supra note 215.
  219. .Lynch, supra note 217, at 65 (calling the mens rea requirement “completely inconsistent with the Anglo-American tradition”).
  220. .15 U.S.C. § 78t(a).
  221. .Id.
  222. .Marbury Mgmt., Inc. v. Kohn, 629 F.2d 705, 716 (2d Cir. 1980).
  223. .18 U.S.C. § 2(a).
  224. .Marc I. Steinberg & Forrest C. Roberts, Laxity at the Gates: The SEC’s Neglect to Enforce Control Person Liability, 11 Va. L. & Bus. Rev. 201, 237 (2017).
  225. .Rosemond v. United States, 572 U.S. 65, 71 (2014).
  226. .Egan, supra note 99.
  227. .Stumpf and five other senior executives ultimately paid civil fines in an action brought by the OCC, and Stumpf has been banned from working in banking. Nathan Bomey, Ex-Wells Fargo CEO Banned from Banking, Must Pay $17.5M Fine for Role in Fake-Accounts Scandal, USA Today (Jan. 23, 2020, 2:48 PM), https://‌‌/story‌/money‌/2020‌/01‌/23‌/wells-fargo-ex-ceo-john-stumpf-banned-banking-fined-17-5-m‌/4554673002‌/ [https://‌‌/GWR2-PS8A].
  228. .Consent Order at 3–4, In re John Stumpf, No. AA-EC-2019-83 (Jan. 22, 2020), https://‌‌/static‌/enforcement-actions‌/ea2020-004.pdf [https://‌‌/LRS8-NBBN]; Bethany McLean, How Wells Fargo’s Cutthroat Corporate Culture Allegedly Drove Bankers to Fraud, Vanity Fair (May 31, 2017), https://‌‌/news‌/2017‌/05‌/wells-fargo-corporate-culture-fraud [https://‌‌/ZPZ3-QLYV].
  229. .See McLean, supra note 228 (“In 2011, a group of bankers who were terminated for sales violations wrote a letter to Stumpf, arguing that their actions had not only been condoned by management in their branch, but that similar things were happening across the bank.”).
  230. .Matt Egan, Wells Fargo CEO Walks with $130 Million, CNN Money (Oct. 13, 2016, 1:23 PM), https://‌‌/2016‌/10‌/13‌/investing‌/wells-fargo-ceo-resigns-compensation‌/index.html [https://‌‌/TJ79-PMEV].
  231. .McLean, supra note 228.
  232. .Id.
  233. .18 U.S.C. § 2(a).
  234. .Spamann, supra note 206, at 350 n.16. In the corporate principal–agent relationship, agents are financially motivated. This means that liability for the breach of duty of care could discourage efficient risk-taking because agents receive only some of the benefits, but substantial costs, of subordinates’ risks. Id.
  235. .See id. at 339 (arguing that exposing managers or directors to full liability for losses resulting from sub-optimal actions might lead them to refuse the positions or to demand very high risk premiums); 2015 Mid-Year Update on Corporate Non-Prosecution Agreements (NPAs) and Deferred Prosecution Agreements (DPAs), Gibson Dunn (July 8, 2015), https://‌‌/2015-mid-year-update-on-corporate-non-prosecution-agreements-npas-and-deferred-prosecution-agreements-dpas‌/ [https://‌‌/Q7GB-632E] (“Overly harsh penalties against the corporate entity will merely incentivize its best professionals to jump ship, while innocent shareholders and local communities are left holding the bag as the company is destroyed or permanently crippled.”).
  236. .This point has been made with respect to criminal prosecutions against Boeing and its executives for failure to address deficiencies in the 737 Max that led to deadly plane crashes. See, e.g., Will Boeing Face Criminal Charges for 737 Max Crashes?, Crain’s Chi. Bus. (Mar. 20, 2019, 12:31 PM), https://‌‌/manufacturing‌/will-boeing-face-criminal-charges-737-max-crashes [https://‌‌/U2PC-CWZR] (“[The Federal Aviation Administration (FAA)] want[s] to encourage people to come forward and admit mistakes, free from fear of reprisal or jail . . . . The last thing the industry and FAA needs is the specter of a criminal investigation hovering over an accident inquiry.” (quoting Kenneth Quinn, former Chief Counsel of the FAA)).
  237. .Spamann, supra note 206, at 350 n.16.
  238. .15 U.S.C. § 7241.
  239. .Id.
  240. .18 U.S.C. § 1350.
  241. .Id.
  242. .See James E. Langston, Mark E. McDonald & Philippa Ratzki, Not So Sweet: Delaware Supreme Court Revives Caremark Claim, Provides Guidance on Directors’ Oversight Duties, Cleary Gottlieb (June 24, 2019), https://‌‌/2019‌/06‌/not-so-sweet-delaware-supreme-court-revives-caremark-claim-provides-guidance-on-directors-oversight-duties‌/ [https://‌‌/8DKF-D6W6] (“However, the case is a reminder that Caremark claims are not impossible to establish and in the event of particularly egregious facts can be used to hold directors accountable.”); Cydney Posner, Another Caremark Case Survives a Challenge, Cooley PubCo (Sept. 15, 2021), https://‌‌/2021‌/09‌/15‌/caremark-case-survives-challenge‌/ [https://‌‌/M7VA-WL98] (noting that several Caremark cases have survived dismissal in the past few years).
  243. .In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 972 (Del. Ch. 1996).
  244. .See, e.g., In re Clovis Oncology, Inc. Derivative Litig., C.A. No. 2017-0222, 2019 WL 4850188 (Del. Ch. Oct. 1, 2019) (denying the motion to dismiss); Marchand v. Barnhill, 212 A.3d 805, 808 (Del. 2019) (same); In re Boeing Co. Derivative Litig., C.A. No. 2019-0907, 2021 WL 4059934 (Del. Ch. Sept. 7, 2021) (denying the motion to dismiss the Caremark claims against the director defendants with one exception).
  245. .James C. Helmkamp, Kitty J. Townsend & Jenny A. Sundra, U.S. Dep’t of Just., Nat’l White Collar Crime Ctr., NCJ 167026, How Much Does White Collar Crime Cost? 11 (2001), https://‌‌/pdffiles1‌/Photocopy‌/167026NCJRS.pdf [https://‌‌/3ANZ-8TAV].
  246. .See supra note 3.
  247. .See supra note 8 and accompanying text.
  248. .See supra note 95 and accompanying text.
  249. .Leniency Program, U.S. Dep’t of Just., https://‌‌/atr‌/leniency-program [https://‌‌/GPW7-BPNJ] (Feb. 20, 2020).
  250. .Dyck, supra note 113, at 2233.
  251. .Diane Del Guercio, Elizabeth R. Odders-White & Mark J. Ready, The Deterrent Effect of the Securities and Exchange Commission’s Enforcement Intensity on Illegal Insider Trading: Evidence from Run-up Before News Events, 60 J.L. & Econ. 269, 269–73 (2017).