Criminal compliance – Les risques d’un droit pénal du risque

In a first part this article provides a brief comparative overview of ?criminal compliance? and its desired effects with regard to the prevention of economic crime. By ?criminal compliance? I understand a policy of adopting penal law provisions that incentivize companies to establish and maintain compliance programs. Two approaches are distinguished in this respect. The first consists of offering a reduction of a criminal sanction, if a company can demonstrate that it has an effective compliance system in place. This is the solution that is implemented in the US American legal context through the US Federal Sentencing Guidelines. The US system, however, can only be analyzed against the backdrop of a respondeat superior standard of corporate criminal law and the comparatively wide leeway given to prosecutors in regard of concluding cases through non- and deferred prosecution agreements. The second approach is to establish a due diligence standard that takes into account the existence of a compliance program when determining the criminal liability of a corporate entity. Due diligence approaches already exist in various legal orders. We can also observe an increasing popularity of due diligence in policy debates about the best path for corporate criminal liability. The objective of both approaches to criminal compliance is to improve the effectiveness and efficiency of criminal law enforcement. Through criminal compliance the state essentially aims at leveraging a company?s own interest in managing legal risks. The idea is that by providing the correct incentives, a company?s risk management function would eventually generate prophylactic effects in the public interest. In the second part of this article, I put forward that there is hardly any empirical evidence that criminal compliance achieves its objectives. I further argue that criminal compliance merely produces limited and sometimes even counterproductive effects. The basis for my argument is that the effectiveness of corporate compliance with regard to crime prevention and detection is difficult to manage and measure, while it is relatively easy to display an effective program. Empirical research has shown that compliance programs can influence positively the behavior of people working for a company, but only under the condition that formal compliance measures are supported by a company?s informal routines and practices, and an ethical climate that emphasizes the importance of preventing violations of the law. Therefore, companies should ideally place the focus of their compliance efforts on the company?s ethical climate and informal systems that affect human behavior. Effective compliance management implies that a company can revisit the implicit organizational values and managerial routines that may gave rise to misconduct. Criminal compliance, however, does not encourage such behavior. It rather incentivizes companies to adopt formal measures that can easily be checked by a judge or a prosecutor. Justice authorities hardly have the means to distinguish between effective compliance programs and those that appear to be effective. Therefore, a compliance manager will tend to focus on establishing and maintaining displayable measures (such as adopting an ethics code, maintaining a whistle-blowing system, hiring a compliance officer, providing training and so on) rather than taking measures that are difficult to demonstrate but tend to be more effective (such as changing an ethical climate or influencing routines and informal practices). In some cases criminal compliance could prove to be counterproductive, in particular when companies, despite the outward display of an effective compliance management, manage legal risk strategically, implicitly tolerating or even enabling violations of the law. Strategic compliance schemes become more likely the more justice authorities depend on a company?s cooperation to prosecute economic crime, since a company can factor in such reliance into its legal risk assessment. Yet, even compliance managers that implement a compliance program non-strategically may not succeed in ensuring its integration into the company?s culture, especially if they do not receive adequate support from the company?s leadership and the necessary attention from the company?s employees.