Introduction
In ordinary society, norms that dictate how people should treat each other are enforced by religious belief, shame, or the ego. Laws generally, and the structure of government specifically, are ideal when they reinforce those norms. The genius of the United States Constitution lies in part with the Founding Founders’ recognition that government must be structured to work in conjunction with human nature and societal norms and by encouraging active monitoring of government by government.[2]
When government engages in commerce, these principles of checks and balances are even more crucial, as societal norms have always proven too weak to discourage corruption, fraud, and greed at the expense of the taxpayer. Thus, citizens and the corporations they comprise face a multitude of statutory and regulatory provisions dictating the ethics of how they conduct business, particularly where their business intersects with the government. Justice Scalia noted in United States v. Sun-Diamond Growers of California[3] that the federal anti-bribery statute[4] alone was “merely one strand of an intricate web of regulations, both administrative and criminal, governing the acceptance of gifts and other self-enriching actions by public officials.”
The ethical obligations are most demanding in fields where there is the least amount of self-interested policing of business by a counterpart. Corporations that perform government contracts are not paired with a party equally motivated by profit. Instead, some of their counterpart officials might be as motivated by politics, publicity, personal greed, or power as they are about saving funds. Consequently, contractors are subject to substantial regulation to ensure integrity in their government business relationships.
Historically, the theory has been that since only a fraction of bad actors are caught, if the penalties for the act are made extraordinarily severe (e.g., prison, treble damages and penalties, debarment), the deterrence factor might at least minimize the societal loss caused by undiscovered misconduct. Yet active oversight of the vast regulatory scheme is expensive and government resources are limited, corruption is inevitable (some years seemingly more so than others), and aggressive enforcement is cyclical. Moreover, government procurement is a big business globally.[5] In the US, voluntary disclosure programs were developed, by statute and regulation, to permit those regulated by government the opportunity to reduce the risk of the worst penalties in return for saving the government resources. Yet despite a wide array of voluntary disclosure programs available to the regulated, the tide continues to flow toward greater oversight and enforcement.
Prior to the formal adoption of affirmative disclosure programs (voluntary and mandatory), corporate boards only faced an indirect duty to report the findings of internal investigations.[6] In more recent times, the opportunity to avoid the worst of the severe penalties largely were codified in rules that encourage, but did not mandate, that a corporation or individual come forward without compulsion and disclose their own misconduct.[7] Particularly in federal contracting, we are now in a period of criminalizing (or nearly criminalizing) the failure to self-report. We have moved from a system that encourages voluntary disclosure to one that punishes not only for the original misconduct, but also for the knowing election not to self-report.[8] Disclosure requirements today are much more explicit, both in the specific obligations they impose on corporations to make disclosure and the consequences they provide for nondisclosure.
The purpose of this article is to assist counsel for corporations in choosing the best course of action when allegations of wrongdoing surface during corporate operations under the current regime. We first introduce the most widely applicable formal program for providing credit for good corporate conduct, including voluntary disclosure—the United States Sentencing Guidelines. Next, we discuss the Department of Justice’s (DOJ) own general standards for corporate criminal prosecution, which are intended to parallel the United States Sentencing Guidelines’ encouragement of voluntary behavior, including by means of specific guidance on privilege waiver concerns as well as individualized voluntary disclosure programs with DOJ. We then introduce a sample of other disclosure programs administered by an array of federal regulators, which vary based upon the conduct being regulated and the authority of the regulator. Finally, we discuss the various disclosure obligations imposed on federal government contractors, which is the group facing the most sophisticated and formal disclosure regime—one that today punishes not only the original bad act, but also deems that the party who knew of it and did not “tattle” is a bad actor worthy of punishment. The collection of disclosure programs discussed in this article is not an exhaustive list of every government related disclosure obligation. Not only is the line between general representations of compliance and self-disclosure of mistakes somewhat murky, but also the area constantly expands, with an obvious trend towards complete transparency.
For the compliance officer, as well as boards and senior management, the move toward mandatory disclosure is unavoidable. In the current environment, businesses must recognize and accept that the principles that apply to regulated entities, and particularly those with government relationships mirroring the commercial marketplace, are changed. The compliance officer is now charged not merely with creating and implementing an effective program to prevent and detect misconduct and reacting to daily fires, but instead, creating a new corporate culture of ethics and social responsibility. Not because it is right—we have moved beyond mere morality—but because it is mandatory.
Although this article was originally written in 2010, little has changed in the overall landscape of the disclosure laws discussed herein. However, the government continues to aggressively combat fraud and wrongdoing. DOJ reported that in the fiscal year ending September 30, 2020, the United States obtained $2.2 billion in settlements and judgments from civil cases involving false or fraudulent claims against the government, bringing the 10-year total between 2011 and 2020 to $37.3 billion—more than half the $64 billion worth of recoveries since the inception of the modern False Claims Act in 1986.[9] While much of this recovery is attributed to whistleblower lawsuits, whether that increase is also due in part to voluntary disclosures—or perhaps more likely, to the changes in the mandatory disclosure laws in the FAR and False Claims Act—is unknown, but one can certainly surmise. DOJ does not report the number of voluntary or mandatory disclosures it receives. However, DOJ has indicated that self-disclosure is an area of specific focus. For example, in addition to the sheer volume of false-claim recoveries that the DOJ has obtained over the preceding decade, DOJ announced the creation of a Procurement Collusion Strike Force in 2019, designed to detect, investigation, and prosecute fraud schemes “which undermine competition in government procurement, grant, and program funding.”[10] In both 2019 and 2020, procurement fraud cases comprised the second largest category of recoveries from civil cases involving false or fraudulent claims against the government.[11] Significantly, compliance officers should note that of the dozen most significant procurement fraud cases highlighted by DOJ in its annual 2019 and 2020 press releases, only one involved a company that had made a voluntary disclosure to the US government.[12]
The Sentencing Guidelines
The U.S. Sentencing Guidelines for organizations (the Sentencing Guidelines) were created by the United States Sentencing Commission under the 1984 Sentencing Reform Act.[13] The purpose of the Sentencing Guidelines, in part, was to establish guidelines for the federal courts to determine the sentences to be imposed in a criminal case.[14] The first set of Sentencing Guidelines, published as Chapter 8 of the Sentencing Guidelines Manual, became effective in November 1991.[15]
The original Sentencing Guidelines provided for a combination of fines, remedial orders, community service, and orders of notice to victims as punishment for corporate wrongdoing.[16] With respect to fines, the Sentencing Guidelines provided for their adjustment based on the corporation’s culpability score.[17] For example, a corporation’s fine could be adjusted downward where the corporation had a robust program to prevent and detect violations of the law, reported the offense to appropriate governmental authorities, cooperated in the investigation of the instant offense, and accepted responsibility.[18] These mitigation factors, which could result in significantly different fine assessments for the same underlying offense, provided corporations with a strong incentive to begin adopting formal compliance plans.[19]
In 2004, the Sentencing Guidelines took compliance and oversight a step further by formally adding an effective compliance and ethics program that set forth what an organization must do, and how a compliance and ethics program must be structured, for an organization to take advantage of a reduction in fines. With regard to disclosure, the Sentencing Guidelines provided that “[a]fter criminal conduct has been detected, the organization shall take reasonable steps to respond appropriately to the criminal conduct and to prevent further similar criminal conduct, including making any necessary modifications to the organization’s compliance and ethics program.”[20] An obvious question, however, was what a corporation was required to do once it “detected” improper activities (i.e., how was it required to respond? Most importantly, was the organization required to disclose its evidence to the government?)
The Sentencing Guidelines remained relatively silent on this issue until 2010, when they were amended to provide additional guidance to organizations.[21] Specifically, with the addition of the November 1, 2010, amendments, the Sentencing Guidelines now provide that organizations should respond to criminal conduct by “tak[ing] reasonable steps, as warranted under the circumstances, to remedy the harm resulting from the criminal conduct”.[22] Such reasonable steps may include, where appropriate, “providing restitution to identifiable victims, as well as other forms of remediation” and/or “self-reporting and cooperation with authorities.”[23] While this amendment further encouraged disclosure of wrongdoing, it did not make disclosure mandatory, nor did it specify exactly what information needs to be disclosed.[24]
Nevertheless, the Sentencing Guidelines underwent a further revision in 2018, which again provided guidance to organizations by directly addressing the need for companies to have an effective compliance and ethics program capable of identifying potential misconduct. Although these amendments again did not make disclosure of misconduct mandatory, the revised Sentencing Guidelines did note that in order to receive credit which could reduce a corporation’s culpability score, organizations must first have “establish[ed] standards and procedures to prevent and detect criminal conduct.”