What you'll learn on this podcast episode
“Thirty years of innovation and influence” is the subtitle of the recent report issued by the United States Sentencing Commission. But what does that really mean in the context of the organizational sentencing guidelines? In this episode of LRN’s Principled Podcast, Eric Morehead, LRN Director of Advisory Services Solutions, is joined by one of the report’s authors: Kathleen Grilli, the General Counsel for the US Sentencing Commission. Listen in as the two discuss how the commission impacts business leaders and the creation of compliance programs.
Read LRN’s takeaways from the report here.
Where to stream
Be sure to subscribe to the Principled Podcast wherever you get your podcasts.
Guest: Kathleen Grilli
Kathleen Cooper Grilli is the General Counsel for the United States Sentencing Commission, having been appointed to the position on October 7, 2013. Ms. Grilli has been on the staff of the Commission since 2003, serving as an assistant general counsel from 2003-2007 and deputy general counsel from 2007-2013. As the General Counsel, Ms. Grill provides legal advice to the Commissioners on sentencing issues and other matters relating to the operation of the Commission. Ms. Grilli is the agency’s Ethics Officer and has conducted training on white-collar crime and organizational guidelines at numerous training events.
Prior to working for the Sentencing Commission, Ms. Grilli was with the Office of Staff Counsel for the Fourth Circuit Court of Appeals. Before relocating to Virginia, Ms. Grilli was a partner in a small firm in Fort Lauderdale, Florida, handling civil and criminal litigation. Her previous work experience includes serving as an Assistant Federal Public Defender in the Southern District of Florida and as an associate at Akerman, Senterfitt, and Edison, handling commercial litigation. Ms. Grilli is a member of the Bars of Florida and Virginia. She received a Bachelor of Arts in International Relations, with honors, from Florida International University. She graduated cum laude from the University of Miami School of Law.
Host: Eric Morehead
Eric Morehead is a member of LRN’s Advisory Services team and has over 20 years of experience working with organizations seeking to address compliance issues and build effective compliance and ethics programs. Eric conducts program assessments and examines specific compliance risks, he drafts compliance policies and codes of conduct, works with organizations to build and improve their compliance processes and tools, and provides live training for Boards of Directors, executives, managers, and employees.
Eric ran his own consultancy for six years where he advised clients on compliance program enhancements and assisted in creating effective compliance solutions. Eric was formally the Head of Advisory Services for NYSE Governance Services, a leading compliance training organization, where he was responsible for all aspects of NYSE Governance Services’ compliance consulting arm.
Prior to joining NYSE, Eric was an Assistant General Counsel of the United States Sentencing Commission in Washington, DC. Eric served as the chair of the policy team that amended the Organizational Sentencing Guidelines in 2010. Eric also spent nearly a decade as a litigation attorney in Houston, Texas where he focused on white-collar and regulatory cases and represented clients at trial and before various agencies including SEC, OSHA, and CFTC.
Principled Podcast Transcription
Intro: Welcome to the Principled Podcast, brought to you by LRN. The Principled Podcast brings together the collective wisdom on ethics, business and compliance, transformative stories of leadership, and inspiring workplace culture. Listen in to discover valuable strategies from our community of business leaders and workplace change makers.
Eric Morehead: 30 Years of Innovation and Influence is the subtitle of the recent report issued by the United States Sentencing Commission, but what does that really mean in the context of the organizational sentencing guidelines?
Hello, and welcome to another episode of LRN's Principled Podcast. I'm your host today, Eric Morehead, Director of Advisory Service Solutions at LRN. Today, Kathleen Grilli, the General Counsel of the United States Sentencing Commission is joining us. She's one of the authors of this recent report, and we're going to be talking about how the commission impacts business leaders and the creation of compliance programs across the world. Kathleen is a real expert in this space and is a guest of ours last season where we talked about the seven hallmarks of an effective ethics and compliance program enshrined in the US Sentencing Commission's federal sentencing guidelines. Kathleen Grilli, thanks for joining us again on the Principled Podcast.
Kathleen Grilli: Well, thanks for inviting me, Eric. I appreciate it.
Eric Morehead: The commission just released this new report, The Organizational Sentencing Guidelines: 30 Years of Innovation and Influence. Even after more than 30 years, there are still, I think, at least from my perspective, many people who, when they start their career in compliance, are confused a little bit about why the Sentencing Commission is involved in corporate compliance. Can you talk just a little bit about how the US Sentencing Commission came to assume the role it has regarding compliance standards?
Kathleen Grilli: Sure. You say that people in compliance are confused about it, but the truth is, even in the criminal justice arena where the commission operates... Our guidelines are used in federal courts for sentencing organizations and offenders. Even in that arena, there's not really widespread knowledge about Chapter 8 and the hallmarks for an effective compliance and ethics program. That's because there aren't a lot of organizational cases sentenced every year.
But the reason the commission got into the business of corporate compliance has to do with its statutory mission. The commission was created in 1984 through a bipartisan piece of legislation called the Sentencing Reform Act, and that act did a couple of things as it related to sentencing of organizations. It provided that organizations could be sentenced to a term of probation, sentenced by way of a fine, and it required that at least one of those be imposed. This was something new.
It also subjected organizations to orders of criminal forfeiture, meaning the proceeds of the criminal activity could be taken from them, order of notice to victims, and orders of restitution. That act also created the commission, which is a bipartisan agency and tasked the commission with developing guidelines for use in criminal cases for sentencing. It told us what the purposes of sentencing are, which is just punishment, deterrence, protection of the public, and rehabilitation of the offender. The commission had to decide what to do for sentencing of an organization. Obviously, you cannot put an organization in prison. Unlike individual offenders where sentencing ranges in terms of incarceration are something of the norm, you had to figure out what to do to sentence organizations.
With an organization, as we know, the bottom line is they're in business to make money. In developing the organizational guidelines, the commission came up with its notion that it should use fines to incentivize self-policing. It would punish organizations who were not self-policing or not trying to prevent a crime or commit the offense with certain aggravating factors more severely than those who were trying to prevent and detect crime. That's how we got into the business of corporate compliance.
Eric Morehead: Yeah. And it is interesting that the original writ was from the statute that you examine this. Can you talk a little bit about how the commission got specifically to those hallmarks, those programmatic pieces that we talked about a little bit on our last podcast a while ago? What was the process for the commission to get to those standards, those specific compliance pieces of the puzzle, if you will?
Kathleen Grilli: The commission started its work in 1986 on organizational guidelines with a public hearing at which it received testimony from a variety of witnesses across various different wakes of the world: academics, people in business, government agencies, and the like. Over about a five-year period, because as I said, the Commission started its business in 1986 and didn't actually promulgate the organizational guidelines until 1991. During that period of time, there were numerous public hearings attended by a wide range of witnesses from different areas of the law, academics, government agencies, business owners, representatives of just different industries, and the like. The Commission had these hearings, they heard testimony, the Commission went back and developed drafts with proposals for how organizations would be sentenced. They published those drafts. The process of publishing is really a solicitation for public comment, so they got public comment on the drafts. This went on for a good period of time.
In the meantime, the Commission was doing research. We had academics writing proposals and giving us ideas on how to implement the purposes of sentencing, which again, as I said, were just punishment, deterrents, protection of the public, and rehabilitation. Eventually, it came back to how does an organization get in trouble to begin with? An organization doesn't act alone. We have this theory in the law called vicarious liability where an organization is held responsible for the acts of its agents, meaning its employees. If the employees are the bad actors, everyone finally came to the conclusion that the best way to incentivize or prevent corporate crime was for the organization itself to self-police and to direct its employees and talk about what is and is not appropriate. That's how we ended up with compliance standards.
At the time that they started all this work, compliance and ethics was not widely accepted in the industry. There was a little bit of compliance in the context of antitrust and then there was, in the defense industry, there was an initiative relating to that. Those ideas got floated before the commission and it generated a lot of interest. That's how they started developing the standards.
Again, the standards were included in proposed guidelines that were published and they got public comment and not long before the actual vote where they adopted these guidelines. Even folks who were skeptical about whether this was going to work or not thought that the Commission had gotten the hallmarks of a compliance program right. They thought that they made sense and that they gave sufficient guidance to folks on what would and would not work.
Eric Morehead: That's a really important point too, and I often will say this when I'm talking to people and I talk about my background. Full disclosure, I'm a former employee of the US Sentencing Commission, so I have a strong belief in the mission of the organization. But oftentimes, I will say, "Well, they were first," and part of being first is you've tried different things and maybe you don't know exactly what's going to work and what is going to be successful. But I think over time, and this report really homes in on that, this notion that the direction that the Commission took from '86 to '91 really has paid off a lot of benefits.
One of the conclusions, one of the key conclusions from the report is that perhaps one of the biggest wins for the organization over the years is the widespread of adoption of the guidance and, in particular, the standards for what makes an effective compliance program.
I have a two-parter here. Do you think the Commission recognized in '91 how important that might be? And does the Commission today understand the overall importance of the organizational guidelines, and in particular, 8B2.1, those compliance hallmarks? Did they understand it then and what's the understanding of the Commission now of the relative importance of these?
Kathleen Grilli: Well, let me just back up a minute and just say that the commissioners who promulgated the organizational guidelines in 1991 no longer serve on the Commission. Commissioners have term limits. It's a different group then. It was a different group in 2004 that made the changes that brought ethics into the standards for compliance and ethics programs. As we were talking about before we started this podcast, we have a brand new group of seven new commissioners recently nominated by the President and confirmed by the Senate. You have different folks working on it. I can say that in the process of doing the research for this publication and others that I've worked on in this area, the Commission I don't think ever expected what we see today 30 years later. This widespread influence not only in terms of its use in the criminal justice arena, but how it has impacted other agencies.
And we'll talk about that and the global reach. The Commission itself said, "This is an experiment." They had hopes that it would lead to better actors in the corporate world, but those were hopes and there was a lot of skepticism from the business community when this process was ongoing about whether this was going to work or not. I think we're always blown away when we realize the impact of it, and I say that from a personal point of view, too. Because when I came to the Commission and I've been on the staff for some time, I was not aware of Chapter 8. I had never represented in court an organization, but only individuals.
And the first time I went to a compliance and ethics program where I saw and understood how well received and well regarded and what an impact we had had outside of the criminal justice arena, it sort of blew my mind that I know Judge Murphy and her Commission in 2004 or just before 2004, when they adopted the changes, they learned about it too when they came on board and it sort of blew them away. And I don't know with my current new bosses how well informed they are about this. This is really one of the reasons why, before they came on board, the staff and the then Commission, the one member, Judge Brier wanted to put this report out, memorializing the 30-year anniversary of the organizational guidelines. We're very excited about it, I have to say.
Eric Morehead: No, it is an amazingly effective rubric that the Commission put together and that the Commission is taken a measured approach from my opinion, both in 2004. And then I had an up-close look in 2010 when I was on staff through that process. I think that its impact is pretty incredible 30 years later, looking back.
One of the other things that's incredible... And I talk about new things when you come to the Commission. I had never really paid much attention to sentencing data until I joined the Commission in 2007. And the majority of the actual pages of this report have a lot of really interesting data about the organizations that have been sentenced over 30 years. Some key takeaways include trends that many of us, for those of us who are sentencing nerds, have seen over the years about the impact on small organizations, for example, versus larger organizations, making up the vast majority of defendants in that data set.
To me, a lot of looking for what makes... Because compliance professionals that are listening to this podcast and that are not necessarily interested in sentencing per se, but interested in the sentencing guidelines because of compliance, they're looking for what makes a successful compliance program from sentencing data. To me, a lot of it is what you don't see. It's sort of like looking for... I liken it to looking for a black hole when you're an astronomer. You can kind of tell the telltale characteristics of a black hole existing because of how it affects everything else. And we don't really see organizations that have successful programs in this data. There were just 12 organizations out of those 5,000 or so in 30 years.
Kathleen Grilli: 11.
Eric Morehead: 11. See? I even increased the number. It's just 11 organization out of 5,000 or so, 4,900 and some change, that have ever been deemed to have a successful program. What are some other striking things that you and the team noticed looking over this data and these trends for 30 years?
Kathleen Grilli: Let me just first say what this data is and what it is not so that listeners can understand why they may not find what they're looking for as to what makes a successful compliance program from the data. This data is for organizations, whether it be a corporation, a closely held corporation, partnership, whatever, but organizations that a federal prosecutor has decided to charge and gets convicted of a federal crime. It doesn't include organizations that the prosecutors decide, "Oh, we're going to enter into a deferred prosecution agreement or a non-prosecution agreement." It doesn't include organizations where a regulatory agency has seen that they violated some of the regulations, but they've decided not to proceed against them criminally but to pursue civil adjudications.
I mean, in some ways, this data is about the folks that prosecutors decided were the worst of the worst organizations. You don't see what makes a successful compliance program in this data, but I like to say what we do see is that some of the things that the Department of Justice says to you about what they're looking for in deciding whether to prosecute an organization or not might find support in this data. We concluded that the lack of an effective compliance and ethics program might be a contributing factor to criminal prosecutions against organizations. And what specifically led us to that?
Well, in the 30 years that we've been collecting data, overwhelming majority of the organizational offenders in our data set didn't have any program at all, much less an effective program. 89.6%, as you said, as you mentioned and asked me the question, there were only 11 sentences in fiscal year 1992 that got a culpability score reduction for having an effective compliance and ethics program. And I want to stop on those 11 because we went back. Everybody's always interested in what happens with those organizations or why was their program effective? And we were not able to suss a lot of information from the documentation to sort of tell people what it was. There wasn't a lot of descriptive information in the documents we received that would answer that question, but there's only 11 of them. And most of those 11 were very small organizations. It means they didn't have to have a very complex type of program.
More than half, 58.3%, of organizational offenders sentenced under the fine guidelines got a culpability score increase for involvement in or tolerance of criminal activity by upper management would suggest to you. If the management or the substantial authority personnel are in on it, they may well end up sentenced before a federal court. I think that's an important point, too. And very few of these organizations, we'd only saw 1.5% overall that did the three things that get you the maximum reduction off your culpability score, which is self-report, cooperate, and accept responsibility. There were very few organizations, even though there were many that pleaded guilty and accepted responsibility, that actually self-reported. That's important because you hear the Department of Justice talk about why that matters. And this data sort of offers support for the fact that it does.
And then the other thing we saw is that courts are now ordering organizations to implement effective programs in about 20%, one-fifth of the cases that come before them when they impose probation. This was the kind of data that we thought would help fuel the discussion or the debate on the importance of having an effective compliance and ethics program. The other thing you should note about our data, I think it's important too, is that a good percentage of the organizations that have been sentenced over the last 30 years are smaller organizations. It's not large publicly-traded Fortune 500 companies. It's smaller, less number of employees. I think that matters too.
Eric Morehead: That's a trend that I think we've noted in the data, because the size of organizations, the number of employees has been a data point that the commission has released over the years on an annual basis. And by the way, as it's worth mentioning for people who are interested, there'll be a link in the show notes here for this particular report we're talking about. But the Commission puts out data all the time. And at least on an annual basis, there's the Sentencing Commission's Sourcebook on sentencing, which has discussion on organizational cases and includes some of this data. You don't have to wait 30 years to see the trends again. You can keep up with it at the Sentencing Commission website.
Yeah. The small organizations... I think a big surprise to people who have first heard about this because we see the headlines all the time about the Enrons and, I'm going to date myself here, World Comps and Volkswagen and some of the other organizations. Some of those aren't actually even criminal sentences, as you point out. Those are deferred prosecution agreements or civil settlements of some sort, but those are the companies that make the headlines. It's the little guys, small and medium-sized organizations, that take these big hits more frequently than the larger organizations. That, I think, is surprising to people who aren't familiar with the data, but that's a consistent trend throughout the entirety of the enforcement, at least throughout the 30 years that the Commission's been keeping track.
Kathleen Grilli: Yeah. It may change now, given what the Department of Justice said last week.
Eric Morehead: Yeah. You never know. Yeah never know. We'll have to pay attention and then look at the Sourcebook next year and see what the differences are. The other impact beyond our friends at the Department of Justice and the courts throughout the United States is the impact that the Commission and the organizational sentencing guidelines and these standards have had on other enforcement agencies besides the criminal enforcement and also internationally, which I think is very interesting.
Can you talk a little bit... And that's documented in chapter three of this report. The first chapter is talking a little bit about the history. The second chapter is the data that we were just discussing. And then chapter three talks about how the USSC has encouraged other enforcement agencies and regulators to focus on good governance and compliance. Can you discuss a little bit about what the team found when you researched that?
Kathleen Grilli: Yeah. I think that using the word that the USSC has encouraged suggests that there's some sort of active work going on by the Commission. Let me just say that I don't think that is a fair statement. The Commission did its work and let its work speak for itself, and it has sort of spread throughout regulatory agencies and/or the globe just because it makes sense, I think. Anyway, that's my personal opinion. But I made reference to the Department of Justice, and so I'll start with a Department of Justice if I could.
The Attorney General, where it's his designee is an ex-officio member of the Commission, a non-voting member. Obviously, the Attorney General Department of Justice were actively involved in the development of the chapter eight itself and then the subsequent amendments in 2004 and 2010. But you see the impact of the guidelines in their evaluation of corporate compliance programs and all of the information that they release and discuss on how they focus on compliance in deciding how to prosecute an organization.
Just last week, the Deputy Attorney General, Lisa Monaco, talked about changes that they're going to make. There was sort of an oblique reference to our data, which is that there's been a drop in corporate prosecutions that we see in the data. I think there were less than a hundred last year, and they talked about sort of reversing that trend and looking at that, that the department thinks this is important. And they've placed a lot of importance recently on compliance programs because she said companies need to actively review their compliance program to ensure that they adequately monitor for and remediate misconduct or it's going to cost them down the line.
Kenneth Polite, who is the... I think it's Assistant Attorney General of the Criminal Division. He's a former chief compliance officer and they've made a lot of emphasis in the department on active review of programs and true independence for the chief compliance officer. That's the Department of Justice who obviously are actively involved in using the guidelines in federal courthouses, but then you have other regulatory agencies.
I'm going to run through them real quick and just say the SEC, HHS, EPA, FERC, which is Federal Energy Regulatory Commission, and the FAR all have requirements built into them about compliance programs. And most of them say that they're looking to the guidance on the guidelines. Some of them adopted them full scale, some of them may have modified them a little bit. And all of that came after chapter eight in 1991. All of those agencies look to the guidelines.
And then we see that if you look internationally at what's happening around the world in terms of anti-corruption, anti-bribery, and all the like, that elements of the hallmarks for an effective compliance and ethics program found in the guidelines are making their way into legislation, into programs, into initiatives that foreign governments are releasing. And I can't even keep track of it, truthfully, but it seems to be coming up more and more and more.
When the Commission promulgating the guidelines in 1991, they described them as an experiment. We wanted in this publication to sort of show, did the experiment bear fruit? And I think all of that suggests that it did. These changes and everything that goes back to those original seven steps laid out in the guidelines and elevated in 2004 to give them a little more prominence. It really is very, very exciting. I feel bad. I sound sort of like I'm patting myself on the back, and so I want to make it really clear to the listeners. I was not on this staff in 1991. I wasn't working on this. I did not have anything to do with the 2004 amendments. I came into it after the fact, but it's just really exciting to see it and to see the impact and how well regarded the Commission's work is.
Eric Morehead: No, I think that's right. I think the report really sums up what I think a lot of us have felt. Again, I'm probably biased, but a lot of us have felt this way for a while, that the standards, really, have set the bar and provided kind of a North Star for compliance programs for that whole generation, that whole 30 years. And it's made a difference in millions of people's daily lives in their working lives, because it affects how their company operates for the good or for the bad. And that really makes all the difference to us. I think you guys can successfully pat yourselves on the back a little bit.
Well, last thing, again, knowing that we're talking to a lot of compliance officers who hopefully have, if they're new, have a little bit more appreciation as to why the US Sentencing Commission is involved in their lives, are there other takeaways from the research and work that the team put into this report that you think are particular importance for compliance professionals or things they should be aware of?
Kathleen Grilli: Well, one of the things that I hear when I intend conferences and one of the things that I think folks [inaudible 00:26:26] is the fact that there's not enough investment in compliance. The bottom line in business is money and making money, and you can't necessarily provide metrics that show how your work is going to add to the bottom line. Then it's hard to make the case. Now, I know these days, in recent years, folks have come up with ways to measure how compliance and ethics does contribute to the bottom line, and I really believe it does. But this data can offer you the picture of what happens if you don't.
Eric Morehead: Yeah.
Kathleen Grilli: Because since 1992, courts have imposed nearly $33 billion in fines on organizational offenders. The average fine was over $9 million. Although the median was a little lower, it was only $100,000. But for a small mom and pop organization, a hundred grand is a lot of money. And the other thing is that courts will sentence organizations to probation. Over two thirds of the organizational offenders in the last 30 years have been placed on probation with an average term of 39 months, where you're going to have to be reporting to a probation officer and complying with all these requirements. And that's time consuming and costly, too, when you think about it. There's a little bit there that can answer the mail in terms of why am I going to invest in compliance and ethics.
Eric Morehead: I'm a big believer in making the positive business case, but you also need to make the "everybody's going to go to jail" case too.
Kathleen Grilli: Well, especially in light of the recent guidance that the Department of Justice, I mean, where they're going to be looking at individuals and they're going to be requiring organizations to give up all individuals who might be involved, I think that's something that folks should keep in mind as well. It's important because it's not just going to be the company, it's going to be the employees too.
Eric Morehead: Yeah. And again, that's important data. That's in chapter two of this report, that over 50% of the time over the period, you've got at least one living, breathing human being who's also faced charges consistent with the charges that the organizations faced. It includes actual human beings in this process, not just the organization.
Kathleen Grilli: I think we're only going to see an increase if the department's guidance holds true that those numbers may go up.
Eric Morehead: Yeah. We'll have to check. We'll check in next year after the Sourcebook comes out and see if the trend has moved. Kathleen Grilli, it's been a tremendous honor again to have you on our podcast and really appreciate you taking the time.
Kathleen Grilli: Oh, it's an honor for me to be here. Thank you so much for inviting me.
Eric Morehead: No problem. My name is Eric Morehead and I want to thank all of you for tuning in once again to the Principled Podcast by LRN.
Outro: We hope you enjoyed this episode. The Principled Podcast is brought to you by LRN. At LRN, our mission is to inspire principled performance in global organizations by helping them foster winning ethical cultures rooted in sustainable values. Please visit us lrn.com To learn more. And if you enjoyed this episode, subscribe to our podcast on Apple Podcasts, Stitcher, Google Podcasts, or wherever you listen, and don't forget to leave us a review.
Be sure to subscribe to the Principled Podcast wherever you get your podcasts.