Scholars propose increased accountability for external corporate compliance advisors.
Amid increased societal demands and regulatory burdens, corporations have invested billions of dollars into compliance programs, often relying on outside compliance advisors to perform essential tasks.
In a recent article, Asaf Eckstein, a professor of law at Hebrew University, and Roy Shapira, a professor of law at Reichman University, argue that external compliance advisors are rarely held accountable for compliance failures despite playing an “outsized role” in corporate compliance programs, thus creating an “accountability gap.” Eckstein and Shapira contend that these “compliance gatekeepers” avoid accountability due to litigation constraints and conflicts of interest and propose changes to legal doctrine and regulatory policy to address this accountability gap and improve corporate compliance.
Eckstein and Shapira note that external compliance gatekeepers play an essential role in corporate compliance programs. Rather than internal actors such as CEOs, general counsels, and chief compliance officers, they explain, outside consultants from law or accounting firms tend to perform regulatory compliance functions, such as designing reporting systems and conducting internal investigations. Consequently, Eckstein and Shapira argue that stakeholders rely on compliance gatekeepers to “serve as a bulwark against corporate wrongdoing.”
Eckstein and Shapira contend that corporate managers and shareholders expect compliance gatekeepers to reduce the legal and reputational consequences of compliance failures. Companies also hope that bringing in outside experts will signal to employees and regulators that they are committed to compliance efforts, Eckstein and Shapira explain. In addition, they note that regulators encourage companies to hire outside experts to conduct internal compliance investigations, and compliance gatekeepers themselves promise to reduce risks associated with compliance failures.
But Eckstein and Shapira argue that outside compliance advisors are rarely held accountable for compliance failures despite their significant influence on corporate regulation. Using examples from prominent corporate scandals, they contend that when compliance gatekeepers fail to detect or investigate compliance problems, they escape accountability while insiders take the blame—even in the most egregious cases.
Eckstein and Shapira offer two explanations for this lack of accountability for compliance gatekeepers. First, they describe disincentives and legal doctrinal hurdles that limit litigation against outside compliance advisors. Corporate insiders rarely litigate against compliance gatekeepers, they argue, because the two groups work closely together, causing a sense of “chumminess” that discourages finger-pointing. In addition, the closeness of these relationships creates the threat of “mutual assured destruction” if gatekeepers decide to strike back and “expose the insiders’ failings,” Eckstein and Shapira contend.
Others who might attempt to sue compliance gatekeepers must overcome the difficult burden of showing that the gatekeepers knowingly violated their duties, Eckstein and Shapira note. In addition, they explain, the in pari delicto doctrine bars a company’s shareholders from pursuing derivative actions against outside compliance advisors when the company breaks the law, effectively immunizing compliance gatekeepers from litigation even when they share in the blame for illegal conduct.
Second, Eckstein and Shapira contend that information gaps and “perverse incentives” limit non-legal sanctions against compliance gatekeepers. Although gatekeepers are theoretically motivated to perform their compliance duties well to protect their reputations and secure future business opportunities, this assumption has not been empirically examined, they argue. Eckstein and Shapira explain that companies also lack relevant data that would help them “distinguish between high-quality gatekeepers and low-quality gatekeepers,” meaning that reputational consequences may be insufficient to penalize ineffective compliance gatekeepers.
In fact, Eckstein and Shapira argue, compliance gatekeepers exist in “two-sided reputation markets” in which they seek to appear diligent to the public yet lenient to corporate managers. Eckstein and Shapira note that compliance gatekeepers and their corporate clients have an interest in “keeping up appearances” of rigor without actually stopping companies “from making profits by skirting regulations in real time.” This conflict of interests creates an “endless loop of plausible deniability” that protects gatekeepers in the wake of compliance failures, they explain.
Eckstein and Shapira propose several reforms to address the gap between compliance gatekeepers’ outsized role and their lack of accountability.
Eckstein and Shapira first suggest that courts “revive the threat of litigation against compliance gatekeepers” by making legal doctrinal changes that would ease the pleading hurdles that currently prevent claims against gatekeepers from reaching discovery. They argue that these changes, including interpreting “shareholders’ right to inspect their company’s books” more broadly and allowing claims against gatekeepers for their willful blindness, would promote accountability by increasing litigation and by expanding the availability of compliance information to the public.
Eckstein and Shapira also urge regulators, such as the Public Companies Accounting Oversight Board, to acknowledge and address the accountability gap. They propose that regulators reconsider their practice of “providing lenient treatment to corporate wrongdoers” who rely on outside experts. Alternatively, they suggest conditioning leniency on the requirement that outside experts face meaningful liability or document discovery. In addition, Eckstein and Shapira argue that regulators can increase gatekeeper accountability by “probing into gatekeeper misconduct on their own” through public enforcement actions and by adopting a more skeptical attitude toward corporate compliance programs.
Finally, Eckstein and Shapira encourage legal scholars to study compliance without assuming “that compliance efforts are necessarily dedicated and zealous.”
Eckstein and Shapira acknowledge that outside advisors cannot “completely eradicate corporate wrongdoing.” Nevertheless, they contend that legal scholars, regulators, and corporate actors “cannot afford to continue ignoring” the lack of accountability for the gatekeepers that “dictate the effectiveness of corporate compliance.”
