WHAT THIS CHAPTER PROMISES YOU CAN DO BY THE END
Learning Goals
Chapter 4 opens with four learning outcomes. They map directly onto the chapter's own numbered sections — 4.1 through 4.4 — and are reproduced below since every section of this guide builds toward one of them.
- Describe how laws, regulations, and guidelines form the underpinning of ethics and compliance.
- Summarize requirements for mandated legal compliance relating to business, such as competition, corruption, corporate governance, consumer protection, and health, safety, and environmental considerations for employees and the community.
- Analyze the role that guidelines, self-regulatory initiatives, and industry standards play in global ethics and compliance.
- Examine cooperation strategies to utilize with external authorities to mitigate the punishment of a company's misconduct.
WHY A NEW HIRE'S FIRST WEEK IS FULL OF ETHICS TRAINING
Introduction — The Pharmaceutical Company Orientation
The chapter opens with new employees at a major international pharmaceutical company sitting through orientation, uneasy about what they're learning: discussing a breakthrough drug before a public announcement — even with family — could invite fines or imprisonment; contact with physicians, hospitals, or insurers must follow strict gift, travel, and entertainment guidelines, especially abroad; unauthorized disclosure of client or patient information creates legal risk for company and employee alike; and even joking about religion or race at work could jeopardize employment if perceived as bullying.
New employees receive a list of mandated training due within 30 days: conflicts of interest, workplace harassment, confidential information security, gifts and entertainment policies, social media use, and travel expense policies. Function-specific training follows — supervisors on discriminatory behavior and ethical leadership; finance and accounting staff on internal control systems; R&D staff on regulatory approvals for new medicines; sales and marketing staff on avoiding bribery, kickbacks, deceptive selling, and inaccurate reporting. Employees interacting with health care professionals must also train on the ethical guidelines of PhRMA, the ABPI Code of Practice, and the IFPMA.
The chapter grounds this in real consequences. In 2012, GlaxoSmithKline agreed to the largest health care settlement in U.S. history — a $3 billion fine for marketing drugs for unapproved (off-label) uses and unsafe marketing of three drugs. Since 2016, the pharmaceutical industry has spent more than $21.65 billion annually promoting products to physicians — meals, gifts, travel, speaking fees. In 2014, China fined GlaxoSmithKline nearly $500 million for bribing hospitals and doctors, which in turn triggered a $20 million U.S. fine under the Foreign Corrupt Practices Act. The Affordable Care Act's transparency clause now requires public reporting of payments to physicians; a Reuters analysis found Novo Nordisk paid health professionals at least $25.8 million between 2013 and 2022 related to its weight-loss drugs Wegovy and Ozempic.
MANDATORY REQUIREMENTS VS. VOLUNTARY INITIATIVES
4.1 Evolution of the Ethics and Compliance Field
The ethics and compliance field focuses on how to keep organizations out of trouble. It includes roles such as chief ethics officer, chief compliance officer, integrity/ethics officer, and ethics ombudsman. Roy Snell, CEO of the Society of Corporate Compliance and Ethics, frames the stakes: "If you build a trusted regulatory environment, you will have a better chance to succeed economically. The standard of living and safety of people depend on it. Countries that not only want to be at the top of the list but improve even more will have compliance officers in most of their companies" (Snell, 2013, p. 34).
Mandatory Requirements and Voluntary Initiatives
Both mandatory compliance requirements and voluntary initiatives compel companies to focus on ethics. Mandatory requirements are laws and regulations. A law is a rule enacted by a governing body (e.g., the U.S. Congress, a state legislature, a provincial government); a regulation is the process of monitoring and enforcing those rules, typically carried out by federal agencies (e.g., the FDA, FTC) that document implementation details.
Regulatory-agency structure varies globally. Developed countries (the U.S., Germany, the U.K.) trend toward independent regulators separate from national policymakers. In China and India, regulatory agencies sit inside the central government with limited autonomy. The OECD advocates independent regulators to "maintain public confidence, competitive neutrality between public and private enterprises, and impartiality for significant decisions" (OECD, 2021, p. 154) — reducing interference between political and private interests, and separating the government's policymaker role from its ownership role in strategic industries (energy, transportation, communications).
Because full regulatory compliance is difficult, agencies issue guidelines — nonbinding clarifications of official regulations. Example: U.S. companies struggle interpreting the Foreign Corrupt Practices Act of 1977, so the DOJ issues A Resource Guide to the U.S. Foreign Corrupt Practices Act, and the U.S. Sentencing Commission issues the Federal Sentencing Guidelines for Organizations (FSGO) — advisory, but influential.
Beyond mandatory compliance, companies adopt self-regulative initiatives to demonstrate commitment to ethics — global ethics standards (international norms companies are not legally bound to but choose to follow) and industry standards for business conduct (generally accepted requirements industry members follow). The chapter's example from Chapter 1: the Defense Industry Initiative on Business Ethics and Conduct (DII), which set guidelines for U.S. defense contractors.
History of Ethics and Compliance
U.S. businesses began formalizing ethics and compliance as a company function in response to the FSGO and DII. The 1991 FSGO prompted many companies to establish ethics and compliance programs; per Bloomberg Businessweek, "a fine of $1 million to $2 million could be knocked down to as low as $50,000 for a company with a comprehensive program including a code of conduct, an ombudsman, a hotline, and mandatory training seminars for executives" (Hager, 1991, para. 4).
The FSGO requires that (a) high-level personnel be assigned overall responsibility for the compliance and ethics program, and (b) specific individuals hold operational responsibility for it. "High-level personnel" means individuals with substantial control over the organization or a substantial role in policymaking — directors, executive officers, heads of major business or functional units, and individuals with substantial ownership interest (United States Sentencing Commission, 2023, p. 520). In the early 1990s, few companies had staff qualified to oversee this, so compliance offices formed within legal or HR departments.
THE TWO TYPES OF LAW GOVERNING BUSINESS
4.2 Laws and Regulations — Civil vs. Criminal Law
Civil law governs disputes between individuals — contracts, property. Individuals harmed by fraud, defective products, illegal conduct, or deceptive practices can seek restitution through a civil lawsuit; when many people share the same grievance, it can become a class action, letting one or several plaintiffs sue on behalf of a larger group (e.g., employees seeking unpaid overtime, or customers seeking damages from unsafe products).
Criminal law defines conduct prohibited by government because it threatens public safety and welfare — for business, this includes fraud, theft, bribery, insider trading, tax evasion, and antitrust violations. In the U.S., a corporation can be criminally charged when an employee commits a crime while acting within the scope of employment on the company's behalf. Western European countries have traditionally resisted holding companies accountable unless a high-level manager is proven to have committed the crime — though a 2020 survey of 31 countries found that except for Turkey, Russia, and Germany, all 28 others hold companies liable for criminal acts (Jones Day, 2020). Consequences can include fines, sanctions, and imprisonment of officers, managers, or employees.
Who Makes and Enforces the Rules
Laws and regulations are mandatory. Governing bodies (national and local governments) enact laws regulating commercial transactions; federal laws apply within a nation-state's territory. No international body can mandate laws globally, but some regional bodies come close: the European Union can enforce acts and issue directives compelling member states to enact national laws — e.g., the 2007 EU REACH Regulation (Registration, Evaluation, Authorisation and Restriction of Chemicals), which replaced 40 pieces of legislation to create "a single regulatory framework for chemicals and their safe use in Europe" (Morpurgo, 2013, p. 786); by 2020, 31 EU/EEA countries had built regulatory processes to evaluate REACH compliance.
Sub-national governments matter too. In the U.S., the ease of doing business varies by state — California's labor regulations, taxes, and environmental rules affect business growth differently than other states. In China, provincial and local governments have near-complete autonomy to encourage business development: establishing economic development zones, tax holidays, cheaper land for foreign investors, tax exemptions, subsidies, and rebates (L. Liu, 2008).
Most governing bodies legislate for economic or social reasons. Economic reasons strengthen the local economy by encouraging fair competition and discouraging corruption. Social reasons protect the health and safety of consumers, employees, and the community — including corporate governance (the procedures and processes to direct and control an organization). Laws set only the minimum expectation of responsible behavior; they cannot address every ethical issue a business faces.
ANTITRUST LAW, PRICE FIXING, AND THE AUTO PARTS CARTEL
4.2 Fair Competition
Competition drives innovation and efficiency, widens consumer choice, lowers prices, and improves quality (OECD, 2019) — even start-ups succeed more often when competition forces them to satisfy customers and contain costs (A. Burke & Hussels, 2013). Ethical issues arise when the intensity to win produces unfair-advantage tactics. The chapter's opening examples: unexplained synchronized gas-price swings; grocery and household-supply prices spiking during COVID-19 even as wages fell (e.g., U.S. egg prices rising 300% until price-gouging legislation intervened, after which retailers simply stopped stocking eggs, worsening the shortage); and 2022 U.S. meat processors accused of colluding to inflate restaurant prices, resulting in multi-million-dollar settlements.
Predatory Pricing, Monopoly, and Tying
Larger firms can weaken or destroy competitors by charging a price below cost — predatory pricing — expecting rivals to exit, then inflating prices once the competition is gone. This produces a monopoly: exclusive control over a commodity or service (Leslie, 2013). A monopolist can also force tying — requiring a customer to buy a second product to obtain the desired one, an anticompetitive limit on consumer choice. Google, Amazon, Apple, Meta, and Microsoft all face government competition-law charges worldwide (B. Levin & Downes, 2023); the EU's Digital Services Act and Digital Markets Act target digital-market fairness, and antitrust challenges forced Amazon and Facebook Marketplace to change practices in the EU and UK. In the U.S., a 2023 jury found Google guilty of anticompetitive practices (De Vynck & Dou, 2023).
Bid Rigging and Cartels
Bid rigging occurs when two competitors agree that whichever wins a contract will share the business with the other — reducing competition since both gain regardless of the outcome. Cartels are groups of businesses that collude on prices or divide markets to shield themselves from competitive pressure. Price fixing is when competitors agree to raise, fix, or maintain the price of goods or services — often invisible to consumers at the component-manufacturing level, unlike the more visible gas-station example.
| Statute | Summary |
|---|---|
| Sherman Antitrust Act, 1890 | Prohibits price-fixing, customer allocation, bid rigging, or other cartel activities. |
| Clayton Antitrust Act, 1914 | Prohibits mergers/acquisitions that substantially lessen competition, or conditioning a sale on the buyer's agreement not to use a competitor's products. |
| Federal Trade Commission Act, 1914 | Establishes the FTC to take administrative action against anticompetitive practices. |
| Webb-Pomerene Act, 1918 | Regulates export trade associations that may adversely affect U.S. domestic competition. |
| Robinson-Patman Act, 1936 | Prohibits price discrimination between retailers and wholesalers. |
| Lanham (Trademark) Act, 1946 | Protects and regulates brand names, brand marks, trade names, and trademarks. |
| Consumer Goods Pricing Act, 1975 | Prohibits agreements that prescribe minimum resale prices for a trademarked commodity. |
| Hart-Scott-Rodino Antitrust Improvements Act, 1976 | Gives DOJ and FTC procedural tools to enforce antitrust law on anticompetitive mergers and acquisitions. |
| International Antitrust Enforcement Assistance Act, 1994 | Authorizes FTC/DOJ mutual-assistance agreements with foreign antitrust authorities. |
| Standards Development Organization Advancement Act, 2004 | Extends antitrust protection to standards development organizations during standards-development activity. |
| Trademark Dilution Revision Act, 2006 | Strengthens protection against unauthorized use of a trademark on noncompeting products. |
| Trademark Modernization Act, 2020 | Allows removal of trademark filings for unused marks, clearing the registry. |
| Criminal Antitrust Anti-Retaliation Act, 2020 | Prohibits employer retaliation against individuals reporting criminal antitrust violations. |
In the EU, the Treaty on the Functioning of the European Union (TFEU) governs competitive behavior: Article 101 prohibits agreements between companies that restrict competition; Article 102 outlaws abuse of a dominant market position. Under EU rules, businesses may not fix prices or divide markets (Art. 101), may not abuse dominance to squeeze out smaller rivals (Art. 102), and cannot merge if it would grant market control — large companies doing significant EU business need European Commission approval to merge even if headquartered outside the EU.
THE FOREIGN CORRUPT PRACTICES ACT (FCPA)
4.2 Bribery and Corruption
Corruption law spans bribery, gift giving, money laundering, government transparency, organized crime, and trade/investment regulation. The U.S. Foreign Corrupt Practices Act of 1977 (FCPA) makes it illegal for any U.S. company or person to bribe foreign government officials to obtain or retain business — the first international anti-bribery statute of its kind (Katzarova & Ansart, 2021). The 1977 U.S. Senate report framed the rationale bluntly: "Corporate bribery is bad business... Corporate bribery is fundamentally destructive of this basic tenet [price, quality, service]... Foreign corporate bribes also affect our domestic competitive climate when domestic firms engage in such practices as a substitute for healthy competition for foreign business" (United States Senate, 1977, as cited in United States Department of Justice, 2020).
The DOJ and SEC share FCPA enforcement, working with the FBI, Department of Commerce, and Department of State. A 1988 amendment grants the SEC jurisdiction over bribery committed abroad by U.S. entities/persons — holding U.S. companies to a higher standard than companies from countries that tolerate bribery. The U.S. also works through the OECD Anti-Bribery Convention and the UN Convention against Corruption (UNCAC) to encourage other nations to adopt anticorruption laws.
The Three Basic Provisions and Five-Element Test
The FCPA has three basic provisions: (1) it is illegal to bribe foreign officials to obtain/retain business; (2) companies must keep records that accurately reflect transactions; (3) companies must maintain adequate internal controls. The anti-bribery provision itself breaks into five elements — who, offense, recipient, business purpose, and corrupt intent.
| Element | Description |
|---|---|
| 1. Who | Any U.S. or foreign company listed on a U.S. exchange; any U.S. citizen/resident or U.S.-registered company; foreign persons/entities that engage in a corrupt payment (or offer/promise/authorization to pay), directly or through an agent, while in U.S. territory. |
| 2. Offense | Offering, paying, promising, or authorizing payment of money or anything of value — cash, gifts, travel, entertainment, charitable donations. Excludes payments under duress/extortion, payments lawful under written local law, and reasonable bona fide expenditures. |
| 3. Recipient | Foreign officials, foreign political parties, candidates for foreign office, or persons acting on their behalf (third parties) — including officers/employees of a foreign government, a public international organization, or a state-owned/controlled entity. |
| 4. Business Purpose | Bribes must aim to obtain/retain business or secure a business advantage — favorable tax treatment, reduced customs duties, blocking competitors from a market, circumventing a licensing requirement. |
| 5. Corrupt Intent | Whether or not it succeeds, corrupt intent exists if the payment is meant to influence a foreign official to misuse their power to affect a business decision. |
A 1998 amendment expanded "foreign official" to include employees of public international organizations (World Bank, IMF, WIPO, WTO, OECD, OAS, etc.). Instrumentality means "an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own" (United States Department of Justice, 2020, p. 20) — a fuzzy line in countries with heavy state ownership. Example: the DOJ convicted three subsidiaries of a French company for bribing employees of a Malaysian telecom company 43%-owned by Malaysia's Ministry of Finance, which also held veto power over major operational decisions.
"Improper advantage" examples from the DOJ's Resource Guide include winning a contract, influencing procurement, circumventing import rules, accessing nonpublic bid-tender information, evading taxes/penalties, influencing lawsuit adjudication, obtaining regulatory exceptions, and avoiding contract termination. A violation occurs even if the bribe fails — the SEC convicted a New Jersey broker for attempting to bribe a Middle Eastern official via a $500,000 payment to an intermediary who simply kept the money, since no relationship with the official existed.
Accounting Provisions and FCPA Limitations
The accounting provisions require public companies to maintain internal accounting controls providing reasonable assurance of transaction accuracy — because bribes are often concealed through misclassification as commissions, consulting fees, sales/marketing expenses, scientific incentives, travel/entertainment, rebates, after-sales service fees, miscellaneous expenses, petty cash, free goods, intercompany accounts, supplier/vendor payments, write-offs, or "customs intervention" payments.
The FCPA only covers bribery of foreign officials, not private-sector bribery (foreign commercial bribery) — the DOJ instead prosecutes this under the U.S. Travel Act (e.g., the Salt Lake Bid Committee case). The UK's Bribery Act 2010 does prohibit foreign commercial bribery directly. Exceptions to the FCPA: payments lawful under the foreign country's written law, payments made under extortion/threat of physical harm (economic coercion for market access is still a violation), and facilitating/grease payments for routine, nondiscretionary governmental actions that don't involve a decision to award or maintain business (e.g., processing visas, police protection, phone/power/water/mail service).
SARBANES-OXLEY AND THE RESPONSE TO ENRON
4.2 Corporate Governance
The 2001 Enron accounting fraud produced one of the largest bankruptcy reorganizations in U.S. history and destroyed Arthur Andersen, one of the five largest audit firms, for failing to catch it. Corporate governance failures also contributed to banking crises in the U.S., Europe, China, India, and Ghana.
Corporate governance structures have four dimensions: (1) define purpose and values; (2) key board and management practices; (3) top management (especially CEO) selection, compensation, and incentives; (4) company performance measurements (Windsor, 2009, p. 309). The OECD Principles of Corporate Governance push governance frameworks to protect shareholder rights, ensure timely/accurate disclosure, treat strategic guidance as a board responsibility, and support long-term sustainability and resilience.
Board structures vary internationally. Per the OECD Corporate Governance Factbook, 23 countries (U.S., Canada, Australia, India, U.K.) use a one-tier system with a single board handling all dimensions; 15 countries allow either one board or two separate boards for supervisory vs. management functions; 9 countries (e.g., China) require two boards, including a supervisory board with shareholder and employee representatives. Italy, Japan, and Portugal use hybrid one-to-three-board models. Employee representation of 30–50% of the board is required in Brazil, China, and 13 European countries.
Sarbanes-Oxley Act of 2002
Passed in July 2002 to protect investors by improving accuracy and reliability of corporate disclosures, Sarbanes-Oxley applies to all U.S. publicly traded companies. One contemporary called it "the most fundamental, far-reaching legislation to affect the accounting profession since the 1930s" (Felo & Solieri, 2003, p. 31); critics worried compliance costs would exceed benefits and burden smaller public firms disproportionately (Jahmani & Dowling, 2008).
The act's 11 titles affect auditors (new oversight, independence rules), management (conflict-of-interest protections, disclosure and certification requirements, internal-control obligations), the board's audit committee (greater oversight responsibility, independence/expertise requirements), and attorneys/security analysts (stricter independence codes).
| Section | Major provisions |
|---|---|
| 101 | Established the Public Company Accounting Oversight Board to oversee public-company audits. |
| 201 | Prohibits non-audit services by auditors to their audit clients. |
| 301 | Requires an independent audit committee to oversee the audit process. |
| 302 | Requires the CEO and CFO to certify all financial reports. |
| 306 | Makes it unlawful for a director/executive officer to trade during a pension blackout period. |
| 307 | Requires an attorney to report evidence of a material securities-law violation or fiduciary breach up the company's chain of responsibility. |
| 401 | Requires disclosure of off-balance-sheet transactions and arrangements that could materially affect financial condition or operations. |
| 402 | Prohibits a company from making a personal loan to any director or executive officer. |
| 404 | Establishes that management is responsible for an adequate internal control structure. |
| 409 | Requires near real-time disclosure of material changes in financial condition or operations. |
| 501 | Requires security analysts to certify their report reflects their genuine views and disclose compensation. |
| 806 | Provides protection for employees who provide evidence of fraud. |
| 902 | Criminalizes corruptly altering, destroying, mutilating, or concealing a document to impair an official proceeding. |
| 906 | Sets criminal penalties for certifying a misleading/fraudulent financial report — up to $5 million in fines and 20 years in prison. |
Section 404 requires management to establish and maintain adequate internal controls — this is where COSO's "tone at the top" concept (introduced in Chapter 1) becomes operational: senior leadership's visible commitment to ethics and compliance. Under Dodd-Frank, the SEC exempted companies with $75 million or less in market value from needing an independent auditor's report on internal-control effectiveness, easing the compliance burden for smaller firms.
THE SECURITIES EXCHANGE ACT OF 1934 AND GLOBAL ENFORCEMENT
4.2 Insider Trading
Insider trading involves trading corporate securities using misused nonpublic company knowledge, typically obtained through a fiduciary duty or position of trust. In the U.S., the Securities Exchange Act of 1934 — passed after the 1929 crash — is the governing federal law and created the SEC to enforce securities law, stabilize markets, and protect investors.
Two sections of the 1934 Act matter most. Section 16(b) prohibits corporate insiders (board members, officers, and >10% shareholders) from profiting on trades held less than six months, with limited exceptions. Section 10(b) makes it unlawful to use any manipulative or deceptive device to circumvent SEC rules; the SEC's 1942 Rule 10b-5 implements it, making it unlawful to employ any device/scheme to defraud, make an untrue statement or omission of material fact, or engage in any act operating as a fraud or deceit in connection with a securities purchase or sale (U.S. Securities and Exchange Commission, 1998, p. 4).
In 1961 the SEC established that tipping — an insider not trading but informing someone else who does — violates the Act. The Insider Trading Sanctions Act of 1984 added civil/criminal penalties; the Insider Trading and Securities Fraud Enforcement Act of 1988 improved enforcement procedures; the International Securities Enforcement Cooperation Act of 1990 expanded SEC cooperation with foreign investigations. Sarbanes-Oxley expedited SEC access to insider-trading information, and Dodd-Frank increased scrutiny of insider trading in commodities. In 2023 the SEC updated trade-timing and disclosure rules to target executives evading the rules opportunistically — SEC Chair Gary Gensler noted insiders had sought to exploit liability protections while trading on material nonpublic information (Barr et al., 2023, p. 24).
Other countries lagged the U.S. Only a handful had insider-trading laws before the 1970s; by the 1990s–2000s, enforcement agencies existed in 87 countries (Kang, 2022) — though enforcement intensity still varies. Research finds more individualistic, democratic countries enforce insider-trading law more strictly (Cline et al., 2021).
| Country | Law | Year | Max. prison time |
|---|---|---|---|
| Australia | Australian Industry Development Corporation Act; Corporations Act 2001 | 1970 | 10 years |
| Austria | Austrian Securities Supervision Act (ASSA) | 2018 | 2 years |
| Brazil | Brazilian Corporations Law; CVM Resolution No. 44, 2021 | 1976 | 5 years |
| Canada | Ontario Securities Act; Canada Business Corporations Act (amended 2023) | 1966 | 5 years |
| China | Foreign Equity Participation Rules; PRC Securities Law (amended 2019) | 1993 | 10 years |
| France | French Monetary and Financial Code; Banking and Financial Regulation Act 2010 | 1970 | 2 years |
| Germany | Securities Trading Act, 2002 Amendment | 1994 | 5 years |
| Hong Kong | Securities Ordinance 1991 | 1991 | 10 years |
| India | SEBI Act 1992; SEBI (Prohibition of Insider Trading) Regulations 2015 | 1992 | 10 years |
| Indonesia | Capital Market Law; Financial Sector Development and Strengthening Act 2023 | 1995 | 15 years |
| Japan | Financial Markets Abuse Act | 1988 | 3 years |
| South Korea | Securities and Exchange Act; FSCMA 2024 | 1962 | 20 years |
| Switzerland | Swiss Criminal Code | 1988 | 3 years |
| United Kingdom | Criminal Justice Act | 1980 | 7 years |
| United States | Securities Exchange Act of 1934 | 1934 | 20 years |
DODD-FRANK BOUNTIES, RETALIATION, AND THE EXTRATERRITORIALITY GAP
4.2 Whistleblower Protection
Financial fraud is hard for the SEC and DOJ to detect without an insider tip. A whistleblower is a person who informs on a person or organization engaged in illicit activity, making misconduct public — often at real personal and professional risk. WorldCom whistleblower Cynthia Cooper described the shift: "My feelings changed from curiosity to discomfort to suspicion based on some of the accounting entries my team and I had identified, and also on the odd reactions I was getting from some of the finance executives" (Homer & Katz, 2008, p. 40).
Retaliation — negative consequences for reporting misconduct — can include isolation, verbal abuse, physical harm, harassment, denied promotions/raises, reassignment, demotion, or firing. Nearly 30% of employees globally report suffering retaliation for reporting misconduct (Ethisphere Institute, 2023). A 2018 case: Howard Wilkinson, an executive at Danske Bank, warned Danish authorities in 2013 about billions in suspect money flowing through an Estonian branch; when his name was later printed in an Estonian newspaper, it generated fear of retaliation, and he alleged the bank offered hush money instead of reporting irregularities.
U.S. Legal Protections
Sarbanes-Oxley Section 302 mandates confidential-reporting procedures for accounting/auditing irregularities. Section 806 makes it unlawful to "discharge, demote, suspend, threaten, harass, or in any other manner discriminate against" an employee who reports conduct reasonably believed to violate mail fraud, wire fraud, bank fraud, or securities fraud statutes, SEC rules, or federal law relating to shareholder fraud. In practice, Sarbanes-Oxley whistleblower protection has been weak — few claims succeeded, since employees must prove both an adverse employment action and that reporting caused it (Zucker, 2011).
Dodd-Frank strengthened incentives by creating the SEC Office of the Whistleblower (2010) to manage financial bounties: eligible whistleblowers can receive 10–30% of monetary sanctions collected from SEC actions and related enforcement their information supported. Since 2011, the SEC has paid whistleblowers over $1.9 billion out of $6 billion+ in total financial rewards; in 2023 alone, the Office received 18,000 tips and paid nearly $600 million to 68 individuals, with the most common complaints being manipulation (24%), offering fraud (19%), crypto-asset securities (14%), and corporate disclosures/financials (10%). Tips have come from 114 foreign countries, including the U.K., Canada, Australia, and India.
Companies should establish clear no-retaliation policy statements, train managers on fair assignments/salaries/promotions, and protect report confidentiality — since the fewer people who know about a report, the less likely retaliation becomes. A defined process for reporting, investigating, and protecting informants is now considered a core part of corporate governance.
THE CONSUMER BILL OF RIGHTS AND FOUR ENFORCEMENT AGENCIES
4.2 Consumer Protection
Consumer protection laws let customers make informed choices, obtain safe products, and keep personal information confidential. In 1962, President John F. Kennedy outlined the Consumer Bill of Rights: the right to safety (protection from hazardous goods), the right to be informed (protection from fraudulent/deceptive marketing and access to facts needed for informed choice), the right to choose (access to variety and competitive prices, or fair regulation where competition isn't workable), and the right to be heard (fair consideration of consumer interests in government policy and administrative proceedings).
Four U.S. agencies enforce consumer protection: the FTC (prevents fraud, deception, and unfair practices in advertising, financial services, and privacy); the Consumer Product Safety Commission or CPSC (protects against injury/death risk from consumer products); the FDA (assures safety/efficacy of drugs, biologics, medical devices, food, cosmetics, and radiation-emitting products); and the Consumer Financial Protection Bureau or CFPB (created by Dodd-Frank within the Federal Reserve Board in 2010 to write rules and enforce federal consumer financial protection law).
| Law | Description |
|---|---|
| Pure Food and Drug Act, 1906 | Prohibits adulteration and mislabeling of foods and drugs in interstate commerce. |
| Federal Food, Drug, and Cosmetic Act, 1938 | Authorizes the FDA to demand safety evidence for new drugs, set food standards, and conduct factory inspections. |
| Federal Hazardous Substances Act, 1960 | Requires warning labels on hazardous household products; gives CPSC authority to regulate/ban products. |
| Fair Packaging and Labeling Act, 1966 | Requires disclosure of net contents, commodity identity, and manufacturer/distributor name for most consumer goods. |
| Truth in Lending Act, 1968 | Requires full disclosure of credit terms to purchasers. |
| Consumer Product Safety Act, 1972 | Established the CPSC to enact safety standards, issue recalls, and ban products. |
| Magnuson Moss Warranty-FTC Improvements Act, 1975 | Establishes minimum content and disclosure standards for consumer product warranties. |
| Nutrition Labeling and Education Act, 1990 | Expands FDA authority over nutritional claims on food and in restaurants. |
| Telemarketing and Consumer Fraud and Abuse Prevention Act, 1994 | Prohibits patterns of unsolicited telephone calls by telemarketers. |
| Children's Online Privacy Protection Act, 1998 | Protects personal information and marketing practices for children under 13 online. |
| Gramm-Leach-Bliley Act, 1999 | Requires financial institutions to disclose privacy policies annually and offer opt-out before sharing personal financial data with third parties. |
| CAN-SPAM Act, 2003 | Prohibits deceptive email subject lines; requires unsolicited commercial email be identified as advertising with an opt-out option. |
| Do-Not-Call Registry Act, 2003 | Directs FTC and FCC to set consistent telemarketing call-practice rules. |
| Consumer Product Safety Improvement Act, 2008 | Establishes safety standards for children's toys and products. |
| Family Smoking Prevention and Tobacco Control Act, 2009 | Gives FDA authority over tobacco manufacturing, distribution, and marketing. |
| Dodd-Frank Act, Titles X and XIV, 2010 | Creates the CFPB; limits transaction fees; prevents mortgage abuses; ensures affordable, responsible mortgage credit. |
Within the FTC, the Bureau of Consumer Protection collects complaints, investigates, enforces consumer protection law, and educates consumers and businesses. Congress created the CPSC via the 1972 Consumer Product Safety Act to protect against fire, electrical, chemical, and mechanical hazards; the 2008 Consumer Product Safety Improvement Act added safety standards specifically for children's products. The FDA traces to the 1906 Pure Food and Drug Act (following Upton Sinclair's exposé of Chicago stockyard conditions) and the 1938 Federal Food, Drug, and Cosmetic Act (passed after a legally marketed toxic elixir killed 107 people, including children). Today the FDA regulates the safety of most food (excluding meat, poultry, some egg products), ensures safety/effectiveness of drugs and biologics, regulates tobacco and cosmetics, oversees radiation-emitting products, and helps speed product innovation.
PROTECTING THE ENVIRONMENT, WORKERS, AND EMPLOYEE PRIVACY
4.2 Environment, Health, and Safety (EHS)
EHS management protects the environment and assures employee health, safety, and privacy. A survey of EHS/ESG professionals across U.S. and Canadian industries found "78% of those surveyed believe that keeping up with compliance regulations is becoming the biggest challenge their organization faces" ("EHS, ESG Oversight, Compliance Are Business Critical, Report Says," 2023, p. 8).
The chapter groups these laws into four categories: environmental protection (toxic chemicals, contaminated water, poisonous emissions), health and safety (safe working conditions), privacy and security (sensitive employee personal information), and equity (protection against employment discrimination and guarantees of fair compensation).
| Category / Law | Description |
|---|---|
| Clean Air Act, 1970 (Environmental) | Regulates air emissions from stationary and mobile sources. |
| Clean Water Act, 1972 (Environmental) | Regulates pollutant discharges into U.S. waters and sets surface-water quality standards. |
| Safe Drinking Water Act, 1974 (Environmental) | Establishes minimum standards to protect drinking water quality. |
| Toxic Substances Control Act, 1976 (Environmental) | Requires reporting, recordkeeping, testing, and restrictions on chemical substances. |
| Federal Insecticide, Fungicide, and Rodenticide Act, 1996 (Environmental) | Regulates pesticide distribution/sale/use; all pesticides must be EPA-registered. |
| BEACH Act, 2000 (Environmental) | Reduces disease risk for users of the nation's coastal recreation waters, including the Great Lakes. |
| Occupational Safety and Health Act, 1970 (Health & Safety) | Assures safe and healthful working conditions by authorizing enforcement of standards developed under the Act. |
| Electronics Communications Privacy Act, 1986 (Privacy & Security) | Protects wire, oral, and electronic communications in transit and in storage — email, phone calls, electronic data. |
| SAFE WEB Act, 2006 (Privacy & Security) | Authorizes international cooperation to fight illegal spam, spyware, fraud, and deceptive internet crimes. |
| Fair Labor Standards Act, 1938 (Equity) | Establishes minimum wage, overtime pay, recordkeeping, and youth employment standards; amended repeatedly through 2011. |
| Equal Pay Act, 1963 (Equity) | Prohibits paying men and women different wages for equal work in the same workplace. |
| Title VII of the Civil Rights Act, 1964 (Equity) | Makes it illegal to discriminate based on race, color, religion, national origin, or sex. |
| Americans with Disabilities Act, 1990 (Equity) | Prohibits employment discrimination against qualified individuals with disabilities. |
| Family and Medical Leave Act, 1993 (Equity) | Entitles eligible employees to unpaid, job-protected leave for specified family/medical reasons. |
| Genetic Information Nondiscrimination Act (GINA), 2008 (Equity) | Makes it illegal to discriminate based on genetic information. |
| Pregnant Workers Fairness Act (PWFA), 2022 (Equity) | Requires reasonable accommodation for pregnancy, childbirth, or related medical conditions absent undue hardship. |
Enforcement is split across agencies: the EPA researches, monitors, sets standards, and enforces environmental protection; OSHA administers worker health and safety law; the FTC enforces data security law; the EEOC enforces anti-discrimination law covering race, color, religion, sex (including pregnancy), national origin, age 40+, disability, and genetic information; and the DOL's Wage and Hour Division enforces minimum wage, overtime, recordkeeping, and child-labor rules under the FLSA.
INDUSTRY STANDARDS AND THE LIMITS OF SELF-REGULATION
4.3 Voluntary Initiatives for Ethical Conduct
Beyond mandatory law, companies embrace voluntary initiatives to build an ethical culture. The key distinguishing feature: compliance is voluntary — a company chooses its level of commitment to industry codes, federal guidelines, and global ethics standards. The FSGO, for instance, is only advisory, yet a company that skips an effective program risks severe penalties if misconduct occurs. Industry associations issue codes of conduct that members voluntarily agree to follow, often as a condition of membership, and these codes can adapt quickly to changing industry and consumer expectations.
Industry Standards in Accounting
The Financial Accounting Standards Board (FASB) sets U.S. financial accounting standards — generally accepted accounting principles (GAAP) — but has no enforcement authority. The SEC recognizes GAAP as authoritative without mandating it, and since 2003 has required disclosure of non-GAAP financial metrics to protect investors. The International Accounting Standards Board (IASB) sets International Financial Reporting Standards, increasingly the global norm; the SEC is encouraging FASB and IASB convergence toward unified global standards.
Sarbanes-Oxley requires an effective internal control process but doesn't specify how to build one — so industry again relies on voluntary guidance. COSO helps companies comply with Section 404 via its 2013 Internal Control–Integrated Framework. COSO is a joint initiative of five private-sector organizations: the American Accounting Association (AAA), the American Institute of Certified Public Accountants (AICPA), Financial Executives International (FEI), The Institute of Internal Auditors (IIA), and the Institute of Management Accountants (IMA) — providing ethical leadership through frameworks on enterprise risk management, internal control, and fraud deterrence.
THE FSGO'S SEVEN CRITERIA FOR AN EFFECTIVE COMPLIANCE PROGRAM
4.3 Sentencing Guidelines
The FSGO establishes how monetary fines are calculated. The base fine is normally the greatest of: (a) an amount based on the offense level, (b) the monetary gain to the firm, or (c) the monetary loss the offense caused. A culpability score then multiplies the base fine, reflecting aggravating factors (involvement of high-level management, prior offense history, violating probation conditions, obstruction of justice) and mitigating factors (an effective compliance program, self-reporting, cooperation with authorities, acceptance of responsibility). Fines can drop up to 95% if a company demonstrates an effective compliance program was in place.
Chapter 8 of the Sentencing Guidelines lists seven key criteria for an effective ethics and compliance program, plus an eighth element (periodic risk assessment) added by later amendment.
| Criteria | Description |
|---|---|
| Standards and Procedures | A code of conduct reflecting the organization's unique culture, experiences, and identity, with particular emphasis on the organization's specific high-risk issues. |
| Program Oversight and Management | Senior management leadership and oversight; board of directors' oversight and responsibilities; a compliance infrastructure connecting all roads to the audit committee. |
| Delegation of Substantial Authority | Background checks and screening — prehiring, and periodically (e.g., every 5 years) for positions of substantial authority. |
| Training and Communication | Training consistent with the organization's risk assessment and code of conduct; role-specific risk and SOP training; communicating available resources and "tone at the top" culture messages. |
| Monitoring, Auditing, and Reporting | Monitoring programs addressing unique risks; meaningful, measurable compliance metrics; multiple publicized channels for raising concerns; external evaluation of program effectiveness. |
| Consistent Disciplinary Procedures and Incentives | Consistently applied disciplinary standards with periodic consistency review; ethics/compliance built into performance evaluation; recognition for employees who exemplify company standards. |
| Response to Critical Issues | Clear, communicated, written guidelines for investigating ethics and compliance issues, ensuring predictability, consistency, and confidence in the process. |
| Periodic Risk Assessment | Risk assessments conducted at 3-year intervals, with annual updates. |
The FSGO has evolved since November 1991. A 2004 amendment added "§8B2.1 Effective Compliance and Ethics Program," stressing that compliance alone is insufficient without an ethical organizational culture, and added the periodic-risk-assessment requirement. A 2010 amendment encouraged giving the chief ethics and compliance officer direct access to the board. A 2023 amendment added two more criteria: incentives for compliance / disincentives for noncompliance, and policies governing personal devices, communications platforms, and messaging apps. The OECD's 2010 Good Practice Guidance on Internal Controls, Ethics, and Compliance replicates the FSGO's key criteria — showing the U.S. guidelines' global influence.
SEVEN VOLUNTARY FRAMEWORKS FOR MULTINATIONAL ETHICAL CONDUCT
4.3 Global Ethics Standards
The multinational corporation (MNC) — with assets and operations across many countries — must manage diverse and sometimes conflicting ethical and legal expectations. Global guidelines provide ethical principles addressing human and labor rights, consumer rights, environmental stewardship, transparency, corruption, and sustainable development (Laczniak & Kennedy, 2011). Unlike mandated law, these are purely voluntary and unenforceable — but they serve as a shared basis for ethical decision-making regardless of where a company operates.
| Initiative | Year | Summary |
|---|---|---|
| Global Sullivan Principles | 1977 | Eight principles protecting human rights, equal opportunity, worker treatment, child/forced labor prohibitions, freedom of association, compensation for basic needs, health/safety, fair competition, community development, and supplier/contractor accountability. |
| Ceres Principles | 1989 | Ten principles for corporate environmental conduct — biosphere, natural resources, waste, energy, EHS risk, product safety, environmental restoration, transparency, management commitment, self-evaluation. |
| Caux Round Table Principles for Business | 1994 | Seven principles: respect stakeholders, contribute to sustainable development, comply with law, respect rules/conventions, support responsible globalization, respect the environment, avoid illicit activities. |
| OECD Guidelines for Multinational Enterprises | 1999 | Eleven principles including sustainable development, respect for human rights, employee training/nondiscrimination, and advocacy for the guidelines themselves. |
| The Fair Labor Association Workplace Code of Conduct | 1999 | Nine principles: employment relations, nondiscrimination, harassment/abuse, forced labor, child labor, freedom of association/collective bargaining, health/safety/environment, hours of work, compensation. |
| The Global Reporting Initiative's Sustainability Reporting Guidelines | 2000 | Indicators across six categories — economic, environmental, labor practices, human rights, society, product responsibility — chosen via required stakeholder dialogue. |
| UN Global Compact's Ten Principles | 2000 | Ten principles on human rights, labor, the environment, and corruption, with local-level networks linking participating firms and stakeholders. |
| Social Accountability International's SA8000 Standard | 2008 | Auditable social certification covering child labor, forced labor, health/safety, freedom of association, discrimination, disciplinary practices, working hours, remuneration, and management systems. |
Each framework emerged from a specific historical trigger. In the 1970s, companies entering international markets exploited lax regulation to bribe officials, damage the environment, and support military coups for favorable political treatment (Post, 2013). MNC support of apartheid in South Africa prompted the Sullivan Principles. Environmental concerns produced the Ceres (Coalition for Environmentally Responsible Economies) Principles in 1998. The Caux Round Table Principles set worldwide ethical norms around responsible stewardship, mutual advantage, and human dignity. Human-rights concerns drove the OECD Guidelines and Fair Labor codes in the 1990s. In the 2000s, growing demand for cooperation and transparency produced the UN Global Compact's calls for consistent reporting and auditing across all locations of operation.
HOW INVESTIGATIONS START AND HOW TO RESPOND
4.4 Relationships With Enforcement Authorities
Enforcement officials monitor regulatory compliance and open investigations when violations surface — often triggered by employee tips or customer/competitor complaints. Notification can arrive as a letter, or as a company raid executing a search warrant. In 2008, ICE and FDA agents raided medical laser maker The Spectranetics Corporation's Colorado Springs headquarters over customs violations, separating key employees for interrogation without explaining the warrant. A former employee's 2014 tax lawsuit against Caterpillar led to a 2017 raid of its Peoria headquarters by FDIC, IRS, and Commerce Department export-enforcement agents.
Some investigations begin as routine audits — the DOL may audit for OSHA, Fair Labor Standards Act, or other employment-law compliance. The Employee Benefits Security Administration (EBSA) audits roughly 75,000 retirement plans a year for excessive fees, assessing fines or settlements from $20,000 to $1 million. Companies typically get only 10 days to provide extensive documentation, which can feel overwhelming without prior preparation.
Preparation matters: staff and security teams are usually the first to interact with investigators, so companies should have one-page guidance on who to contact, and a rapid-response team identified in advance (Jaeger, 2016).
The FSGO identifies two factors that mitigate a company's punishment: (1) an effective ethics and compliance program, and (2) the degree of self-reporting, cooperation, and acceptance of responsibility. How much a company cooperates can also affect whether it retains legal privilege — the subject of the next section.
DEFERRED PROSECUTION VS. NONPROSECUTION AGREEMENTS
4.4 Privilege and Cooperation Strategies
Self-reporting only counts if a company informs the appropriate authority before an investigation begins. To earn a fine reduction for cooperation, a company must agree to disclose all pertinent information once officially notified of an investigation — collecting and analyzing relevant documents, interviewing employees, conducting costly internal investigations and forensic audits, then submitting the results to the government.
Attorney-Client Privilege and Self-Evaluative Privilege
Full cooperation requires waiving attorney-client privilege and self-evaluative privilege. Attorney-client privilege — tracing back to English law in the 1700s (Hazard, 1978) — protects candid communication between client and counsel through confidentiality; it can be waived explicitly or implicitly by revealing privileged communications to a third party. Notably, in-house counsel in Europe and China do not carry privilege the way U.S. in-house counsel do (Jaeger, 2016). Self-evaluative privilege keeps internal assessments (e.g., internal audits) confidential — though companies retain the right to decide what stays confidential, and must request legal review of investigations and audits to preserve that protection (Glascock, 2005).
Declining to cooperate with authorities risks reputational damage, prosecution, debarment from future government business, and potentially organizational collapse. Cooperating instead opens the door to two types of agreements that can avoid criminal prosecution altogether.
Deferred Prosecution and Nonprosecution Agreements
A deferred prosecution agreement is an arrangement between a prosecutor and a corporation to delay prosecution while the company takes remedial action to fix the violations. A nonprosecution agreement is a resolution in which U.S. attorneys decline to prosecute a corporation that has taken appropriate steps to report the crime, cooperate, and compensate victims. Both typically require hiring a monitor — an independent third party overseeing the company's compliance program — which the DOJ can mandate to verify the corporation meets the agreement's terms and reduce the risk of recurrence.
The chapter's own closing example sharpens the tension in cooperation strategies: Goldman Sachs entered a nonprosecution agreement over its Abacus 2007-AC1 synthetic CDO, paying a fine while neither admitting nor denying wrongdoing and suffering only a slight reputational hit — while former Goldman trader Fabrice Tourre was individually convicted of securities fraud in the same matter in 2013. The chapter's own discussion question asks directly: why should a company escape prosecution through such an agreement when its employees do not, and are companies abusing cooperation strategies to dodge criminal or civil liability?
THE CHAPTER'S OWN QUESTIONS, WITH MODEL ANSWERS
Discussion Questions
Chapter 4 closes with five critical thinking and discussion questions, each paired below with a concise model answer grounded in the chapter's content.
1. Consider the ethics and compliance professionals of a large organization. How could they be effective in keeping the company out of trouble? What are the challenges that prevent an ethics and compliance professional from encouraging ethical and compliant behaviors?
Effectiveness comes from coordinating legal, ethics, audit, training, and risk functions together rather than treating compliance as a purely legal add-on (Snell, 2011a) — building out the FSGO's seven criteria (standards, oversight, screening, training, monitoring, discipline, incident response) with real teeth. The main obstacles are structural: a program that exists on paper but lacks senior-management and board buy-in, a culture that rewards results over process ("tone at the top" that doesn't match stated values), and the practical difficulty of monitoring a global, decentralized workforce consistently across jurisdictions with different legal baselines.
2. Why is bribery considered such an important competitive issue for multinational corporations? If bribery exists in some cultures as a normal way of doing business, how effective will countries be in preventing the bribery of foreign officials?
Bribery is a competitive issue because it lets firms win business through payments rather than price, quality, and service — the U.S. Senate's own framing of why the FCPA exists (United States Senate, 1977). Where bribery is culturally normalized, enforcement is inherently harder: the FCPA and UK Bribery Act rely on extraterritorial reach and cooperation through bodies like the OECD Anti-Bribery Convention and UNCAC, but ambiguity over what counts as a "foreign official" (state-owned enterprises) and the facilitating-payments exception both create real gray zones that determined firms can still exploit.
3. Why do so many insiders continue to engage in insider trading knowing the consequences will result in harsh penalties? How does insider trading damage investor confidence and the performance of securities markets?
Insiders often act on the belief that the trade is small, well-hidden, or unlikely to be traced back to nonpublic information — combined with real-time financial pressure or opportunism the 2023 SEC rule changes were designed to close (Barr et al., 2023). Insider trading damages markets because it erodes the basic premise that all investors trade on equal information; when investors suspect insiders profit unfairly, they demand a risk premium or exit the market altogether, raising the cost of capital and undermining the market's core function of efficiently pricing securities.
4. How could the UN or OECD enforce global ethical guidelines? What prevents a company from becoming a signatory of the initiatives in order to be perceived as a responsible business as a cover for unethical behaviors?
Neither the UN Global Compact nor the OECD Guidelines carry legal enforcement power — their leverage is reputational and market-based: public reporting requirements (as in the Global Reporting Initiative), stakeholder dialogue requirements, and the risk of public delisting or exposure for signatories who don't follow through. Nothing structurally prevents "bluewashing" — signing on for reputational cover without genuine compliance — which is precisely why third-party auditing standards like SA8000 exist: they add an auditable certification layer that a simple voluntary pledge lacks.
5. Goldman Sachs entered into a nonprosecution agreement for the creation and selling of a synthetic collateralized debt obligation coined Abacus 2007-AC1. The bank paid a fine, neither admitted nor denied wrongdoing, and endured a slight loss of reputation. In August 2013, former Goldman Sachs trader Fabrice Tourre was convicted of securities fraud for his part in selling the Abacus product. Why should a company receive a nonprosecution agreement and not its employees? Are companies abusing cooperation strategies to avoid criminal or civil prosecution?
The rationale for treating companies differently from individuals is that prosecutors weigh collateral damage — a full corporate prosecution can harm innocent employees, shareholders, and the broader financial system, while an individual employee's prosecution carries no such systemic risk. Critics argue this creates a moral hazard: firms can treat fines as a cost of doing business while individual employees absorb the real legal consequences, which may reduce the deterrent effect of cooperation agreements on corporate decision-making at the top.
THE CHAPTER'S OWN KEY TERMS LIST, DEFINED
Glossary of Key Terms
Chapter 4 closes with an alphabetical Key Terms list. Each term is defined below in one line, grounded in how the chapter used it.
| Term | Definition in one line |
|---|---|
| Antitrust | Laws protecting trade and commerce from unlawful restraints, monopolies, and unfair business practices. |
| Attorney-client privilege | The confidentiality protection that promotes candid, open communication between a client and legal counsel; can be waived explicitly or implicitly. |
| Cartels | Groups of businesses that collude to control prices or divide the market to shield themselves from competitive pressure. |
| Civil law | Rules governing disputes between individuals, such as contracts and property, remedied through lawsuits including class actions. |
| Class action | A lawsuit that allows one or several persons to sue on behalf of a larger group harmed by the same issue. |
| Competition laws | Laws that foster fair competition by prohibiting business practices and transactions that unduly limit it. |
| Criminal law | Rules and statutes defining conduct prohibited by government because it threatens public safety and welfare, enforced through fines or imprisonment. |
| Deferred prosecution agreement | An arrangement between a prosecutor and a corporation to delay prosecution while the company takes remedial action. |
| Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 | Legislation creating the Consumer Financial Protection Bureau and adding corporate-governance, whistleblower-bounty, and disclosure provisions supplementing Sarbanes-Oxley. |
| Global ethical standards | International norms for responsible business conduct that companies voluntarily follow though not legally bound to. |
| Guidelines | Nonbinding statements issued by regulatory agencies clarifying the agency's current thinking on how to comply with official regulations. |
| Industry standards | Generally accepted requirements that members of an industry voluntarily agree to follow, often as a condition of association membership. |
| Law | A rule enacted by a governing body, such as a national or state/provincial legislature. |
| Monitor | An independent third party engaged to oversee and verify a corporation's compliance with a deferred prosecution or nonprosecution agreement. |
| Monopoly | Exclusive control by a company over a commodity or service, often the end goal of predatory pricing. |
| Nonprosecution agreements | Resolutions in which U.S. attorneys decline to prosecute a corporation that has reported a crime, cooperated, and compensated victims. |
| Off-label marketing | Promoting a drug for uses not approved by the FDA — illegal under U.S. law. |
| Regulation | The process of monitoring and enforcing rules established by a law. |
| Regulatory agencies | Government bodies (e.g., FDA, FTC, EPA, SEC) responsible for documenting and enforcing the implementation details of laws. |
| Retaliation | A negative consequence — isolation, harassment, demotion, firing, and more — experienced by an employee for reporting observed misconduct. |
| Sarbanes-Oxley Act of 2002 | U.S. law protecting investors by improving the accuracy and reliability of corporate disclosures, passed after the Enron scandal. |
| Tying | An anticompetitive practice in which a company with monopoly power forces a customer to buy a second product to obtain the desired one. |
| Whistleblower | A person who informs on a person or organization engaged in illicit activity, often making misconduct public at personal or professional risk. |
THE ONE-PAGE VERSION
Quick Reference
A single table capturing the chapter's core structure, its major statutes, its enforcement mechanics, and its most important debates.
| Element | What to remember |
|---|---|
| Mandatory vs. voluntary | Mandatory = laws + regulations, enforced by government agencies with real penalties. Voluntary = industry standards + global ethics guidelines, enforced only by reputation and association membership. |
| Law vs. regulation vs. guideline | A law is enacted by a governing body; a regulation is the process of enforcing it; a guideline is a nonbinding clarification of how to comply (Figure 4.1's three-tier chain). |
| Civil vs. criminal law | Civil law resolves disputes between parties (contracts, property, class actions); criminal law punishes conduct that threatens public safety and welfare (fraud, bribery, insider trading, antitrust violations). |
| Fair competition | Antitrust/competition law (Sherman Act, Clayton Act, FTC Act) prohibits price fixing, bid rigging, cartels, predatory pricing, monopoly, and tying — enforced by the FTC in the U.S. and via Articles 101/102 TFEU in the EU. |
| FCPA's five-element bribery test | Who (issuers, domestic concerns, foreign persons acting in U.S. territory), offense (paying/offering/promising anything of value), recipient (foreign officials or their proxies), business purpose (to obtain/retain business), corrupt intent (regardless of success). |
| Corporate governance | Sarbanes-Oxley (2002) mandates CEO/CFO certification of financials (§302), internal controls (§404), and whistleblower protection (§806) — passed in response to Enron; four governance dimensions are purpose/values, board practices, executive selection/pay, and performance measurement. |
| Insider trading | Governed in the U.S. by the Securities Exchange Act of 1934 (Sections 16(b) and 10(b)/Rule 10b-5); enforcement varies globally, with the U.S. carrying the harshest maximum penalty (20 years) among the chapter's comparison table. |
| Whistleblower protection | Sarbanes-Oxley §302/§806 provide reporting procedures and anti-retaliation rules; Dodd-Frank adds SEC bounties (10–30% of sanctions collected); U.S. protections do not reliably extend extraterritorially (Siemens/Daramola cases). |
| Consumer protection | Built on JFK's 1962 Consumer Bill of Rights (safety, informed choice, choice, being heard); enforced by the FTC, CPSC, FDA, and CFPB. |
| EHS + equity law | Four categories: environmental protection (Clean Air/Water Acts), health and safety (OSHA), privacy/security (ECPA, SAFE WEB Act), and equity (FLSA, Title VII, ADA, FMLA, GINA, PWFA) — enforced respectively by the EPA, OSHA, FTC, EEOC, and DOL. |
| Voluntary industry standards | FASB/GAAP and COSO's Internal Control–Integrated Framework help companies meet Sarbanes-Oxley §404 without direct legal mandate; codes can be violated with no legal consequence but real reputational risk (Beer Institute example). |
| FSGO's seven (now eight) criteria | Standards and procedures; program oversight; delegation of authority (background checks); training and communication; monitoring/auditing/reporting; consistent discipline and incentives; response to critical issues; periodic risk assessment. Fines can drop up to 95% with an effective program. |
| Global ethics standards | Seven+ voluntary frameworks (Sullivan Principles, Ceres, Caux Round Table, OECD Guidelines, Fair Labor Association, GRI, UN Global Compact, SA8000) — none legally enforceable, each triggered by a specific historical failure (apartheid, environmental disasters, human rights abuses). |
| Cooperation strategies | Deferred prosecution agreements delay prosecution pending remediation; nonprosecution agreements decline prosecution outright for cooperating companies; both typically require an independent monitor and a waiver of attorney-client and self-evaluative privilege. |