Compliance Gatekeepers

What determines the effectiveness of corporate compliance programs, and who is accountable when they fail? Scholars and policymakers tend to answer these questions by  focusing on internal compliance actors: directors, CEOs, general counsels, chief financial officers, and chief compliance officers. Yet in reality, all these corporate insiders rarely  perform compliance tasks on their own. They rather heavily rely on outside compliance advisors. In this Article we spotlight the understudied role of outside compliance advisors and make the following three contributions.

First, we document the various functions that outside compliance gatekeepers play these days: from designing reporting systems, to conducting internal investigations and monitorships, to performing “racial equity audits” and verifying ESG disclosures. Along all these dimensions, there exists a gap between the high level of expectations for compliance gatekeepers to improve corporate behavior and their low levels of accountability for compliance failures.

Second, we examine the causes of compliance gatekeepers’ lack of ac-countability. Compliance gatekeepers rarely face litigation, even after colossal compliance failures, because an amalgamation of doctrines set a very high pleading hurdle across all potential claims against them. Private ordering is ineffective too. The buyers in the market for compliance gatekeeping—namely, corporate insiders—do not necessarily want outside compliance gatekeepers to hinder their company from making profits by skirting regulations in real time. Nor do corporate insiders want outside gatekeepers to probe their internal affairs diligently after the fact and place the blame for corporate wrongdoing at their feet. By paying outside compliance gatekeepers with shareholders’ money, corporate insiders buy plausible deniability for themselves. From the sellers’ (gatekeepers’) perspective, it is convenient to ramp up expectations while not being too stringent with their clients, because this keeps a newfound revenue stream alive and growing. The gap between high expectations and somber reality may therefore be a feature rather than a bug.

Finally, we propose concrete policy measures that could improve corporate compliance. For example, public enforcers need to rethink the practice of providing lenient treatment to corporate wrongdoers who rely on outside experts. Credit to wrongdoers should be conditioned on outside experts facing a meaningful threat of liability or at minimum transparency. Courts need to rethink the applications of doctrines such as “in pari delicto,” which blocks claims of professional negligence and breach of contract against gatekeepers. And corporate law courts should interpret shareholders’ right to inspect their company’s books more liberally, so that it includes access to documents pertaining to gatekeepers’ work, thereby enabling shareholders to investigate potential gatekeeper misconduct.