Sentencing Guidelines, Corporate Governance and Information Management

Introduction

It may surprise many to learn that the United States Sentencing Commission Guidelines (Guidelines) bear a relationship to corporate governance and, more specifically for the purpose of this article, to the management of electronically stored information (ESI).

The Guidelines were established by Act of Congress to bring a measure of rationality into the federal sentencing process. The Guidelines were intended to do so by restricting the discretion of federal judges in the imposition of sentences, although the Guidelines are now “advisory” in nature (United States v. Booker,
543 U.S. 220 (2005).

The Basic Structure of the Guidelines

We begin with the obvious: organizations such as corporations can commit—and be convicted of—federal crimes. The Guidelines, which are effectively a manual intended to aid judges in the exercise of their discretion in imposing sentences, include an entire chapter (Chapter 8) that addresses the sentencing of “organizations.”

According to the U.S. Sentencing Commission’s 2013 Annual Report (at page A-43), the most common offenses for which corporations are convicted are:

• Antitrust;
• Money laundering;
• Fraud; and

• Environmental crimes.

Considerations for ‘Ethical’ Organizations

Obviously, organizations cannot be sentenced to prison but organizations can be fined substantial amounts and placed on probation. Crimes for which organizations are convicted are committed through individual officers or employees. These acts can take place even within “ethical” organizations.

The Guidelines recognize this and use two factors in determining whether to mitigate fines imposed on organizations:

• The existence of effective compliance and ethics programs and

• Efforts at self-reporting, cooperating with authorities, and accepting responsibility.

These two mitigating factors go to the culpability of a convicted organization and the sentence imposed on it. The creation and maintenance of effective compliance and ethics programs may also be imposed on organization as conditions of probation.

How does information management fit into an organization’s compliance and ethics program?

Think Sarbanes-Oxley. Failure to maintain ESI, as well as the alteration or loss of ESI, may constitute a crime within the definitions of offenses created by Sarbanes-Oxley (and other statutes).

A compliance and ethics program should address information management, as first suggested by Barclay T. Blair and Randolph A. Kahn in their book, Information Nation: Seven Keys to Information Management Compliance, (AIIM, 2004). The Guidelines can assist in the creation of such a program.

Effective Compliance and Ethics Programs

What is an effective compliance and ethics program? Among other things, the Guidelines require that, through a program, an organization:

• Exercise due diligence to prevent, and to protect against, criminal acts;

• Be generally effective in doing so;

• Have personnel at various governance levels who are aware of the program and who engage in its oversight and administration;

• Evaluate the program periodically for effectiveness; and

• Have and publicize a system for employees’ reporting of criminal acts without fear of retaliation.

Chapter 8B2.1 of The Guidelines sets for all the factors that can be considered, but the above list provides an idea of what is expected of compliant organizations.

Under certain circumstances, the existence of an effective compliance and ethics program can also lead a United States Attorney to decide not to prosecute an organization but, instead, to enter into a non-prosection or deferred prosecution agreement with the organization. See generally Ch. 9-28.000, Principles of Federal Prosecution of Business Organizations, United States Attorney’s Manual (Manual).

Cooperation Conundrum.

The existence of an effective compliance and ethics program is only part of what an organization must do to minimize a fine. The Guidelines and the Manual also require cooperation and acceptance of responsibility.

This leads to a controversial issue: when, and under what circumstances, can a United States Attorney request or require that an organization waive attorney-client the privilege or work product protection in order to minimize a fine or avoid prosecution?

What Does This Mean for
Corporate Governance?

Organizations create, maintain, and use ESI on a regular—and increasing—basis. That ESI presumably is defined as a “record” or “records” and is subject to existing retention policies. Preservation of ESI may also be required by state or federal statutes or regulations.

The loss or alteration of ESI may result in criminal liability. Therefore, at least for the purpose of mitigating a fine should a corporation be convicted of a crime, the corporation should establish an effective compliance and ethics program that incorporates mechanisms for the appropriate retention—and elimination—of ESI. The Guidelines can be used as a template for how to do so.