U-M business law expert argues for new, updated legal approaches to corporate crime

Theories of criminal law are 'starkly at odds with how business organizations actually operate in the 21st century'

March 11, 2021
Contact: Bridget Vis visb@umich.edu,
Jeff Karoub jkaroub@umich.edu

FACULTY Q&A

U.S. criminal law allows for a corporation to be considered responsible for a crime committed by an employee. That doctrine causes widely recognized issues, particularly a worry that it might be applied too broadly.

Yet Will Thomas, a business law professor at the University of Michigan’s Ross School of Business, argues in a new paper that the doctrine is also too narrow, making it overly difficult to prosecute companies for their illegal acts.

In “Corporate Criminal Law Is Too Broad—Worse, It’s Too Narrow,” Thomas says the key problem is that the doctrine—called “respondeat superior” and rooted in a U.S. Supreme Court decision from 1909—holds that a corporation can be guilty of a crime only if that crime can be attributed to a single person within the corporation.

Thomas discusses the problem and explores ways to solve it.

You argue the way the U.S. treats corporate crime is too broad and too narrow. The “too broad” concern is widely acknowledged; what is the issue there?

The doctrine of respondeat superior makes it possible to charge a corporation with a crime whenever a single individual in the corporation commits that crime, regardless of whether the company itself was to blame for the wrong. For example, imagine an employee embezzles money from her employer. Intuitively, it doesn’t seem either just or economically efficient to hold the corporation responsible here—if anything, the company seems like the victim. But, at least in principle, respondeat superior would allow the government to prosecute the corporation.

All that said, if you actually talk to prosecutors or look at our actual day-to-day practices, I don’t think that that sort of abstract worry is grounds for much concern. Beginning in the late 1990s, the Justice Department has consistently published detailed guidelines laying out when it will prosecute an organization. And without rehearsing the details, it’s clear that the government is generally unwilling to pursue these outlier cases.

Your paper, however, points out this same doctrine can also be too narrow because if a criminal act within a corporation is spread over multiple people, then typically the corporation can’t be criminally liable even if it should be.

Yes. I’m drawing attention to the flip side of the “too broad” problem. There are instances of wrongdoing that seem like they should be attributed to the corporation, but since we can’t tie that wrongdoing to one single individual, strictly speaking, the law is going to say there was no corporate crime committed.

One thing I try and draw out in the paper is that the more intuitively a case looks like a corporate wrong—the more pervasive the wrongdoing, the more spread through the organization it is, the longer it’s been going on—the less it looks like one individual committed the crime. Think of Boeing’s responsibility for the 737 Max disasters, or PG&E’s causing scores of wildfires across California, or Wells Fargo’s opening millions of phony customer accounts. These are massive, society-impacting harms—the kinds of events that seem like corporate wrongs if anything does. Yet in many respects, the worse it looks as a corporate crime, the less well-suited the law is to deal with it as an instance of criminal liability.

The way the system currently works, it’s more likely to pick up “peripheral” cases rather than cases that cut to the core of a problem. Why is that?

The cases that satisfy both our intuitions and the legal doctrine—where the corporation is the apt target for responsibility, and also there is a single individual who carried out the crime—those actually strike me as kind of weird, idiosyncratic cases. Because the average corporation doesn’t leave that much power in any one person’s hands. Successful corporations disperse and distribute tasks throughout the organization, often in ways that make it really challenging after the fact to reconstruct exactly which contributions came from which individual employee.

So the doctrine is looking for this individual offender, the one person who’s on the hook for every element of the corporation’s wrongdoing. That’s going to be an odd case. And frankly, we should be aiming at the core cases, rather than worrying about the outer bounds. Doctrines like respondeat superior focus criminal law’s attention on “bad apple” employees, when what we should be worried about here are “bad barrel” companies.

Yet another concern that you raise is the way that machine learning and algorithms are becoming more prevalent, and that can actually make it harder to apply responsibility to a single person. How so?

I’m concerned that we are headed to a world where lots of corporate decisions are going to get filtered through sophisticated algorithms. There is plenty to like about machine learning, but one downside for criminal law is that it is likely to exacerbate these problems with respondeat superior. We already struggle to reduce corporate wrongs down to an individual right now, and with these developments we’re basically going to be hard-coding the inability to do that into the structure of corporations.

At the end of the day, the real problem is that the criminal law’s theory of what constitutes corporate behavior—and by extension, corporate misbehavior—is more than a century old, and it’s starkly at odds with how business organizations actually operate in the 21st century. This tension between theory and reality already exists, but it’s going to get more stark unless we update our doctrines.

How do these concerns play out in the real world? You mention that there’s reason to believe that all this contributes to an under-enforcement of corporate crime. Could you explain?

I find people are surprised to discover that organizations are rarely prosecuted at all, at least compared to how much prosecution we do of other crimes. And the enforcement that does occur is heavily slanted toward small businesses, with fewer than 50 employees.

The standard story here is a cynical explanation—surprise, the big companies are getting special treatment while the small guys get prosecuted. Yet I think it’s more complicated. Prosecutors are resourceful, but still, they have told us for years that it’s just hard to prosecute organizations, and I think we should take them at their word. This doctrine is just ill-suited for bringing corporate prosecutions, and the doctrine becomes less well-suited the larger the organization gets. In other words, the ability to track actions back to an individual gets harder as the organization gets bigger.

So how do we fix this?

There are a number of possible remedies. There’s one long-standing view, which I’m sympathetic to, that says maybe it’s just a bad doctrine. Why don’t we just scrap the whole thing? And let’s come up with some way that applies liability directly to the corporation. I’ve written favorably about this approach in prior articles.

One thing this paper adds to that conversation is to show that getting a better doctrine —and by “better” I mean a more morally defensible doctrine—is consistent with dramatically expanding potential corporate liability. This will come as a surprise to a lot of reformers who have taken for granted that if we go in that direction, there’s going to be less corporate enforcement. This paper says that assumption is not necessarily going to bear out. You can have both; you can expand corporate liability and also have a more defensible and justifiable practice.

Are there smaller, more short-term changes that could help?

If you just want to make some modest tweaks, there are some easy things that could be done. For example, right now respondeat superior requires us to identify that one single individual who satisfies all elements of the crime. That’s a really onerous task. Relaxing that even a little bit—allowing different elements of a crime to be attributed to several different people, for example—would have meaningful impacts.

Another option is to require prosecutors to be able to trace all the elements of the crime to a specific department rather than an individual. I think this approach strikes a middle ground: It fits much better with our conception of corporations across a range of different fields, but it still requires prosecutors to get in there and really do the hard work of proving their case.

How could changes like these be enacted?

There are several ways a change could occur. One would be an act of Congress to establish our attribution rule going forward.

Another would be an act by courts. Obviously, when it comes to courts, eventually this would have to reach the Supreme Court for a decision. I flag that because one weird thing about this rule is that even though it fundamentally shapes everything about how we handle corporate criminal law, it’s not written down anywhere. It comes from a 1909 Supreme Court case and became the default rule for everything.

So, I think courts have the capacity to do this and should take it seriously. And if they don’t, I think that Congress should step in and say, once and for all, “This is what we want the rules to look like.”