ONE

The Regulatory Shortfall

SINCE THE 2008 CRASH, one question has dominated the public debate over it: Why were no senior executives on Wall Street prosecuted? How did those guys escape prison? Politicians, scholars, television commentators, and participants in nearly every cocktail party at which the 2008 crash was discussed have asked this question—usually in tones suggesting outrage, suspicion, or, at the least, pure puzzlement.¹

Indeed, this suspicion is understandable because earlier financial debacles did produce high-profile and sometimes massive prosecutions. When Enron and WorldCom collapsed in 2001–2002, their chief executives (among others) were indicted, convicted, and sentenced to lengthy prison terms.² Similarly, the collapse of savings banks in the 1980s elicited wholesale prosecutions with (by some estimates) over one thousand savings bank employees and executives being convicted of felonies in federal court (with most going to prison).³ Yet the failure of Lehman not only produced no federal prosecutions of the executives at that firm, but the SEC similarly brought no civil actions against its senior executives. Although it is an overstatement to say that no one was prosecuted as a result of the crash (as a host of lower-echelon persons were), no senior executive on Wall Street or at a major financial firm was convicted (or even prosecuted).⁴

Given the public’s strong desire for retribution and the personal interest of many federal prosecutors in conducting high-profile criminal prosecutions (upon which one can build a career), this absence seems anomalous. Many have offered plausible explanations to account for this joint failure of prosecutors and regulators. The most popular theory has been that the federal government was either “captured” by the financial industry or that prosecutors were too risk averse to take on major cases that might have been lost. Jesse Eisinger, an able and respected journalist, has been the most outspoken proponent of this view, arguing in his 2017 book a thesis that is largely conveyed by that book’s title: The Chickenshit Club: Why the Justice Department Fails to Prosecute Executives. As he sees it, the “revolving door” practices at the Justice Department and the cautious attitudes of its leaders (who were soon to rotate back to “establishment” law firms) explain this failure. Unquestionably, he makes a cogent and plausible case for his position. Even if one doubts his view that the Justice Department’s leadership was cowardly or conflicted, one can still understand why the Federal Reserve and other banking agencies might have wanted more to calm troubled waters than to impose retribution. Having poured trillions into these banks pursuant to a variety of bailouts, the federal banking agencies likely saw little point in imposing massive fines on these same banks that ultimately would be paid from the funds they had advanced; the net result would only have been circular.

Of course, this does not explain why individuals were not also prosecuted. Financial regulators possibly feared that indicting senior bank officers might slow a return to normalcy and keep the banking system destabilized. Some foreign governments openly made this argument (in the case of their own banks), and some evidence suggests that federal officials also cautioned the Justice Department against a punitive pursuit of Wall Street.⁵ But what does this mean? It can be read as a somewhat more polite and palatable reinterpretation of Eisinger’s blunter thesis that prosecutors were simply “chicken.” Still, this does not necessarily imply that federal prosecutors were “captured” but only that they proceeded more cautiously in the case of the nation’s largest banks, recognizing that major banks presented a different and more problematic case for enforcement than did Enron and WorldCom.

At the other end of the spectrum from those who see the Justice Department as being overly constrained (whether by politics or innate caution) are those who deny that there was any enforcement failure at all. Within the banking industry and among economists, some believe that few prosecutions occurred because there were no true crimes committed.⁶ They will argue: “It was a bubble, not a fraud.” In their view 2008 was a “perfect storm”—a classic banking panic that arose outside the banking system because the “shadow banks” of Wall Street (including Lehman, Bear Stearns, and Merrill Lynch) were largely beyond the Federal Reserve’s supervision. Some in this school will blame market forces; others, regulatory laxity. Clearly, these are at least colorable arguments, and one can buttress them with the observation that normally prosecutors would be eager to prosecute high-profile bank executives, either because they were “headline happy” or because they had careerist motives. Although this book believes that fraud was both present and pervasive, it recognizes that there are two sides to this argument, and neither the claim that prosecutors failed nor the counter-position that banking panics need not involve fraud can be dismissed or ignored. To date, there has yet to be a cool-headed, objective analysis that compares these rival explanations for why both prosecutors and regulatory enforcers were so equivocal (or worse) after 2008.

But the goal of this book is not to rehash a crisis that is already a decade in the past. Our starting point begins with the observation that this pattern of underenforcement that was so clear during the 2008 financial crisis has persisted, and recent crises (such as the opioid epidemic) have elicited only a few criminal prosecutions, notwithstanding deaths from prescription opioid overdoses in the range of 400,000 or more. Other disasters have produced even less of a response from public enforcers. Consider the record forest fires that swept California in 2018 and killed many. Was California’s leading public utility responsible? Did it know and ignore the risks? Now in bankruptcy, Pacific Gas and Electric Company is beyond the reach of monetary sanctions, but should its executives have escaped liability? No one can answer this question without an objective investigation that probes deeply into a complex bureaucracy. In that light, the focus of this book is on the obstacles to effective investigation and enforcement, now and in the future, in the case of large-scale organizational misconduct. As we will see, the prosecutorial abdication that followed 2008 could easily happen again—and may have. In the arena of consumer safety, one may point to the cases of Boeing or General Motors where vehicles arguably known to have been unsafe were tolerated with consequent loss of life. In the case of the opioid crisis, the leading candidate would be Purdue Pharma Inc., which marketed a risky product broadly for a wide range of ailments, and overdoses potentially caused by it killed tens of thousands. In the case of environmental disasters, the examples of PG&E and British Petroleum (BP) stand out, as each recklessly caused epic destruction.

A recent popular movie—Dark Waters—alleges that DuPont for an extended period hid its chemical contamination of the water supply affecting at least 70,000 persons in an area of West Virginia. The movie, which grew out of a New York Times Magazine story,⁷ asserts that DuPont long knew that the chemical was unsafe and was leaking into the water supply but concluded that the product involved was just too profitable. So it gave no warnings. Are these charges true? No judgment is here reached, because the more relevant point here is that only an extended investigation could uncover the true facts, and that is generally beyond the capacity of most prosecutorial offices. Even though a private civil settlement was reached, this is not a fully satisfactory resolution, as the settlement remains under seal and thus the goals of transparency and individual accountability are subordinated to that of victim compensation. Only public enforcement is likely to reveal the fuller truth.

Similarly, massive money laundering schemes have escaped federal prosecution (for example, HSBC), and we simply do not know how many foreign corrupt practices cases have not been pursued that should have been. The scope of these cases is simply too global for most prosecutors to pursue on their own. Overall, the more extensive and systematic the corporate corruption, the more it will likely produce a settlement, not a trial.

Politically, it is not enough in such cases that the corporate entity plead guilty to something. Accountability requires more, and the public particularly wants to know what individuals were culpable. Still, formidable obstacles constrain the ability of prosecutors and regulators to investigate, deter, and prosecute organizational crime (at least when the misconduct involves conduct that is subtler and less obvious than behavior that is aimed simply at personal profit⁸). The problem is less that prosecutors are “chicken” than that they confront a logistical nightmare when they face an engrained and systematic corporate practice (which often is industrywide). Even if prosecutors and regulators were motivated by uncompromising zeal, it will still often be beyond their ability to prosecute senior executives in complex cases. This is true whether the underlying misbehavior be securities fraud at a firm like Lehman or even more deadly crimes at a pharmaceutical firm that was supplying opioid mills or a public utility that was turning a blind eye to the risk of forest fires. For both legal and logistical reasons, these cases today are mismatches—a David-versus-Goliath battle, in which the slingshot is seldom mightier than the sword.

The worst-case scenario is that meaningful deterrence may be largely beyond the capacity of our existing institutional structure to achieve. Today, as will be shown, our existing institutional network of enforcement—both civil and criminal—succeeds mainly in imposing a steadily increasing level of fines on corporations, fines that are imposed by a large number of federal agencies, sometimes in a coordinated fashion, more often not. Unfortunately, monetary fines against large organizations are unlikely to generate adequate deterrence. This is evidenced both by the fact that these fines (even when they exceed $1 billion) amount to only a trivial percentage of the corporation’s market capitalization (less than one-tenth of 1 percent on average) and by the fact that the public corporation’s stock price usually goes up on the announcement of the sanction (as we will see in more detail in chapter 4). If adequate deterrence cannot be achieved through monetary penalties imposed on the corporation, it follows that a refocusing of penalties on individual officers and managers within the corporate hierarchy is necessary. But this is much harder to achieve than has been explained to date, and it requires that we enlist the corporation in the prosecution of its own officers and agents. Thus, this book’s aim is less to assign blame for past scandals than to map a path to reform to deal with future crises.

This contention that logistical reasons, rather than motivational reasons (such as risk aversion or a conflict of interests), may better explain the enforcement failures after 2008 leads logically to a further contention: we need to focus more on what motivates or dissuades enforcement agencies. Enforcement agencies—civil and criminal—are bureaucracies. Two key facts must be understood at the outset about enforcement agencies as bureaucracies.

First, they are constrained by budgets given to them by legislatures that rarely award them all they want (or need). Thus, in the real world, the job of the efficient manager within an enforcement bureaucracy becomes that of handling any new crisis within the budget. The simplest means to this end is to seek a settlement with the defendants (and counsel for the defendants know and exploit this need).

Second, to obtain the budget that they desire, enforcement bureaucracies—both civil and criminal—need to satisfy both the legislature and the public. This means that if they cannot convince the press and other media that they are doing an effective job, they will likely encounter public skepticism, which can quickly translate into legislative resistance when they seek enhanced budgets.

The bottom line then is that enforcement agencies are locked into a never-ending struggle for credit. Obtaining credit and public approbation is a precondition to enhanced future funding. Particularly in the case of civil enforcement agencies (such as the SEC), this may require public enforcers to demonstrate that the number of cases their agency has brought and the aggregate recoveries they obtained have grown year after year. Beyond any doubt, such numbers are not good proxies for the total deterrence generated (which in theory should be the end goal that guides rational prosecutors). Nonetheless, what Congress wants Congress gets. Thus, regulators and prosecutors feel a need to show constantly improving statistics if they are to satisfy Congress.

Statistics can, of course, be manipulated, and the experienced bureaucrat is likely skilled at doing so. Efficient bureaucrats managing enforcement agencies know that they need victories (and will be injured by defeats), but they particularly need timely victories—ones that can be shown to Congress to influence the budget cycle. Long, drawn-out investigations seldom advance this goal. In this light, the deferred prosecution agreement (which will be discussed in detail later but is essentially a plea bargain that does not result in a felony conviction) has grown in popularity because it enables the agency to stay within budget and produce a timely victory (or at least an outcome that can be described as a victory) in order to generate the credit that justifies increased funding. In turn, those firms subject to such investigations (and their white collar counsel) can anticipate and manipulate this need by offering symbolic victories that seem to show prosecutors succeeding gallantly, even though the settlements are weak and bloodless compromises.

There is, of course, a tension here. Hollow victories will eventually attract media criticism and hence congressional disfavor. But the efficient manager within the enforcement bureaucracy must balance these two goals. Often a timely resolution, achieved within the budget, is more useful than a delayed complete victory.

All this may sound obvious and too general to produce specific policy responses, but it has immediate implications for our context of organizational misconduct. Following the 2001 terror bombing of the World Trade Center on 9/11, the federal government shifted its priorities and understandably reallocated its prosecutorial resources away from white collar crime.⁹ Terrorism now was given the highest priority, and white collar criminal prosecutions were deemphasized. That reallocation had just been fully implemented when the 2008 crisis erupted. This shift implied that U.S. Attorneys had more limited manpower and funding—and thus needed to pursue less costly settlements than in the past.

Next, add to this equation the fact that individual prosecutions of senior executives at Lehman, AIG, Countrywide, or Merrill Lynch (to name just a few of the financial institutions most criticized as playing a causal role in the 2008 crash) would have necessitated very manpower-intensive investigations. Particularly difficult would have been the attribution of culpable knowledge to these senior executives, who are typically remote from operating levels and generally insulated at the top of the corporate hierarchy from knowledge of operational details. For example, most CEOs at major investment banks can credibly deny knowledge of what was in those toxic securitizations that their banks marketed.

This is said not to justify the failure to prosecute senior executives but as the necessary prelude to opening a discussion of the controversial strategy that federal prosecutors did adopt. In the wake of 2008, federal prosecutors came to rely heavily on deferred prosecution agreements (or DPAs), which they used as a substitute for a criminal trial.¹⁰ Essentially, DPAs amount to a written plea bargain under which the prosecutor agrees that if the defendant corporation pays a fine and completes a short period of probation (and possibly accepts a corporate monitor with modest powers), its conviction will be expunged—in effect, erased—at the end of this probationary period. Although an extensive internal investigation is not a mandatory component of a DPA, its use has become increasingly standard—in part, so that prosecutors can feel that they have gotten to the bottom of the conspiracy and revealed the truth.

Multiple reasons explain the sudden new popularity of this mechanism, but one key attraction is its logistical efficiency. Not having the manpower to investigate these cases anywhere near adequately, prosecutors can use the DPA to delegate the factual investigation to an allegedly independent law firm and then settle based on the facts that investigation disclosed. Of course, there is a catch to such outsourcing: this approach effectively allows the defendant to select its investigator (within some limits). In truth, these internal investigations were often quite thorough (and staggeringly expensive), but they seldom, if ever, discovered responsibility at higher levels within the corporation. Law firms specializing in internal investigations reaped extraordinary returns from this new line of business. Given the highly competitive nature of the legal industry and the bonanza that this new internal investigation line of business represented, one would be naïve to expect that a law firm that was selected by the defendant corporation (and that was charging prodigious fees for its services) would bite the hand that feeds it by implicating its client’s senior executives—at least not if this law firm wanted to do business in the internal investigation marketplace again.

Many attribute the DPA’s popularity to the Justice Department’s embarrassment over its ultimately unsuccessful prosecution of Arthur Andersen (the auditor for both Enron and WorldCom).¹¹ Although that debacle no doubt was a factor (as will be discussed), DPAs were at least equally a cost-economizing strategy. In addition, DPAs offered further bonuses: they spared prosecutors from any risk of an embarrassing loss at trial, and they offered a speedy resolution that enabled prosecutors and regulators to declare an early victory (whereas a trial would potentially mean years of delay and then appeals). Early victories are important in dealing with Congress and the approaching budget cycle.

The only goal that the DPA did not achieve for prosecutors was the generation of meaningful deterrence. Here, many commentators have now agreed that DPAs resulted in a massive shortfall in deterrence. Nonetheless, bureaucracies favor arrangements that reduce cost and effort and allow them to claim credit. Today, based in large part on the research of Professor Brandon Garrett, the data suggest strongly that DPAs regularly permitted senior executives to escape prosecutions—and thus seemingly to buy immunity with their shareholders’ money. In his book Too Big to Jail: How Prosecutors Compromise with Corporations, Professor Garrett has shown that major public corporations, despite repeated violations, were able to escape criminal prosecution through the use of DPAs—in effect, surviving as serial and unpunished recidivists. But even if DPAs amount to a relatively painless punishment that permits high-ranking executives to escape without penalty, and even if prosecutors know they will be criticized for relying on them, the problem remains: What is the alternative? How can the prosecution develop sufficient leverage to force the corporate entity to settle closer to the government’s terms? That is our focus.

This brief reference to DPAs is intended to underscore a key and recurring theme for this book: logistics matter! Without denying that such critics as Jesse Eisinger make valid points, it is insufficient simply to call prosecutors too risk averse (or worse). Organizational crime and misconduct cannot be effectively addressed without designing a system that can investigate complex matters thoroughly and in a manner that neither compromises the integrity of the study nor imposes unacceptably high costs on the government.

Here, a word of caution must be added. The premise of this book is not that public corporations are corrupt and lawless. Indeed, American corporations appear considerably more law compliant than foreign corporations, and the United States invests far more on enforcement (even on a size-adjusted basis) than do comparable nations.¹² Rather, the premise is that complex organizations tend to persist in behaviors to which they have become accustomed (including, for example, money laundering for foreign clients). Draconian sanctions may change such behavior, but lesser penalties are often an acceptable cost of doing business. Under the current equilibrium, defense counsel have become skillful at minimizing reputational damage for their clients and in keeping penalties at a tolerable level.

That said, it is now time to provide a brief road map for this volume. We will begin with a capsule history of recent prosecutorial developments, beginning with the Arthur Andersen case in 2005, which forced federal prosecutors to reconsider criminal prosecutions of corporations and set the stage for new policies favoring DPAs. Then, we will examine several episodes during and after the 2008 crisis that contain lessons for the future. A sad low point in prosecutorial tolerance for egregious misconduct was reached in 2012 with the Justice Department’s decision not to indict HSBC, a major international bank that had laundered money on a massive scale for Mexican drug cartels and Iranian terrorists alike.¹³ After this episode and Attorney General Holder’s awkward admission that some banks were “too big to prosecute,”¹⁴ the public mood shifted, and the Obama administration became embarrassed by its prior leniency. Despite this shift and the public’s demand for tougher enforcement, attempts by federal courts to hold prosecutors to higher standards have still failed, as appellate courts have denied lower courts any meaningful oversight over prosecutorial discretion.¹⁵ Similarly, a much publicized policy shift by the Justice Department (known as the Yates Memorandum) that was intended to mandate more prosecutions of individuals has not yet resulted in measurable change.¹⁶ Even in the face of a torrent of public criticism, prosecutorial practices have not been altered significantly, and the bureaucratic equilibrium seemingly remains stable.

The one thing that has changed (under President Trump) is that there is a declining rate of criminal corporate prosecutions. Mainly for this reason, there have been fewer DPAs recently. In this light, we will broaden our focus and look at the interplay of civil and criminal enforcement directed at public corporations. Prior critics, who have focused only on criminal prosecutions, have thereby ignored the much greater enforcement effort that is civil in character. Within this context, although the SEC has been the principal regulatory enforcer in cases of corporate wrongdoing, a host of other agencies are also active and sometimes in competition. But the pattern remains the same and is one in which civil fines and penalties are escalating enormously but without any apparent coordination or clear rationale.¹⁷ Because (as later explained) these fines cannot be kept by the enforcement agency, they do not fund enforcement. Worse yet, enforcement actions against individuals remain more the exception than the rule. Efforts by federal judges to reject either deferred prosecution agreements or weak settlements by the SEC have been curbed by appellate courts.¹⁸ No matter how hollow and empty the settlement, the district court is today required to accept it. This may sound outrageous, but it has become settled law, absent legislative change.¹⁹

This pattern of equivocal enforcement by both civil and criminal enforcers sets the stage for asking why it is so difficult to prosecute senior executives. At the outset, a basic distinction must be drawn between the 2008 crisis and earlier episodes (such as the savings and loan crisis of the 1980s) when bank executives were prosecuted en masse. One critical difference may be that the 2008 crisis involved regulatory crimes, but not traditional predatory crimes involving obvious personal gain or self-dealing (which was in fact at the core of many savings and loan failures). Another difference involves the size of the defendant corporation: savings and loans are relatively small and have thin management teams, while banks are greater in size by orders of magnitude and decision making is diffused within a much larger corporate hierarchy. Also, the empirical evidence suggests that if prosecutors did indict more senior executives, they would lose much more frequently. In this light, current policies that enable prosecutors to avoid individual prosecutions also protect prosecutors from embarrassment. Some will interpret this conclusion to confirm their view that prosecutors are excessively risk averse. But one can go further and recognize that, to prosecute individual executives successfully, the government needs an ally who can fund and assist its investigation. This book will suggest that federal prosecutors investigating major organizational misconduct will generally need the cooperation of the corporation before they can undertake successful individual prosecutions. Although prosecutorial culture favors a small tight-knit team of prosecutors taking on the much larger defendant, this lone wolf style cannot succeed in the contemporary environment. Just as the cavalry had to yield a century ago to tanks and a more mechanized attack, so too must the individual federal prosecutor forgo being a knight errant and join in a more coordinated plan of battle. That transition will, however, be resisted.

At this point, it is time to turn from description to prescription and outline possible reforms. Initially, we will consider the difficulties in achieving deterrence. To deter, economics insists that the expected penalty must exceed the expected gain, but this is hard to quantify or even estimate. A first question will be why it matters whether the organization or the executive is punished, as arguably both can be deterred. Here, economists sometimes argue that it is less costly to prosecute the firm than the individual.²⁰ But that analysis, it will be argued, misses much. Not only may it be impossible to deter the organization with financial penalties, but high penalties can cause externalities, as creditors, employees, and others closely connected to the corporation are injured. Politically, enforcement will be unsustainable if it requires penalties so high as to shut down plants, require layoffs, or curb corporate operations.

To be sure, this argument about externalities can prove too much; shareholders have to suffer if the firm is to be deterred. Nonetheless, other constituencies can be spared. This book will suggest the superiority of penalties that fall only on the firm’s shareholders, not its employees, creditors, or others. Some have gone much further, arguing that corporate criminal liability should be abolished so that prosecutors would necessarily focus only on individuals. Such a policy, however, ignores the legitimate goals underlying a corporate prosecution. Better than anyone else, the corporation can identify the responsible employees and agents who planned and carried out the criminal conduct. Put simply, in the modern decentralized corporation, the responsible individuals are hard to identify and convict, unless their corporate employer cooperates against them. Only then can evidence and witnesses feasibly be assembled. Thus, an underrecognized purpose of corporate criminal liability is to create a threat aimed at the corporate entity that leads it to cooperate in the prosecutions of individuals (and particularly senior executives). It is a mistake then to pose an either/or choice between prosecuting the firm or the individual, as only joint prosecutions are likely to result in successful individual prosecutions in complex cases. Put bluntly, only if the corporate entity is threatened severely will it cooperate meaningfully against its executives.

Probably the greatest failure of current institutional arrangements is that the prosecutor today delegates the investigative function to a law firm chosen by the defendants. In a nutshell, that is how deferred prosecutions work. The result is predictable: a great deal of data is generated, but it tends to implicate only lower-level executives. Once, prosecutors did these investigations themselves, using the grand jury as their investigative tool, but in the internet era, when investigations sprawl around the globe and complex cases commonly involve millions of emails and tons of documents, this is no longer feasible. Thus, this book will propose means by which an independent investigation can be arranged and financed. But again this requires the cooperation of the corporation, and constitutional problems lurk here (as recent cases have shown²¹).

To prosecute individuals successfully, documents alone are not enough. “Flesh and blood” witnesses are needed to testify against the key defendants. To encourage such testimony, witnesses must be given incentives in the form of immunity or leniency. This is true in Mafia cases as well as in white collar cases. Although underlings and junior employees can sometimes be “flipped” and persuaded to testify against their superiors, this is most likely when they are motivated by a strong threat. The corporation needs to be motivated in the same manner, by giving the corporate entity strong incentives to turn over all evidence and cooperate in the prosecution of its senior executives. This requires that the corporation be threatened—much more than it is today. If a sufficient threat to the corporation is created, the corporation and its senior executives are forced to compete for the prosecutor’s leniency in a zero-sum game. In such a world, either of the two—the corporation or the executives—could turn on the other. This is hard-nosed, even cruel, but desirable; the incentives for each to turn on the other should be deliberately maximized. This book will make a specific proposal to this end that it calls the prisoner’s dilemma strategy.²²

Other strategies have been proposed, including making senior executives strictly liable for their corporation’s misdeeds or liable based only on a showing of negligence. In particular, Senator Elizabeth Warren has proposed highly controversial legislation that would adopt a respondeat superior standard under which the CEO would be liable for financial failures or illegal conduct by his or her company if either failure was attributable to the CEO’s negligence.²³ This book will compare these and other strategies against its preferred strategy. It will conclude, however, that even if significant changes in substantive criminal law were adopted, their impact on the prosecutor’s ability to prosecute individual executives successfully would likely be minimal.

Unsurprisingly, this book will conclude that there was disturbing underenforcement, both on the criminal side and by the SEC and other civil enforcers, following the 2008 crash. It will continue to be debated whether this was more attributable to political constraints, to risk aversion, or to the logistical challenge of identifying the most culpable decision makers within large organizations. But the issue for the future is not who was most at fault following 2008. Rather, it is how enforcement problems can be best addressed to minimize or mitigate the risk of another systemic failure. When we look at the most significant corporate scandals since the 2008 crisis (the most obvious nominees being Volkswagen’s emissions scandal, Boeing’s failure to recognize the problems with its 737 MAX airplane, and the opioid epidemic), we are witnessing not “one shot” corporate failures but persistent intentional misbehavior that flies in the face of government policies and regulations on the apparent premise that the government can be safely disregarded. That is the problem of underenforcement on which this book focuses.

Underenforcement, it argues, results chiefly from the logistical mismatch between the government’s limited enforcement resources and the nearly limitless capacity of the large corporation to resist and delay. But this mismatch is greatly compounded because enforcement officials—both civil and criminal—have become convinced that the best policy for them is to trade leniency (through deferred prosecution agreements, prosecutorial declinations, and sentencing credits) for cooperation from the corporate defendant (chiefly through the conduct of an internal investigation). In all likelihood, an optimal enforcement policy should involve some mixture of carrots and sticks, but the key claim of this book is that today the terms of this trade unduly favor the defendants and leave the government with much too little. Worse yet, we are rapidly moving in the direction of an “all carrots and no sticks” policy. Not only is the business community pressing for such a policy that will save corporations from even being charged with a crime if they have a “robust” compliance plan, but academics have aided and abetted this transition by justifying the exchange of leniency for cooperation, without clearly recognizing the need for limits and conditions on this exchange.

Finally, one consequence of underenforcement needs special emphasis. In a society increasingly concerned with growing inequality, enforcement policy can foster growing legal inequality. The relative immunity of senior executives from legal punishment implies such legal inequality. Where once scandal and crisis triggered a punitive legal response, this reaction has become more muted since 2008. Continuing failure begins to call into question the legitimacy of our legal system. To paraphrase Anatole France, the law in its infinite majesty forbids the rich and the poor alike to steal bread, but it now arguably punishes fraud and deception only when committed by those at lower echelons or reckless outliers.