Over the last decade, federal corporate criminal enforcement policy has undergone a significant transformation. Firms that commit crimes are no longer simply required to pay fines. Instead, prosecutors and firms enter into pretrial diversion agreements (PDAs). Prosecutors regularly use PDAs to impose mandates on firms, creating new duties that alter firms’ internal operations or governance structures. DOJ policy favors the use of such mandates for any firm with a deficient compliance program at the time of the crime. This Article evaluates PDA mandates to determine when and how prosecutors should use them to deter corporate crime. We find that the current DOJ policy on mandates is misguided and that mandates should be imposed more selectively. Specifically, mandates are appropriate only if a firm is plagued by policing agency costs—in that the firm’s managers did not act to deter or report wrongdoing because they benefited personally from tolerating wrongdoing or from deficient corporate policing. Moreover, only mandates that are properly designed to reduce policing agency costs are appropriate. The policing agency cost justification for mandates that we develop calls into question both the extent to which mandates are used and the type of mandates that are imposed by prosecutors.


Over the last decade, corporate criminal enforcement in the United States has undergone a dramatic transformation. Federal officials no longer simply fine publicly held firms that commit crimes. Instead, they use their enforcement authority to impose mandates on these firms—mandates that can require a firm to alter its compliance program, governance structure, or scope of operations.1

Prosecutors generally impose mandates through pretrial diversion agreements (PDAs), specifically deferred prosecution agreements and nonprosecution agreements. In a PDA, the prosecutor agrees not to pursue a criminal conviction of a firm, but nevertheless typically imposes financial sanctions on the firm. In return, the firm usually agrees to cooperate in the investigation and admit to the facts of the crime.2 In addition, most PDAs contain mandates that govern the firm’s future behavior. These mandates impose new prosecutor-created duties on the firm. They may require the firm to adopt a corporate compliance program with specified features not otherwise required by law, to alter its internal reporting structure, to add specific individuals to the board of directors, to modify certain business practices, or to hire a prosecutor-approved corporate monitor.3

Prosecutors’ use of PDAs to create and impose such mandates on firms with detected misconduct fundamentally alters both the structure of corporate criminal law and the role of the prosecutor.4 Under traditional duty-based corporate liability,5 corporations are effectively subject to duties to adopt an effective compliance program, self-report, or cooperate, duties that are hereinafter referred to as “policing duties.”6 These policing duties are imposed ex ante on all firms (or all firms in a particular category). Traditional criminal liability enforces these duties through “harm-contingent” sanctions: firms are sanctioned for breaching any policing duties only if a substantive criminal violation occurred.7

PDA mandates deviate from this traditional regime in two ways. First, they impose policing duties ex post on select firms with detected wrongdoing, rather than ex ante on all firms. Indeed, not only are the mandated duties imposed after a substantive violation occurs, but the content of the mandates is often determined only at that time. Thus, a firm does not know beforehand what additional duties it could become subject to should it commit a substantive violation. Second, liability for violating PDA mandates is not harm contingent. That is, a mere violation of the firm’s ex post policing mandate, without the commission of a further substantive violation, exposes the firm to liability. In combination, these two features of PDA mandates transform prosecutors into firm-specific quasi regulators. Prosecutors can impose specific duties on a subset of firms with alleged wrongdoing, and they enforce compliance with these duties through sanctions for a mere failure to comply with the duties, even if no substantive crime occurs.

DOJ policy and federal practice encourage prosecutors to impose PDA mandates on any firm with detected wrongdoing that did not have an effective compliance program at the time of the crime. The DOJ, however, has not adopted genuine standards governing what mandates to impose.8 Calls abound for federal authorities to provide adequate guidance to prosecutors on when to impose PDA mandates and what form they should take.9 Yet, in order to provide such guidance, one must first address two fundamental questions. First, when, if ever, are mandates justified as a supplement to traditional corporate criminal liability that imposes monetary sanctions? Second, which types of mandates plausibly enhance social welfare? To date, neither the DOJ nor academic commentators have provided a satisfactory analysis of these issues. This Article seeks to fill this void.

In this Article, we analyze whether, and when, the imposition of compliance programs and other mandates through PDAs is an efficient component of the overall liability regime. Our principal conclusion is that mandates should be employed far more selectively than is called for by current federal policy and practice. In particular, prosecutors should impose mandates only on firms with policing deficiencies attributable to policing agency costs. Policing agency costs arise when the firm’s senior managers or board of directors personally benefit from either wrongdoing or deficient corporate policing. In this situation, traditional corporate liability—with sanctions targeted at the firm—will not suffice to induce firms to undertake effective compliance, self-report violations, and cooperate with authorities. By contrast, we find that PDA mandates can be structured in a cost-effective way to reduce policing agency costs and induce effective policing.

Federal authorities can best deter crime by employees of publicly held firms by inducing firms to intervene, to detect and report wrongdoing, and to cooperate to bring the individuals responsible to justice (corporate policing).10 We begin our analysis by determining the most effective approach to achieving this goal. We find that this goal is generally best achieved by imposing monetary sanctions for breach of generally applicable ex ante policing duties, as occurs in the traditional corporate criminal liability regime. Such duties can be enforced either by enhanced sanctions on firms that breached their policing duties and committed a substantive wrong (harm-contingent sanctions) or by sanctions on any firm that breaches these duties even if no substantive wrong occurred (non-harm-contingent sanctions).

By contrast, PDA mandates, which are imposed ex post on select firms with detected wrongdoing, are neither needed nor desirable, except in one particular situation: when a firm’s senior managers benefit personally from deficient policing even though the firm would be better off with optimal policing. These firms are plagued by what we call “policing agency costs.” Because senior managers obtain personal benefits from deficient policing, the threat of sanctions imposed on the firm for deficient policing may not be sufficient to induce them to ensure the firm undertakes effective policing.

We show that PDA mandates are a potentially effective solution to this problem. Properly designed PDA mandates can ameliorate policing agency costs by making it more difficult or more costly for senior managers to have the company undertake deficient policing. PDAs may be superior to regulation for imposing such measures because regulators cannot identify firms with severe policing agency costs ex ante. By contrast, prosecutors intervening ex post can often both identify firms with policing agency costs and employ information gained in the investigation to remedy the problem as a by-product of their criminal investigation.11

We conclude by evaluating the implications of our analysis for existing DOJ policy and for potential reforms. First, the current policy of encouraging prosecutors to impose PDA mandates whenever a firm with detected wrongdoing had a deficient compliance program is not justified. Rather, such mandates should be imposed only if the firm suffered from substantial policing agency costs.

Although identifying firms with policing agency costs inevitably requires ex post firm-specific analysis of the firm’s policing, we identify three circumstances that indicate that policing agency costs either do not explain previous deficient policing or are unlikely to be present in the future: first, when a publicly held firm has a controlling shareholder with sufficient power and incentives to induce managers to act in the firm’s best interest; second, when senior managers responded proactively by self-reporting suspected wrongdoing before any threat of disclosure and by fully cooperating; and third, when the firm has undergone a transformative change, such as a change in control, that affects the previously prevailing policing agency cost structure.12

Finally, we consider the implications of our analysis for the type of mandates that should be imposed. PDA mandates are justified only to the extent that they are effectively designed to reduce policing agency costs. Thus, PDAs must either impose precise duties falling on specific people who should expect to be held accountable for breach of these duties, or shift responsibility over policing to those less afflicted by agency costs, such as outside directors or external monitors. Mandates that are not designed to reduce policing agency costs, or mandates designed to improve corporate governance generally rather than policing agency costs specifically, are generally inappropriate.

This Article proceeds as follows. Part I shows how PDA mandates transform corporate criminal liability. Part II examines optimal corporate liability. Part III identifies policing agency costs as the only situation in which PDA mandates are plausibly superior to properly structured traditional corporate liability. Part IV examines the implications of our analysis for existing DOJ policy and presents suggestions for reform.

  • 1. PDA mandates can be imposed on any firm but usually are imposed on publicly held firms and their controlled subsidiaries, according to our data set. See also Cindy R. Alexander and Mark A. Cohen, The Evolution of Corporate Criminal Settlements: An Empirical Perspective on Non-prosecution, Deferred Prosecution, and Plea Agreements, 52 Am Crim L Rev 537, 569, 589–90 (2015) (finding that 91 of the 157 PDAs with public companies or their controlled subsidiaries from 1997 to 2011 included compliance mandates).
  • 2. Lawrence D. Finder, Ryan D. McConnell, and Scott L. Mitchell, Betting the Corporation: Compliance or Defiance? Compliance Programs in the Context of Deferred and Non-prosecution Agreements: Corporate Pre-trial Agreement Update–2008, 28 Corp Counsel Rev 1, 4–5 (2009).
  • 3. See Brandon L. Garrett, Structural Reform Prosecution, 93 Va L Rev 853, 897–99 (2007); Peter Spivack and Sujit Raman, Regulating the ‘New Regulators’: Current Trends in Deferred Prosecution Agreements, 45 Am Crim L Rev 159, 184–87 (2008); Finder, McConnell, and Mitchell, 28 Corp Counsel Rev at 4–5, 22–30 (cited in note 2). See also Vikramaditya Khanna and Timothy L. Dickinson, The Corporate Monitor: The New Corporate Czar?, 105 Mich L Rev 1713, 1720–26 (2007) (discussing corporate-monitor provisions in PDAs).
  • 4. Prosecutors can impose mandates on firms through PDAs or guilty pleas. The conclusions we reach regarding the appropriate purposes and forms of PDA mandates apply as well to mandates imposed through corporate guilty pleas.
  • 5. We use the term “traditional corporate liability” to refer to corporate liability regimes that rely on duties and sanctions created and announced ex ante, that are applied to all firms or all firms in a particular category, and that are enforced through monetary sanctions. Strict respondeat superior, corporate liability with mitigation of fines governed by the Organizational Sentencing Guidelines, and enforcement policies that offer full or partial leniency to firms that self-report are all examples of traditional corporate liability rules. See United States Sentencing Commission, Guidelines Manual § 8 (2015) (“Organizational Sentencing Guidelines”).
  • 6. Policing measures are measures that increase the probability that a crime is detected or sanctioned. See Jennifer Arlen and Reinier Kraakman, Controlling Corporate Misconduct: An Analysis of Corporate Liability Regimes, 72 NYU L Rev 687, 693 (1997). Effective compliance programs, self-reporting, and cooperation with federal authorities are all policing measures. See id at 706–07. By contrast, “prevention measures” deter by reducing employees’ incentives to commit a crime. Id at 693.

    Although the law does not technically require all firms to adopt an effective compliance program and self-report, the existing regime can be characterized as imposing duties to adopt an effective compliance program, self-report, and cooperate, enforced by harm-contingent sanctions, in that firms that fail to take these actions face higher sanctions under the Organizational Sentencing Guidelines for detected wrongdoing than do those that do undertake them. See Organizational Sentencing Guidelines § 8C2.5(f)–(g) (cited in note 5). In addition, federal enforcement authorities focus on effective compliance, self-reporting, and cooperation in deciding whether to indict a firm or to impose a PDA. See US Attorney’s Manual, Principles of Federal Prosecution of Business Organizations § 9-28.900 (“USAM”), in The Department of Justice Manual (Wolters Kluwer 3d ed 2016); Andrew Weissmann, The Fraud Section’s Foreign Corrupt Practices Act Enforcement Plan and Guidance *4 (DOJ, Criminal Division, Apr 5, 2016), archived at http://perma.cc/PV39-EFZ4 (“FCPA Pilot Program”) (indicating the importance of self-reporting in obtaining either a PDA or a declination). See also Part II.A.

  • 7. Daniel M. Mandil, Note, Chance, Freedom, and Criminal Liability, 87 Colum L Rev 125, 136–38 (1987). Throughout this Article we use the terms “substantive crime,” “substantive violation,” “substantive wrongdoing,” and “harm” to refer to any wrongdoing—for example, securities fraud—except for wrongdoing that takes the form of failing to undertake corporate policing intended to deter and detect substantive violations—for example, a failure to have an independent audit.
  • 8. See Garrett, 93 Va L Rev at 893 (cited in note 3) (“[N]o DOJ guidelines define what remedies prosecutors should seek when they negotiate structural reform agreements.”); Jennifer Arlen, Prosecuting beyond the Rule of Law: Corporate Mandates Imposed through Deferred Prosecution Agreements, 8 J Legal Analysis 191, 221 (2016). By contrast, the DOJ has issued guidance on a variety of other issues relating to corporate prosecutions, including (1) whether to impose extraordinary restitution, (2) when to seek a waiver of the attorney-client privilege, and (3) whether to impose a corporate monitor. USAM §§ 9-16.325, 9-28.1000, 9-28.710, 9-28.1500 (cited in note 6).
  • 9. See, for example, Arlen, 8 J Legal Analysis at 229–30 (cited in note 8); Garrett, 93 Va L Rev at 932–35 (cited in note 3); Spivack and Raman, 45 Am Crim L Rev at 187–90 (cited in note 3); Lawrence A. Cunningham, Deferred Prosecutions and Corporate Governance: An Integrated Approach to Investigation and Reform, 66 Fla L Rev 1, 5 & n 8 (2014); Rachel E. Barkow, The Prosecutor as Regulatory Agency, in Anthony S.
    Barkow and Rachel E. Barkow, eds, Prosecutors in the Boardroom: Using Criminal Law to Regulate Corporate Conduct 177, 189–90, 196–97 (NYU 2011). Indeed, some commentators have gone beyond calls for guidance and have exhorted the DOJ to abandon PDAs altogether. See, for example, David M. Uhlmann, Deferred Prosecution and Non-prosecution Agreements and the Erosion of Corporate Criminal Liability, 72 Md L Rev 1295, 1341–44 (2013).
  • 10. See Arlen and Kraakman, 72 NYU L Rev at 692–93 (cited in note 6) (identifying corporate policing and prevention as the two central goals of corporate liability); Jennifer Arlen, The Potentially Perverse Effects of Corporate Criminal Liability, 23 J Legal Stud 833, 835–36 (1994) (explaining that a central goal of corporate liability is to induce firms to help increase the probability that the offending employees are detected and sanctioned).
  • 11. Civil enforcement authorities, including regulators, who intervene ex post after a crime has occurred may also be able both to identify firms with policing agency costs and to determine mandates that can remedy the problem. In this Article, we examine only whether and when those ex post mandates that are imposed by PDAs are justified. We do not address mandates imposed by regulatory enforcement officials. For a discussion of the relative efficacy of regulators and prosecutors, see generally Miriam Hechler Baer, Governing Corporate Compliance, 50 BC L Rev 949 (2009).
  • 12. See Part IV.A.2.