Publication Date



Corporate compliance in most companies is carried out under the assumption that unethical and illegal conduct occurs in a more or less predictable fashion. That is, although corporate leaders may not know precisely when, where, or how compliance failures will occur, they assume that unethical employee conduct will be sprinkled throughout the company in a roughly normal distribution, exposing the firm to compliance risk but in a controllable manner. This assumption underlies many of the common tools of compliance — standardized codes of conduct, firm-wide compliance trainings, and uniform audit and monitoring practices. Because regulators also operate under this assumption, what is deemed an “effective” compliance program often turns on the program’s breadth and consistent application. But compliance failures — lapses of ethical decision making that are the precursors to corporate crime — do not necessarily conform to this baseline assumption. As with other aspects of criminal behavior, unethical and illegal acts in business may follow a “fat-tailed” distribution that makes extreme outcomes more likely. This volatility, exhibited both in the frequency of compliance lapses and the intensity of their harm, is a function of how individual decision making interacts with the complex networks within corporations. By failing to recognize this phenomenon, the compliance and regulatory community has mistargeted its efforts, focusing too much on the trivial many while not paying enough attention to the “power few” — those influential individuals within companies that foster extreme compliance risk. Using the Wells Fargo fake accounts scandal as a backdrop, this Article explains how corporate compliance has failed to consider the effects of the power few, how that failure has limited compliance effectiveness, and how corporate compliance and business regulation may be properly reoriented through an increased focus on behavioral ethics risk management.