Getting Tough with Corporate Privacy Violators

Privacy violations, which used to be a relatively minor compliance issue for large corporations, have now become a much more serious concern. And a recent Federal Trade Commission case could be a sign of more aggressive enforcement practices to come.

Back in the early 2000s, privacy cases consisted mainly of actions brought by state regulators against fly-by-night operations that ran afoul of Do Not Call rules by placing large numbers of unwanted marketing robocalls. The data in Violation Tracker indicate that aggregate federal and state privacy penalties across the country were only a couple of million dollars per year.

Over the past decade, total agency privacy penalties have grown substantially, exceeding $50 million each year since 2016. The blockbuster cases fall into two major categories. The first involves corporations that were fined for allowing major breaches of their customers’ data to occur. For example, in 2018 Uber Technologies had to pay $148 million to settle a case brought by state attorneys general for a breach of data on 57 million customers and drivers—and for attempting to cover up the problem rather than reporting it to authorities.

The other category consists of cases in which corporations were directly responsible for the privacy violation. In 2019, for instance, Google and its sister company YouTube agreed to pay $136 million to the FTC and $34 million to New York State to settle allegations that the companies violated rules regarding the online collection of personal data on children.

This category also includes the largest privacy penalty of all—the $5 billion paid by Facebook to the FTC in 2019 for violating an earlier order by continuing to deceive users about their ability to control the privacy of their personal information.

Also in this category is a recent case handled by the FTC and the Department of Justice against WW International (formerly Weight Watchers International Inc.). The agencies are collecting $1.5 million in civil penalties from the company for violating the Children’s Online Privacy Protection Act in connection with their weight management service for children, Kurbo by WW. The government had alleged that WW collected personal data such as names and phone numbers as well as sensitive information such as weight from users as young as eight years old without parental consent.

In addition to the monetary penalty, the FTC took the unusual (but not unprecedented) step of requiring WW to delete their ill-gotten data and destroy any algorithms derived from it. As a blog post from the law firm Debevoise & Plimpton points out, this kind of punishment can have a major impact, given that a single tainted dataset may require the destruction of multiple algorithms.

Requiring corporate miscreants to destroy intellectual property is in line with the ideas recently proposed by Consumer Financial Protection Bureau director Rohit Chopra for using measures beyond monetary penalties in regulatory enforcement. Chopra called for forcing misbehaving companies to close or divest portions of their operations—and, in the most egregious cases, to lose their charters.

The moves by the FTC and the CFPB are signs that regulators are recognizing that aggressive new enforcement tools are needed to shake up large corporations that have grown too comfortable paying their way out of legal jeopardy.

Reviving the Ultimate Corporate Punishment

Big business has despised the Consumer Financial Protection Bureau since its creation, and now the director of the agency has provided additional basis for that enmity. Rohit Chopra recently delivered a speech to the University of Pennsylvania Law School that amounted to one of the most aggressive statements on corporate misconduct ever made by a federal regulatory official. And he put forth some bold ideas for dealing with the problem.

Chopra began with the observation that the CFPB, which has been in operation for only about a decade, has had to take action against some major financial institutions on multiple occasions—five times in the case of Citigroup and four times against JPMorgan Chase, for example. These cases have resulted in billions of dollars in penalties and consumer redress.

The CFPB’s experience is not unique. “Repeat offenses – whether it’s for the exact same offense or more malfeasance in different business lines,” are, Chopra stated, “par for the course for many dominant firms.”

This conclusion is reinforced by the data collected in Violation Tracker. Over the past two decades, the commercial banks in the Fortune 100 have paid over $190 billion in fines and settlements. More than 100 corporations across all sectors have each paid over $1 billion in penalties.

The central question, as Chopra put it, is: “How do we stop large dominant firms from violating the law over and over again with seeming impunity? Corporate recidivism has become normalized and calculated as the cost of doing business; the result is a rinse-repeat cycle that dilutes legal standards and undermines the promise of the financial sector and the entire market system.”

Chopra’s address was remarkable in that it also put forth a vision for solving the problem. In addition to more prosecutions of individual executives, he calls for a focus on structural remedies, including putting restrictions on the ability of rogue corporations to grow.

This idea is not unprecedented; in fact, as Chopra notes, it was implemented by regulators in the case of Wells Fargo. In 2018, following revelations that the bank had created two million bogus customer accounts to generate illicit fees, the Federal Reserve took the unusual step of barring it from growing any larger until it cleaned up its business practices.

Chopra proposes to take even more aggressive measures. He wants to see misbehaving corporations forced to close or divest portions of their operations. He would deny such companies access to government-granted privileges. For example, pharmaceutical violators could lose their patents; lawless banks could lose access to FDIC deposit insurance.

Chopra indicated he is also exploring the most remedy of all: putting corrupt corporations out of business entirely. He warned that the CFPB will be deepening its collaboration with officials at the state level, where corporations are chartered, “to ascertain whether licenses should be suspended or whether corporate assets should be liquidated.”

In other words, Chopra is proposing greater use of what is often called the corporate death penalty (he doesn’t used that phrase). Such punishment is applied by some states in dealing with bad actors, but they are usually small, fly-by-night operations.

Talk of putting a large company out of business has been largely taboo since the case of accounting firm Arthur Andersen, which shut down in 2002 after being prosecuted for offenses relating to its role as the auditor of the fraudulent energy company Enron. There was a strong backlash in the business world against the prosecution, especially after the conviction was later overturned by the U.S. Supreme Court.

Chopra is no longer daunted by that episode. He argues that terminating corporate charters and licenses “should be considered for institutions of all sizes when the facts and circumstances warrant it.”

His speech may be a turning point in the prosecution of corporate crime. The two decades since the Enron/Arthur Andersen case have seen a tsunami of misconduct. Violation Tracker, whose mission is to document the phenomenon, is now up to more than 500,000 cases with fines and settlements of $786 billion.

While the penalties continue to accumulate, there is no evidence that corporate behavior is improving.  Another approach is needed. Chopra’s roadmap is a good place to start.

Policing the Grid

State public utility commissions are most frequently in the news in connection with their role in setting rates for electricity, gas and other regulated services. Yet they have another responsibility: protecting the interests of utility customers by monitoring the safety and consumer protection practices of the corporations under their jurisdiction.

As part of the latest expansion of Violation Tracker, the Corporate Research Project has collected data on more than 2,000 enforcement actions brought by PUCs around the country over the past two decades in which a penalty of at least $5,000 was imposed. Policing the Grid, a new report authored by freelancer Adam Warner and myself, analyzes what we discovered in those cases.

We found that a total of $13 billion in fines and settlements have been collected since 2000 by the PUCs and by state attorneys general in related cases brought against regulated companies. This amount is not evenly distributed among the states.

California has by far the latest share, $8 billion, or well over half of the national total. This is largely the result of cases brought against Pacific Gas & Electric, which has been hit with $5 billion in penalties, primarily for the role its poor power-line maintenance has played in causing devastating wildfires in the state. Southern California Edison has paid $842 million in wildfire cases as well as for other offenses such as submitting falsified data to the California Public Utilities Commission.

New York ranks second in penalties, with a total of $896 million. More than half of that figure is linked to Consolidated Edison, which has paid $528 million for offenses such as failing to prepare adequately for severe storms.

Five other states—Missouri, Massachusetts, West Virginia, Arizona and Illinois—have penalty totals in excess of $100 million. Texas has the largest number of cases, at 365, but it has collected only $67 million. Another $2.9 billion in penalties resulted from joint actions brought by groups of state attorneys general.

Other states have done much less in the way of utility safety and consumer protection enforcement. Twenty-nine states collected less than $10 million in penalties since 2000, including four– Alabama, Alaska, South Carolina and Wyoming—for which no cases with penalties of at least $5,000 could be found.

Some large corporations paid penalties in multiple states. For example, power generator NRG Energy, which ranks third among the parent companies with $1.2 billion in fines and settlements, faced cases in five states along with a multistate attorneys general lawsuit.  AT&T has paid penalties in 20 states and the District of Columbia, along with five multistate AG cases.

The Spanish energy company Iberdrola has, through its U.S. subsidiaries in the Northeast, faced the most enforcement actions (96), but most of the fines were relatively modest in size, keeping its penalty total to $27 million.

With the new utility cases, Violation Tracker now contains 512,000 entries from more than 400 federal, state and local agencies with total penalties of $786 billion.

Getting Corporations to Own Up to Their Climate Impact

The Securities and Exchange Commission, according to various media reports, is getting ready to issue a rule requiring publicly traded companies to disclose their greenhouse gas emissions in a standardized way for the first time. The rule, which the Commission has been working on since last year, would also oblige firms to detail the financial risks associated with those emissions.

Some business advocacy groups are already raising concerns about the policy, arguing it would be better to let companies decide on their own whether and how to divulge the information. An official at the U.S. Chamber of Commerce told the Washington Post that putting the data in an SEC filing would open corporations to lawsuits.

This ignores the fact that climate litigation is already happening—and the cases are often based on the failure of companies to inform investors about climate risks. Including the risk disclosures in SEC filings might actually reduce potential liability.

It is true that many firms are voluntarily making data on their greenhouse gas emissions public. The problem is with the voluntary nature of that process. In fact, this is the case for all the disclosures firms produce as part of their ESG initiatives.  

Leaving it up to individual firms to make transparency decisions creates a host of problems. First is the issue of consistency. If each company can choose to release the information in whatever format it chooses, it may be difficult or impossible to make comparisons across corporations.

Whether as part of a deliberate attempt to conceal bad performance or just laziness, companies may publish information with gaps in terms of time periods, types of emissions, locations of emissions, etc.

It is unclear what recourse stakeholders have if they believe a corporation’s voluntary disclosures are incomplete or inaccurate. Such lapses in an SEC filing are a much more serious matter. In that regard, the Chamber official is correct about liability—but only in cases in which the corporation seeks to deceive.

What makes the arguments against the SEC rule even less legitimate is that the federal government is already collecting data on CO2 emissions from companies through the EPA’s Greenhouse Gas Reporting Program. The difference is that the EPA is obtaining the data on individual facilities—some 8,000 of them—rather than for each company as a whole. For the largest emitters, this limitation is rectified by the Greenhouse 100 Polluters Index, produced by the Political Economy Research Institute at the University of Massachusetts, which aggregates the data by parent company.

These resources are valuable, but there is still a need for mandatory corporate-wide reporting by all publicly traded companies—ideally including the amounts contributed by each firm’s different facilities as well as by its supply chain.

There is also a need for such reporting by larger privately held companies, such as Koch Industries, which is number 23 on the Greenhouse 100 list.

Standardized and comprehensive greenhouse gas disclosure is all the more important at a time when fossil fuel advocates are using the war in Ukraine as a pretext for rolling back initiatives to address the climate crisis.

Corporations and the Ukraine Crisis

After the invasion of Ukraine brought sanctions against the Russian economy, the parent company of Japanese apparel retailer Uniqlo insisted it would continue to operate its 50 stores in the country. CEO Tadashi Yanai stated: “Clothing is a necessity of life. The people of Russia have the same right to live as we do.” A few days later, Uniqlo did an about-face, announcing it would suspend its Russian operations and contribute $10 million to the United Nations refugee agency.

Uniqlo is one of many corporations that have bowed to pressure to stop doing business in Russia. Oil majors BP, Shell and ExxonMobil are giving up multi-billion-dollar investments in the country. McDonald’s is temporarily closing hundreds of fast-food restaurants. Big accounting firms such as KPMG and PwC are abandoning the country, as are large law firms such as Cleary Gottlieb. Mastercard and Visa are no longer supporting credit cards issued by Russian banks.

A compilation by Jeffrey Sonnenfeld and others at the Yale School of Management lists more than 300 Western firms that have announced curtailments of their Russian operations. The number is up from several dozen when Sonnenfeld first published the list on February 28. There are still some holdouts. Sonnenfeld lists about three dozen mostly U.S.-based corporations that are still doing business in the country.

The magnitude and the speed of the corporate exodus from Russia has been remarkable. In some cases, the companies have little choice in the matter, given the financial and energy sanctions adopted by Western governments. Yet for the most part, the moves have been reactions to widespread repugnance in the U.S. and Europe over Putin’s attack on Ukraine and the reports of atrocities committed by his troops.

Some corporations saw the direction of public sentiment right away and moved quickly. Others, like Uniqlo, needed more prodding. McDonald’s, for instance, made its announcement after facing calls on social media for a boycott.

Overall, the departures illustrate how, under certain circumstances, large and powerful corporations can be compelled to do the right thing, even when it will cause disruption and have negative financial impacts. In the past, companies have often rebuffed calls for divestment by citing legal complications. In the current situation, many are acting first and will resolve those complications later.

For now, our concern has to focus on the fate of Ukraine, but the success in getting corporations to change their stance on Russia should inform subsequent efforts. We are seeing that aggressive government action plus an unwavering public outcry can get large companies to do things they previously would not consider.

It is not easy to generate the same degree of urgency now felt over Ukraine, where millions of people are facing an immediate threat, when it comes to issues such as climate change, which much of the corporate world is still treating as something that can be addressed over many years.

Yet we have to try, and now we know that corporate resistance is often a lot more fragile than we expect.

Credit Suisse and the Oligarchs

Russian banks are among the targets of Western sanctions in response to the invasion of Ukraine, but a financial institution in the middle of Europe is also part of the problem. According to recent press reports, Switzerland’s Credit Suisse is calling for the destruction of certain documents that could involve Russian oligarchs—a move that could impede efforts to locate and perhaps seize their assets.

The Financial Times is reporting that the bank is asking hedge funds and other investors to “destroy and permanently erase” documents relating to securitized loans backed by “jets, yachts, real estate and/or financial assets.” Credit Suisse had created these financial instruments to offload risks associated with its lending to the ultra-rich. When the Financial Times previously reported on these instruments, it described a presentation to potential investors mentioning that the bank had experienced defaults on yacht and aircraft loans to oligarchs related to U.S. sanctions.

It appears that Credit Suisse is concerned that the documents relating to the loans could be leaked. The bank has good reason to worry about unauthorized disclosures. It was recently the subject of a massive release of internal documents, dubbed Suisse Secrets, revealing its extensive dealings with individuals said to be involved in drug trafficking, money laundering and other corrupt practices.

Credit Suisse has a long history of ethically questionable behavior, extending back at least to the Second World War, during which it and other major Swiss banks allegedly profited by receiving deposits of funds that had been looted by the Nazis. In 1998 the banks agreed to pay a total of $1.25 billion in restitution.

After merging with investment bank First Boston in the 1970s, Credit Suisse became a significant player in U.S. financial markets and got into frequent trouble with regulators. Over the past two decades, it is racked up more than $10 billion in fines and settlements, as shown in Violation Tracker. This rap sheet includes a $5 billion settlement in 2017 concerning the sale of toxic securities and a $1.8 billion criminal penalty in 2014 for helping U.S. taxpayers file false returns.

Credit Suisse has also had previous problems relating to sanctions. In 2009 it had to pay $536 million to the U.S. Justice Department and the New York County District Attorney’s Office to settle allegations that it violated the International Emergency Economic Powers Act by engaging in prohibited transactions with Iran, Sudan and other countries sanctioned in programs administered by the Department of the Treasury’s Office of Foreign Assets Control.

The bank has also been implicated in bribery cases, paying $99 million last year to the Securities and Exchange Commission for fraudulently misleading investors and violating the Foreign Corrupt Practices Act in a scheme involving two bond offerings and a syndicated loan that raised funds on behalf of state-owned entities in Mozambique. The bank was also penalized nearly £300 million by the UK’s Financial Conduct Authority for the Mozambique matter.

Returning to the current situation, Credit Suisse is insisting that it has not been destroying any documents in its own possession while not denying it asked investors to do so. The bank may not have broken any laws in making this request, but it is a highly questionable action amid the current situation. Unfortunately, it is very much in keeping with Credit Suisse’s extensive track record of going out of it way to protect the disreputable clients with whom it likes to do business.

Conflicting Goals at Starbucks

More large corporations are said to be signaling their commitment to environmental and social goals by including those targets in the incentive packages offered to their chief executives.

That’s the message of a recent article in the Financial Times, which highlights the example of Starbucks CEO Kevin Johnson, whose $20 million compensation total in 2021 was based in part on reducing the company’s use of plastic straws and lowering methane emissions at the farms producing the milk for its lattes.

Those are laudable goals, but they may also amount to another form of greenwashing. After all, in the case of Starbucks, the company’s proxy statement indicates that the lion’s share of Johnson’s bonus was still determined by conventional financial benchmarks such as profitability.

There is also the question of whether the alternative metrics are all appropriate. Along with “planet-positive environmental goals,” the minority share of Johnson’s bonus was also set by “people-positive goals.” According to the proxy, that includes factors such as diversity. Yet what about other employment issues?

Starbucks is now in the midst of a widespread union drive among its baristas.  Since employees at a location in Buffalo, New York voted for representation in December, organizing drives have sprung up at outlets around the country. A new union called Starbucks Workers United has reported that National Labor Relations Board petitions have been filed at more than 100 locations around the country.

These initiatives have not exactly been welcomed by Starbucks management. While claiming it will bargain in good faith with the Buffalo group, the company is employing some traditional anti-union tactics, such as mandatory meetings in which managers seek to discourage organizing.

Johnson set the tone for this himself. Just before the vote in Buffalo in December, he gave an interview to the Wall Street Journal in which he trotted out the usual corporate line that unionization would destroy the rapport between workers and management: “It goes against having that direct relationship with our partners that has served us so well for decades and allowed us to build this great company.” Around the same time, the company sent a text message to workers saying: “Please vote and vote no to protect what you love about Starbucks.”

It remains to be seen whether the company will continue to rely on this guilt-tripping approach rather than hard-core unionbusting. An indication of where things may be headed was the move by the company earlier this month to fire seven activists at a Memphis location, claiming they violated safety rules.

This brings us back to Johnson’s bonus. Will his handling of the organizing drive factor into his 2022 bonus? If he succeeds in blocking widespread unionization of the chain, will that be seen as a “people-positive” achievement?

In all likelihood, next year’s proxy statement will be silent on the union campaign, regardless of how it turns out. Yet Johnson will no doubt be rewarded financially if he thwarts the effort.

And that points to the problem with the employment aspects of corporate social responsibility practices. While companies have come to regard environmental goals as changes that everyone can rally around, organizing drives are another matter. Faced with the prospect of unionization, even supposedly progressive companies still act like the benighted employers of a century ago.

Until corporations such as Starbucks begin respecting the right of workers to form unions and bargain collectively, they have no business presenting themselves as socially responsible.

The Pentagon Wakes Up to Arms Industry Concentration

Lockheed Martin’s decision to bow to pressure from the Federal Trade Commission and abandon its takeover of Aerojet Rocketdyne is a rarity. Such mergers among weapons producers were long encouraged by the Pentagon and approved by antitrust regulators. Bigger and more prosperous contractors were seen as being in the national interest.

This gave rise to a group of military leviathans. Along with Lockheed Martin, the result of the 1995 combination of Lockheed and Martin Marietta and the later addition of Sikorsky Aircraft, those giants include: Raytheon Technologies, which arose out of the 2020 merger of Raytheon and portions of United Technologies; Northrop Grumman, born out of the 1994 combination of Northrop Aircraft and Grumman Corporation; General Dynamics, formed from the 1950s merger of Electric Boat Company and Canadair; and Boeing, which gobbled up McDonnell Douglas in 1997.

Concentration, however, is no longer seen as a virtue in the arms industry. The Defense Department has just issued a report warning that the sharp reduction in competition among contractors is creating problems for the Pentagon. It points out that the number of aerospace and defense prime contractors is down from 51 in the 1990s to five today, making the military highly dependent on a very small number of producers in all categories of weapons systems.

This reduction in competition, the report argues, creates supply risks, increases costs and diminishes innovation: “Consolidations that reduce required capability and capacity and the depth of competition,” it states, “have serious consequences for national security.”

In place of the old approach of “bigger is better,” the report recommends heightening merger oversight, encouraging new entrants, increasing opportunities for small business, and hardening of supply chain resiliency.

For all its candor, one issue the report does not address is the checkered history of the big contractors in terms of honest dealing. They were all involved in numerous procurement scandals in the 1980s, the 1990s and into the 2000s. These ranged from massive cost overruns to cases of outright bribery.

The misconduct has continued. According to Violation Tracker, which covers cases back to 2000, the big five have paid more than $2 billion in fines and settlements in cases relating to government contracting—mainly violations of the False Claims Act. For example:

In 2006 Boeing paid $615 million to resolve criminal and civil allegations that it improperly used competitors’ information to procure contracts for launch services worth billions of dollars from the Air Force and NASA.

In 2008 General Dynamics agreed to pay $4 million to settle allegations that a subsidiary fraudulently billed the Navy for defective parts.

In 2014 a subsidiary of Lockheed Martin paid $27.5 million to resolve allegations that it overbilled the government for work performed by employees who lacked required job qualifications.

In 2009 Northrop Grumman agreed to pay $325 million to settle allegations that it billed the National Reconnaissance Office for defective microelectronic parts.

In 2008 Raytheon subsidiary Pratt & Whitney, then part of United Technologies, agreed to pay $50 million to resolve allegations it knowingly sold defective turbine blade replacements for jet engines used in military aircraft.

Now that the Pentagon is trying to reduce its dependence on giant contractors, it should also show less tolerance for corruption on the part of suppliers both large and small.

Building Back Unions

While its Build Back Better bill remains in limbo, the Biden Administration has been doing the smart thing by undertaking significant policy initiatives via executive order. Such steps cannot redistribute income or create big new social programs, but they can do some significant good.

That includes changes in the workplace. Biden recently signed an executive order requiring project labor agreements for all federal construction projects with a cost of $35 million or more. This will ensure that these projects are carried out by well-paid and well-trained tradespeople working with the protection of union contracts.

The order is not flawless. It contains exceptions that would allow agencies to forgo a PLA if they determine it would not advance “economy and efficiency” and under several other circumstances. Hopefully, these loopholes will not be abused. It’s a good sign that the anti-union Associated Builders and Contractors put out a statement blasting the order, claiming it will “needlessly increase construction costs.”

Encouraging the creation of high-quality union jobs by federal contractors is also part of a report just issued by the Administration’s Task Force on Worker Organizing and Empowerment. The document is an unabashed endorsement of unions as a force for raising living standards and workplace standards.

It argues for positioning the federal government as a model for cooperative labor-management relationships within its own workforce and for using the government’s spending power to promote stronger labor standards in private companies from which it purchases goods and services as well as in organizations receiving federal grants and loans.

The Task Force also makes the case for increasing union density in the private sector overall. Yet without legislation such as the Protecting the Right to Organize Act, which is stalled in the Senate, the Administration is limited to providing indirect support. The report includes a list of recommendations such as getting the National Labor Relations Board to use the web and social media to promote better understanding of worker organizing rights under existing federal law. It also suggests that high-level administration officials disseminate the same message through public service announcements.

This is all laudable but unlikely to make much of a difference. The main obstacle to worker organizing is not a lack of understanding of labor law but rather the ability of employers to flout that law with no real consequences.

More promising are the report’s recommendations concerning the enforcement of labor standards. Strong regulation works hand in hand with union organizing to exploitative working conditions.

Among the suggestions is a call for closer cooperation between the Labor Department and the Internal Revenue Service to investigate worker misclassification, a practice which not only undermines overtime pay rules but also interferes with proper payroll tax collection.

Reading the report, one gets the impression that the Task Force was trying to find every last way to use the federal government to help unions. The laundry list includes numerous arcane ideas such as instructing the Department of Education to include labor-management collaboration as a criterion in awarding competitive grants.

After decades in which the spirit of the National Labor Relations Act has been largely ignored by both Republican and Democratic presidents, it is heartening to see an administration so driven to promote labor rights. Yet it is going to take much more substantial measures to reverse the decline of private sector unionization.  

Toxic Corporate Culture

Most large companies like to brag about their corporate culture, seeing it as a key factor in their success. Yet when an independent assessment is done, the results may tell a very different story.

The latest example of this is taking place at the Anglo-Australian mining giant Rio Tinto Group, which has operations in more than 30 countries. A report commissioned by the company from an outside expert paints a dismal picture of workplace culture in its mines and other facilities around the world.

Elizabeth Broderick, Australia’s former sex discrimination commissioner, conducted an investigation that included a survey completed by more than 10,000 employees as well as more than 100 group listening sessions, 85 confidential individual interviews, and 138 written submissions.

Based on all this, Broderick found that Rio Tinto’s workplace culture is marked by widespread bullying, sexual harassment and racism. She found that the harmful behavior was not limited to the male-dominated manual workforce. Managers, including those at senior levels, often tolerated the behavior or even demonstrated it themselves.

Among the most disturbing findings was that 21 female employees reported experiencing actual or attempted rape or sexual assault during the past five years.

High percentages of the employees had not reported the various forms of mistreatment, believing either that their concerns would not be taken seriously or that they might face repercussions for filing a complaint. Broderick writes: “Employees believe that there is little accountability, particularly for senior leaders and so called ‘high performers’, who are perceived to avoid significant consequences for harmful behaviour.”

In a company press release about the report, CEO Jakob Stausholm stated: “I feel shame and enormous regret to have learned the extent to which bullying, sexual harassment and racism are happening at Rio Tinto.” The implication was that the revelations came as a surprise, thus making management somewhat less culpable.

Yet Stausholm and other senior executives must have been well aware of the problems for some time. The Broderick report was commissioned in response to previous revelations, such as those that emerged from a West Australia parliamentary inquiry last year.

Moreover, Rio Tinto does not exactly have an unblemished track record when it comes to the treatment of employees or the communities in which it operates. Mining industry critic Danny Kennedy once called the company—a frequent target of criticism over its policies relating to the environment, labor relations, and human rights—“a poster child for corporate malfeasance.”

In the area of human rights, Rio Tinto’s sins include having operated a uranium mine in Namibia, in violation of United Nations decrees, during a period in which apartheid-era South Africa still occupied the country. It has also been accused of abuses at mines in Indonesia and Papua New Guinea. A lawsuit was filed against Rio Tinto in the United States under the Alien Tort Claims Act, alleging that the company colluded with local authorities in Papua New Guinea to violently suppress protests. It was ultimately dismissed.

In 2020 Rio Tinto’s then-CEO Jean-Sebastian Jacques was pushed out after shareholders demanded he face more serious consequences in the wake of a decision to destroy ancient rock shelters in Australia’s Juukan Gorge that were sacred to two Aboriginal groups.

The question now surrounding Rio Tinto is whether it will see the Broderick report as more than a public relations problem to overcome and make meaningful changes throughout its operations, including the policies adopted by those at the top.