The $1 Trillion Cost of Corporate Misconduct

When you hear a reference to $1 trillion, it usually is in connection to the stock market capitalization of a handful of the largest tech companies. Yet that ten-figure number can now also be applied to what those companies and others have together paid in fines and settlements to resolve allegations of misconduct.

The total penalties documented in the Violation Tracker database for the period from 2000 through the present now surpass $1 trillion. To mark this milestone, my colleagues and I have just issued a report called The High Cost of Misconduct, which looks back at the last quarter-century of corporate crime and regulatory non-compliance.

Total payouts grew from around $7 billion per year in the early 2000s to more than $50 billion annually in recent years. This amounts to a seven-fold increase in current dollars, or a 300 percent increase in constant dollars.

The $1 trillion total could not have been reached without the massive penalties paid by companies such as Bank of America ($87 billion, mainly in connection with the toxic securities and mortgage abuses scandals of the late 2000s), BP ($36 billion, mainly from the Deepwater Horizon disaster), Wells Fargo ($27 billion, largely from the bogus accounts scandal), and Volkswagen ($26 billion, primarily from the emissions cheating scandal). There are 127 companies with penalty totals of $1 billion or more.

With these companies and many others, their totals reflect flagrant recidivism. Looking only at the more serious cases, two dozen parents have been involved in 50 or more cases in which they paid fines or settlements of $1 million or more. Bank of America has the most, with an astounding 225 such cases.

While the vast majority of the 600,000 cases in Violation Tracker are civil actions, the database contains more than 2,000 entries involving criminal charges. These account for more than 13 percent of the $1 trillion penalty total. Twenty-six parent companies have paid $1 billion or more in criminal cases, with the largest totals coming from the French bank BNP Paribas in connection with economic sanctions violations and from Purdue Pharma for its role in causing the opioid epidemic.

In many of these criminal cases, the companies were able to resolve the matter without having to plead guilty. That is because the Justice Department makes extensive use of arrangements known as deferred prosecution agreements and non-prosecution agreements. These are leniency deals by which companies pay substantial penalties but avoid a criminal conviction. Violation Tracker documents more than 500 cases involving a DPA or an NPA, with total penalties of more than $50 billion.

The theory behind these leniency agreements is that companies will learn from their mistakes and clean up their conduct. Yet there have been numerous instances of companies that signed a DPA or NPA ending up embroiled in another scandal. Amazingly, some of these companies were offered another leniency agreement, thus making a mockery of the deterrence concept. Among the double-dippers are American International Group, Barclays, Boeing, Deutsche Bank, HSBC, and Teva Pharmaceuticals.

The fact that penalties have reached the 10-figure level suggests that during the past quarter century we have been living through a continuous corporate crime wave. Every year, companies pay out billions of dollars for a wide range of offenses. Many large corporations are fined or enter into settlements over and over again, often for the same or similar misconduct.

Monetary penalties are meant in part to deter future transgressions, but there is no indication that is happening. Instead, the fines and settlements seem to be regarded as little more than a cost of doing business. Presumably, the profits from wrongdoing outweigh the penalties.

It is odd that amid a move to return to tougher policies to combat street crime, there is not an analogous effort to crack down on corporate crime. Instead, the Justice Department continues to employ leniency agreements that have frequently been ineffective in getting rogue companies to change their ways. The DOJ also remains reluctant to bring criminal charges against corporate executives, except in the most flagrant circumstances.

In a few cases, DOJ has experimented with different approaches, including forcing companies to exit lines of business in which they behaved illegally. Last year, for example, Teva Pharmaceuticals and Glenmark Pharmaceuticals were not only fined for scheming to fix prices of several generic drugs—they had to divest their operations relating to one of the drugs. That kind of penalty should shake up companies more than fines alone and thus should be used more frequently.

Mega-Scandals

Over the past quarter century, large corporations have paid hundreds of billions of dollars in fines and settlements for a wide range of misconduct. In Violation Tracker we document many thousands of these cases and place them in various categories. We have just added a new way of looking at the most egregious kinds of wrongdoing.

On the website we now identify clusters of major cases in which companies paid substantial penalties—from $25 million up to the billions—for practices that harmed large numbers of consumers, workers, investors or community members. We call these Mega-Scandals.

Chronologically, the first mega-scandal was the series of accounting and corruption scandals of the early 2000s at companies such as Enron, the high-flying energy trading company that went out of business—taking its auditor Arthur Andersen with it—when it turned out to be engaged in brazen accounting fraud.

Similar misconduct came to light at companies such as WorldCom, a telecommunications provider found to have inflated its assets by billions of dollars; Tyco International, a security systems firm whose CEO was convicted of misusing corporate funds to support a lavish personal lifestyle; and Adelphia Communications, whose principals were found guilty of looting the firm. One of the new mega-deal summary pages in Violation Tracker documents over $6 billion in penalties resulting from these cases.

The magnitude of the Enron era cases would be dwarfed by another mega-scandal which erupted later in the 2000s. It was the outgrowth of a period of financial deregulation that allowed Wall Street to create a slew of complex investment products backed by shaky home mortgages. When the housing market softened and many of those mortgages became delinquent, the value of residential mortgage-backed securities plunged. They came to be known as toxic securities.

The country avoided a complete financial collapse, but those toxic securities brought about significant legal and monetary consequences for the financial institutions held responsible for devising and marketing them. They found themselves the target of major lawsuits brought by the federal government, state governments, institutional investors and others. We estimate that the banks ended up paying more than $148 billion in fines and settlements, making this the most expensive of the mega-scandals.

The legal fallout from the financial crisis was also felt by the financial institutions that originated those shaky home mortgage loans behind the toxic securities. In some cases, they were part of the same banks that marketed the securities. Banks were sued both for luring low-income consumers into unsustainable mortgages and for misleading investors about those practices.

Far and away, the biggest payout in this category came from Bank of America, whose $53 billion total resulted from giant settlements with the U.S. Justice Department, state attorneys general, the loan guarantee agency Fannie Mae and others. JPMorgan Chase and Wells Fargo each racked up close to $9 billion in payouts. Overall, the mortgage abuse cases resulted in fines and settlements of more than $80 billion.

It was not long after the financial crisis that the next corporate mega-scandal burst onto the scene. It began on April 20, 2010 when an explosion occurred at the Deepwater Horizon drilling rig operated by BP in the Gulf of Mexico (photo). The accident killed 11 crew members and released a vast amount of oil into the gulf. It turned out to be the largest oil spill in history.

BP—along with the owner of the rig, Transocean, and Halliburton, which helped construct it—faced a wave of litigation alleging deficiencies in their actions before, during and after the accident. They ended up paying about $36 billion in settlements, with most of that coming from BP.

The pharmaceutical industry is responsible for several mega-scandals, the worst of which is the role drugmakers played in bringing about the opioid epidemic. Much of the blame has fallen on Purdue Pharma, which was relentless in promoting pain killers such as oxycodone, downplaying the risks of addiction even as overdose deaths soared. Purdue finally consented to a settlement in which it agreed to pay $8 billion and effectively go out of business, though the deal has been caught up in controversy over the effort of the Sackler family, which controlled the company, to shield itself from liability.

Other companies such as drug wholesalers and pharmacy chains have also faced major litigation over their alleged failure to question the enormous volume of prescriptions coming from dubious sources such as shady pain clinics known as pill mills. The Violation Tracker tally on the opioid mega-scandal estimates that total payouts have now surpassed $70 billion.

Among the other mega-scandals are:

  • The emissions cheating controversy centering on Volkswagen: $32 billion.
  • The wildfire liability controversy centering on PG&E: $18 billion.
  • The bogus bank account controversy centering on Wells Fargo: $8 billion.

More on these and other mega-scandals can be found on the Violation Tracker Summaries Page. Mega-scandals are also now included in the Offense Type dropdown on the Advanced Search page and thus can be combined with other variables.

Biometric Battles

The Alabama IVF court ruling and the move for a national abortion ban highlight the rising threat to reproductive freedom. Another battle over bodily autonomy is taking place in the corporate world. It revolves around the question of whether companies have the right to gather biometric information about employees or customers without their full consent.

Collection of fingerprints and voiceprints is not as oppressive as restricting the right to terminate a pregnancy, but it raises a legitimate privacy concern nonetheless. This is especially true as more companies embrace facial recognition, iris scanning and the like.

Disputes over biometric data collection frequently end up in court, where plaintiff lawyers bring class action claims and often win substantial settlements. For example, the Presence Health Network in Illinois just agreed to pay $2.6 million to settle litigation alleging that the privacy rights of employees were violated by requiring them to scan their fingerprints for timekeeping without first obtaining consent.

Violation Tracker documents 30 similar fully resolved lawsuits with total settlements of $1 billion. These cases are typically brought under the Illinois Biometric Information Privacy Act, a 2008 law that is the strictest in the nation. BIPA cases can be brought in state court in Illinois, but in certain circumstances they can be filed in federal court.

Some of the biggest settlements have come in federal cases. The largest of all is the $650 million payment by Facebook in 2021 to resolve claims that its collection of facial data from users violated BIPA. The following year TikTok paid out $92 million in a similar case.

The largest state court settlement was the $100 million paid by Google in connection with facial data collected by its photo service. In another state case, Six Flags agreed to pay $36 million to resolve claims it improperly collected fingerprint data from pass-holders.

Large employers which have entered into biometric settlements include Walmart, which paid $10 million to resolve claims it improperly collected worker handprints, and the Little Caesar pizza chain, which agreed to pay nearly $7 million to settle litigation alleging it violated BIPA by using a fingerprint-based timekeeping system without getting informed consent from employees.

BIPA lawsuits rarely go to trial. The risks for companies of refusing to settle are illustrated by a case brought against BNSF by a class of 44,000 truck drivers who claimed the railway company improperly collected their fingerprints. In 2022 a federal jury found in favor of the plaintiffs and awarded up to $228 million in damages. That award was thrown out for technical reasons, but the company recently agreed to settle the matter for $75 million.

Cases arising out of BIPA have prompted other states to consider adopting their own biometric privacy legislation, yet none have begun to match the Illinois law. Efforts in Congress to pass a national law have also made little progress.

For now, BIPA class actions are the main thing standing in the way of the corporate effort to turn us all into human bar codes.

Blowing the Whistle on Procurement Fraud

A federal judge recently ordered Gen Digital Inc. to pay $53 million in damages for cheating the federal government. The case against the company—formerly known as NortonLifeLock, a spinoff of Symantec Corp.—originated in a lawsuit filed by whistleblower Lori Morsell, who stands to receive a share of the payout. While working at Symantec more than a decade ago, Morsell discovered that the company was failing to provide federal agencies the discounts it made available to other customers.

Gen Digital is the latest in a long line of federal contractors whose misconduct has been punished through what are known as qui tam lawsuits. (Qui tam is derived from a Latin phrase meaning “who sues on behalf of the king as well as for himself.”) These are cases enabled by the False Claims Act in which someone with information about fraud against a public entity can file a suit on behalf of the government. The practice in the U.S. dates back to the Civil War era.

In many situations, the Justice Department will choose to intervene in the matter, in effect taking over the prosecution, but the whistleblower is typically awarded a portion of the damages or settlement. A large portion of the more than 2,500 False Claims Act cases documented in Violation Tracker, which account for $60 billion in penalties, began as qui tam actions.

Federal prosecutors do not intervene in every whistleblower case. Given that the plaintiff may not have the resources to pursue the matter independently, most of these cases end up being dropped. Yet substantial settlements are sometimes achieved without government involvement, though the feds share in the proceeds. Here are some examples.

In 2022 State Farm Fire & Casualty Co. agreed to pay $100 million to settle allegations it violated the False Claims Act in connection with claims improperly submitted to the National Flood Insurance Program after Hurricane Katrina.

In 2011 Medline Industries agreed to pay $85 million to settle allegations that it violated the False Claims Act by paying illegal kickbacks to healthcare providers who purchased its medical supplies using federal funds.

In 2016 Novartis agreed to pay $35 million to settle allegations it violated the False Claims Act by marketing the eczema cream Elidel for use on infants, even though it was only approved for older patients.

Also in 2016, Ocwen Loan Servicing agreed to pay $30 million to settle allegations that two of its subsidiaries violated the False Claims Act by submitting incorrect information to the Treasury Department’s Home Affordable Modification Program.

Successful qui tam cases have become so common that it is easy to take them for granted and assume that this practice is widespread in other countries. That is not the case, even in the United Kingdom, where the practice originated centuries ago but later fell into disuse.

This could change. Recently, Nick Ephgrave, the director of the UK’s Serious Fraud Office gave a speech in which he endorsed the idea of compensating whistleblowers. Such a move would give a major boost to the prosecution of procurement fraud in the UK, which lags far behind the United States in dealing with this perennial problem.

Back here, the legal status of whistleblowers has been strengthened even as the power of regulatory agencies has been challenged. This applies both to False Claims Act cases and those brought under other laws with whistleblower provisions, such as the Sarbanes-Oxley Act. Recently, the U.S. Supreme Court ruled unanimously that whistleblowers seeking compensation after being fired for exposing misconduct do not need to prove an employer acted with retaliatory intent.

The U.S. has a long and impressive history of using qui tam whistleblower cases to fight corporate fraud against the public. The UK would do well to revive its own use of this effective tool.

Koch Industries and the Attack on Regulation

Donald Trump’s rants about the deep state are designed to deflect attention away from his own transgressions. An even more sinister attack on the legitimacy of the federal executive branch is taking place in the U.S. Supreme Court, and the result could strike a serious blow against corporate accountability.

The Court just heard oral arguments in two cases that were purportedly brought by commercial fishermen protesting their obligation to help pay for the cost of monitoring compliance with the Magnuson-Stevens Fishery Conservation and Management Act.

Instead of addressing that narrow issue, the cases are being used to challenge one of the bedrocks of federal regulation—the 40-year-old Chevron doctrine under which courts have given deference to agencies in interpreting laws relating to the environment, consumer protection, and the like.

It is standard procedure for Corporate America to use small businesses as a wedge for achieving changes that provide a lot more benefit to large companies. There was little doubt this was the dynamic at play in the fishing case.

The New York Times made this even more evident in an article revealing that the supposed public interest law firm bringing the fishing case is closely linked to billionaire Charles Koch, who has long sought to weaken government oversight of business as part of a broad rightwing agenda. Charles Koch and his late brother David bankrolled libertarian think tanks such as the Heritage Foundation and the Cato Institute as well as activist groups such as Americans for Prosperity.

This crusade has not been solely a matter of ideology. There is also a great degree of self-interest involved. That’s because Koch is the chairman of Koch Industries, a privately held industrial conglomerate that has for decades clashed with regulators and prosecutors.

In the period since January 2000, the company has, as documented in Violation Tracker, been involved in hundreds of federal, state and local regulatory cases and has had to pay more than $1 billion in fines and settlements.

Most of these penalties have been paid by Koch’s numerous subsidiaries, which do business in industries that often run afoul of environmental and workplace safety rules. These include Flint Hills Resources (petroleum), Georgia-Pacific (pulp and paper), Guardian Industries (glass and coatings), and Invista (polymers and fibers).

Koch Industries has long used its political influence to try to protect the company against the consequences of its regulatory infringements. For example, in 2000 a federal grand jury in Texas returned a 97-count indictment against the company and four of its employees for violating federal air pollution and hazardous waste laws in connection with benzene emissions at the Koch refinery near Corpus Christi.

The company was reportedly facing potential penalties of some $350 million, but in early 2001 it got the newly installed Bush Administration’s Justice Department to agree to a settlement in which many of the charges were dropped and the company pled guilty to concealing violations of air quality laws and paid just $10 million in criminal fines and $10 million for environmental projects in the Corpus Christi area.

Now Koch is trying to achieve a lot more through its friends on the Supreme Court. A decision that overturns the Chevron doctrine would severely weaken the ability of federal regulators to do their job and would be a boon to serial offenders such as Koch.

The 2023 Corporate Rap Sheet

The splashiest corporate crime prosecutions in 2023 came in the crypto sector. Binance pleaded guilty to charges of violating anti-money-laundering regulations and paid over $4 billion in criminal and civil penalties; its founder and CEO Changpeng Zhao was also charged personally and admitted guilt. The Justice Department won a conviction on fraud and conspiracy charges of crypto mogul Sam Bankman-Fried in connection with the collapse of his FTX exchange.

Otherwise, the DOJ has not had many blockbuster cases this year, and many of its bigger successes have involved foreign-based corporate defendants. Among the latter are a $1.4 billion settlement with the Swiss bank UBS in a toxic securities case that originated during the financial crisis a decade ago and a $629 million settlement with British American Tobacco involving a scheme to evade economic sanctions against doing business with North Korea.

While major convictions and settlements lag, DOJ has stepped up its dubious policy of corporate leniency. This includes frequent use of non-prosecution and deferred prosecution agreements under which companies are allowed to sidestep criminal pleas by agreeing to pay monetary penalties and promising to change their behavior—promises that are often broken.

During this year, DOJ has offered companies NPAs and DPAs at least 17 times. Among these are the British American Tobacco case cited above, a price-fixing case against Teva Pharmaceuticals, and a foreign bribery case against the chemical company Albemarle. A DPA was also used by the Occupational Safety and Health Administration to resolve a case against a construction company called Skinner Tank on charges of willfully ignoring safety regulations and creating conditions that led to the death of a worker.

DOJ is also making increasing use of another form of leniency known as a declination. Companies that self-report illegal behavior that occurred under their roof are given a guarantee they will not be prosecuted and are allowed to pay a reduced fine. A DOJ webpage lists three declinations for this year, but a report by Public Citizen suggests that the department may be agreeing to keep some of these deals confidential.

Among most other federal agencies, this year has seen only a sprinkling of large case resolutions against major companies. For example, the Commerce Department’s Bureau of Industry and Security fined Seagate Technology $300 million for export control violations in its sale of disk drives to China’s Huawei Technologies. The Federal Reserve fined Deutsche Bank $186 million for failing to comply with previous consent orders involving sanctions compliance and anti-money-laundering practices.

Although most of its penalties are below $100 million, the Consumer Financial Protection Bureau has brought a steady stream of cases against financial predators. These include a $90 million penalty against Bank of America for imposing unfair overdraft fees, withholding reward bonuses explicitly promised to credit card customers, and misappropriating sensitive personal information to open accounts without customer knowledge or authorization.

The Securities and Exchange Commission has kept up its case volume, but the number of large resolutions in 2023 has been down from the previous year. And a larger portion of those major cases involve civil add-ons to criminal bribery cases brought by the Justice Department under the Foreign Corrupt Practices Act. There are also signs that the SEC is joining the leniency bandwagon. Recently, the agency waived a $40 million penalty against the drug company Mallinckrodt in a case related to its failure to disclose loss contingencies linked to an investigation of its Medicaid billing practices.

The Federal Trade Commission has also tended toward smaller settlements this year, though that agency handles many matters—including merger reviews—that may not involve monetary penalties. The biggest fine it imposed this year was $25 million in a case against Amazon.com for violating the Children’s Online Privacy Protection Act Rule.

The Environmental Protection Agency has held steady in 2023. Its largest settlement has been a $242 million deal with BP in which the oil giant paid a $40 million penalty and agreed to spend $197 million on emission control upgrades at its Whiting refinery in Indiana.

Major cases have been down at the state level. There have been about two dozen resolutions involving penalties of $50 million or more, compared to the previous year’s total of 50, which included numerous opioid-related settlements. This year there has been one such settlement involving a $1.4 billion deal with supermarket chain Kroger.

Year to year changes do not tell the whole story, yet it is discouraging to see a drop-off in successful major enforcement actions.  Let’s hope that in 2024 both federal and state regulators and prosecutors find the means to step up the pressure on rogue corporations.

Note: Details on the cases cited above and many more are in Violation Tracker.

Getting Tougher on Product Safety

For most of its history, the Consumer Product Safety Commission has not been the most aggressive federal regulator. Created in 1972, the agency has depended primarily on voluntary recalls of dangerous products by manufacturers. Its budget is below $200 million and its staff numbers around 500, both tiny by DC standards.

While the CPSC has the ability to use monetary penalties when companies fail to disclose hazards, it is relatively restrained in its use of that power. As shown in Violation Tracker, the agency has imposed a total of $397 million in fines against companies since 2000. More than half of that total has come since the Biden Administration took office. By comparison, the Consumer Financial Protection Bureau, which started operating in 2011, has racked up more than $17 billion in fines and settlements.

For all these reasons, it is significant that the CPSC and the Justice Department recently announced that a federal jury in Los Angeles had returned a guilty verdict in the first-ever criminal prosecution brought against corporate executives under the Consumer Product Safety Act.

The defendants in the case were the chief administrative officer and the chief executive officer of Gree USA, Inc., a subsidiary of the Chinese-owned Hong Kong Gree Electric Appliances Sales Co., Ltd. The two men were charged with deliberately withholding information about defective dehumidifiers that could catch fire and selling these units with false certification marks that the products met applicable safety standards. They were convicted of conspiracy to defraud the CPSC and failure to meet reporting requirements, though they were acquitted of wire fraud.

Gree itself has also been targeted by the CPSC. The company has paid more in fines to the CPSC than any other company over the past two decades. That includes a $91 million penalty that was by far the largest single fine brought by the agency during this period. It was also the first criminal enforcement action under the Consumer Product Safety Act.

The impact of that was softened by the decision of the Justice Department to offer Gree a leniency deal in the form of a deferred prosecution agreement by which the company was able to avoid pleading guilty to the charges.

On the other hand, DOJ and CPSC took the bold step of going after the two Gree officials individually. It took four years from the time the two men were indicted, but their conviction sends a powerful message to executives that they can be held personally responsible for brazen disregard of product risks. The Gree executives are scheduled to be sentenced next March and could receive up to five years in prison.

The debate over how to deal with corporate crime is often framed as a choice between penalizing the company and prosecuting executives. The Gree case shows the value of using both approaches at the same time. That makes it more likely the message will get through to everyone in a rogue company that it has to change its practices in a fundamental way.

The CFPB Fights On

The Washington Post recently published a long examination of the obstacles facing the Consumer Financial Protection Bureau in its effort to rein in payday lenders which prey on low-income families. The leading companies in the industry have managed to block various investigations of their practices.

The agency’s difficulties mainly stem from a lawsuit brought by financial industry groups challenging the way in which the CFPB is funded. It is based on disingenuous arguments about the separation of power between the executive branch and Congress. The case made its way to the U.S. Supreme Court, which heard oral arguments last month but has not yet issued a ruling.

The good news is that the CFPB, which is no stranger to opposition from powerful corporate and Congressional foes, is not backing down. While the payday lending cases may be stalled, the agency is aggressively targeting other bad actors.

Last month, the CFPB fined the credit reporting giant TransUnion $23 million for violating the Fair Credit Reporting Act by failing to ensure the accuracy of the information it supplies to landlords for screening of tenant applications. Last week, the agency fined Citibank over $25 million for intentionally discriminating against Armenian Americans in reviewing credit card applications and then lying to those applicants about the reason for the denial.

In its latest action, the CFPB goes after the online lender Enova International Inc. for what the agency calls “widespread illegal conduct including withdrawing funds from customers’ bank accounts without their permission, making deceptive statements about loans, and cancelling loan extensions.”

This is not the first time the CFPB has targeted Enova. In 2019 it fined the company $3.2 million for many of the same practices. That penalty apparently did not get Enova to change its ways. The CFPB found that more than 100,000 customers have been subjected to abuses during the past four years.

To its credit, the CFPB is not just issuing another cease-and-desist order and imposing a larger fine ($15 million) this time around. It is also restricting some of Enova’s business and putting a crimp in the wallets of the company’s top managers.

Specifically, the CFPB is banning Enova for a period of seven years from offering or providing closed-end consumer loans that must be substantially repaid within 45 days. It is also requiring the company to reform its executive pay practices so that compensation is determined in part by compliance with federal consumer financial law.

This approach of restricting a rogue corporation’s business is potentially more effective than simply upping the fine. The same goes for making top executives personally feel some financial pain as a result of their failure to end the misconduct.

In its dozen years of existence, the CFPB has an impressive track record of policing misconduct in the financial services sector. As shown in Violation Tracker, it has imposed more than $17 billion in penalties against miscreants large and small. Let’s hope it is able to go on performing this essential mission.

Banking on Stereotypes

There are about half a million people in the United States with Armenian surnames. Managers at Citigroup apparently decided that all of them are criminals and went to great lengths to deny them credit cards.

That accusation is the basis of a $25 million penalty just imposed on Citi by the Consumer Financial Protection Bureau. The agency alleges that supervisors at the bank ordered employees to discriminate against credit applicants deemed to be of Armenian origin based on the spelling of their family name—especially those living in and around Glendale, California, home to the country’s largest concentration of Armenian-Americans. To hide the blacklisting, applicants were given bogus reasons when their applications were denied.

Individual Armenian-Americans have been involved in organized crime. Earlier this year, a reputed Armenian mafia figure in the Los Angeles area was sentenced to 40 years in prison in connection with a scheme to fraudulently claim more than $1 billion in refundable renewable fuel tax credits.

Yet the existence of mobsters who belong to a particular ethnic group is hardly a justifiable basis for discriminating against everyone who shares that national origin. Citi’s alleged practices constituted a textbook violation of the Equal Credit Opportunity Act.

The CFPB enforcement action is a reminder that not all corporate discriminatory practices involve hiring, pay levels, promotion and other conditions of employment. Companies can also discriminate against customers based on race, gender, national origin, etc. In Violation Tracker we document more than 500 such cases dating back to 2000.

Many of these involve financial institutions accused of unfair treatment of African-American and Latino borrowers. Some of these are holdovers of the longstanding practice of redlining, in which credit is denied to those living in communities with demographic characteristics banks regard as undesirable. Earlier this year, Park National Bank paid $9 million to settle Justice Department allegations it redlined parts of Columbus, Ohio.

There have also been some cases involving other minorities. In 2016 Toyota Motor Credit was fined $21.9 million by CFPB for charging higher interest rates to Asian and Pacific Islander borrowers (as well as African-Americans) on automobile loans.

The cases I found that were closest to Citi matter were actions involving discrimination against Arab-Americans in the wake of 9/11. The most relevant was a 2006 settlement reached by the Massachusetts Attorney General and Bank of America to resolve allegations that Fleet Bank, which BofA acquired in 2004, had improperly closed the accounts of customers with Arabic names, supposedly to guard against the channeling of funds to terrorist groups.

It is ironic to see the likes BofA and Citi portraying themselves as so concerned about potential bad actors that they stereotype entire ethnic groups. If any group deserves to be so stereotyped it is the big banks themselves.

BofA is by far the most penalized company in the United States, with over $87 billion in cumulative fines and settlements since 2000. Citi ranks sixth with nearly $27 billion in penalties. They need to clean up their own houses rather than making assumptions about the behavior of others.

The Missing Crackdown

Joe Biden came to office vowing to get tough on corporate abuses, reversing the soft-on-white-collar-crime approach of his predecessor. Biden went on making those promises, and they were echoed by Attorney General Garland and other Justice Department officials.

That crackdown, however, has not materialized. A new report from Public Citizen shows that the Justice Department concluded only 110 corporate criminal prosecutions in 2022—lower than in any year of the Trump Administration. In fact, it was the smallest number since 1994.

In addition to the decline in overall cases, Public Citizen points out a drop in the number of those cases in which the defendant company received a leniency deal. These are arrangements known as non-prosecution and deferred prosecution agreements in which a firm can avoid a guilty plea by paying a penalty and promising to change its behavior.

Those pledges are frequently broken, and the companies are charged again. Instead of throwing the book at these recidivists, DOJ often offers them a new leniency agreement, making the whole process a farce.

As Public Citizen notes, a decline in leniency agreements would be a good thing if it went along with an increase in the overall volume of prosecutions. Instead of replacing leniency agreements with conventional cases, the DOJ statistics suggest that the agency is simply choosing not to prosecute at all in many instances.

Public Citizen says DOJ may be making greater use of a process called declination, which is essentially a form of super-leniency in which no charges are brought. Some of these deals are made public, but the best corporate defense lawyers can negotiate declinations that are kept secret.

The analysis done by Public Citizen focuses on criminal cases. I decided to check comparable civil cases brought by the Securities and Exchange Commission. According to data collected in Violation Tracker, the SEC collected $1.4 billion in penalties from companies in 2021. This was down from the totals in the final two years of the Trump Administration. In 2022 the SEC’s total jumped to $4.4 billion, thanks in large part to a single case involving a $1 billion settlement with the German insurance company Allianz.

This year the SEC total through mid-October is $1.5 billion. Unless the agency announces some very large cases in the next nine weeks, its 2023 total will also fall behind the final Trump years.

While case and penalty totals do not tell the whole story, what we see in both the criminal and civil areas is something less than a major assault on corporate misconduct. There have been some laudable steps taken by other agencies such as the Federal Trade Commission and the Consumer Financial Protection Bureau, but both of those regulators have faced legal challenges to their enforcement powers. At the same time, the whole system of business regulation is threatened by Republican defunding efforts.

Overall, the Biden Administration has yet to show that it can overcome these obstacles and make good on the promises of a crackdown on rogue corporations.