Violation Tracker

The Biden Administration’s First Corporate Crime Mega-Case

Observers of the corporate crime scene have been waiting to see when the regulators and prosecutors of the Biden Administration would announce a mega-case of the sort that had largely disappeared during the lackluster enforcement period of the Trump years. That case has arrived, and the target is not exactly a household name in the United States: the German financial services corporation Allianz.

The Justice Department and the Securities and Exchange Commission have announced that Allianz and its investment management arm, Allianz Global Investors (AGI), will pay more than $6 billion to resolve criminal and civil allegations relating to what the SEC called a “massive fraudulent scheme.” The victims of that scheme included public employees participating in pension funds that were misled about the riskiness of complex financial products marketed by AGI. The true extent of the risk became evident during the COVID-related market volatility of 2020, when the pension funds and other investors suffered catastrophic losses.

The $6 billion settlement ranks among the 20 largest penalties recorded in Violation Tracker for the period since January 2000. More than half of those cases involve financial services corporations.

Allianz, whose Violation Tracker penalty total until now was $182 million, joins the 30 banks and other financial services companies that have each paid more than $1 billion in aggregate penalties. These include 13 European banks, among which are two from Germany: Deutsche Bank and Commerzbank.

There are a couple of encouraging aspects of the AGI case that go beyond the substantial monetary penalty. First, the SEC announced that AGI, because of its guilty plea in the DOJ case, will be disqualified from providing advisory services to US-registered investment funds for the next ten years, and will exit the business of conducting these fund services. This contrasts with other cases in which financial services companies have avoided these sorts of consequences in criminal cases by arranging for the guilty plea to be submitted by a minor subsidiary—or by getting a waiver.

In addition, criminal charges were brought not only against the company but also against several individuals, including Gregoire Tournant, the chief investment officer of AGI. Tournant was charged with securities fraud and investment fraud as well as obstruction of justice. The latter related to allegations that Tournant and the other defendants made multiple, ultimately unsuccessful, efforts to conceal their misconduct from the SEC, including, the agency stated, “false testimony and meetings in vacant construction sites to discuss sending their assets overseas.”

The charges against Allianz were all the more appropriate in that the company’s U.S. operations have been involved in several other investor deception cases. For example, in 2004, three of its subsidiaries were fined $50 million by the SEC. Another subsidiary paid $18 million to settle a case with the New Jersey Attorney General. Yet another unit was fined $5 million by the industry regulator FINRA. Allianz’s U.S. insurance subsidiaries have also been fined numerous times by state regulators.

Let’s hope that the Allianz matter is a sign that the Biden Administration is serious about cracking down on corporate crime and that recidivists will be made to pay a significant price for their ongoing transgressions.

A New Kind of Corporate Watchdog

Large companies prone to misconduct usually have to contend with three main kinds of watchdogs: government regulators and prosecutors, class action lawyers, and activist institutional investors. These parties have, respectively, the ability to impose fines, extract settlements, and bring about policy changes through shareholder resolutions.

Now it turns out that corporations are increasingly being scrutinized in another way. According to a recent article in Law360, insurance companies are paying more attention to business conduct. This is especially the case for ESG (environmental, social and governance) practices that big firms tout as evidence that they are good corporate citizens.

Underwriters providing coverage for liability claims against directors and officers are taking a more aggressive posture in two respects. First, they want to be sure any company they insure is not behaving in a way that could hurt the financial situation of the firm or damage its reputation, either of which could lead to costly shareholder lawsuits. Second, they are taking a closer look at the ESG reporting of the companies to see whether it is accurate.

Since corporations have to stay in the good graces of their insurers if they want to maintain their coverage, this trend toward stricter risk management could have significant positive consequences. For too long, insurers took a passive position toward questionable corporate conduct. They covered claims without doing much to get clients to change that behavior.

It is especially significant that more insurers are no longer taking the statements of firms at face value. The Law360 article quotes an official at insurance broker AON as saying that when it comes to ESG, “some companies just checked the box and said they have a policy in place, but that was never implemented.”

This gets to the heart of the problem with ESG policies: they are voluntary and largely unenforceable, while outcomes are often unverifiable. This makes them attractive to corporations: they can make grandiose claims about the good they are doing, and outsiders have to take their word for it.

Insurers have come to realize, Law360 reports, that “underlying litigation risk and uncertainty will continue to grow in the absence of clear definitions and common standards and regulations applicable to ESG.”

It remains to be seen whether insurers can get companies to establish clearer definitions. It may be that ESG is inherently fuzzy and that serious standards can only come from government regulators. Yet the new posture of the insurers could help discourage the most unsubstantiated ESG claims.

Hopefully, insurers will come to see that the most valid measures of business behavior should be based on metrics assembled outside the companies themselves. That is what my colleagues and I attempt to do with Violation Tracker.

The data we collect is all from regulatory agencies and court records. We ignore the statements of corporations, including those—such as the Legal Proceedings sections of 10-K filings—in which firms are supposed to own up to their transgressions. Those disclosures are almost always incomplete.

In the end, meaningful change in corporate behavior will only come about through outside pressures, not boardroom enlightenment. If insurers are serious about contributing to those pressures, so much the better.

Getting Tough with Corporate Privacy Violators

Privacy violations, which used to be a relatively minor compliance issue for large corporations, have now become a much more serious concern. And a recent Federal Trade Commission case could be a sign of more aggressive enforcement practices to come.

Back in the early 2000s, privacy cases consisted mainly of actions brought by state regulators against fly-by-night operations that ran afoul of Do Not Call rules by placing large numbers of unwanted marketing robocalls. The data in Violation Tracker indicate that aggregate federal and state privacy penalties across the country were only a couple of million dollars per year.

Over the past decade, total agency privacy penalties have grown substantially, exceeding $50 million each year since 2016. The blockbuster cases fall into two major categories. The first involves corporations that were fined for allowing major breaches of their customers’ data to occur. For example, in 2018 Uber Technologies had to pay $148 million to settle a case brought by state attorneys general for a breach of data on 57 million customers and drivers—and for attempting to cover up the problem rather than reporting it to authorities.

The other category consists of cases in which corporations were directly responsible for the privacy violation. In 2019, for instance, Google and its sister company YouTube agreed to pay $136 million to the FTC and $34 million to New York State to settle allegations that the companies violated rules regarding the online collection of personal data on children.

This category also includes the largest privacy penalty of all—the $5 billion paid by Facebook to the FTC in 2019 for violating an earlier order by continuing to deceive users about their ability to control the privacy of their personal information.

Also in this category is a recent case handled by the FTC and the Department of Justice against WW International (formerly Weight Watchers International Inc.). The agencies are collecting $1.5 million in civil penalties from the company for violating the Children’s Online Privacy Protection Act in connection with their weight management service for children, Kurbo by WW. The government had alleged that WW collected personal data such as names and phone numbers as well as sensitive information such as weight from users as young as eight years old without parental consent.

In addition to the monetary penalty, the FTC took the unusual (but not unprecedented) step of requiring WW to delete their ill-gotten data and destroy any algorithms derived from it. As a blog post from the law firm Debevoise & Plimpton points out, this kind of punishment can have a major impact, given that a single tainted dataset may require the destruction of multiple algorithms.

Requiring corporate miscreants to destroy intellectual property is in line with the ideas recently proposed by Consumer Financial Protection Bureau director Rohit Chopra for using measures beyond monetary penalties in regulatory enforcement. Chopra called for forcing misbehaving companies to close or divest portions of their operations—and, in the most egregious cases, to lose their charters.

The moves by the FTC and the CFPB are signs that regulators are recognizing that aggressive new enforcement tools are needed to shake up large corporations that have grown too comfortable paying their way out of legal jeopardy.

Policing the Grid

State public utility commissions are most frequently in the news in connection with their role in setting rates for electricity, gas and other regulated services. Yet they have another responsibility: protecting the interests of utility customers by monitoring the safety and consumer protection practices of the corporations under their jurisdiction.

As part of the latest expansion of Violation Tracker, the Corporate Research Project has collected data on more than 2,000 enforcement actions brought by PUCs around the country over the past two decades in which a penalty of at least $5,000 was imposed. Policing the Grid, a new report authored by freelancer Adam Warner and myself, analyzes what we discovered in those cases.

We found that a total of $13 billion in fines and settlements have been collected since 2000 by the PUCs and by state attorneys general in related cases brought against regulated companies. This amount is not evenly distributed among the states.

California has by far the latest share, $8 billion, or well over half of the national total. This is largely the result of cases brought against Pacific Gas & Electric, which has been hit with $5 billion in penalties, primarily for the role its poor power-line maintenance has played in causing devastating wildfires in the state. Southern California Edison has paid $842 million in wildfire cases as well as for other offenses such as submitting falsified data to the California Public Utilities Commission.

New York ranks second in penalties, with a total of $896 million. More than half of that figure is linked to Consolidated Edison, which has paid $528 million for offenses such as failing to prepare adequately for severe storms.

Five other states—Missouri, Massachusetts, West Virginia, Arizona and Illinois—have penalty totals in excess of $100 million. Texas has the largest number of cases, at 365, but it has collected only $67 million. Another $2.9 billion in penalties resulted from joint actions brought by groups of state attorneys general.

Other states have done much less in the way of utility safety and consumer protection enforcement. Twenty-nine states collected less than $10 million in penalties since 2000, including four– Alabama, Alaska, South Carolina and Wyoming—for which no cases with penalties of at least $5,000 could be found.

Some large corporations paid penalties in multiple states. For example, power generator NRG Energy, which ranks third among the parent companies with $1.2 billion in fines and settlements, faced cases in five states along with a multistate attorneys general lawsuit. AT&T has paid penalties in 20 states and the District of Columbia, along with five multistate AG cases.

The Spanish energy company Iberdrola has, through its U.S. subsidiaries in the Northeast, faced the most enforcement actions (96), but most of the fines were relatively modest in size, keeping its penalty total to $27 million.

With the new utility cases, Violation Tracker now contains 512,000 entries from more than 400 federal, state and local agencies with total penalties of $786 billion.

Credit Suisse and the Oligarchs

Russian banks are among the targets of Western sanctions in response to the invasion of Ukraine, but a financial institution in the middle of Europe is also part of the problem. According to recent press reports, Switzerland’s Credit Suisse is calling for the destruction of certain documents that could involve Russian oligarchs—a move that could impede efforts to locate and perhaps seize their assets.

The Financial Times is reporting that the bank is asking hedge funds and other investors to “destroy and permanently erase” documents relating to securitized loans backed by “jets, yachts, real estate and/or financial assets.” Credit Suisse had created these financial instruments to offload risks associated with its lending to the ultra-rich. When the Financial Times previously reported on these instruments, it described a presentation to potential investors mentioning that the bank had experienced defaults on yacht and aircraft loans to oligarchs related to U.S. sanctions.

It appears that Credit Suisse is concerned that the documents relating to the loans could be leaked. The bank has good reason to worry about unauthorized disclosures. It was recently the subject of a massive release of internal documents, dubbed Suisse Secrets, revealing its extensive dealings with individuals said to be involved in drug trafficking, money laundering and other corrupt practices.

Credit Suisse has a long history of ethically questionable behavior, extending back at least to the Second World War, during which it and other major Swiss banks allegedly profited by receiving deposits of funds that had been looted by the Nazis. In 1998 the banks agreed to pay a total of $1.25 billion in restitution.

After merging with investment bank First Boston in the 1970s, Credit Suisse became a significant player in U.S. financial markets and got into frequent trouble with regulators. Over the past two decades, it is racked up more than $10 billion in fines and settlements, as shown in Violation Tracker. This rap sheet includes a $5 billion settlement in 2017 concerning the sale of toxic securities and a $1.8 billion criminal penalty in 2014 for helping U.S. taxpayers file false returns.

Credit Suisse has also had previous problems relating to sanctions. In 2009 it had to pay $536 million to the U.S. Justice Department and the New York County District Attorney’s Office to settle allegations that it violated the International Emergency Economic Powers Act by engaging in prohibited transactions with Iran, Sudan and other countries sanctioned in programs administered by the Department of the Treasury’s Office of Foreign Assets Control.

The bank has also been implicated in bribery cases, paying $99 million last year to the Securities and Exchange Commission for fraudulently misleading investors and violating the Foreign Corrupt Practices Act in a scheme involving two bond offerings and a syndicated loan that raised funds on behalf of state-owned entities in Mozambique. The bank was also penalized nearly £300 million by the UK’s Financial Conduct Authority for the Mozambique matter.

Returning to the current situation, Credit Suisse is insisting that it has not been destroying any documents in its own possession while not denying it asked investors to do so. The bank may not have broken any laws in making this request, but it is a highly questionable action amid the current situation. Unfortunately, it is very much in keeping with Credit Suisse’s extensive track record of going out of it way to protect the disreputable clients with whom it likes to do business.

The Pentagon Wakes Up to Arms Industry Concentration

Lockheed Martin’s decision to bow to pressure from the Federal Trade Commission and abandon its takeover of Aerojet Rocketdyne is a rarity. Such mergers among weapons producers were long encouraged by the Pentagon and approved by antitrust regulators. Bigger and more prosperous contractors were seen as being in the national interest.

This gave rise to a group of military leviathans. Along with Lockheed Martin, the result of the 1995 combination of Lockheed and Martin Marietta and the later addition of Sikorsky Aircraft, those giants include: Raytheon Technologies, which arose out of the 2020 merger of Raytheon and portions of United Technologies; Northrop Grumman, born out of the 1994 combination of Northrop Aircraft and Grumman Corporation; General Dynamics, formed from the 1950s merger of Electric Boat Company and Canadair; and Boeing, which gobbled up McDonnell Douglas in 1997.

Concentration, however, is no longer seen as a virtue in the arms industry. The Defense Department has just issued a report warning that the sharp reduction in competition among contractors is creating problems for the Pentagon. It points out that the number of aerospace and defense prime contractors is down from 51 in the 1990s to five today, making the military highly dependent on a very small number of producers in all categories of weapons systems.

This reduction in competition, the report argues, creates supply risks, increases costs and diminishes innovation: “Consolidations that reduce required capability and capacity and the depth of competition,” it states, “have serious consequences for national security.”

In place of the old approach of “bigger is better,” the report recommends heightening merger oversight, encouraging new entrants, increasing opportunities for small business, and hardening of supply chain resiliency.

For all its candor, one issue the report does not address is the checkered history of the big contractors in terms of honest dealing. They were all involved in numerous procurement scandals in the 1980s, the 1990s and into the 2000s. These ranged from massive cost overruns to cases of outright bribery.

The misconduct has continued. According to Violation Tracker, which covers cases back to 2000, the big five have paid more than $2 billion in fines and settlements in cases relating to government contracting—mainly violations of the False Claims Act. For example:

In 2006 Boeing paid $615 million to resolve criminal and civil allegations that it improperly used competitors’ information to procure contracts for launch services worth billions of dollars from the Air Force and NASA.

In 2008 General Dynamics agreed to pay $4 million to settle allegations that a subsidiary fraudulently billed the Navy for defective parts.

In 2014 a subsidiary of Lockheed Martin paid $27.5 million to resolve allegations that it overbilled the government for work performed by employees who lacked required job qualifications.

In 2009 Northrop Grumman agreed to pay $325 million to settle allegations that it billed the National Reconnaissance Office for defective microelectronic parts.

In 2008 Raytheon subsidiary Pratt & Whitney, then part of United Technologies, agreed to pay $50 million to resolve allegations it knowingly sold defective turbine blade replacements for jet engines used in military aircraft.

Now that the Pentagon is trying to reduce its dependence on giant contractors, it should also show less tolerance for corruption on the part of suppliers both large and small.

Scrutinizing Microsoft

Press accounts of Microsoft’s $70 billion offer for Activision Blizzard make frequent references to the legal problems it would inherit from the gaming company, which is embroiled in lawsuits and regulatory actions relating to sexual harassment and discrimination.

Those problems are real, but it is misleading to suggest that Microsoft is a boy scout of a company with no legal difficulties of its own. While none of the cases involve the same allegations surrounding Activision, Microsoft has, as shown in Violation Tracker, racked up more than $300 million in regulatory fines and class action lawsuit settlements over the past two decades.

The largest cases involve anti-competitive practices—the same issue that made Microsoft notorious in the 1990s. In 2009 the company paid $100 million to resolve a case brought by the Mississippi Attorney General, and in 2012 it paid $70 million to settle a similar suit brought by a group of cities and counties in California.

Microsoft has also faced accusations of foreign bribery. In 2019 one of its subsidiaries paid $8.7 million to resolve criminal charges linked to alleged violations of the Foreign Corrupt Practices Act in Hungary. The parent company paid $16 million in a related civil matter brought by the Securities and Exchange Commission.

LinkedIn, a Microsoft subsidiary, paid $13 million in 2016 to settle a class action lawsuit alleging that it sent unsolicited messages to users.

Microsoft has had its own problems with employment discrimination. In 2020 it agreed to provide $3 million in back pay and interest to employees to resolve federal allegations that hiring patterns at several of its locations showed a statistical bias against Asian applicants.

Finally, Microsoft shares with Activision a track record of wage and hour violations. In 2014 LinkedIn was compelled to pay over $5 million in back pay and liquidated damages to a group of 359 current and former employees who had not received proper overtime pay.

In 2000 Microsoft paid $97 million to settle a lawsuit alleging that it misclassified several thousand people as independent contractors to avoid paying them overtime pay and employee benefits. This was the same issue in a lawsuit brought against Activision in California on behalf of senior artists. In 2017 the gaming company paid $1.5 million to settle the suit.

Despite its transgressions over the past two decades, Microsoft has developed a more benign image than not only Activision but also the other giants of the tech industry, including Amazon, Google and Facebook.

An assessment in the Washington Post attributes this not to changes in Microsoft’s practices but to its public relations and lobbying, especially in relation to Washington lawmakers, many of whom, the Post states, treat the company “like a trusted ally in their efforts to rein in other large tech companies.”

The Activision deal, which raises some significant antitrust issues given Microsoft’s sizeable Xbox business, will be a test of the strength of its good will among policymakers. This will be a good opportunity for those calling for stronger enforcement to show they are serious.

The Corporate Crime Lobby

One big difference between street crime and corporate crime is that drug dealers, burglars and arsonists generally are not able to influence the way their misdeeds are investigated and prosecuted.

Corporate violators, on the other hand, can use lobbying and campaign spending to push for policies that may make it less likely their wrongdoing will be detected or will be treated more leniently if it is discovered.

Much of this business effort is exercised through trade associations, and probably the biggest influencer of them all is the U.S. Chamber of Commerce. As is highlighted in a new report from Public Citizen, the Chamber has been an outspoken opponent of the Biden Administration’s plan to adopt a more aggressive posture toward corporate misconduct.

It has been especially critical of a new approach being taken by the Federal Trade Commission, which voted in November to expand its criminal referral program. While the FTC itself can bring only civil actions, the agency can pass on evidence of corporate criminality to the Justice Department—and now it will be doing more of that. The Chamber accused the FTC of “waging a war against American businesses” and vowed to “use every tool at our disposal, including litigation, to stop its abuse of power.”

The Public Citizen report demonstrates why the Chamber is so agitated: many of its leading members have been involved in significant cases of malfeasance in the past and are likely to be similarly embroiled in the future.

Using extensive data from Violation Tracker, the report shows that the known members of the Chamber have been involved in thousands of civil and criminal matters and have paid more than $150 billion in fines and settlements.

Three major banks—JPMorgan Chase, Citigroup and Wells Fargo—alone account for $81 billion in penalties, and the pharmaceutical industry another $26 billion.

While these numbers represent all forms of misconduct, Public Citizen gives special attention to the 19 Chamber members that have been involved in criminal cases. Among them are Amgen (illegal drug promotion), Bayer (price-fixing) and Zimmer Biomet (Foreign Corrupt Practices Act).

The report notes that at several other Chamber members such as American Express are reported to be targets of current criminal investigations.

Public Citizen looks at overall corporate rap sheets, but given the Chamber’s hyperbolic statements about the FTC, it is worth zeroing in on cases brought by that agency.

As Violation Tracker shows, the FTC has fined companies over $14 billion since 2000. More than one-third of that total comes from a single case brought against a Chamber member. Facebook, whose parent company is now called Meta Platforms, was penalized $5 billion in 2019 for deceiving users about their ability to control the privacy of their personal information.

Other Chamber members involved in significant FTC cases include: Citigroup, which paid $215 million to resolve allegations that two of its subsidiaries engaged in deceptive subprime lending practices; Alphabet, whose Google subsidiary paid $136 million for violating rules regarding the online collection of personal data on children; and AT&T, whose AT&T Mobility subsidiary paid $80 million to the FTC to provide refunds to consumers the company unlawfully billed for unauthorized third-party charges.

These were all civil matters. The Chamber is apparently worried that such cases could now result in referrals to the Justice Department for criminal prosecution, especially since the DOJ is vowing to bring more such actions.

The next few years will be a test of whether more aggressive regulators and prosecutors can overcome the power of the corporate crime lobby.

Holding Corporations Accountable for Defective Products

A federal judge in Michigan just shot down a motion by Fiat Chrysler to derail litigation alleging it sold 800,00 vehicles with faulty gearshifts. The company could end up paying many millions in damages. At about the same time, a federal judge in New York gave final approval to a $5.2 million settlement of class action litigation claiming that DevaCurl products caused hair loss and scalp damage.

These are two recent examples of actions in an arena in which corporations are held accountable for causing harm to their customers: product liability lawsuits. These kinds of court cases are the latest category of class-action and multi-district litigation to be added to Violation Tracker.

The database now contains entries covering 120 of the most significant product lawsuits of the past two decades in which corporations paid substantial damages or a monetary settlement to large groups of plaintiffs. The total paid out by the companies in these cases is more than $54 billion.

Fourteen of the cases involved payouts of $1 billion or more, the largest of which was the $9.6 billion Bayer agreed to pay to resolve tens of thousands of suits alleging that the weedkiller Roundup, produced by its subsidiary Monsanto, causes cancer. Bayer, which produces pharmaceuticals as well as chemicals, was involved in five other cases on the list, bringing its aggregate payout to more than $12 billion, the most for any corporation.

Next in line are Pfizer and Johnson & Johnson, each with payout totals of about $5.5 billion for cases involving harm caused by products ranging from hip implants and diabetes drugs to heartburn medication and talcum powder. These two companies and other pharmaceutical and medical equipment producers account for one-third of the cases on the list and half of the payout total. The giant settlements involving opioid producers and distributors are not included here, since they are treated as matters of illegal marketing rather than defective products—and because those cases are most often brought by state attorneys general rather than as private litigation.

The motor vehicle industry also features prominently, with 32 cases and total payouts of $9 billion. The largest portion of that is linked to Toyota, with $5.3 billion in payouts in cases involving issues such as unintended acceleration, defective airbags and premature corrosion. Volkswagen has actually paid out much more in class action settlements due to its emissions cheating scandal, but Violation Tracker categorizes those as environmental rather than product liability cases.

Among the remaining cases are a $1 billion settlement by the German company Knauf involving drywall that emitted noxious odors and a $500 million settlement by Sears Roebuck of allegations that it sold stoves that had a tendency to tip over.

Yet perhaps the most surprising of the cases were two involving the Brazilian company Taurus, which paid a total of $277 million to resolve allegations that it produced firearms with a defect that caused them to go off when dropped. The irony is that gunmakers are shielded from liability when their weapons are used in criminal activities.

Product liability class action and multi-district cases—like similar litigation involving issues such as toxic chemicals, wage theft and privacy violations—are reminders that the courts are an important complement to the regulatory system in addressing corporate misconduct.

The 2021 Corporate Rap Sheet

After four years of Trump’s regulation bashing, the expectation was that the Biden Administration would adopt a much more aggressive posture toward corporate misconduct.

There have been some encouraging signals, such as those given by Deputy Attorney General Lisa Monaco in an October speech, but few blockbuster federal case resolutions have been announced during the past eleven months.

According to data my colleagues and I have collected for Violation Tracker, no individual company has paid a settlement or fine of $250 million or more to the Biden DOJ. In fact, there have been only two case resolutions of that size announced by any federal agency during this period.

In September, the Securities and Exchange Commission announced a $539 million settlement with entities linked to Chinese businessman Guo Wengui relating to illegal sale of stock and digital assets. That same month, the Office of the Comptroller of the Currency fined Wells Fargo $250 million for ongoing risk management deficiencies.

By contrast, numerous mega-cases have been resolved by state attorneys general. Since last January, they have announced nine settlements of more than $250 million, including five worth $1 billion or more. Those are the giant cases against pharmaceutical manufacturers and distributors for their role in the opioid crisis.

The largest case was the settlement worth an estimated $10 billion with the biggest opiate villain of all, Purdue Pharma, which is now in bankruptcy and will effectively go out of business. Many argue that the Sackler family got off too easy in the case, but the company is paying a substantial price for its misdeeds. The other ten-figure settlements of the year involved McKesson ($8 billion), AmeriSourceBergen ($6.5 billion), Cardinal Health (also $6.5 billion) and Johnson & Johnson ($5 billion). Also substantial was the $573 million settlement McKinsey reached with states over its role in advising opioid producers in improper marketing practices.

There were also significant state settlements on issues other than opioids. Duke Energy signed an $855 settlement with the North Carolina AG relating to coal ash pollution. Boston Scientific Corporation reached a $188 million settlement with a group of states to resolve allegations it engaged in deceptive marketing of a transvaginal surgical mesh device.

While the Biden DOJ has yet to roll out blockbuster cases, it did announce some substanial resolutions during the year. For example, the U.S. Attorney’s Office in Cincinnati announced a $230 million settlement of criminal charges against utility company FirstEnergy for making improper payments to public officials to get them to pursue nuclear power legislation benefiting the company. Taro Pharmaceuticals agreed to pay $213 million to settle price-fixing charges. In a case that also involved UK and Swiss regulators, Credit Suisse paid $175 million to the DOJ to resolve criminal charges relating to a fraudulent project in Mozambique.

The year also saw the resolution of some major class action and multi-district lawsuits against large corporations. After the U.S. Supreme Court declined to hear its appeal of a court verdict, Johnson & Johnson paid more than $2 billion in damages to a group of women who claimed they developed ovarian cancer from using the company’s talcum powder.

Hyundai Motor agreed to pay up to $1.3 billion to settle a consolidated class of claims that it and its subsidiary Kia sold vehicles with defective engines that could catch fire. Facebook paid $650 million to settle a class action over its harvesting of facial data.

Facebook was also at the center of a controversy that not yet been fully resolved by regulatory or court action. A former manager leaked a large collection of internal documents indicating that the company, which now calls itself Meta Platforms, was aware of the harmful effect its services were having on some users, especially younger ones, but did little about it. The revelations prompted widespread criticism among members of Congress but no significant legislation or litigation so far.

Another widely criticized corporation that has yet to face full consequences for its conduct is Amazon.com. The e-commerce behemoth has been reproached for the way it treats employees, the small merchants who make use of its platform, and the communities in which it operates. Yet it continues to expand at a rapid pace and has seen an enormous growth of profits during the pandemic.

During the Facebook disclosures, there was growing speculation as to whether the big tech firms were now facing a situation similar to that of the tobacco companies, which were the subject of their own scandalous revelations and eventually had to pay out many billions of dollars in settlements and sharply curtail their marketing activities.

The key word there is “eventually.” The dangers of smoking were known for decades, yet the big cigarette companies adamantly denied the reality—the same way the fossil fuel companies have denied their role in climate change. We should not expect Meta, Amazon and the other tech giants to give in without a long and bitter fight.