Lessons Learned From US v. Hershey Creamery Company

March 5, 2009

Presented to the 23rd Annual National Institute on White Collar Crime, March 5, 2009 in San Francisco, CA.

In September of 2008, the United States Department of Justice, in coordination with the United States Environmental Protection Agency ("USEPA"), filed the first criminal prosecution involving a company’s failure to establish and implement a Risk Management Plan ("RMP") as required pursuant to the Clean Air Act ("CAA").1 The defendant, Hershey Creamery Company ("Hershey"), was alleged to have twice certified to USEPA that it had a compliant RMP despite ignoring the conclusion from an audit of the RMP, as required by federal regulations. The auditor concluded that Hershey’s RMP was deficient and issued forty-six specific recommendations.2 The prosecution was instituted against Hershey despite there never being an release of chemicals or actual harm to human health or the environment. Hershey entered into a plea agreement with the United States which included a one hundred thousand dollar fine, organizational probation and a requirement to engage an independent environmental consultant to evaluate and supervise the company’s compliance with environmental laws. A copy of the Plea Agreement, Information, Judgment and U.S. Department of Justice Press Release are attached.

The CAA provides several affirmative obligations on business. Many of the obligations directly relate to mechanics of controlling or monitoring actual emissions.3 However, one CAA program requires businesses to develop, maintain and implement a RMP which identifies risks for accidental and catastrophic releases.4 In general, the RMP requirements mirror many of the Occupational Safety and Health Administration ("OSHA") requirements such as maintaining Material Safety Data Sheets on each chemical present in the workplace.5 The purpose and substance of the RMP is also similar to requirements of the Spill Prevention, Control and Countermeasure Plan established under the Oil Pollution Act because both mechanisms require the owner/operator to prepare and implement a plan that identifies hazards, designs a safe facility, minimizes the consequences from an accidental release, and provides a specific plan of action in the event of an emergency.6

The regulatory provisions of the RMP set forth a three tier system of escalating requirements for the RMP. The criteria which are used to determine the applicable RMP tier include, but are limited to, the toxicity and volume of the chemical stored at the facility and the proximity of potential receptors in the event of a release. Where the RMP has a significant divergence from the OSHA program is that the RMP requires an analysis of potential off-site receptors. For instance, the RMP requires the owner to develop a "worst case release scenario" which provides the analysis of the total quantity, toxicity, distance, and potential receptors affected if the "worst case" accidental release occurs at the facility.7 Further, the RMP also requires there to be a hazard assessment for both onsite and off-site receptors, coordination with local emergency responders, and an emergency response program which sets forth, in specificity, the steps to take in the event of an accidental release.

One reason why Hershey was the first prosecution by the United States of a company’s failure to maintain a RMP may be that there is a regulatory requirement for independent audits of a company’s compliance with the RMP requirements once every three years.8 Hershey had performed the audit but ignored its substance. The interesting aspect of this requirement, though, is how a court will use the audit requirements in developing an appropriate sentence under the Federal Sentencing Guidelines Manual in the event of additional criminal prosecutions of organizations which fail to maintain a compliant RMP.

Chapter Eight of the Federal Sentencing Guideline Manual sets for the factors a court considers when sentencing an organization. One mitigating factor that a court considers is if the organization has an "effective compliance and ethics program" ("compliance program").9 However, the reduction of "culpability" is not as substantial if the compliance program was required by statute or regulation. Therefore, the mandatory audits required by the USEPA may decrease an organization’s ability to have its culpability score reduced.10 However, the regulatory structure for the RMP does not require annual audits. Therefore, it is still possible for an organization to institute a compliance program that goes beyond the scope of what is required by law in order to retain the ability to have its culpability score reduced.

Further, if an organization does not have a compliance program in place, the court may order that the organization develop and implement a compliance program which is acceptable to and supervised by the court. Along with being placed on organizational probation, a court supervised compliance program could create a substantial burden for an organization to review and analyze all of its processes to determine its corporate compliance status. However, the preemptive development its own compliance program offers the organization the flexibility to institute a program that is both feasible and economically efficient. An existing compliance program may dissuade the court from sentencing an additional compliance program on the organization.

Another way that a compliance program may help the organization is through the voluntary disclosure policies of the USEPAll and the Environment and Natural Resource Division ("ENRD")12 of the United States Department of Justice. Having a compliance program for employees to report violations of environmental laws as soon as they are discovered can offer the organization the ability to voluntarily disclose the violation to the USEPA and, if necessary, ENRD, to reduce or eliminate the possibility of criminal and civil prosecutions for many types of environmental violations.

In this day and age, a company is at tremendous risk if it does not have an effective, compliance program to prevent and detect violations of law. An effective compliance and ethics program should meet all of the conditions set forth in USSG §8B2.1, a copy of which is attached. As set forth in the Guidelines, a corporate compliance program needs to be embedded in the organization’s governing authority and high level personnel must exercise reasonable oversight with respect to its implementation and effectiveness. Specific individuals within high level personnel should be assigned overall responsibility for compliance. Specific individuals within the organization must be assigned the day to day responsibility for the compliance and ethics program. A structure must exist within corporate governance that ensures that the specific individuals with the day to day responsibility for corporate compliance report periodically with high-level personnel and as appropriate to the governing authority, or a subgroup of the governing authority, on the effectiveness of the compliance and ethics program. However, this needs to be more than a paper program. The individuals with the day-to-day operational authority must be given adequate resources, appropriate authority and direct access to the governing authority. A key to a successful program is the monitoring and auditing to detect criminal conduct, to evaluate the effectiveness of the program and to have and publicize a system whereby employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.

This is not to say that an effective compliance and ethic program will prevent corporate criminal liability. In a recent Second Circuit opinion, United States, v. Ionia, Docket Nos. 07- 5801-cr, 08-1387-cr, January 20, 2009, a copy of which is attached, the Court affirmed the conviction of the company for violating the Act to Prevent Pollution on Ships (APPS) by failing to maintain an oil record book while in U.S. waters as required by 33 U.S.C. §151.25. One argument made on appeal by amici curiae was that the government should be required to prove as a separate element in its case-in-chief that the corporation lacked effective policies and procedures to deter and detect criminal actions by its employees. The Second Circuit found that argument "unavailing."

Adding such an element is contrary to the precedent of our Circuit on this issue. See Twentieth Century Fox Film Corp., 882 F.2d at 660 (holding that a compliance program, ’however extensive, does not immunize the corporation from liability when its employees, acting within the scope of their authority fail to comply with the law’). And this remains so regardless of new Supreme Court cases in other areas of the law. As the District Court instructed the jury, a corporate compliance program may be relevant to whether an employee was acting within the scope of his employment, but it is not a separate element.

Id. at 11.13

In conclusion, an effective corporate compliance and ethics program, consistent with the provisions of USSG §8B2.1, will minimize the risk of non compliance with laws and regulations. If a violation does occur, an effective compliance program by a responsible organization may persuade the government from initiating a criminal prosecution against the company. If prosecution is initiated against the company, an effective compliance program may be relevant to whether an employee was acting in the scope of his employment, which is an essential element to the determination of corporate criminal liability. In addition, a corporation may avoid the being placed on organizational probation if it has an effective corporate compliance to prevent and detect violation of law.

1 - United States v. Hershey Creamery Co., Complaint, Criminal No.: 08/353, (M.D. Pa. September 2, 2008).
2 - Id.¶¶ 11, 13.
3 - 42 U.S.C. §§ 7401-7671q (2009).
4 - Id__~. at § 7412(r)(7).
5 - Compare 29 C.F.R. § 1910.1200(g)(1) with 40 C.F.R. § 68.48.
6 - Id__:. § 112.1 et seq.
7 - Id. § 68.25.
8 - Id__~. § 68.58.
9 - 2008 Federal Sentencing Guidelines Manual, § 8C2.5(f), November 1, 2008,
10 - Id__~. at § 8C4.10.
11 - Environmental Protection Agency, Incentives for Self-Policing: Discovery, Disclosure, Correction and Prevention of Violations (May 11, 2000),
12 - United States Department of Justice, Environment and Natural Resources Division, Factors in Decisions on Criminal Prosecutions for Environmental Violations in the Context of Significant Voluntary Compliance or Disclosure Efforts by the Violator, July 1, 1991,
13 - The Supreme Court has never articulated a standard to address corporate liability in the absence of explicit statutory instructions regarding the imputation of liability on the corporation based on the actions of an employee. United States v. Ionia Management, Amicus Brief, Docket No. 07-5801-CR (2d Cir. June 6, 2008). In the context of civil sexual harassment cases, the Supreme Court has offered a corporation the ability to use a corporate compliance program as an alternative defense. Id.; see Faragher v. Cit7 of Boca Raton, 524 U.S. 775 (1998); Burlington Indus., Inc. v. Ellerth, 524 U.S. 742 (1998). Additionally, the Model Penal Code sets forth a corporate affirmative defense when the organization’s officers have, "exercised due diligence" to prevent the commission of criminal activity. Model Penal Code § 2.07(5)(1962).