A. Introduction
The main purpose of this article is to foster an understanding of the contentious aspects and dimensions surrounding the superior responsibility doctrine, and specifically the superiors’ duties and related measures they are obliged to adopt. The research particularly aims to gain insights into the underlying principles of the third element of the doctrine and their practical applications, while also striving to address existing gaps and controversies and propose potential solutions. The author takes a practical approach while addressing this problem. In line with this purpose and approach, the article seeks to answer the following main question: what can we learn from well-established, legal, standards and business practices in the realm of corporate governance and especially of compliance management, the latter can be regarded as a component or a supplement of the former,Footnote 1 in order to delineate the boundaries and shed the light on the parameters and criteria of the doctrine of superior responsibility in international criminal law?
According to the modern definition, the notion of superior responsibility is understood in its limited sense (stricto sensu) entailing only indirect responsibility of a superior for failing to take preventive or repressive measures against his subordinate troops.Footnote 2 Essentially, it imposes criminal liability for a “failure to act when under a duty to do so.”Footnote 3 The primary sources of this definition are the Statute of the International Criminal Tribunal for the Former Yugoslavia, ICTY Statute, 1993, the Statute of the International Criminal Tribunal for Rwanda, ICTR Statute, 1994, and the Rome Statute of the International Criminal Court, Rome Statute, 1998. The first two statutes provide nearly identical regulations for the criminal liability of superiors, whereas the latter stipulates slightly different standards and differs structurally as well. Each of these three statutes identifies three main substantive elements necessary for establishing the criminal liability of the superior for the international crimes committed by subordinates:Footnote 4
-
1. Superior-subordinate relationship existing between the superior and perpetrators committing an underlying offence;
-
2. Mens rea – the superior knew or had constructive knowledge (i.e., had reason to know or should have known) about the offenses that were about to be or had already been committed;
-
3. The failure to fulfill the duties, i.e. to take necessary and reasonable measures to prevent these crimes or to punish the subordinate perpetrators.
As noted at the beginning of this Introduction, this article primarily addresses the third of the aforementioned elements: the duty of superiors to take necessary and reasonable measures to prevent crimes or punish perpetrators. These two duties are distinct, and neglecting either one results in the superior’s criminal responsibility.Footnote 5 In other words, these obligations are not alternatives—if a superior, acting with knowledge, fails to prevent crimes, subsequent punishment of subordinates does not absolve him of criminal responsibility, though it may be considered as a mitigating factor during sentencing.Footnote 6 However, if the superior did not possess any kind of knowledge about subordinates’ criminal conducts but learns about them only after their commission, criminal responsibility can be excluded if the duty to punish will be fulfilled.Footnote 7 The primary aim of these duties is to prevent those in positions of authority from turning a blind eye to the actions of their subordinates and to promote accountability at all levels of command, thereby reducing risks of international crimes and upholding justice.
While the focus is on this element, this analysis is also relevant to the first element—superior-subordinate relationship, particularly effective control—as will be illustrated below in this section. The rationale behind comparing superior responsibility, especially within the military context, with the criminal and civil liability of managers in corporate organizations can be contentious. The Rome Statute, recognizing inherent differences between the roles of military and civilian leaders, introduces a dual regime for the doctrine of superior responsibility. It prescribes different standards based on the form and nature of command exercised by superiors, whether military or non-military.Footnote 8 This distinction implies that military and civilian leaders may not be treated similarly when their responsibility is at stake.
In their official commentary on Article 14 of VStGB, Weigend and Kuhli emphasize a crucial distinction in supervisory duties between military and civilian superiors.Footnote 9 They assert that a military superior’s oversight is not confined to the barracks but extends to the soldiers’ “off-duty” behavior. On the other hand, the purview of a civilian superior’s supervisory duty is restricted to the realm of their authority – that is, the behavior of subordinates during their official duties.Footnote 10 Weigend and Kuhli contend that a similar premise is reflected in Article 28(b)(ii) of the Rome Statute.Footnote 11 This observation underscores importance of recognizing the unique dynamics of corporate entities and accentuates the need to consider their established standards, knowledge, and practices when addressing criminal liability of civilian leaders.
Given these distinctions, the expediency of comparing corporate governance and compliance with international criminal law becomes a matter of debate. While the doctrine of superior responsibility incorporates principles reminiscent of human resources management, organizational controls, managerial duties, and responsibilities, drawing comparisons between the military and business domains in terms of management and control, especially in inferring the appropriateness of legal prerequisites for criminal liability, may seem vague and unreasonable for two primary reasons: 1) Contextual differences; and 2) scope and purpose.
Contextual differences: Regardless of similarities, organizations from military and business realms are operating in different contexts. The hierarchical structures, command and control dynamics, and nature of operations differ significantly between military and corporate environments. Core international crimes predominantly take place during widespread armed conflicts at a mass-scale level, the overall level of control and influence that superiors can exert over their subordinates may be significantly limited. Such control possibilities are higher corporate organizations.
The scope and purpose: Even if it can be established that management and control in military and business settings are sufficiently similar to be compared with each other, to what extent it can be argued that best business practices provide valuable insights to consider them for refining the doctrine and/or the way it is interpreted and applied?
To address the first challenge, it is important to acknowledge that the comparison between business and military hierarchies is not a novel concept put forth in this research. As Smith observes:
[T]here has long been a two-way exchange of ideas between the corporate world and the military. At various points in its history, the militaries of the U.S. and other capitalist countries have borrowed organizational techniques developed by managers in the private sector. For instance, management tools developed by civilian railway executives coordinated Allied supply lines on the Western Front during the First World War. As Shamir has shown, ideas about scientific Management taken from large U.S. companies have long influenced U.S. military doctrine.Footnote 12
Smith also highlights examples how knowledge and techniques established in these two distinct realms influenced each other. Among other examples, Smith particularly underscores the Robert S. McNamara’s attempt to manage the Vietnam War by employing methods and techniques that had previously been put in practice at the Ford Motor Company where he was previously serving as an executive.Footnote 13 The similarities between these two fields become more apparent in contemporary times, particularly as international corporations engage in cross-border activities across different continents. This global presence means that violations occurring within these corporations can have wide geographical coverage. In such multinational corporations, executives may not always possess sufficient information about ongoing activities, either due to negligence or lack of access, and may not always be in a position to exercise proper control. Considering these factors, the need to study and investigate the reasons and rationale behind the existing differences becomes even more relevant. Yet, it does not mean that existing differences can be ignored; they should be acknowledged and embraced instead: Through a thorough examination of these differences, areas can be identified where improvements can be made in order to enhance accountability, leadership, and ethical conduct in both military and business settings.
As addressed in the preceding paragraph, while proposed comparative analysis may seem reasonable in general, a second logical concern arises: are such managerial techniques relevant for the doctrine of superior responsibility and its requirements? International criminal tribunals evaluate superiors’ effective control—the core component of superior-subordinate relationship—by assessing typical managerial and controlling techniques. These, among others, include the implementation of military strategy and organizational policies, reporting and communication mechanisms, available disciplinary procedures and investigative measures, as well as training and awareness activities. By considering these factors, tribunals aim to establish the existence of the superior-subordinate relationship, which is a prerequisite for criminal liability. Judges assess objective facts and aspects of organizational control and management to determine whether the legal requirements for holding a superior criminally liable for the acts of subordinates are met.Footnote 14 Therefore, there is a merit in comprehensively examining these managerial techniques through interdisciplinary analysis to better understand the doctrine of superior responsibility. Such an approach would ultimately facilitate the practical implementation of the fundamental aspects and necessary elements of the doctrine, as demonstrated in the following sections.
Knowledge acquired through interdisciplinary analysis in corporate governance and compliance becomes increasingly relevant when considering potential criminal liability of civilian superiors. The doctrine of superior responsibility and the standards on corporate governance and compliance share the common objective of establishing accountability and responsibility within hierarchical structures. They both address important aspects such as oversight, control, and the duties and obligations of individuals in positions of authority.
While there is currently only one precedent in the legal practice of international criminal tribunals where a civilian leader acting in a purely civilian setting was convicted solely under the doctrine of superior responsibility, without further convictions under individual criminal liability,Footnote 15 recent developments in the business world, new regulations, and strengthened legal frameworks indicate that large corporations and their executives are under increased scrutiny. As a result, corporate executives may not only face civil liability but also criminal responsibility for violations committed within their areas of control.Footnote 16 The following are some of the recent important developments in this regard.
First, application of international criminal law to corporations is not the distance future. With several precedents involving international corporations in international crimes,Footnote 17 active discussions have begun on whether prosecuting individuals alone, without the ability to hold corporations accountable as collective entities, is sufficient for proper enforcement of international criminal justice, or if it leaves an accountability gap.Footnote 18 Scheffer argues that corporations need to fear the ICC jurisdiction in cases of “atrocity crimes arising as a consequence of corporate operations or complicity in government commission of atrocity crimes.”Footnote 19 A relevant development in this regard was the Act on Corporate Sanctions (“Verbandssanktionengesetz”), the German law that was planned to come into effect on June 1, 2021. Despite the collapse of this project in the summer of 2021, this act is worth mentioning as it introduces the concept of corporate criminal liability in Germany and provides for the imposition of sanctions on corporations for certain offenses. Verbandssanktionengesetz was aimed to strengthen the enforcement of criminal law in relation to corporate wrongdoing and promote a culture of compliance within organizations.
Second, corporations can no longer claim they are not responsible for violations beyond their direct control. The U.N. Guiding Principles on Business and Human Rights (UNGPs), endorsed in 2011, outline that businesses must respect human rights throughout their operations and value chains, including conducting due diligence, remediation measures, and addressing negative impacts.Footnote 20 The OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, introduced in the same year, reinforce this by recommending due diligence, risk assessments, taking preventive and corrective actions, including tracking their effectiveness. Footnote 21 Almost a decade later, in 2021 the Third Draft of the UN Treaty on Business and Human Rights was published—this document is mandating states to ensure legal liability for businesses for human rights abuses arising from their activities or business relationships. Footnote 22
Drawing on the inspirations of the above elaborated developments, in June 2023, the European Parliament took a stance on the Corporate Sustainability Due Diligence Directive (“CSDDD”). This directive, which came into force in July 2024, aims to foster sustainable and responsible corporate behavior across global value chains by requiring companies to identify and address human rights and environmental impacts. It includes sanctions for non-compliance and introduces liability provisions, with the goal of ensuring a uniform application of the law across Europe.Footnote 23
Therefore, due diligence of supply chain and taking further measures to control transnational activities and prevent human rights abuses will soon no longer be dependent on the kind will of corporations and their executives but will rather be a legal requirement.Footnote 24 Now, given the fact that corporations must also be committed to monitor activities of their direct and indirect suppliers, will face greater challenges in arguing that crimes committed by their own employees, even if working in remotely located subsidiaries, cannot be covered by their de jure and/or de facto power and thus may not be attributed to them.
Finally, it is an emerging trend of applying principles of corporate governance and compliance in the realm of state defense, signifying the expanding reach and applicability of these principles beyond their traditional corporate contexts.Footnote 25 This trend, combined with increased knowledge exchange, information sharing, and communication within the corporate sector, fosters greater transparency and supports the rationale for an interdisciplinary analysis. This dynamic also facilitates easier access to best practices and management methodologies in the fields of corporate governance and compliance.
In the broader context, this article aims to offer a new perspective and challenge traditional linear and deterministic thinking, with the intention of learning from other domains and effectively implementing theoretical concepts into practical applications. By embracing such perspective, the interdisciplinary analysis undertaken in this article seeks to uncover hidden connections and novel insights by transcending traditional disciplinary boundaries. Taking this broader view, this article concentrates on the general systems and prevailing approaches of corporate governance and compliance management. Instead of delving into the specific principles and elements, this discussion underscores the similarities in the methodologies employed by international criminal tribunals in their examination of the superior responsibility doctrine and the foundational structure and characteristics of corporate governance, with a particular emphasis on compliance management systems.
In Section B, it is detailed that superiors—whether within a military hierarchy or a corporation—can bear responsibility for failing both general controlling measures and specific preventive or punitive actions. To put in other terms, superiors not only have a broad obligation to oversee subordinates but also a direct duty to intervene in misconduct or administer appropriate punishment. It is particularly argued that this distinction is not merely theoretical but has practical relevance as well.
Section C delves into the concept of effective management and control in corporations, and related duties rooted in three fundamental pillars: Prevention, detection, and response. The duties and corresponding measures embedded in the superior responsibility doctrine fall under one or more of these categories, albeit their categorization is not identical. This section aims to explore practical significance and potential benefits of adopting certain aspects of the approaches established in corporate practices.
The last part, Section D, focuses on the strategies and methods used to assess these measures, specifically in terms of their adequacy and effectiveness, while also highlighting their potential advantages.
B. General and Specific Obligations: International Criminal Law vs. Corporate Context
International criminal law and the legal frameworks of the U.S. and Germany differentiate between general and specific duties. There is a controversy whether such differentiation is practically relevant.Footnote 26 Judgments of international criminal tribunals provide incoherent answers in this regard. As an example, provision of adequate trainings to subordinates should be regarded as a general control obligation. In this regard Burghardt argues that the failure to train implies the breach of the duty to prevent which can trigger superior responsibility in case the superior acquires requisite knowledge at the point in time when offences are about to be committed or during their commission.Footnote 27 He refers to Halilović where the Appeals Chamber reversed the inference of the Trial Chamber and declared that making a distinction between two types of obligations is erroneous. The court continued that an explicit reference to the breach of specific obligations, as a necessary ground for liability, introduces and additional unnecessary requirement and “creates confusing and unhelpful dichotomy.”Footnote 28 By contrast, in the earlier judgment, the Halilović Trial Chamber provided the contradictory view to the one provided above:
While it is evident that no criminal liability may attach to the commander for failure in this duty per se, it may be an element to be taken into consideration when examining the factual circumstances of the case. However, the adherence to this general obligation does not suffice by itself to avoid the commanders criminal liability in case he fails to take the necessary appropriate measure under his specific obligation.Footnote 29
The purpose of this section is not providing an analysis of this issue within the context of international criminal law to arrive at a definitive answer. Instead, it aims to juxtapose this issue with corporate governance and compliance management principles. By delineating the distinctions between general and specific duties, highlighting the overlaps and nuances, and drawing tangible examples from the corporate sector, it seeks to identify potential avenues for integrating business insights into the doctrine of superior responsibility. Subsequent analysis illuminates that the distinction between these two types of measures is evident, practically significant, and should not be overlooked in all cases.
I. Examples of the General Control Obligation and Respective Measures
In the Bemba Gombo case, the ICC Trial Chamber, referencing both the Pre-Trial Decision and various ICTY judgments, distinguished between general and specific measures, providing examples in two distinct non-exhaustive lists.Footnote 30 Specifically, the ICC judges outlined the following general preventive measures:
(i) Ensuring that the forces are adequately trained in international humanitarian law; (ii) securing reports that military actions were carried out in accordance with international law; (iii) issuing orders aiming at bringing the relevant practices into accord with the rules of war; and (iv) taking disciplinary measures to prevent the commission of atrocities by the forces under the commander’s command.Footnote 31
In the corporate sphere, analogous general control measures are prescribed under various corporate governance and compliance management standards. An abridged comparison and summary of these general control obligations and measures is provided in Table 1.
It is evident that the general obligations placed on corporate officers align closely with those imposed on military commanders and civilian leaders in international criminal law as well as in US/German jurisdictions. While these realms share a common approach regarding these obligations, the interpretation and assessment of superiors’ duties and measures may still differ.
II. Examples of the Specific Control Obligation and Respective measures
As with the general obligation, distinct similarities exist concerning specific obligations and measures. The doctrine of superior responsibility under international criminal law mandates that a superior must promptly intervene when violations are anticipated or occurring and subsequently sanction those responsible.Footnote 32 Illustrating this, the ICC Trial Chamber in the Bemba Gombo case, drawing from numerous ICTY judgments, augmented the initial list of general measures to encompass detailed specific measures:Footnote 33
(i) Issuing orders specifically meant to prevent the crimes, as opposed to merely issuing routine orders; (ii) protesting against or criticising criminal conduct; (iii) insisting before a superior authority that immediate action be taken; (iv) postponing military operations; (v) suspending, excluding, or redeploying violent subordinates; and (vi) conducting military operations in such a way as to lower the risk of specific crimes or to remove opportunities for their commission.Footnote 34
These enumerated obligations showcase that specific measures are taken to not only conform to the general control duty but also directly tackle identified specific risks or breaches. In a similar vein, corporate governance and compliance standards necessitate that corporate executives take precise actions when circumstances demand. A detailed overview of these measures is provided in Table 2.
Accordingly, also with respect to specific obligations and measures the similar pattern can be observed and parallels drawn. The significance of these observations, along with specific examples, and their implications for the international criminal doctrine of superior responsibility are further elaborated below in Section III.
III. Rationale and Expediency of Distinguishing General and Specific Obligations
The corporate governance and management principles, especially when viewed through a business-centric lens, rather than a purely legal one, yield the following observations:
-
1) Distinction between control obligations is evident; they, along with the respective measure, inherently differ. This distinction has been demonstrated in two previous Sections. In certain circumstances, this difference has practical implications, while at times, it may be irrelevant.
-
2) Situations where differentiation is practically irrelevant: From a real-world standpoint, the line between general and specific obligations can blur and have no practical implications. In some cases, one might suggest the presence of the other, a view supported by several scholars and legal judgments.Footnote 36
Scenario A – The failure to undertake specific measures implies the breach of the general obligation.
A corporate officer, after implementing effective monitoring, reporting systems, organizing training sessions, and setting up investigation procedures, has met the general obligation to oversee the corporation. But, when issues arose—like flaws in accounting processes and the risk of financial misrepresentation— the corporate officer failed to take necessary measures to mitigate them. This neglect suggests that while the corporate officer successfully established robust monitoring, reporting systems, and initiated comprehensive training sessions, still failed to address specific issues like accounting flaws and potential financial misrepresentation risks. This omission underscores a crucial insight: Even with a comprehensive control system in place, failing to address specific challenges directly implies a breach of the overarching general duty, also compromising the principles of high-level commitment and “tone from the top.”
In the example below the scenario is reversed.
Scenario B – The breach of the general control obligation implies the failure to take specific measures.
A corporate officer, new to his or her position, notices the corporation lacks adequate monitoring and reporting mechanisms. Acting diligently, he or she enhances incident-specific surveillance. When the Internal Audit detects accounting violations, the corporate officer quickly responds. The audit also identifies one reason for these violations: employees are not sufficiently aware of certain fraud-related issues. This makes training and education essential to reduce the risk of fraud in the corporation’s regional branches. Reacting to the audit’s findings, the corporate officer initiates an investigation to uncover more severe misconduct and identify the culprits and, additionally, imposes disciplinary sanctions on the violators already identified. Thus, the corporate officer acts promptly and appropriately in these instances; yet, overlooks the critical need for training. Subsequently, not immediately but several months after, further violations occur in other branches, as suspected by the Internal Audit. While it is challenging to directly link the lack of training to these violations, it is crucial to examine and ascertain whether the omission to organize trainings—as part of the general control obligation—also constitutes failing in the specific obligation to prevent issues. Under such circumstances, the conclusion would most likely be affirmative. It was not a typical situation where training planning is standard. The need for these trainings was prompted by new findings, showing that without raising awareness about fraud, more violations were likely. Thus, in cases like this, the breach of the general control obligation can be manifested in the neglect of specific control duties.
-
3) Situations where differentiation has practical relevance: From a practical standpoint, differentiating between general and specific obligations is not just a theoretical exercise; in certain circumstances, this distinction has tangible implications. Below are provided scenarios where a breach of the general control obligation does not necessarily result in a breach of a specific duty.
Scenario A: Investigations
The corporation lacks established procedures for internal investigations, a cornerstone of effective corporate governance and compliance management. Yet, when an employee alerted the corporate officer about potential bribery plans within the sales unit, swift action was taken to initiate an investigation. The investigation was conducted in line with general standards and best practices, and even in the absence of a standardized concept, it achieved the initially set outcome.
One could intensify this scenario: Suppose the investigations found no breach. It might be argued that a robust investigation procedure might have yielded different results, making the investigation more comprehensive and revealing. Making such an assumption risks oversimplification of examining similar situations and overlooks the complexity of the causality within a chain of command, as it suggests that any misdeed can be directly attributed to the absence of broad general measures, which may not always hold true.
This scenario illustrates that the absence of formal procedures in one area, such as investigations, does not necessarily signify a failure to address specific issues effectively when they arise, although this may often be the case. The scenario challenges the notion that every compliance lapse can be traced back solely to a lack of comprehensive general measures. Instead, it emphasizes the need for a balanced and context-specific approach to compliance management.
Scenario B: Trainings
Despite the absence of a well-structured training and communication plan in the organization, the corporate officer remains vigilant. During an employee meeting, the corporate officer discerns that some units are inadequately informed about the recently introduced Code of Conduct, creating potential misconduct risks. With little hesitation, the officer arranges for ad hoc training and halts specific high-risk transactions to curtail the chances of non-compliance. Importantly, these corrective measures are implemented almost as swiftly and effectively as they would have been if there had been a predefined training and communication concept in place. The corporate officer’s proactive response mirrors best practices in compliance management. Despite these rapid interventions, an incident of mobbing still occurs within the organization.
In such situations, the absence of general control measures should not automatically equate to the neglect of specific responsibilities, particularly when pre-existing training and communication concepts are less likely to enhance the probability of preventing or detecting wrongdoing in a specific context.
To sum up, the distinction between general and specific measures holds significance. While they may overlap and, at times, seem practically irrelevant, it remains essential to distinguish between them. This distinction helps to form accurate judgments regarding their practical implications and nuances.
C. General Control Framework and its Main Pillars
Measures can be categorized not only as general or specific but also based on their function. As it will be elaborated below, military and business standards provide similar yet not identical approaches in this regard. The first part of this Section delves into this categorization, highlighting its significance for the superior responsibility doctrine and in understanding the duties of superiors. It adopts a broader, “helicopter” view, offering an analysis from a more overarching perspective. This perspective specifically contextualizes the duties and measures of superiors within the general control framework. The second part delves into the superiors’ punitive duties aiming to uncover relevant insights and distinct features that can potentially be applied within the ambit of international criminal law.
I. Prevent, Detect, Respond—A High-level View
The corporate governance and compliance standards differentiate between the measures for prevention, detection, and responsive. Footnote 37 The distinction among these measures is evident from their designations. Preventive measures are implemented to halt potential violations either during their anticipatory phases or as they are being committed. Detective measures, on the other hand, focus on identifying and discovering violations, whether they have already been committed or are in progress. This means there is a temporal overlap with preventive measures when considering the timeframe of a violation’s occurrence. Lastly, responsive measures aim to address and rectify already committed violations, and to sanction those responsible. An additional facet of responsive measures, as reflected in the duty to punish in international criminal law, is their role in deterring potential future violations. Some examples of each type of measure presented in the Table 3.
*Certain measures have a twofold function e.g. to prevent as well as to detect
Distinction between preventive and punitive measures under international criminal law is more straightforward. The latter aligns closely with the responsive measures discussed above. A question, however, arises with respect to preventive measures: Do they encompass detective measures under international criminal law? While international criminal law does not delineate detective measures as a distinct category, some preventive and punitive measures possess a detective quality, giving them a dual character. For instance, both reporting mechanisms and surveillance measures aim to preempt crimes by identifying plans or ongoing actions; thus possessing a preventive character. In addition to this, they also serve to detect crimes post-committal. Similarly, while investigations are typically viewed as a responsive tool to address and punish already committed offenses, they also act as a mechanism to timely detect these offenses, discern their exact nature, and identify the perpetrators.
The practical implications of this distinction extend beyond its mere theoretical acknowledgment and comprehension; this distinction is crucial for evaluating superiors’ duties and measures. Evaluating superiors’ duties through this lens provides clarity whether adopted measures satisfy the criteria of being “necessary and reasonable” as required by the doctrine.Footnote 38 The following scenario can be considered: A superior asserts that to have implemented all necessary and reasonable measures to prevent subordinates’ crimes. The superior particularly established monitoring and reporting systems, enforced an effective recruitment policy, ensured timely training, and issued orders when made aware of potential risks. The superior also took punitive actions against offending subordinates and initiated investigations to identify all wrongdoers. On the surface, the superior appears to have diligently executed both preventive and punitive duties. Complexities arise when examining the broader context. What if there is evidence of illicit activities in other regions under the applicable jurisdiction? Why was the superior unaware of these? Possible explanations might be that the crimes were exceptionally covert or occurred in remote areas where concealment was simpler. If the latter is true, it should be evaluated whether additional detective measures could have facilitated the uncovering and suppression of these crimes. Would regular risk assessments or on-the-spot inspections have made a difference?
The argument here is not that the superior necessarily failed in his or her responsibilities. Rather, a deeper understanding of the specificities of various measures and their intended goals helps in more accurate assessment of the superior’s actions. For a conclusive judgment on whether a superior has undertaken all requisite measures, an analysis must determine if adequate efforts were made in the spheres of prevention, detection, and response to the misdeeds of subordinates. An omission in any of these areas could result in the superior’s criminal accountability.Footnote 39 Consequently, the comprehensive control framework designed by superiors should integrate all three measure types. This methodology, grounded in the same rationale, is also pertinent when examining a superior’s de facto authority and effective control.
An example of a pertinent detective measure: Murphy and Boehme in their Commentary on the OECD Practice Guide on ICE&C speak about importance of risk-based due diligence and determination of possible “red-flags.” In the realm of modern corporate governance, the emphasis on risk-based due diligence stands out as a cornerstone for ensuring compliance and preventing misconduct. The authors underscore the significance of not just recognizing these “red flags,” but also ensuring to respond “appropriately to any indications” as part of regular due diligence process. Furthermore, this process shall include periodic updates to mirror the evolving landscape of business and compliance risks.Footnote 40
Accordingly, preventive and detective mechanisms encompass continuous risk assessments, which entail the recognition of “red flags” and establishing measures for their rectification. Analogous risk-based due diligence methods can be adopted by military commanders. This could include predefinition of possible “red flags.” When the tribunals assess compliance with mandated responsibilities, especially in the context of potential criminal liabilities for civilian leaders within corporate settings, they may consider whether a superior is adequately aware of the characteristics of the settings and operations and whether he or she pre-identified any “red flags” or indications to guide them in monitoring and surveillance. While the above outlines just one type of detective mechanism found in corporations, other detective measures—which may also be relevant for military settings—could include data analytics, recurring background checks—especially for high-ranking managers—root-cause analysis, ethical and compliance-culture assessments, etc.
II. The Duty to Respond
Section II elucidates the circumstances where a superior may be exempted from the duty to punish: Either through the direct imposition of an appropriate sanction, by ensuring that investigations are undertaken, or by reporting to the competent authorities. Hence, actions must be taken for keeping wrongdoers accountable for their actions. While in corporate entities disciplinary actions are typically deemed sufficient to address a breach, within military structures, especially concerning the doctrine of superior responsibility, mere disciplinary measures are often inadequate, given that the underlying misconduct is typically classified as a crime. Footnote 41 Yet, a detailed examination of response measures in corporate hierarchies bears significance for the doctrine of superior responsibility.
1. Imposing Disciplinary Measures
Companies typically impose disciplinary measures not only for legal violations but also for breaches of internal rules, guidelines, and compliance programs. This can even extend to failures such as non-participation in training sessions.Footnote 42 The Department of Justice in its Guidance on Evaluation of Corporate Compliance Programs (“DOJ Guidance”) offers instructive questions to guide measures related to employee discipline and investigations, addressing each separately. Concerning disciplinary measures, the DOJ Guidance emphasizes the need for an appropriate human resources process. This process can be assessed using several guiding questions, such as:
Who participates in making disciplinary decisions, including for the type of misconduct at issue? Is the same process followed for each instance of misconduct, and if not, why? Are the actual reasons for discipline communicated to employees? If not, why not? Are there legal or investigation-related reasons for restricting information […]?Footnote 43
The Resource Guide to the U.S. Foreign Corrupt Practices Act (“FCPA Resource Guide”) finds worth considering whether “procedures are applied reliably and promptly, and whether they are commensurate with the violation.”Footnote 44 The document further highlights the evidence that “publicizing disciplinary actions internally, where appropriate under local law, can have an important deterrent effect, demonstrating that unethical and unlawful actions have swift and sure consequences.”Footnote 45
From the afore-mentioned guidelines and exemplary instructive questions can be inferred key attributes that determine effectiveness of a disciplinary system. Alternatively stated, the following elements should be considered critical when evaluating such systems and corresponding measures: i) Decision-making authority; ii) consistency and reliability while imposing measures;Footnote 46 iii) transparent communication within an organization regarding invoked measures and reasons behind them.Footnote 47
How could these points be relevant and considerable for international law?
First, proper imposition of punitive measures hinges on the authority of responsible individuals. If decision-making is concentrated in the wrong quarters, there is the potential risk of violators either escaping justice or receiving penalties that are not commensurate with their offenses. This, in turn, could dilute the deterrent function of such measures. This principle especially holds true in the context of the superior responsibility doctrine, because international criminal law does not stipulate that the superior must personally mete out punishment or initiate investigations; rather, it suffices that the superior takes proactive measures to ensure that these processes are set in motion.Footnote 48 Therefore, the extent of formal competence and decision-making authority dictates the range and type of additional measures a superior might be required to pursue. To ascertain criminal liability of a superior, it becomes paramount to identify which unit or individual usually holds the overall decision-making authority, and not merely in the specific case at hand. A failure in delegation of this power, especially if it goes against an organization’s internal structure, may lead to a failure in ensuring discipline. For instance, if a superior delegates authority to a unit that, as per the organization’s internal structure and policies, lacks the mandate to enforce punitive actions or conduct inquiries, such a delegation fails to adequately discharge the duty to punish. This remains true unless the superior takes alternative appropriate steps to uphold discipline.
An illustration of a stringent decision-making process can be found in Siemens, where the Corporate Disciplinary Committee (“CDC”) was established to scrutinize managerial misconducts and suggest actionable measures.Footnote 49 The CDC comprised esteemed members, with its chairmanship held by the General Counsel of Siemens AG, who was also a part of the Managing Board.Footnote 50 This exemplifies the gravity with which the company addressed any identified or suspected violations. By involving top-tier executives and relevant personnel connected to a particular case, the company demonstrated its commitment to a rigorous and comprehensive approach towards maintaining compliance by disciplinary measures.
Second, the consistent and reliable enforcement of measures is critical for both fairness and efficacy. Subordinates need assurance that any violation will lead to predictable and impartial consequences, free from superiors’ biases. Such consistency strengthens the preventive effect of punitive measures.Footnote 51
How can this principle be practically employed when examining an alleged breach of a superior? The scenario can be assumed where the superior issued what appears to be an appropriate disciplinary action, and subsequently, the case was reported to the state’s investigative authorities. Discrepancies and complexities in such situations arise when: i) The severity of the sanction is inconsistent with past punishments for similar violations; ii) available evidence and information are not relayed to the authorities as comprehensively as in past cases. Even if the chosen disciplinary action and the method of reporting seem fit for that specific offense committed by the subordinate, one cannot dismiss the possibility that the superior might failed to fulfil the duty to enforce punishment. Inconsistent punishments and erratic reporting can skew perceptions. Even if the disciplinary actions in a specific case are deemed adequate, broader inconsistencies can undermine justice on a macro scale. Inconsistencies cloud the bigger picture, as they may place authorities in a tough spot, where they struggle to judge individuals from the same context, or even the same military environment, who commit similar infractions. This can ultimately result in imbalanced and unjust final decisions.
The DOJ Guidance particularly stresses significance of evaluating “the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the types of conduct at issue.”Footnote 52 If this record fails to demonstrate a consistent and appropriate response to all violations—including necessary sanctions—it indicates a breach in the duty to enforce punitive measures, potentially leading to further infringements. The Siemens case serves as a pertinent example: Their management empowered the Compliance Discipline and Integrity department to maintain statistics on company-wide labor law measures for compliance breaches.Footnote 53 Therefore, documenting and keeping statistics regarding committed violations and respective corrective measures is an expedient measure for ensuring consistency of dispensed punishments. In military settings it is not always possible and can be a challenging task, but a robust reporting system can aid commanders in maintaining such statistics or, at least, keep records on committed wrongdoings to the extent possible. This becomes particularly feasible for civilian leaders acting in a non-military setting. Therefore, when tribunals assess the punitive actions of superiors, attention shall also be drawn to consistency and reliability of their enforcement.
Lastly, communication and the act of publicizing disciplinary measures internally can serve as a significant deterrent. This ensures that all members of an organization are aware that misconduct will lead to consequences, reinforcing a culture of accountability. While there might be legitimate reasons for non-disclosure or restricted communication, such as ongoing investigations or legal considerations, transparency is generally beneficial.Footnote 54
2. Conducting Investigations
In Bemba Gombo the ICC, quoting Popović and referring to several other judgments, declared:
[T]he ad hoc tribunals have established what has been termed a “minimum standard” for measures that may fulfil the duty to punish, directing that a Trial Chamber “must look at what steps were taken to secure an adequate investigation capable of leading to the criminal prosecution of the perpetrators”. The duty to punish includes, at least, the obligation to investigate possible crimes in order to establish the facts. The commander is required to take an “important step in the disciplinary process.” [Footnotes omitted].Footnote 55
Superiors have possibility to discharge of the duty to punish by conducting investigations, if they in fact take active steps to secure adequate and effective investigation enabling bringing perpetrators to justice.Footnote 56 Although the tribunals have addressed this issue numerous times in their judgments,Footnote 57 given the anticipated expansion of applicability of international criminal law on private corporation and surrounding controversies around the Bemba Gombo case, it is crucial to gain insights into best practices and legal requirements concerning the corporate officers’ duties to implement proper investigations mechanisms and manage investigative processes in specific cases. For this purpose, the primary reference should be the DOJ Guidance, which underscores two main attributes and success factors of this duty: i) The proper scoping of investigations by qualified personnel, and ii) ensuring an adequate response to the findings of such investigations.Footnote 58
Specifically, in the context of the Bemba Gombo case, the ICC Trial Chamber could have benefitted from considering the principles outlined in the DOJ Guidance and similar standards, when evaluating necessity and reasonableness of measures. Although this does not imply that the Trial Chamber necessarily erred in its evaluation, which is not within the scope of underlying analysis, incorporating the following examples demonstrates how compliance guidelines could have offered relevant considerations for the Trial Chamber’s reasoning.
2.1 Mandate and Scoping
According to the Appeals Chamber, “the Trial Chamber erred in attributing to Mr Bemba any limitations it found in the mandate, execution and/or results of the measures taken.”Footnote 59 The DOJ Guidance emphasizes importance of proper scoping of investigations and that independence and objectivity are guaranteed.Footnote 60 Had the Trial Chamber applied the principles from the DOJ Guidance, along with other best practices, in evaluating the investigations conducted by or under Mr. Bemba’s authority, they might have given due consideration to essential elements like proper scoping, independence, and objectivity. Using the DOJ’s guiding questions as a reference, the Trial Chamber would have been better positioned to ascertain if these factors were meticulously reviewed and factored into their evaluation of the investigations. Footnote 61
For example, by addressing the DOJ’s guiding question—“How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?”Footnote 62 —the Trial Chamber could have concentrated on the depth and breadth of the investigations, confirming they covered all pertinent crimes and incidents. The Trial Chamber might have been prompted to gauge the initiatives undertaken by Bemba or his organization to assure the integrity of the investigative process. Such an assessment would have offered clearer insights into the dependability and trustworthiness of the investigations.
2.2 Empowerment of Competent Forces to Conduct Investigations
According to the Appeals Chamber, “the Trial Chamber erred in finding that Mr Bemba failed to empower other MLC officials to fully and adequately investigate and prosecute crimes.”Footnote 63 The DOJ Guidance further emphasizes importance of empowering compliance personnel to effectively carry out their responsibilities and enforce compliance standards within an organization. This can be seen as a broader principle that applies to various contexts where individuals are tasked with investigating and addressing misconduct or crimes.Footnote 64 In addition, the DOJ Guidance requires that investigations are conducted with sufficient resources and staff with adequate knowledge.Footnote 65 By taking the afore mentioned principles into account, the ICC could have properly examined the criteria and decision-making process used by Bemba or his staff in selecting individuals to conduct investigations. This would have provided insights into the independence, expertise, and impartiality of the investigators. The ICC could have further evaluated whether the reporting and investigating mechanisms were sufficiently funded and reviewed the resources allocated to support the investigative process, such assessments might include examining the financial provisions, staffing levels, and logistical support provided to ensure effective investigations.
2.3 Necessary sources and data for conducting investigations
According to the Appeals Chamber, “the Trial Chamber erred in failing to give any indication of the approximate number of the crimes committed and to assess the impact of this on the determination of whether Mr Bemba took all necessary and reasonable measures.”Footnote 66 The DOJ Guidance provides parameters how effectively data regarding violations and alleged misconduct need to be collected, analyzed, and presented. It might include an assessment of the sources of information, their reliability, and how comprehensively they were used in the judgment.Footnote 67 In the case of Bemba Gombo the ICC could have used these standards to consider relevance of estimating the approximate number of crimes and assess their impact. This issue and respective questions are important for international criminal law as far as they are related to superiors’ commitment to analyse findings and “lessons learnt” for preventing subsequent crimes: If the superior fails to discover root causes of crimes, weaknesses of monitoring system and vulnerabilities, including with respect to other superiors, then these could serve as contributing factors for subsequent wrongdoing.
2.4 Follow-up Measures
Bemba argued that a follow-up on adopted measures is not required under international criminal law.Footnote 68 The ICC could have illuminated the practical relevance and value of the follow-up by referring to standards on corporate governance and compliance. For instance, Handbook on Anti-Corruption Ethics and Compliance offers a best practice example of a multinational company that implemented consistent and robust mechanisms to “improve the investigation and follow up of allegations and concerns raised by employees as well as external stakeholders.”Footnote 69 These mechanisms included follow-up actions to ensure compliance with the Code of Conduct through various channels. Specifically, they required involvement from the Corporate Ethics Committee as well as individual business unit committees. Additionally, the company conducted targeted follow-up awareness campaigns for responsible employees.Footnote 70
As it can be observed, the major discrepancy that the Appeals Chamber found in the Trial Judgment was that the analysis and argumentation of the Trial Chamber was not comprehensive enough, addressing all relevant points. This indicates to the practical relevance for the tribunals to have guiding, but not mandatory, criteria and questions defined in order minimize risks of overlooking relevant aspects of the case. As mentioned above in this Section, the provided opinion of the author is not suggesting the Trial Judgment was flawed or discrepant; the aim is to highlight the potential benefits of considering corporate governance and compliance practices.
In addition to the preceding analysis concerning Bemba Gombo, further relevant insights can be gleaned from the final part of the DOJ Guidance, particularly Section III(C), which specifically addresses the issue of remediation of underlying misconduct. Beyond the previously mentioned essential measures—such as identifying the root cause, pinpointing deficient controls, evaluating high-risk vendors, and detecting prior signs of misconduct—the DOJ underscores the importance of accountability. This involves assigning responsibility to the appropriate violators. Key questions from the DOJ for evaluating the obligation to remediate misconduct include:
What disciplinary actions did the company take in response to the misconduct and were they timely? Were managers held accountable for misconduct that occurred under their supervision? Did the company consider disciplinary actions for failures in supervision? What is the company’s record (e.g., number and types of disciplinary actions) on employee discipline relating to the types of conduct at issue? Has the company ever terminated or otherwise disciplined anyone […] for the type of misconduct at issue?Footnote 71
As the questions suggest, for fulfilling this obligation it is inevitable the company’s response to be: i) Timely and prompt; ii) targeted at senior as well as low-level managers who failed to prevent a violation occurred within their area of responsibility; iii) adequate and stringent, potentially leading to actions like contract termination or bonus reductions, where justified.
Thus, whether in a military setup or a corporate environment, subordinates must be held accountable for their actions. If culprits remain unidentified, launching an investigation becomes imperative. As Griffith articulates, “in the event that a firm’s monitoring efforts uncover potential wrongdoing, an internal investigation is likely to follow. Employees must submit to interrogation or face termination.”Footnote 72
3. Reporting to Authorities
According to ICTY jurisdiction, affirmed later by the ICC in Bemba Gombo, in order to comply with the duty to punish by means of submitting a matter to state authorities the superior must be aware that this authority is competent, to investigate and prosecute, and functioning, hence, not only possessing formal authority.Footnote 73 In this regard the TI Business Principles on Combatting Bribery as well as the UN Convention on Corruption are relevant for comparative analysis. The former encourages enterprises “to cooperate with relevant authorities in connection with bribery and corruption investigations and prosecutions.”Footnote 74 The document—by referring to Article 37(2) of the UN Convention on Corruption—underlines importance of cooperation so far as enterprises can benefit through mitigation in punishment or immunity should liability of wrongdoers come into question.Footnote 75 Article 37(2) outlines three cornerstones of cooperation, specifically regarding the provision of three types of information or assistance:
-
1) Information supply: provision of relevant information and material to investigatory agencies;
-
2) Evidential contribution: equipping prosecutorial units with concrete evidence;
-
3) Restorative collaboration: ”factual, specific help” to the government with the aim to recover the assets that have connection with corruption.Footnote 76
While international criminal tribunals often address the duty to punish and the fulfillment of that duty by superiors in reporting to competent authorities, they do not routinely apply a structured set of criteria like the ones listed above. Their approach, while rigorous, does not always methodically assess whether a superior has supplied all pertinent information and evidence at their disposal. Corporate best practices, though, offer a framework that may be beneficial. For instance, as highlighted in the third point above, corporate officers are not only expected to ensure justice and prevent further offences but also to assist authorities in restoring the status quo ante. This principle of restoration, cooperation, and comprehensive information sharing could serve as an instructive guide for tribunals. It is imperative that when evaluating the actions of military or civilian leaders, tribunals consider not just the act of reporting but the quality and comprehensiveness of that reporting in their quest for justice.
Hadzihasanović is one of the pertinent precedents where the duty to punish, and especially in terms of submitting a matter to competent authorities, was extensively discussed. The court in Hadzihasanović, referring to ICRC Commentary, outlined multiple avenues for discharging the duty to punish. Central to this is the emphasis on presenting as complete factual evidence as possible to ensure subordinate perpetrators are held accountable.Footnote 77 Given the weight placed on the quality of evidence and the obligation on superiors to ensure justice, tribunals could also consider the principles set out in Article 37(2) of the UN Convention on Corruption—including corresponding commentaries.Footnote 78 As explained above, this provision underscores the significance of restoring damages, a principle that could be pivotal when tribunals determine the criteria for examining the duty to report to competent authorities.Footnote 79
In juxtaposing the ICC’s findings in the Bemba Gombo case with the aforementioned standards and principles, one can argue that the court might have benefited from a more comprehensive framework. Considering the Appeals Chamber’s findings, it becomes evident that a detailed assessment of the quality and completeness of provided evidence is indispensable. The Appeals Chamber highlighted that the Trial Chamber did not sufficiently address the content and quality of Bemba’s letter to the CAR Prime Minister, a letter which explicitly requested the establishment of an international commission of inquiry.Footnote 80
In the overarching context of this discussion, the Bemba Gombo case serves as a reminder of the imperative for tribunals to conduct exhaustive and meticulous evaluations of evidence. It emphasizes the risks associated with overlooking key details and the implications such discrepancies can have on ultimate findings. A more methodical approach would better align the ICC’s examination process with prevailing global standards emphasizing cooperation and thoroughness in crime investigations and prosecutions.
III. Synopsis of the Analysis
In synthesizing the critical observations that can inform the refinement of international criminal law and its application, the following points emerge as paramount:
-
The duties to prevent and punish, as enshrined in international criminal law, also encompass detective measures. This echoes the types of measures proposed in standards of corporate governance and compliance management.
-
Generally, when evaluating punitive measures, international criminal tribunals can consider corporate governance and compliance practices and closely examine whether the superior i) delegated the duty to punish to a person/unit possessing sufficient decision-making authority, ii) imposed measures consistently, iii) internally relayed the measures taken and the reasons behind them (where feasible and fitting); and iv) took steps toward restitution.
-
In examining whether a superior conducted an investigation as required as part of the duty to punish, tribunals should focus on whether the superior: i) defined the scope of an investigation aptly (considering factors like units involved, geographical span, and the time duration), ii) endeavoured to maintain the investigation’s objectivity and independence; iii) comprehensively documented the investigative steps, and iv) tracked remediation of detected findings.
-
When assessing the superior’s reporting to competent state authorities, as another facet of the punitive duty, tribunals could also consider if the superior supplied evidence that not only aids in ascertaining culpability of subordinate perpetrators but also facilitates authorities in remedying the damages resulting from criminal infractions. The superior’s proactive measures in response to the misconduct should, at the very least, be taken into account during sentencing. As posited in the DOJ Justice Manual: “In determining whether or not to prosecute a corporation, the government may consider whether the corporation has taken meaningful remedial measures. A corporation’s response to misconduct says much about its willingness to ensure that such misconduct does not recur.”Footnote 81
D. Evaluation Methodologies: Adequacy vs. Effectiveness
This Section is relevant and can be applied not only to the superiors’ duties but to other two elements of the doctrine as well, especially superior-subordinate relationship. The primary focus is not how certain principles or components of corporate governance and compliance can be applied to military management and thereby to the doctrine of superior responsibility, but rather the methodology of examining its elements. It is a widely acknowledged principle of corporate governance and compliance that the organization’s structure, its systems and respective measures must be adequate (i) and effective (ii). Therefore, evaluation has to be performed with respect to these two dimensions. This principle is embedded in the compliance management assurance standards of German Public Auditors, the IDW AsS 980.Footnote 82 In line with the IDW AsS 980, review of adequacy aims to ensure that the CMS auditor obtains sufficient assurance as to whether:
-
The regulations of the CMS implemented at a particular point in time are adequately defined and represented in the CMS description in compliance with the applied CMS principles in all material respects;
-
The represented regulations, in accordance with the applied CMS principles in all essential aspects: i) Are suitable, with sufficient certainty, to both identify risks of significant regulatory violations in a timely manner and to prevent such violations, and ii) were implemented at a specific point in time.Footnote 83
Thus, “adequacy” primarily implies examination of the design of a system and whether its main mechanisms are implemented within an organization. “Effectiveness” is a step forward, going beyond the design and focuses on the system’s actual functionality in real-world scenarios. A compliance management system is deemed effective when the defined regulations and processes, once assessed as adequate, are consistently and appropriately followed in practice.Footnote 84
The DOJ Guidance also highlights the concepts of “adequacy and effectiveness” as key evaluation criteria.Footnote 85 While the DOJ recognizes that compliance management systems must be evaluated within their unique contexts, rendering any rigid or pre-defined formula unsuitable, it nonetheless supports an overarching approach centered on adequacy and effectiveness.Footnote 86
Accordingly, while evaluating compliance management and internal control systems, it is inevitable to focus not only on how these systems and related mechanisms are designed, but also whether they—given that they are designed appropriately—work in practice, that is, whether they achieve the objectives for which they are designed and implemented. For example, an internal control system might be meticulously crafted to prevent fraud and bribery. It may have well-defined policies, streamlined IT tools, proper responsibility allocation, and the necessary technical support. Yet, if the personnel managing this system, despite receiving adequate training, lack necessary technical knowledge and experience, overlooks “red flags,” the system is to be deemed ineffective irrespective of its robust design. In such scenarios, the internal control systems, though adequately designed, fall short in preventing fraud and combatting bribery.
International criminal tribunals typically do not differentiate between the design and operational effectiveness of superiors’ control systems, existing mechanisms, and measures. While they may implicitly consider this distinction, their primary focus lies on assessing whether the measures in place are both necessary and reasonable. This means that the measures should be both feasible to be implemented and effective in preventing criminal offenses. In this context, “effectiveness” emerges as a pivotal criterion in international criminal law. Yet, the doctrine of superior responsibility does not explicitly incorporate the “adequacy” criterion. Instead, it is subsumed under “effectiveness,” which, in turn, mirrors the “necessity” criterion.
It is plausible to contend that utilizing the methodology ingrained within corporate frameworks—specifically, the evaluation of measures for their adequacy and effectiveness as integral components of corporate governance and compliance practices—will ease the scrutiny of various elements of the superior responsibility doctrine. This pertains not only to cases involving civilian leaders but also military commanders. Furthermore, this approach can enhance transparency and potentially clarify and reduce controversy in judges’ reasoning, in relation to both general and specific duties.
The above stated can be illuminated by an example of the issuance of preventive orders. Orders are among the most common and effective means to prevent crime. Superiors who make concerted efforts to prevent offenses by issuing binding orders often assert that they have done everything possible to avoid undesired consequences. The scenario can be considered where superior orders subordinate units to halt military activities for a certain period within a specific area. Such an order, being timely, applicable to the right target group of subordinates, binding, and communicated via suitable channels, seems to meet the required criteria and is adequately designed. But should it be inferred that it is also effective and, thus, necessary as per the requisites of the doctrine? An evaluation should note that even if a crime cannot be prevented by a specific measure, it does not directly imply its ineffectiveness; the crux is whether it is deemed effective in similar circumstances—capable of preventing undesired consequences in a comparable scenario. To accurately judge the effectiveness of the issued order in the aforementioned scenario, further factors must be considered. Although initially the measure seems to meet all criteria to be assessed as “necessary,” it must also be examined whether the superior took actions to ascertain that subordinates indeed received the order as it was intended, they understood its purpose and content, and committed themselves to implement it. The criterion of “necessity” might gloss over these facets, while a test of “effectiveness” under internal control systems and compliance standards is more nuanced approach that addresses the practical outcomes of measures with precision. It puts the clear border line between the measures which due to their design are capable and effective to prevent violations and the ones which were effective in a concrete real-world situation.
This distinction is equally pertinent for general obligations and their respective measures. The example on reporting systems, including whistleblowing mechanisms, underscores the importance of this issue. A reporting system may be deemed adequately designed if, for instance, it is equipped with all necessary technical amenities, covers all risky divisions and geographical areas, ensures direct transmission of reports to the superiors in charge, has an employee number that corresponds to actual needs, and features trained staff. However, if there is a lack of trust in the confidentiality of the whistleblowing hotline or if employees fear retaliation for speaking up, they may be reluctant to use the reporting channel. As a result, important information about potential wrongdoing may go unreported, undermining the effectiveness of the hotline as a mechanism for early detection and prevention of misconduct. This might result in the superior being inadequately informed and less able to detect possible wrongdoings. If this aspect is not considered and examined, the court may be misled into concluding that the reporting system is properly implemented. This example is also applicable for the element of effective control and its evaluation.
Several instances can be identified where the tribunals’ reasoning and evaluation lacked the requisite precision and structure, with the case of Bemba Gombo serving as a pertinent example. Despite the presence of compelling evidence indicating that Bemba neglected various possible measures, and with the ICC enumerating them, making his culpability apparent, the court’s deliberations were neither sufficiently comprehensive nor explicit. The Trial Chamber could have offered a clearer elucidation regarding why the actions undertaken by the accused were insufficient, or in other words, neither necessary nor reasonable. An excerpt from the judgment illustrates the point under discussion:
Further to noting indications that the measures set out above were not properly and sincerely executed, the Chamber finds that the measures Mr Bemba took were a grossly inadequate response to the consistent information of widespread crimes committed by MLC soldiers in the CAR of which Mr. Bemba had knowledge. The inadequacy of the minimal measures Mr Bemba took is aggravated by indications as set out above, that they were not genuine, the manner in which such measures were executed, and the fact that only public allegations of crimes by MLC soldiers prompted any reaction, and then only to limited extent.” [Emphasis added].Footnote 87
Besides utilizing generic language without unpacking the meanings of terms such as “not properly and sincerely” and “grossly inadequate,” the court also highlighted that the measures were not genuine. While it is acceptable to indicate the accused’s subjective motives, objective factors—for example, why measures were ineffective—demand more specific evaluation. Furthermore, the Trial Chamber stated:
Mr Bemba’s reactions were limited to general, public warnings to his troops not to mistreat the civilian population, the creation of two investigative commissions, the trial of seven low-ranking soldiers on charges of pillaging of goods of limited value, and the Sibut Mission, which was not an investigation. The mandates of the two investigative commissions were limited to the allegations of pillaging committed in the initial days of the 2002-2003 CAR Operation in Bangui and pillaged goods being transported via Zongo.Footnote 88
Even if it was sufficiently evident, the court fell short in providing a thoroughly examined argument or, at the very least, a transparent concluding statement regarding why these public warnings and investigative measures were inadequate and ineffective in preventing misdeeds and facilitating the prosecution of perpetrators.
The Karadžić Trial Chamber judgment presents a similar example, notably concerning the duty to prevent crimes and the critical importance of executing follow-up measures. In this instance, the ICTY posited that merely issuing preventive orders is not sufficient to deter subordinates’ crimes unless the superior takes measures to ensure that their actual implementation effectively averts criminal activities.Footnote 89 The Chamber particularly concluded that “orders are not reflective of genuine efforts to prevent such crimes.”Footnote 90 While the Trial Chamber’s conclusion is valid—asserting that without conscientious and proactive actions to enforce measures, mere issuance of orders becomes futile in preventing subordinates from committing crimes—its rationale lacks comprehensive and explicit exposition. The term “genuine efforts” emanates ambiguity; it is sufficiently broad to be applicable to myriad scenarios, and though one might deduce that the ICTY meant the measures were ineffective in this context, this is not explicitly stated and elucidated. Consequently, a structured approach to evaluating the adequacy and effectiveness of measures, in alignment with corporate governance and compliance management principles, could have bestowed more clarity and precision upon this segment of the judgment.
It is pivotal to stress that this analysis is not designed to critique the tribunals’ deliberations or dispute validity of its findings and conclusions. Rather, it aims to spotlight certain imperfections and argue that employing vague language in future instances—especially where evidence of a superior’s culpability is not robust—might render reasoning and judgments insufficiently clear and inadequately substantiated.
The examples provided illustrate that despite inherent challenges and potential downsides in defining evaluation criteria, discussed in Section 6.2, strides should be made to formulate guiding, not mandatory, questions/criteria, akin to those found in the DOJ Guidance on the Evaluation of Corporate Compliance Programs, DOJ Justice Manual, IDW AsS 980 (Draft), etcetera. The assertion here is not that the discussed criteria of adequacy and effectiveness, along with their corresponding methods, are the most apt. The objective has been to illuminate the utility and prospective advantages of methodological approaches ingrained in corporate governance and compliance practices.
E. Conclusion
This article has provided an overarching perspective on the third element of the doctrine of superior responsibility. The primary objective was not to independently analyze the duties to prevent and punish in comparison to their counterparts in international criminal law. Instead, the focus was placed on examining the interrelationship between these duties and gaining an overall understanding of the design, classification, and systematic nature of the measures encompassed by these duties. Another objective was to address the duty to punish separately. This involved a detailed investigation of its three aspects: imposition of criminal penalties, sanctions, or, if appropriate, other disciplinary measures; conduct of investigations; and submission of matters to the competent state authorities.
Initially, it was deduced and highlighted that general and specific control obligations, along with the measures they entail—although partially overlapping—possess distinct natures. This was followed by providing examples illustrating that, from a practical standpoint, the differentiation between these two, while irrelevant in certain scenarios, as one can imply the other, can be crucial in other circumstances for a thorough examination of the superiors’ conduct. Therefore, blurring and ignoring the line between these duties is not only incorrect, both in practice and in theory, but it can also affect the quality of the court’s reasoning and, consequently, the enforcement of criminal justice.
In the second part of this article, specifically in Section C.I, it was demonstrated that the preventive and punitive measures outlined in international criminal law inherently encompass detective measures as well. The argument put forth was that, although from a theoretical perspective, further differentiation and categorization of measures may not significantly contribute to the dogmatic development and refinement of the doctrine of superior responsibility, it can be valuable when assessing whether a superior has taken all necessary and reasonable steps to prevent criminal offenses and/or punish subordinate perpetrators. Thus, in certain circumstances, it can offer practical benefit.
Subsequently, the duty to punish was examined, with the primary goal of shedding light on how corresponding obligations are recognized and applied in the business sector. In this regard, the following observations were made, along with accompanying recommendations:
-
When punitive measures are subject to examination, it is expedient and appropriate that international criminal courts consider corporate governance principles and practices and evaluate whether the superior: i) Delegated the duty to punish to an individual or unit with sufficient decision-making authority, ii) consistently implemented measures, iii) communicated imposed measures and their rationale—if feasible and appropriate.
-
When evaluating an investigation carried out by superiors as part of their duty to punish, it is expedient and appropriate for international criminal courts to focus on whether the superior: i) Accurately defined the investigation’s scope (including units, geographical coverage, and an appropriate timeframe), ii) took measures to ensure objectivity and independence of the investigation, iii) documented the entire investigation process and its findings, and iv) monitored the remediation of identified issues.
Furthermore, the standards and best practices in corporate governance and compliance suggest that when taking actions to hold wrongdoers accountable, such as imposing punitive or disciplinary measures or providing evidence to state authorities, corporate officers must also assess whether their actions are adequate to restore the rights of affected individuals. They should consider what additional measures may be necessary or what additional evidence needs to be provided to achieve this goal. In similar vein, while not always determinative in establishing culpability, the superior’s response to misconduct through remedial measures should, at the very least, be considered relevant during sentencing.Footnote 91
The final part, Section D, focuses on the methodological approach for evaluating the measures that superiors are required to implement as part of their duties to prevent and punish. In this context, it is acknowledged that the international criminal tribunals correctly view such evaluations as a matter of evidence rather than strictly a matter of law. Consequently, establishing a clear set of criteria is deemed impractical. Nevertheless, having more clear guidance can yield practical benefits. Therefore, understanding how such evaluations are conducted in the business sector is valuable. To this end, the analysis encompassed evaluation methodologies, guiding questions, and indicators found in international as well as US/German standards. These methodologies and standards are employed by state authorities when assessing corporate compliance programs and the obligations/actions of corporate officers. Through the examination of several scenarios, the recommendation is made that the ICC and other acting tribunals should consider adopting a similar approach and specific methodologies in their assessments.
Notwithstanding the foregoing, it is not claimed that these methodologies, along with the criteria of adequacy and effectiveness, are the most pertinent. Instead, the argument was made that recent developments, as described above in Introduction, and potential proceedings involving private corporations and their executives make it expedient for international courts to draw lessons from national jurisdictions as well as consider the application of knowledge and standards prevalent in business and corporate governance practices.
Finally, as noted by Ambos, Article 28 of the Rome Statute bears structural similarities to both §130 of OWiG and §41 of WStG.Footnote 92 In the Commentary on § 130 OWiG, as authored by Rogall, reference is made to the requirement of implementing a risk management and compliance function, particularly in cases where it is prescribed by law.Footnote 93 Rogall also discusses this topic within the context of task allocation and responsibilities among employees. He emphasizes the growing significance of Corporate Compliance as an organizational function, asserting that it, along with Internal Audit, constitutes the core of a risk management system. As a result, companies and their executives are obligated to establish and operationalize an effective compliance program to fulfill their duty of supervision.Footnote 94 This aligns with one of the main recommendations of this article, highlighting that invoking corporate governance and compliance management practices is not only beneficial and expedient but, in certain situations, essential for assessing the duties and actions of superiors. It also aids in determining whether the superior was in a position to exercise sufficient power and control, rendering the above discussed comparative insights more valuable.
Acknowledgements
I would like to express my sincere gratitude to Prof. Stijn Franken and Prof. Ferry de Jong for their initial guidance, support and encouragement, without which I would have lacked the confidence to pursue the interdisciplinary research which forms the basis of this article.
Competing Interests
The author declares none.
Funding Statement
There is no specific funding associated with this Article.