Well-designed regulations seek to correct for market failures. But they can only protect society if they are followed. For decades, an assumption has prevailed throughout regulatory circles that most businesses are willing to comply with most regulations as long as regulators go after the relatively few truly bad actors. After all, regulated companies don’t want to be made a sucker for following the rules while others face no repercussions for not doing so. The real problem, then, has been thought to lie with the relatively few “bad apples”: if regulators punish them, the rest of industry will keep in line.

This logic has its grounding in more than just hopefulness about corporations’ willingness to comply with costly regulations in the face of some modest level of enforcement. It stems from an aphorism widely attributed to Chester Bowles, who headed the Office of Price Administration (OPA) during World War II and later was governor of Connecticut, a member of Congress, and ambassador to India. Bowles is usually quoted as saying something like this: “Twenty percent of the regulated population will automatically comply with any regulation, 5 percent will attempt to evade it, and the remaining 75 percent will comply as long as they think that the 5 percent will be caught and punished.”

Among regulatory scholars, this aphorism has assumed a pride of place, sometimes literally so by being situated as an epigraph within scholarly work. It has been cited widely by legal scholars, social scientists, and regulatory officials. (I have done so myself.) It has even spread around the world. With just a few minutes of internet searching, it is easy to find references to Bowles’s tidy “20–5–75” percent division of the regulated population in sources from Australia, Canada, Ireland, New Zealand, South Africa, and the United Kingdom, in addition to the United States. Officials at a Canadian standards body apparently think so much of the aphorism that they have placed it on their organization’s homepage. To say that Bowles’s quip has been “oft-quoted” would be an understatement.

What Bowles Really Meant

Of course, it’s hard to disagree with the idea that different firms will have different propensities to comply with regulations. But Bowles offered no systematic research to support his particular division of the world. The percentages he offered were not based on empirical study. Indeed, even though everyone seems to quote Bowles as treating 5 percent of the population as bad apples, when I revisited the original source of the aphorism recently, I discovered that he actually pegged that rate at only 2–3 percent.

It should be surprising that Bowles’s rule of thumb has been so widely accepted as describing the world today, given that he formed his views about regulatory compliance so long ago. He served as the OPA administrator during the last several years of World War II. According to his memoir, he formed his observations about compliance propensities from even earlier public service work he did in Connecticut before he assumed the leadership of the OPA. One must wonder whether willingness to comply with rules is the same today as it was nearly 80 years ago during the heyday of World War II patriotism. In the last several decades alone, the United States—like other countries—has witnessed a dramatic decline in levels of public trust in government, which presumably affects people’s willingness to follow the law.

When I revisited the canonical source of Bowles’s quotation—a memoir he published in the early 1970s—it became clear to me how much those of us working in the regulatory world have collectively misattributed or misread Bowles. The “regulated population” in his aphorism is almost always understood to be private firms. Sometimes he is explicitly said to be referring to compliance by “regulated businesses” or “regulated firms.” But in fact, rather than addressing business behavior, Bowles had in mind individual behavior.

In addition, rather than drawing on his experience at OPA with enforcing price controls, he was actually making an observation about compliance with a federal ban on “pleasure driving” that had been put in place during wartime in an attempt to promote fuel conservation. He was not referring to regulations in general, and not to rules placed on businesses as they sought to turn a profit. His breakdown of compliance propensities was in response to a set of restrictions that applied to individuals in their everyday lives.

Bowles said that, after the pleasure-driving ban went into effect, he came to conclude that a “very small percentage of the public—perhaps 2 or 3 percent” were “inherently dishonest.” He continued that “something like 20 percent can be trusted to obey the law regardless of what others do,” and “the remaining 75 percent or so genuinely want to be honest, but they are also determined not to confirm P.T. Barnum’s assertion that ‘a sucker is born every minute.’”

For Bowles, one of the main problems with the pleasure-driving ban seemed to be that it was nearly impossible to enforce. How, after all, could a police officer tell if a motorist was out for a leisurely ride versus traveling for a purposeful reason, such as to visit a sick relative? According to Bowles, one of the key lessons to be drawn from the ban on pleasure driving was, as he put it, “clearly … to avoid unenforceable laws.” In other words, the pleasure-driving ban fiasco—the source of Bowles’s widely cited aphorism—was as much a lesson about regulatory overreach as it was about regulatory enforcement and compliance.

Compliance Today

For us today, we would do well to ask what lessons we ought to draw from a more accurate understanding of Bowles’s aphorism. Surely we can still accept the basic insight that firms vary in the degree to which they comply with regulations. And maybe Bowles was also right to advise regulators, as he did, to enforce “rigidly” those laws “which the majority are prepared to support.” But how many regulations are ones that a majority today supports?

According to a Gallup poll taken last year, “majorities of Americans in all party groups are currently dissatisfied with the government’s regulation of businesses and industries.” Another Gallup poll finds that a plurality of Americans (43 percent) think the United States has too much regulation, while only 25 percent of respondents think it has too little and 30 percent think it has the right amount.

Of course, no matter what the right level of regulation may be, surely no one can deny that regulators would do well to go after bad apples. But how many corporate actors are proverbial bad apples? Study after study has returned evidence of extensive regulatory noncompliance, some of it constituting downright criminal behavior. As one study by law professors Dorothy Lund and Natasha Sarin recently noted, “measures of white-collar crime in the United States estimate that it costs anywhere from $426 billion to $1.7 trillion annually.” Noncompliance with some—even many—regulations might well be the norm rather than the exception. It has been estimated by the U.S. Environmental Protection Agency, for example, that perhaps as many as 75 percent of all major polluters in the United States violate their environmental regulatory requirements every year.

Might noncompliance be endemic because regulators are not acting “rigidly” enough to enforce regulations? Perhaps. Or it may be because many regulations today are the functional equivalent of banning pleasure driving—that is, they have become so profuse and complex that they are neither well accepted nor realistically feasible to enforce.

Some observers—such as Philip Howard, author of the best-selling 1995 book The Death of Common Sense—might well agree that we have too many business regulations today that are the equivalent of pleasure-driving bans. The political divisiveness of COVID-related mask and vaccine mandates in recent years would also seem to belie any simplistic notion of a vast public ready to comply if just a small percentage of individuals who actively resist are caught and sanctioned. Compliance with COVID restrictions may have started out strong in the earliest days of the health emergency in 2020, as many members of the public accepted the need to “bend the curve” of hospitalizations and deaths. But with the passage of time, resistance grew. Even states with elected leaders who supported COVID restrictions came to lift them rather rapidly in early 2022, not so much because of a sudden, dramatic decline in the incidence of the disease, but rather in no small part because of public fatigue with these restrictions.

The COVID experience reveals how complicated compliance can be. It can shift over time, and it can vary depending on the perceived reasonableness of the regulatory obligations. And yet, despite important contributions by many scholars over the years, we still need more empirical research on the complicated question of why individuals and businesses comply with regulations—and why they do not. A more faithful reading of Bowles—rather than just the continued canonical quotation of him—might well help lead regulators and regulatory scholars to look harder for the key contextual factors that explain varying rates of compliance across sectors and over time.

One of many questions that might motivate future research would be, does the accumulation of regulations—pebbles in the stream as Progressive Policy Institute economists Michael Mandel and Diana Carew once put it—make noncompliance more likely? An increase in regulatory obligations clearly increases the sheer number of possible opportunities when noncompliance might occur. But it may also make noncompliance more likely because it makes it harder for regulated entities and their managers to know all their regulatory obligations. An accumulation of rules and an increase in their complexity might also make regulation appear less reasonable, which could contribute to noncompliance by reducing perceived legitimacy.

Role of Incentives

Inducing compliance is almost certainly not as easy as just finding a small percentage of firms that are bad apples. What justifies regulation, after all, is the misalignment of private incentives with public goals. If regulation is needed because firms have strong incentives to act in some other manner, merely inserting a new page in the government’s rule book will not make those (misaligned) incentives disappear. Moreover, often regulatory compliance requires sustaining behavioral change over time, which can be especially challenging for individuals and organizations to maintain even when they might start out with strong motivations to comply. Think about how hard it is for most people to stay the course when they go on a diet to lose weight.

Regulators would do well to think more about how to secure compliance when they design rules in the first place. In a recent book, a former head of the EPA’s enforcement office, Cynthia Giles, emphasizes the importance of integrating analysis of enforcement and compliance into the process of creating rules in the first place. If regulations can be designed at the outset to be more enforceable, then compliance should improve and that should make it more likely that regulatory problems can be solved.

Recent revisions to the Office of Information and Regulatory Affairs’ Circular A‑4 guidelines for regulatory analysis take a step in the right direction by admonishing agencies that “assuming full compliance may be inappropriate when available evidence suggests imperfect compliance is likely.” The revisions note that in agencies’ analyses of new regulations, “it may be helpful to specifically address how regulatory design and enforcement decisions will affect compliance and administrative costs.” The revised Circular encourages agencies to consider a variety of “alternative monitoring and reporting methods” such as “on-site inspections, periodic reporting, and noncompliance penalties structured to provide the most appropriate incentives.”

These kinds of recommendations make sense because today it hardly seems all that reasonable to assume that only 2–3 percent, or even 5 percent, of businesses have little compunction about ignoring the law or looking the other way at instances of noncompliance. Some businesses—think early Uber or, consider more recently, certain cryptocurrency companies—have been said to have built business strategies around pushing legal boundaries and even breaking the law. Law professors Elizabeth Pollman and Jordan Barry, for example, have written about an entirely new form of “regulatory entrepreneurship” according to which firms “simply push forward with the business while hoping that regulators and enforcement agencies will not come knocking.”

Conclusion

Today, it would seem not to be realistic—if it ever was—to assume that there exists a large silent majority of 75 percent of firms within any industry that stand ready and willing to follow the rules as long as they know they will not be played the fool for doing so. If that common assumption is rejected—and especially if we were to assume the opposite, that most firms are willing to take their chances at getting caught—then the enforcement challenges confronting regulators would look much more profound than just catching a few truly bad apples. Securing compliance might well be—as perhaps it always has been—a Sisyphean task.

A world in which most firms are bad apples, or could easily become them, is a world in which current government enforcement capacities can easily become outmatched by the numbers of those who can evade detection. Regulators not only need to think harder about compliance when creating rules in the first place, but they may also need substantially increased enforcement resources. And it may be that those resources will never be truly sufficient, so it will also likely make sense for agencies to use state-of-the-art analytic tools such as big data and machine-learning algorithms. In other co-authored work, Sarin has estimated that an investment of just tens of billions of dollars in enhancing enforcement of tax regulations, including by adopting extensive technological enhancements, would yield an increase in hundreds of billions of dollars in new revenues.

Whatever the true underlying rates of regulatory recalcitrance—and presumably they vary over time and across sectors and regulatory domains—if regulators are to expect to improve compliance, those of us in the regulatory research community must do more than simply continue to assume that most corporations will comply as long as there exist relatively minimal efforts at enforcement. Strikingly, despite the expanse of time since Bowles’s days as a regulator, we have not achieved a corresponding expanse in our understanding of compliance and noncompliance. According to a recent meta-analysis conducted by Sally Simpson, Bill Laufer, and other criminologists, it remains that “corporate crime is a poorly understood problem with little known about effective strategies to prevent and control it.”

We can clearly do better. Both researchers and regulators need to recognize compliance as itself a regulatory problem needing to be solved. Improved outcomes in the world, after all, stem from more than just the adoption of new regulations on the books. The regulations on the books certainly need to be sensible and sound. But even when they are, making the world better through regulation necessitates adopting the right kinds of monitoring and enforcement actions—and then constantly seeking to evaluate and improve those actions so as to induce the corporate behavioral changes needed to solve society’s panoply of regulatory problems.

Readings

  • “Building Better Compliance,” by Cary Coglianese. Texas Law Review 100: 192–214 (2022).
  • “CBO Recognizes, but Understates, Potential of Tax Compliance Efforts,” by Natasha Sarin and Lawrence Summers. Tax Notes Federal, July 20, 2020.
  • “Contractual Compliance and the Federal Income Tax System,” by John Scholz. Journal of Law & Policy 13: 139–203 (2003).
  • “Cooperative Implementation of Federal Regulations,” by Douglas Michael. Yale Journal on Regulation 13: 535–601 (1996).
  • “Corporate Crime and Punishment: An Empirical Study,” by Dorothy Lund and Natasha Sarin. Texas Law Review 100: 287–352 (2022).
  • “Corporate Crime Deterrence: A Systematic Review,” by Sally Simpson, Melissa Rorie, Mariel Alper, et al. Campbell Systematic Reviews 10: 1–116 (2014).
  • “Deterrence vs. Cooperation and the Evolving Theory of Environmental Enforcement,” by Clifford Rechtschaffen. Southern California Law Review 71: 1181–1272 (1998).
  • “General Deterrence and Corporate Environmental Behavior,” by Dorothy Thornton, Neil Gunningham, and Robert Kagan. Law & Policy 27: 262–288 (2005).
  • Next Generation Compliance: Environmental Regulation for the Modern Era, by Cynthia Giles. Oxford University Press, 2022.
  • “Procedural Fairness and Compliance with the Law,” by Tom Tyler. Swiss Journal of Economics & Statistics 133: 219–240 (1997).
  • Promises to Keep: My Years in Public Life, 1941–1969, by Chester Bowles. Harper & Row, 1971.
  • “Punishment Versus Cooperation in Regulatory Enforcement: A Case Study of OSHA,” by Sidney Shapiro and Randy Rabinowitz. Administrative Law Review 49: 713–762 (1997).
  • “Regulating by Robot: Administrative Decision Making in the Machine-Learning Era,” by Cary Coglianese and David Lehr. Georgetown Law Journal 105: 1147–1223 (2017).
  • Regulation and Regulatory Processes, edited by Cary Coglianese and Robert Kagan. Ashgate Publishing Company, 2007.
  • “Regulatory Entrepreneurship,” by Elizabeth Pollman and Jordan Barry. Southern California Law Review 90: 383–448 (2017).
  • “Regulatory Improvement Commission: A Politically Viable Approach to U.S. Regulatory Reform,” by Michael Mandel and Diana Carew. Progressive Policy Institute, May 2013.
  • Responsive Regulation: Transcending the Deregulation Debate, by Ian Ayres and John Braithwaite. Oxford University Press, 1992.
  • The Cambridge Handbook of Compliance, edited by Benjamin van Rooij and Daniel Sokol. Cambridge University Press, 2021.
  • Why People Obey the Law, by Tom Tyler. Princeton University Press, 2006.
  • Why They Do It: Inside the Mind of the White-Collar Criminal, by Eugene Soltes. PublicAffairs, 2016.