Several months ago The Compliance and Ethics Blog posted a piece I’d written entitled, “Yet Another Scandal in Sports.” The piece reported on a former scouting director of the St. Louis Cardinals, Chris Correa, who had pleaded guilty to five counts of criminal charges in connection with the hacking of the Houston Astros’ database. At the time, the Wall Street Journalnoted “it was the first known case of cyber-espionage involving a professional sports team hacking into another team’s database.”
Now Correa has been sentenced to nearly four years in prison, along with a court order to pay $279,038 in restitution – a harsh sentence and penalty by almost anyone’s standards. Correa has acknowledged “I violated my values and it was wrong. I behaved shamefully. The whole episode represents the worst thing I’ve done in my life by far.”
Major League Baseball has now launched its own investigation of the hacking scandal and could discipline the Cardinals, possibly with a fine or a loss of draft picks. As happens so often in cases involving wrongdoing in sports, the Cardinals’ Chairman blamed the hack on “roguish behavior” by a handful of individuals. Sports enthusiasts will recall former NBA referee, Tim Donaghy, who was convicted in connection with a betting scandal in the League, also spent time in prison. Similarly, the NBA Commissioner at the time said that Donaghy was a rogue referee, seemingly absolving the League of any responsibility for preventing Donaghy’s criminal acts.
But to blame malfeasance simply on roguish individuals misses the point. The fact is that no sports organization in America has implemented a formal, effective, integrity and compliance program like that commonly found in many businesses and industries. Most sports organizations have never even contemplated establishing such a program, let alone modeling it after the proven U.S. Sentencing Commission Guidelines for Effective Compliance and Ethics Programs.
In the case of the Cardinals’ hacking scandal, it evidently involved not just Correa, but others who must have known what they were doing was wrong. Yet there was apparently no system or program in place for someone to report the wrongdoing without fear of retaliation. Or perhaps the team’s culture was such that the hacking was acceptable in an era of gaining an edge at any cost.
Commonsense tells us that no compliance program can prevent every instance of wrongdoing. But an effective program where all employees are trained on the essentials of the program, including a system for anonymous reporting of wrongdoing, can go a long way towards ensuring roguish behavior will be detected and reported and punished.
Some might consider such a compliance program to be too much trouble. But it seems vastly superior to the status quo where, for want of a little effort, major sports organizations and star athletes suffer the humiliation of being found out and tried in a court of law or the court of public opinion.