In a fraught ethics and legal climate, leaders need to know how to steer clear of trouble more than ever.
Corporate Criminal Investigations and Prosecutions, released in September, offers a comprehensive resource on everything from the history of corporate criminal liability law to investigation procedures, foreign corrupt practices, and virtual currency. The book speaks to “how organizations are actually held criminally accountable,” says co-author Eugene F. Soltes, the McLean Family Professor of Business Administration at Harvard Business School, who wrote the book with Daniel Kahn and Leo Tsao, both of whom held senior positions in the US Department of Justice’s criminal division and now are Harvard Law School lecturers. It explores the topics through cases such as Wells Fargo’s creation of thousands of fake accounts, and the bribes that Walmart and Avon Products gave to overseas officials.
Soltes turns his hand to corporate crime after making a media splash with his 2016 book, Why They Do It: Inside the Mind of a White-Collar Criminal. Based on personal visits, letters, and phone calls with 48 disgraced executives—among them, the late Ponzi fraudster Bernie Madoff and convicted Enron executives—he concluded that their crimes were seldom calculated, but rather inspired by gut feelings and a striking absence of empathy for the clients who lost their money.
Soltes talked to HBS Working Knowledge about the challenge that corporate wrongdoing poses for prosecutors and why good companies commit criminal violations. The interview has been edited for length and clarity.
“Executives at large companies often have limited knowledge of the risk that their companies can face for potential wrongdoing. ”
Lane Lambert: What inspired you to write this book?
Eugene Soltes: In many people's minds, the idea of how organizations are held criminally accountable is perplexing, because you think of crime and punishment being associated with individuals, because only individuals can go to prison. But actually, much of the most prominent criminal accountability comes from companies and has included companies as well-known as Pfizer, Microsoft, Airbus, and Goldman Sachs. Executives at large companies often have limited knowledge of the risk that their companies can face for potential wrongdoing.
Lambert: How does a company find itself facing criminal liability?
Soltes: We use a standard called respondeat superior (an executive is responsible for the acts of employees). If almost all the benefit [of a criminal act] goes to the individual, but some—even small benefit—still goes to the company, the entire organization can be held criminally liable. That’s extraordinarily powerful. It’s a broad standard and a very high bar. It’s something that should rightfully concern leaders of companies.
Organizations are held responsible for collectively understanding what is known about its dealings for good reason. Without that, you could have a bizarre situation where people are individually doing things that are reasonably innocuous, but collectively they are doing something very devious. So, if you don't have that liability for such “collective knowledge,” you could conjure up some really sketchy activities and neither the company nor any individuals would be held liable.
Lambert: Are there any sensational recent cases of this kind of behavior?
Soltes: The part that makes your question interesting is that we often divide the world into good and bad companies, but that's too superficial.
Take a company like Pfizer. We have a debt of gratitude, because they're helping us get through COVID-19. But Pfizer has also violated criminal laws. So, how do we bridge that gap with companies that are doing both a lot of good, but also violating laws?
“An increasing number of savvy companies that choose not to voluntarily report are addressing the misconduct and improving the controls to not have it arise again.”
Lambert: Is it helpful for such companies report violations? Or should they just go ahead and cooperate with investigators?
Soltes: On the one hand, there are many incentives to self- report because the Department of Justice gives considerable credit, which reduces sanctions and penalties, to report. However, even if the company is not charged, they may still be forced to engage in internal investigations that can cost many millions of dollars; civil regulators like the SEC may choose to charge; and if misconduct is later discovered, the company may be seen as a recidivist. Thus, you see a lot of firms agonizing trying to figure out whether they should voluntarily self-report or not. An increasing number of savvy companies that choose not to voluntarily report are addressing the misconduct and improving the controls to not have it arise again. If it later gets reported, then the company can say, “We addressed it, we fired the people involved, we created systems so it wouldn't happen again.”
Lambert: What changes are you seeing in corporate liability law?
Soltes: Companies are increasingly incentivized to design an effective compliance program. No one defines the word “effective,” and I think it's led to a lot of different views and opinions about what that means. Over time, companies are becoming more sophisticated, and prosecutors are also becoming more sophisticated in evaluating programs. In short, I like to think of effective as meaning it has an actual impact on employee behavior. It’s not simply enough to have policies and procedures on paper. Companies are becoming more savvy because they realize the best defense is offense.
Lambert: Are companies beginning to realize that these programs are a good thing?
Soltes: Many certainly, but not all. Some companies are still very “check the box.” It's why employees are cynical about compliance programs. They see reviewing the code of conduct and training as annoying and taking them away from their productive work. It’s not actually seeking to change people’s behavior. For most leaders of companies, they are rightly interested in strategy, marketing, operation—they don’t want to be spending many hours and millions of dollars on external counsel and advisors to resolve misconduct issues. The best way of making sure of that is, again, by designing real systems and processes to try to prevent those skeletons from emerging.
“Ultimately, leaders need to make sure that the risk can be controlled.”
Lambert: When you talk to executives and managers about corporate liability, what is your basic message?
Soltes: You hear every corporate leader talk about their company's culture, and they often describe it as this one, homogeneous culture. But, really, any company of any reasonable size is an amalgamation of hundreds of subcultures, and some of these subcultures are very much aligned with the vision and goals around integrity, but there are usually some other parts that are misaligned.
Great leaders and effective firms take the time and effort to understand all those various cultures, and identify those subcultures that are potentially deviating. Sometimes it’s prevention. Sometimes it's monitoring. Ultimately, leaders need to make sure that the risk can be controlled.
You Might Also Like:
- The Trial of Elizabeth Holmes: Visionary, Criminal, or Both?
- Stop Ignoring Bad Behavior: 6 Tips for Better Ethics at Work
- Corruption: New Insights for Fighting an Age-Old Business Problem
Feedback or ideas to share? Email the Working Knowledge team at hbswk@hbs.edu.
Image: iStockphoto/bpperry