White-Collar Crime Writer

“Eugene Soltes is a professor at Harvard Business School, which has produced, by his count, several dozen white-collar criminals,” said a Wall Street Journal review. “He presents what he has found in a spirit of understanding rather than condemnation.”

Since the book’s publication in 2016, Professor Soltes has emerged as a leading voice in business ethics and corporate compliance. His academic research focuses on corporate misconduct and fraud, often examining how organizations design cultures and compliance systems to confront these challenges. He recently spoke with Brunswick’s Ash Spiegelberg, a former student of Professor Soltes, about the underwhelming landscape of modern compliance, and why Silicon Valley is lagging behind older, more established companies.

Your research defies the perception of white-collar criminals as greedy sociopaths.
The “bad apples” perception would actually make managing the challenges that arise with misconduct much easier. Plenty of psychological research has shown that we're all susceptible to these pressures under the right circumstances. There’s a host of famous experiments, like the Milgram experiment with people shocking other participants, or the Princeton Seminary experiment showing theologians-in-training stepping over someone in need while they’re about to give a talk on the Parable of the Good Samaritan. These extraordinary examples show that people are willing, if they’re slightly pressured, if they’re simply in a hurry, if they’re simply being mindless, to overlook their supposed firm convictions and ideals. That’s the challenge with much of corporate malfeasance: How do you prevent falling prey to errors in decision making that we’re all susceptible to under the right circumstances?

In management school or company compliance training, most of the time, we isolate the issue; we discuss it for 15 minutes or more; and we do it in a group of people that have different views and opinions.

But, in practice, when these decisions of regulatory consequence or reputational consequence are being made, generally, you have one, two or all three of those conditions lacking. No one isolates that decision from the hundreds of others that the manager or executive is making. They’re making them quickly, generally, sometimes in seconds or a minute. And you’re generally doing it either alone or with like-minded individuals.

When you see a lot of really extraordinary people making bad choices, it doesn’t look like as much of a calculated failure of decision making; it actually looks much more like a mindless failure.

How can you guard against that?
Most companies have approached this through compliance programs. You conduct training, you have codes of conduct, and you have whistle-blowing hotlines. But all three of these systems are typically weak, at best.

Training is often generically designed and does not actually engage employees. Leaders then measure the effectiveness of the training based on percent completion. That’s a little like if the Dean of Harvard Business School evaluated the quality of my teaching based upon the percentage of final exams I got back at the end of a quarter. That obviously doesn’t give any indication about whether I’m an effective professor or not.

Codes of conduct are often not that much better. Many employees literally only spend a minute—I found one firm where employees spend three minutes—reading their 50-page codes of conduct, and then they sign a document saying they understand everything and they’re willing to report violations if they observe them. But, here’s what’s fascinating: Almost every company has their employees sign in their code of conduct at the end saying, “If you see a violation, you’re obligated to report it.”

But if you literally survey those same employees the next month, later that year, pick your time, you’ll generally find that only between 20 and 40 percent of employees actually report it. So, you can see yourself that people are not even following the code you’ve distributed.

These are the kind of systems and approaches that firms often spend hundreds of thousands of dollars on. If you think about training, it goes much higher than that. If you have 50,000 employees and you spend two hours a year training them, you’re spending millions of dollars a year in terms of an opportunity cost of employee time. And what are you getting in return? Often not a whole lot in terms of actual changes in behavior or improvement in organizational integrity.

What’s the way forward?
The first step is start measuring. What are we getting in return for all this compliance spend and all these initiatives? Is it actually changing behavior? Is it actually preventing the kinds of conduct that we don’t want within our organizations?

Once you start designing some metrics around that, what you’ll find is that some of it probably doesn’t work as well as you had hoped, or it doesn’t work at all. But this leads to innovation; you actually start thinking about different ways of approaching the problem.

So maybe you don’t roll out a one-hour training to 30,000 employees when it’s not relevant to most of them—you actually figure out which subset of employees this is important to and then you find ways to share it with them.

And instead of just sharing it on January 1st, you figure out when they might actually expose themselves to these risks. Before someone goes to a country where bribery is an issue, for example, you can push out a training module or even a reminder notice. There are so many other possibilities.

Do strong values statements make a difference?
Take technology companies. If you look at the mission and values for a lot of tech firms, they look pretty similar. The goals of connecting the world, making people better off, helping people. And they’re big and inspiring.

But when one starts thinking about, “Well, how do we achieve that?” and start thinking about integrity, a lot of the issues that firms in Silicon Valley face tie back to the mentality that has made a lot of firms great, which I’ll call “Fake it till you make it.” That’s an appropriate environment to get a business off the ground, to be nimble, to not overwhelm the firm with controls.

The challenge then becomes figuring out at which point in the firm’s growth that one needs to take a broader set of responsibilities and really actually live those values. And not just in some superficial sense, but actually designing internal processes and controls and incurring the costs associated with that. A lot of technology firms have had trouble with that transition.

For all the criticism that financial institutions, oil and gas, pharmaceutical companies receive, if you look at their investment in trying to have a more ethical and more compliant workforce, not just in dollars, but in real organizational leadership, it overwhelms much of what the tech firms do.

Which company does this especially well?
Microsoft’s training, which every employee from new hires to the board takes annually, focuses on integrity in the broadest sense. I don’t think it’s an understatement to call it Netflix quality. They make it about people. It actually feels like Microsoft employees dealing with the kind of issues that relate specifically to their business and their industry.

That’s very different than a lot of other companies where, when they know that there’s a new requirement, they go out to a third-party provider to purchase generic “software on X-Y-Z requirement.” Although it might seem like a deal at a couple hundred dollars, thousands of people now have to spend one hour of their time on it, but it doesn’t resonate with anyone.

And, frankly, it’s the kind of thing that makes people hope they have two screens, so they can put it on the second screen, minimize it, and not pay attention to it. They know it does nothing—because it was designed to do nothing.

You see it all the time: Companies layer on these requirements that are “check the box,” and employees know that they’re “check the box,” so people learn that compliance is simply an impediment to their job. Ultimately, you get this terrible outcome where the training produces people who, rather than seeing compliance as integral to building a sustainable and successful business that stays out of the headlines, they see it as a system of controls to circumvent.

How can CEOs of global companies ensure that their compliance standards are the same from continent to continent?
This is one of the hardest parts for senior executives to confront. You see organizations that have hundreds of thousands of employees operating in 100-plus countries, and they have one code of conduct.

And I think, quite genuinely, the CEO wants to believe, “We have one unique culture that differentiates us from our competitors.” But, really, if you start looking more carefully and you collect the right data, what you see is you have dozens or hundreds of mini subcultures that you’re struggling and wrestling with to try and create that one giant, fantastic culture.

So first, understanding and appreciating that you have dozens of subcultures.

Then second, learning to actually deploy resources differently because of that. Those who are already aligned probably don’t need the same kind of attention and resources placed upon them as those who aren’t.

And this latter group aren’t necessarily worse or poorer-performing employees, they may simply have a different way of approaching their job, or come from different cultures and backgrounds. They probably need a lot more emphasis. I sense very few executives want to accept that notion that there’s a lot more variation actually out there within the organizations.

This is actually a far bigger issue than white-collar crime or the really scary things that land people in prison—this is low-level stuff that on a day-to-day basis either weighs down a firm or allows it to excel.

Recently, we were able to get production data for a manufacturing company and show that when violations were detected and the company took corrective action, that the amount of products being produced would be significantly higher than if they just let it go.

So we could actually take it down to the bottom line—how many goods were produced and the profitability of the overall business—associated with these different kinds of violations and when they were able to effectively prevent them.

It’s actually connecting compliance to the ultimate business goals of profitability, sustainability, and growth.

Ash Spiegelberg is Head of Brunswick’s San Francisco office, advising across all areas of corporate and financial communications. A graduate of Harvard Business School’s Executive MBA Program for Leadership Development, he is a former student of Professor Soltes.

Illustration: Thomas Fuchs