The Myth of the Rogue Employee
Humans by nature seek to avoid uncomfortable feelings, events and situations. When a company suffers misconduct, the same principle holds true. Corporate actors, defense lawyers and board members will always minimize the bad actors and the harm they caused.
In response to a bribery scheme confined to a country, the company will immediately seek refuge in the myth of the rogue employee. By definition, the word “rogue” is meant to label the bad actor as a person who acted inconsistently with the corporate culture, or the specific compliance message relating to the conduct.
If only life were that simple. Even in the case where there is a single actor who steals or engages in misconduct, the whole picture has to be examined. I am not suggesting that everyone or society as a whole carries blame for a single employee’s decision to steal money.
Instead, I am suggesting that the person’s conduct did not occur in a vacuum. There are other employees with whom the person interacts, there are financial controls in place to protect against such misconduct, there are reporting mechanisms for employees to report suspicious activity, and there is likely to be someone in the organization who is close enough to the bad actor, or responsible for the conduct of the bad actor, and who suspected or should have suspected that the actor was engaged in misconduct.
As the misconduct becomes more complicated, like in the case of bribery or antitrust violations, where such schemes require additional actors or raise red flags or where others are in a position to know or suspect that misconduct may have occurred, the likelihood of a “rogue” employee diminishes.
The doctrine of the “rogue” employee has been an artificial concept promoted by white-collar defense lawyers to minimize corporate client responsibilities. On the surface, it sounds appealing but when subject to scrutiny, the concept starts to wilt under the light of analysis.
A company with a culture of ethics and compliance will take a very different tack when confronting misconduct committed by a single or small group of employees. The board, CEO, senior managers and CCO will seek to find out how the conduct occurred, why it was not detected and what could have caused the employee to commit such misconduct.
A careful assessment may provide some personal explanations for the employee’s motivation, but more importantly will give insight into company controls, the company’s ethical culture, and provide some indications of remediation. In the end, a company that is committed to an ethical culture can use the experience to build an even stronger culture by frankly assessing the state of the company, its controls and possible compliance weaknesses.
The danger of the myth of the rogue employee is that it provides a convenient excuse not only for legal defense purposes but for the more important assessment of a company’s compliance program and culture of compliance. It is easy for people to scapegoat others and then turn a blind eye to how their own behaviors or failures to act may have contributed to creating an environment in which an employee can engage in misconduct and go undetected until discovered.
A compliance program depends on the concept of organizational commitment. A company with a culture of trust and integrity is comprised of individual actors committed to a common goal. Of course, individual achievement is important, but a commitment to a greater good ensures that the organization as a whole succeeds. As part of that, individuals may misbehave and commit crimes, but that does not mean that such behavior can be viewed in isolation, especially by a company that is committed by words and deeds to a culture of compliance.
I think that there is rarely a “rogue” employee. Top managers are responsible for providing and auditing compliance. Opportunity is often a short coming of the system of checks & measures. Managers know that they create opportunity and so any non-compliance should direct back to them and their system management. This is why they like to find and blame a “rogue” employee who takes their eyes off a bigger problem.
I don’t think it’s fair to generalize as such. In some cases, I know from personal experience that there are indeed “rogue” employees. Why isn’t that a surprise to me? Simple. Organizations are but a microcosm of the world at large.
You’re right that these individuals plunder and pillage based on the opportunities and weaknesses they can exploit in a corporation. But remember also that there is no perfect compliance system out there, and in building any governance and control structure, one must weigh the risks against the costs. You’re also absolutely right that one needs to build a strong and effective system, but that is a subjective decision based on the risk tolerance of the company and its limited resources. Even for the most risk averse company out there, which builds controls to address the most miniscule of risks, there will be a person working for it somewhere who is constantly looking for that one loophole that he can exploit.