Humans by nature seek to avoid uncomfortable feelings, events and situations. When a company suffers misconduct, the same principle holds true. Corporate actors, defense lawyers and board members will always minimize the bad actors and the harm they caused.

In response to a bribery scheme confined to a country, the company will immediately seek refuge in the myth of the rogue employee. By definition, the word “rogue” is meant to label the bad actor as a person who acted inconsistently with the corporate culture, or the specific compliance message relating to the conduct.

If only life were that simple. Even in the case where there is a single actor who steals or engages in misconduct, the whole picture has to be examined. I am not suggesting that everyone or society as a whole carries blame for a single employee’s decision to steal money.

Instead, I am suggesting that the person’s conduct did not occur in a vacuum. There are other employees with whom the person interacts, there are financial controls in place to protect against such misconduct, there are reporting mechanisms for employees to report suspicious activity, and there is likely to be someone in the organization who is close enough to the bad actor, or responsible for the conduct of the bad actor, and who suspected or should have suspected that the actor was engaged in misconduct.

As the misconduct becomes more complicated, like in the case of bribery or antitrust violations, where such schemes require additional actors or raise red flags or where others are in a position to know or suspect that misconduct may have occurred, the likelihood of a “rogue” employee diminishes.

The doctrine of the “rogue” employee has been an artificial concept promoted by white-collar defense lawyers to minimize corporate client responsibilities. On the surface, it sounds appealing but when subject to scrutiny, the concept starts to wilt under the light of analysis.

A company with a culture of ethics and compliance will take a very different tack when confronting misconduct committed by a single or small group of employees. The board, CEO, senior managers and CCO will seek to find out how the conduct occurred, why it was not detected and what could have caused the employee to commit such misconduct.

A careful assessment may provide some personal explanations for the employee’s motivation, but more importantly will give insight into company controls, the company’s ethical culture, and provide some indications of remediation. In the end, a company that is committed to an ethical culture can use the experience to build an even stronger culture by frankly assessing the state of the company, its controls and possible compliance weaknesses.

The danger of the myth of the rogue employee is that it provides a convenient excuse not only for legal defense purposes but for the more important assessment of a company’s compliance program and culture of compliance. It is easy for people to scapegoat others and then turn a blind eye to how their own behaviors or failures to act may have contributed to creating an environment in which an employee can engage in misconduct and go undetected until discovered.

A compliance program depends on the concept of organizational commitment. A company with a culture of trust and integrity is comprised of individual actors committed to a common goal. Of course, individual achievement is important, but a commitment to a greater good ensures that the organization as a whole succeeds. As part of that, individuals may misbehave and commit crimes, but that does not mean that such behavior can be viewed in isolation, especially by a company that is committed by words and deeds to a culture of compliance.