Podcast Summary: HBR On Leadership

Episode: Where to Look for Ethical Risk Inside a Company
Host: Kurt Nickish (HBR IdeaCast, 2019, repackaged by HBR On Leadership)
Guest: Eugene Soltes, Associate Professor at Harvard Business School
Date: January 28, 2026 (re-release)

Episode Overview

This episode explores the hidden dimensions of ethical risk within organizations, focusing on how seemingly “normal” people and practices can lead to serious misconduct and scandals. Eugene Soltes, Harvard Business School professor and author, shares insights from his research and interviews with white-collar criminals to illuminate why integrity lapses occur, how leaders can spot early warning signs, and practical tools for detecting “hotspots” of unethical behavior before they escalate into headlines or fines.

Key Discussion Points and Insights

1. Ethical Misconduct: Not Just “Bad Apples”

• Scandals are rarely driven by outright villains. Often, respected and successful leaders fail to recognize or act on integrity gaps that evolve into serious incidents.
• Quote (04:12):

  “How pretty remarkable people who are otherwise smart, thoughtful, intelligent, great dads end up engaging in this behavior after a decade or two decades of successfully running a firm...”
  — Eugene Soltes

• The distance (psychological and physical) between an executive’s actions and their harmful consequences allows misconduct to fester unnoticed.

  “At the time [the manager is] engaging in some type of corporate malfeasance, it doesn’t actually feel so harmful. It’s only quarters or years down the road that it might become evident.”
  — Eugene Soltes, 05:08

2. The Challenge of Heterogeneous Corporate Culture

• Within the same company, ethical standards and practices can vary significantly by geography, role, or business unit.
  • Example: Legal and ethical standards for bribery differ across countries (e.g., Germany until 1999, Iran sanctions, GDPR in the EU).
  • Quote (07:16):

    “Every leader likes to think of their firm as having one homogenous culture… but when you start running an organization that is in not just dozens of states, but dozens of countries, and you have 10,000, 100,000 plus employees, you’re going to have heterogeneity.” — Eugene Soltes

  • Arthur Andersen’s downfall was cited as an example of how isolated misconduct can harm a firm’s entire reputation and workforce (08:22).

3. Why Compliance Systems Alone Aren’t Enough

• Measurement is the missing link: Organizations often lean on compliance and legal departments, but without data to show which parts of their efforts work, it’s hard to improve integrity.
  • Quote (11:52):

    “You can’t manage a process if you don’t measure it. What my work has shown is that organizations need to spend time and resources figuring out what are they getting in return for the investment.”
    — Eugene Soltes

4. Simple Survey Tool for Detecting Ethical Risk

• Soltes recommends a three-question “hotspot identifier” survey:

  1. Have you witnessed questionable behavior?
  2. Did you report it?
  3. If not, why not?
  • This approach uncovers hidden risk areas that hotline systems or generic training may miss.
  • Quote (14:06):

    “It’s a hotspot identifier… The question is, what’s below that iceberg that they’re not seeing?”
    — Eugene Soltes

• The survey reveals common human dynamics: Reluctance to report is often about not wanting to harm colleagues, not just fear of retaliation.

5. Statistical Reality of Corporate Misconduct

• Perception vs. Reality:
  • Only a small percentage of firms receive official sanctions each year (<5%), but internal data from leading companies reveal substantial incidents.
    • Quote (19:30):

      “Internally found and substantiated violations… occurred once every three days on average.”
      — Eugene Soltes

  • The challenge is to keep these small, manageable aberrations—not let them become systemic rot or massive scandals.

6. Triage and Treatment: Targeted Interventions

• Customizing training and monitoring to “hotspot” areas is more effective than company-wide, one-size-fits-all efforts.
  • Use resource-intensive tools (like in-person training or forensic monitoring) for high-risk geographies or business units, not universally.
  • Quote (17:32):

    “Maybe you should invest in that in-person training, not just for the senior leadership, but actually throughout the organization, but in very specific parts of the organization.”
    — Eugene Soltes

• Regulatory fines and headline scandals affect the whole company, not just the rogue unit.

7. Addressing Discovered Problems: Policy & Culture

• Root causes vary: Sometimes it’s incentive-driven, other times it’s unclear or outdated policies.
  • Firms need to clarify what “doing the right thing” means in practical, daily terms—not just in handbooks.
  • Quote (23:22):

    “Almost every firm where I start talking with them about their compliance program will note that they have this elaborate book of firm policies. But really a lot of those are outdated… The ones that you’re punished for breaking and the ones that you’re supposed to implicitly do.”
    — Eugene Soltes

8. Final Thoughts: Prevention Over Crisis-Response

• The key is to proactively detect and treat integrity issues—like nipping a sore throat before it becomes something worse.
  • Quote (21:38):

    “Corporate malfeasance is a lot like a bug getting a sore throat… unless you seek treatment. …what the survey is trying to do is figure out what kind of treatment do you need, what aisle do you need to go down to get rid of that bug as quickly as possible.”
    — Eugene Soltes

Notable Quotes & Memorable Moments

• On visiting white-collar criminals in prison (02:55):

  “It was pretty intimidating the first time… it’s cold, it’s dark, it’s noisy, and it’s dirty.”
  — Eugene Soltes

• On ethical risk diversity (07:16):

  “There are going to be certain areas that are hotspots, and wouldn’t it be nice to identify those and then place more resources there?”
  — Eugene Soltes

• On the “bad apples” myth (05:05):

  “Is it more the tree than the apple?” — Kurt Nickish

• On public vs. private misconduct rates (19:30):

  “Every company of any size has some anonymous conduct. And what management’s job is is to make sure that in a large company that misconduct is occurring maybe once every three days and not three times per day.” — Eugene Soltes

• On compliance and culture (23:22):

  “Culture’s the way we do things around here, and that’s hard in this integrity policy space.” — Eugene Soltes

Timestamps for Key Segments

• 00:03 – Introduction: Why corporate scandals happen
• 02:29 – Soltes’ research approach: Interviews with white-collar criminals
• 05:00 – Context and culture’s powerful influence
• 06:55 – Variability in ethics across geographies and functions
• 11:38 – Flaws in compliance/dependence on measurement
• 13:33 – Introducing the three-question “hotspot” survey
• 14:58 – What organizations learn from the survey results
• 17:32 – Targeted interventions in training and monitoring
• 19:30 – Data: How often integrity breaches occur
• 21:38 – Sore throat analogy: Proactive vs. reactive compliance
• 22:31 – Practical steps after discovering misconduct
• 23:51 – Individuals can be good, smart people, yet go astray
• 24:42 – Episode wrap-up

Conclusion

Eugene Soltes’ research challenges simplistic notions about corporate misconduct, showing it often roots in ordinary company culture and overlooked corners of large organizations. Leaders should proactively look for signs of trouble with targeted questioning and data, shifting from generic compliance to risk-specific interventions. This approach not only mitigates reputational and financial risks, but also helps well-intentioned people—and the companies they lead—avoid unintended ethical failures.