Companies have policies… stuff like data retention policies, for example, could be set up in a way as to obfuscate criminal activity, but in a way not obvious to a reasonable good-faith individual working for the company. In that case, the company should be made to change.
I guess it would also be ok to go after C-levels or whoever sets the policy. But, it will be hard, I think. High-level guidance can create an incentive structure to break the law without actually saying “break the law.”
I basically agree but I think it would be really tricky to implement.
What about giving you bank employees performance numbers that can’t really be met with due diligence, and then not checking their work too much.
Similarly, it is evident that software companies are not able to produce defect-free software (so, somebody is setting up an incentive structure to push bugs into production). There must be some wrong incentive structures, but it is hard to say where they come from.
I guess it would also be ok to go after C-levels or whoever sets the policy. But, it will be hard, I think. High-level guidance can create an incentive structure to break the law without actually saying “break the law.”