This blog was originally published in Law360.
On November 18, 2022, U.S. District Court Judge Edward Davila sentenced Theranos founder and CEO Elizabeth Holmes to over 11 years in prison for fraud. Judge Davila, of the U.S. District Court for the Northern District of California, said the harsh sentence was justified because investors in Silicon Valley startup companies should be able to expect to take “risks free from fraud.” In explaining his sentence, Judge Davila painted a vivid picture of a culture of fraud inside Theranos, driven by Ms. Holmes’s “hubris” and “loss of a moral compass.” From that insight, we can draw an important lesson about how values lie at the core of the survivability of organizations.
The sentencing followed the jury’s January 2022 conviction of Ms. Holmes on three counts of wire fraud and one count of conspiracy for defrauding investors of over $140 million. Investors were duped into investing in the company through false promises of a technology that could conduct multiple blood tests on a single drop of blood. The technology never worked as claimed. According to evidence put on at trial, the company passed off as its own test results produced by other companies’ devices. The Theranos machines had no ability to perform the tests.
In his sentencing statement, Judge Davila called forth the very origin story of Silicon Valley tech culture. Referring to the founding of Hewlett Packard in a garage in Palo Alto, the judge described how the company changed the economy of Silicon Valley from farming to technology. He emphasized that the technology revolution succeeded by creating an environment that fostered innovation while treating employees and investors with fairness.
Judge Davila speculated that the same spirit of innovation drove Ms. Holmes to build Theranos, but something went wrong. What went wrong with Theranos? In Judge Davila’s words, based on the evidence he saw at trial, the company and its leaders lost their “moral compass.”
The judge observed that Theranos was initially an exciting new venture that created great promise, but that promise was “dashed by untruth, misrepresentations, hubris, and plain lies.” In concluding his sentencing statement, he asked us all to step back and look at the pathology of fraud, which in his view includes a refusal to accept responsibility or express contrition. Said Judge Davila, “Now, perhaps that is the cautionary tale that will go forward from this case.”
The Judge’s scathing sentencing statement is not just a criticism of Theranos. It serves as a warning to all of us. As the Washington Post put it, the case captured national attention and “in some ways put Silicon Valley’s famed entrepreneurial culture, full of hubris and moral vagaries, on trial as well.”
The truth is that none of us is immune from the pressure to succeed. It takes a strong moral compass to resist the temptation to seek success at any price, or to take shortcuts that may violate the law. An organization’s moral compass needs to be stronger than the weakest individual. For that to happen, there needs to be, at small and large companies alike, a good, risk-based compliance program based on respect for law and pursuit of higher values. Put another way, companies need to focus on “doing right,” not just “not doing wrong.” How do such core values help mitigate compliance risk? By improving decision-making under pressure. Current research shows that good decision making requires both knowledge of facts and self-awareness of values. Organizational psychology and leadership research has extended this insight into the practical realm: it turns out that basing decisions on values dramatically improves judgment and drives better outcomes. By contrast, it has been shown that when an opportunity to commit a lucrative fraud is presented, the ability to rationalize the act (contrary to core values such as fairness) is a key ingredient in the fraudster’s decision to break the law.
As we have written elsewhere, this research result is reflected in practice. In our experience, organizations that know their values are better at compliance and risk mitigation than those who do not.
With that insight in mind, it may be useful for your organization to take a look at its own Ethics and Compliance program with core values in mind. The following guidelines may be helpful in doing so:
- Explore your organizational values. Theranos started out with an idea to help diagnose and cure diseases. When its ambition outstripped that core value, the culture of fraud Judge Davila referred to began to take hold. The first step in applying values to risk reduction is to know your values. If it has been a while since your organization has examined its code of conduct, mission statement, or core values statement, it may be time to take another look. Find out what people in the organization really think is important. Taking a step back and understanding your core values can help by clarifying what your organization stands for.
- Communicate shared values. In the Theranos case, there were reportedly employees tried to raise alarms, but who were either fired or marginalized by Holmes or others in top management. As with any aspect of corporate culture, the message from the top sets the tone. The more clearly communicated, the more easily core values are shared. Fostering an ongoing conversation about core values can be vital in protecting the organization and mitigating risk.
- Know your risks. Time and time again, Holmes reportedly blinded herself and her organization against the compliance risks they faced. Even in good organizations trying to do the right thing, compliance risks tend to lurk in the blind spots. Moreover, risks change all the time. So those blind spots are constantly shifting. Knowing your risk profile can be an antidote to self-blinding. If you haven’t conducted a compliance risk assessment in the past few years, it may be time for a refresh. You can only address the risks you know.
- Connect risk mitigation to core values. Of course at Theranos, there does not appear to have been any effort to foster a culture of positive core values, let alone an attempt to harness values to compliance. But most organizations want to do the right thing. When designing compliance steps, keep the organization’s core values in mind. Aligning risk mitigation obligations with core beliefs improves judgment, enhances decision making, and creates the most successful outcomes.
 For a transcript of Judge Davila’s statement, see NPR, “Read what a judge told Elizabeth Holmes before sending her to prison for 11 years,” available at the following URL:L https://www.npr.org/2022/11/23/1138988456/read-what-a-judge-told-elizabeth-holmes-before-sending-her-to-prison-for-11-year
 R. Lerman, G. De Vynck, “Elizabeth Holmes sentenced to more than 11 years in prison,” Washington Post, November 18, 2022, available at the following URL: https://www.washingtonpost.com/technology/2022/11/18/elizabeth-holmes-sentencing/.
 See, e.g., A. Bechara, M. Van Der Linden, “Decision-making and impulse control after frontal lobe injuries.” Curr. Opin. Neurol. 18, 734–739 (2005), available at the following URL: https://pubmed.ncbi.nlm.nih.gov/16280687/. See also D. Kahneman, A. Tversky (1984). Choices, values, and frames. American Psychologist, 39(4), 341–350 (1984), available at the following URL https://doi.org/10.1037/0003-066X.39.4.341.
 L. Lederman, “The Fraud Triangle and Tax Evasion,” Iowa L. Rev. Vol. 106:1153 (2021), available at the following URL: https://ilr.law.uiowa.edu/assets/Uploads/A3_Lederman-v2.pdf.
 Deloitte Development LLC, “Core beliefs and culture: Chairman’s survey findings” (2012) available at the following URL: https://www2.deloitte.com/content/dam/Deloitte/global/Documents/About-Deloitte/gx-core-beliefs-and-culture.pdf.
 Sheppard Mullin Organizational Integrity Group, “First Principles: Heed Organizational Integrity” (2020) available at the following URL: https://www.sheppardmullin.com/assets/htmldocuments/OIG%20Principle%20Papers_Heed%20Organizational%20Values%20and%20Culture%200819.pdf.