Following the above comments, I would suggest from experience that the consideration of shady/dodgy, immoral, corrupt, unethical, borderline legal and downright illegal strategies is arguably the necessary norm for savvy senior management in many/most organisations, not just the three mentioned in the OP.
The proof of that is a history littered with relatively recent examples of this, in different countries worldwide, and would include governments, quangos, for-profit corporations, non-profits, and grant-funded academic/scientific research organisations. Of course, it goes without saying that ordinarily overtly criminal organisations would be in the mix as well.
For overtly non-criminal organisations, it will usually all be very hard-nosed and with defined, deliberate objectives, and in most cases require a collective/team effort to get it sanctioned - if only tacitly - within the organisation, often/usually at Board level.
If the strategists have a strategy that can do something to maximise or optimise their profitability/gain, and if their evaluation of the risks and probabilities of critical blowback (i.e., unacceptable risks, where the potential financial risks might far outweigh the potential financial benefits) tells them that they can probably get away with it with minimal subsequent collateral damage control, then they are likely to feel obliged to seriously consider employing that strategy.
I am not sure whether it would be correct to label the strategists involved - or the other people they will necessarily co-opt along the way to help them pursue the strategy selected - as "bad" people. "Misguided", or of "deficient character" in some way, perhaps, yes - e.g., spineless - but, "bad"?
"Stupid" might be more appropriate, even for the clever ones.
I have in the past been put under enormous pressure, including thinly-veiled threats, in two different organisations, to enable something morally wrong to be accomplished at the financial expense of others, and in both cases I declined and in both cases it cost me my job.
The first case:
This was an internal matter in a major shared IT services subsidiary owned by a consortium of the New Zealand trading banks, where the senior management wanted to essentially rip off the pension funds of a group of non-management personnel during a planned restructuring/downsizing, which would leave the management group pension fund holding the seized funds by default, and thus any managers who were made redundant would be left laughing all the way to the bank.
As a highly ethical member of the senior management team and with no financial interest in the pension funds involved, I had documented a reasoned memo recommending that the matter be put on the agenda and addressed as important by the staff association committee, as it could have been perceived in hinsight (after the event) as being grossly unfair and tantamount to constructive theft. That rather set the cat amongst the pigeons.
A member of the senior management team came to quietly advise me that the management team were not happy about the memo, and that I was required to formally rescind it, whereupon the matter would be forgotten, or something.
The ominous threat was then conveyed that, "otherwise", I would be considered as "not playing as a member of the management team". Scary stuff.
The cretin who had been selected as messenger to deliver this cowardly verbal message to me, and whom I had previously held in high regard as a professional and able manager, was unaware that I had no tolerance at all for people who made threats or tried to intimidate me, so I politely told him that I would not rescind the memo and sat back to await events.
The second Case:
This was a major New Zealand-owned (including a government stake) company whose output formed a significant item of GDP (Gross Domestic Product) for the national economy, and a hugely significant export item in the national accounts.
I was responsible for managing a portfolio of around 80 IT-related projects for the company's worldwide operations. The projects ranged in estimated cost from at least NZ$500K to several millions of dollars, and a conventional project lifecycle management method was used. One of these projects came to the BC (Business Case) stage, with a verbal request for URGENCY from my manager, and my job was simply to ensure that the BC was put swiftly through the usual gates in the formal project review process before being recommended for capex (capital expenditure) approval.
The BC had evidently come down from on high as it was apparently already signed off by (from memory) the then CEO and relevant senior/business stakeholder managers, but not the CFO.
The BC was based on the proposal for a restructuring of the SAP system for the company's organisation in a foreign nation. I saw (as an accountant) that this would effectively restructure the books of the company, but that was all, and I couldn't quite see why the urgency nor the point of it all until I came to the Benefits (short-term) part of the BC, which said that the restructured accounts (costing a modest outlay) would then configure the company such that it would be a de facto qualifying candidate for an approx. $5M once-off grant from the foreign government's revenue authority, under a specific government Act that had been passed to afford economic stimulus to a certain type of company with this structure.
Interested, but skeptical, I reread the BC and then did some research on the foreign government's Act in question. What I quickly discovered was that the Act would most definitely have delivered the grant funds BUT, if the organisation applying for the grant did not already have the required accounting structure, and if it then restructured solely to take advantage of the grant, then not only would this invalidate the organisation's application for the grant, but also it would be considered as a federal offence with severe penalties attached. I couldn't believe the mind-boggling idiocy of the proposers of this BC, and presumed that the senior managers who had already signed off on this had not been made aware of the risks. I mean not just the financial risks, but also the huge political/legal risks of a New Zealand (with government as a major stakeholder) organisation knowingly and deliberately defrauding the foreign government of a country where that government had allowed the company to operate, expecting it to obey that country's laws. I pointed out where, the same organisation, but in an earlier form, had similarly breached regulations in a large European market, and that had had major adverse repercussions for the organisation's profitability, the New Zealand government, and the New Zealand economy for several years after.
So, in plain English, I detailed the technical and financial/political/legal risks, said that it was thus not recommended for capex approval, and passed the BC back to the sponsor, whereupon all Hell started to let loose.
About 30 minutes later, our manager - whom I tried to respect but whom I felt adequately fitted (by his actions) the description "a f-ing idiot" conferred upon him ungenerously by my possibly more perspicacious colleagues - aggressively confronted me in my cubicle and asked me why I had not approved the BC. He was angry, so I presume someone had kicked his backside over this. He explained that the Executive wanted this BC to be approved for capex so that it could start immediately, and the $5M flow of benefits could thus be accounted for in this FYE. He needed me to approve it, now. At this, my lights went on. The risks had already been understood before I had clapped eyes on the BC. Some people just don't learn.
So I carefully repeated the description of the critical financial/political/legal risks and said that in all conscience I couldn't approve something as risky as that - it was outside of my fiduciary authority to approve - and if I did approve it, then if/when the thing backfired, the auditors would know who to come and blame for it. It would be repeating a mistake from the organisation's history. He got the point and rushed off to talk to his betters and I went home as it was the end of the day.
He was back first thing the next morning, still aggressive and angry. Clearly, he was under a lot of pressure over this matter, and he thought I was being difficult. Through sometimes clenched teeth he instructed me to review the BC for technical risks and write a fresh report and recommendation for capex. on that basis alone, and I was NOT to review the financial/political/legal risks.
I looked at him and decided my colleagues were definitely correct in their estimation of this guy's abilities.
I patiently pointed out that by hamstringing me like that, I would be unable to properly perform my role, which had been created to avoid a repetition of former days when many IT projects had run aground because of inadequate risk management and projects thus getting capex. approval and then failing miserably and causing severe financial loss. I watched his face. Oh dear. The truth. But he seemed trapped by fear and couldn't budge.
So of course he insisted I do as he instructed, and so I did, carefully mentioning in my report that my risk review did not cover any potential financial/political/legal risks, and recommended it for capex. on that basis alone.
However, being scrupulously ethical in business matters, by nature and from training for work in very high security and fiduciary management areas, I could not leave it there. It was my problem and it was like a huge gorilla on my back, which was simply unfair, as it was the organisation's problem. So I made it SEP (Somebody Else's Problem) and dumped it back on the organisation that had created it. I copied my two reports on the BC to the Internal Audit manager, with a covering email that suggested the BC be audited for critical potential overseas risk assessment, and that if this was outside of their jurisdiction then they might consider asking the external auditors for advice on the financial/political/legal risks. That way, left and right hands got the message, and were left holding the responsibility, and it would be too hot to handle. An Internal Audit function is usually beholden only to the Board/CFO, but I had delivered the problem to them in such a way as they couldn't suppress or ignore it and would be obliged to take it to the External Auditors, who would put the kibosh on it PDQ - which is what I later gathered had happened.