Hah - I suppose by that standard all organization are criminal organizations (because someone who works in them commits crimes). I suppose they are all drug smugglers as well (as doubtless some of their employees use drugs). Someone should tell the DEA.

I think a more useful model is to look at what "the organization" does (as opposed to the people who work for it). For instance, Enron's business strategy relied on breaking the law. PG&E has been unable (or unwilling) to maintain its infrastructure to a level where it is safe to operate year round. These things existed outside of any individual crimes committed by employees (and it is useful to differentiate between individuals who are committing crimes in service of organization goals v.s. only for private benefit).