How to make voluntary engagement with compliance values meaningful

A pure rules-based approach to compliance is direct and clear-cut, but by design lacks emotional or personal engagement. Following rules of all kinds – legal, community-based, household; practical, austere, illogical – is a social norm most humans are taught from their earliest memories. Despite this, many of them do not do it very well even with the best intentions, and still more never intend to attempt adherence.

To have any expectation that rules will be credible and inspire understanding and respect, there must be an authentic and compelling “why,” a purpose that people feels relates to them and calls for their commitment. Many laws are so deeply linked to societal expectations and taboos that the majority of people do not need to be persuaded to appreciate them – restrictions against pre-meditated murder, property theft, and abuse of animals for example. Those who remain unconvinced these acts should be prohibited and punished are not likely to view violating laws as something offensive or damaging either.

Sincere attempts to reach individuals who are antipathetic toward all rules, however few or rare they may actually be in society, with a rationale rooted in values are not likely to prevail. In general a values-based approach can be very powerful and evocative, but in order for it to hold personal appeal it must strike a difficult balance between universal relatability and individual accountability. All organizations should define their values and position their strategy and public branding within that set of principles, but this is delicate. If the values are too specific then they will be exclusionary rather than engaging, appealing only to a core group of true believers rather than attracting a wider audience. If the values are too broad, however, then they will be superficial and ring empty – again preventing individuals from attaching to them and being their standard bearers.

An especially effective tactic for bridging this gap is to make corporate values a living artifact which reflect the organization as it grows and changes along with business and society. In an ambitious and forward-looking organization, the profile and strategy will evolve and so should the outlook of what matters most in defining its purpose. Using a rules-based approach to provide both the floor and the roof for the terms of the corporate mission statement, values can fill the space between and invite everyone – employees, partners, stakeholders alike – inside.

There are many mechanisms through which corporate compliance programs can appeal to employees to make the connection between rules and values. Inspiring voluntary compliance, where employees feel aware of and responsible for the values of the compliance program and connect to them individually, adds weight to the mandatory compliance expected by the rules. Increasing the relatability of the requirements with principles behind them gives people incentive to sign on and go along with the compliance program. Compliance programs can aim to encourage ongoing employee adhesion to the organization’s values-based approach in the following ways, ranging from the lightest touch to the heaviest:

  • Nudges: Simply put, make it possible for employees to make ethical choices by expressing values that promote this and building decision-points into the processes they encounter in their working experiences which reflect those values. Business strategy should coincide with business values, and if it does not, then actions such as setting new standards client acceptance or exiting and reassessing product offerings or market participation are natural consequences of trying to bring the two together. In order for employees to make choices that reflect both individual and organizational integrity, the procedures and standards within which they work should facilitate and support this type of decision-making. Doing the right thing should always be accessible and indeed prompted.
  • Codes: While nudges make values implicit and leave the decision ultimately in the employee’s hands, in codes values are explicit and expectations for adherence to them are formalized. Codes can take a variety of formats, and in some industries regulatory requirements may dictate their scope and even content, but generally speaking, the more concise and accessible the better. Employees at all levels should be able to read, understand, and engage with the code, whether it dictates ethics, conduct, or both, and they should be able to retrieve, review, and ask questions about it whenever they want. A code document should be updated on an ad-hoc basis and reviewed regularly, and it should be seen as a living record of the specific values of the organization which underlie all other policies and procedures in place.
  • Attestations: Once a code is available, employees can be asked to attest to their compliance with it. This can take a very simple form, even just a one-liner of “I attest that I have been in compliance with the requirements set forth in the Code as of the below date.” This can be done once per year (or other regular period of choice) or on an ad-hoc basis. Asking an employee to attest to adherence prompts self-reflection and may also create a space for questions or dilemma discussions, which are important tools for ensuring awareness.
  • Warnings: Warnings may sound punitive, but in reality they can just be reminders. Unlike attestations, which look backwards and ask employees to self-assess based on their past behavior, warnings would accompany present choices or activities. For example, an expense claim form might include a statement on it reminding the submitter that the data on the form should be accurately and honestly reported, and that there are certain expenses which may not be reimbursable or permitted. Providing these warnings at the time the employee is going to take action that checks compliance values brings together all the previous methods – it provides a nudge, makes expectations explicit, and directly asks the employee to consider ethical obligations when making choices in the course of the task.
  • Oaths: Oaths take the most advanced step of ensuring that employees comply with the ethical and compliance expectations of their profession by asking that they voluntarily submit to discipline should they violate these. This submission is by taking an oath and signing it, typically with witnesses and even a level of formalization or ceremony in order to underscore the significance of the commitment and the seriousness of trespassing against it with future misconduct. A very interesting example of a professional oath is the Banker’s Oath in the Netherlands, which is intended to restore trust in the financial sector and banks specifically by requiring that every Dutch employee take an oath to comply with uniform ethical guidelines. To read more about the Banker’s Oath, visit the website of the Dutch independent organization Foundation for Banking Ethics Enforcement (FBEE).

The above methods for encouraging voluntary compliance can be employed by compliance professionals simply and powerfully in routine compliance communications and awareness initiatives. Reminding employees of values – the purpose – helps to heighten the credibility and appeal of rules – the requirement – and provide a mission perspective to their engagement in the compliance program.

Tips for improving employee accountability in compliance programs

The most ambitious culture of compliance paired with the most robust controls framework still cannot succeed without employee adherence. Employees who don’t know the correct thing to do, or those who make an unethical or non-compliant decision despite knowing, can be addressed with awareness communication in the first case or remedial action in the second case.

However, the more frequent and challenging scenario is that employees have received information about compliance risk management priorities and ethical culture at their organization. They understand this information well enough and maybe even admire the aims of the compliance program, but there’s a problem – they don’t see themselves as having an active role in it.

The best efforts of compliance programs will always be overcome by apathetic or unengaged employees who don’t see themselves as having personal compliance responsibilities. In cybersecurity, for example, the best IT systems with the most up-to-date risk controls structure will still be defeated by an employee who falls for a phishing scheme or leaves behind an unsecured laptop in a public place. Some mistakes are unavoidable, of course, just like some risks can only be mitigated or accepted. However, many other errors, acts of misconduct, or risk factors can be prevented with the appropriate individual vigilance and diligence.

So how can a corporate compliance program emphasize to employees that individual responsibility is the fundamental defense in any risk and control framework? Too many solutions from management or consultancy rely heavily on data solutions and systems approaches to addressing compliance risk. The logic goes: failures of existing compliance programs to prevent ever-evolving fraud and misconduct are unfortunately not unusual, so why not simply blame human misjudgment or incompetence for inadequate controls and therefore just automate processes whenever possible?

The above is a cynical and defeatist attitude toward corporate compliance; if management or its advisors decides that corporate compliance will fail, then it certainly will do so. However, removing the obstacles to individual responsibility is an important step to empowering organizational integrity. Outsourcing or digitalizing analysis and advisory work is an artificial, external solution. It may expedite or simplify some aspects of working with compliance risk management, but it cannot ever be as effective as a values-based approach that creates a corporate culture where good judgment and ethical decision-making are incentivized and supported.

Indeed the first, and probably best, solution for raising the standard of compliance programs and their controls is to promote employee engagement in these across all levels of the organization. This starts with individual accountability, which compliance professionals and senior management can nudge employees toward embracing these ways:

  • Walk the walk: Senior management should weave a thread of the corporate cultural values throughout all matters that touch an employee’s working life. This needs to be consistent and visible. Communication should be simple and straightforward, practical and not preachy, but it should express and reinforce the cultural values. In HR matters, for example, transparency should be communicated and modeled. Employees must see the corporate cultural values explicitly expressed as they experience corporate administration across the organization. This brings the values from mere words to a living system in which they are participants.
  • Nudge with timely reminders: Regulatory, legal, and policy requirements change rapidly. Employees that are trained regularly should be respected for what they already know; heavy-handed instruction can be seen as condescending. However, reminders upon key messaging events (anniversaries, completion of investigations, or announcements of strategies) or updates when there are new guidelines or expectations are critical. These reminders can act as nudges toward appropriate behavior for individuals whose attention may have moved on or whose understanding was out of date.
  • Work against culture of fear: People often think about speaking up in the workplace in terms of following an internal escalation process or being a whistleblower. To some people, speaking up by challenging an established procedure or an experienced colleague may seem unprofessional or presumptuous. The possibility of being opposed or facing retribution can be very scary for employees who might want to express uncertainty or ask questions. Corporate compliance programs have a responsibility to create a culture where speaking up routinely is safe and supported. A relationship-based approach to business compliance advisory is a great first step toward combating the fear factor and helping employees to speak up to check understanding or challenge practices. Involved employees are more likely to be accountable ones.
  • Actively address accountability gaps: When it is evident that an employee or group of employees do not embrace accountability in compliance risk management, address it, but not punitively. Open discussion can be mutually beneficial. Take the opportunity to express that individual responsibility is expected, and also to listen to the limitations or uncertainties that may provide an explanation for why it’s missing.
  • Insist on consequences: Disciplinary action is never the intended outcome for any employee-management relationship. Ideally everyone would want to and be able to do the right things all the time, but clearly mistakes and misconduct happen. Good people/bad people dichotomies are classic but not necessarily helpful. In reality, it’s most important to establish from the beginning that consequences for doing the wrong thing exist and will be enforced fairly and meaningfully.

There will always be people in organizations who either are in need of training or resourcing attention (wanting to do the right thing but not being properly equipped) or people who are not cultural fits (wanting to do the wrong thing despite organizational priorities). Engaging these people where possible is critical, just as holding all others accountable for their actions and responsibilities is the frontline defense most important to compliance risk management.

The five branches of ethics as applied to compliance principles

Compliance and ethics are related but separate disciplines. In a professional setting each one relies heavily upon the principles and practices of the other, while still maintaining its own distinct character.

Compliance concerns not necessarily the intuitive or collective ideas about right and wrong, nor the legal bright lines about what is permissible or prohibited, but rather the decision points between all of these. The function of compliance in a practical sense is to adjust or create conditions to choices in order to analyze or bridge the gap between good and bad, yes and no. In compliance, ethics provides the values-based approach, while the legal and regulatory guidance provides the rules-based approach. The work of the compliance professional is to attempt to reconcile the two and in that work create a second set of connections, this time between that which is legally acceptable or not, and that which is deemed ethically appropriate or not.

Very simply put, ethics, on the other hand, refers to the standards of behavior by individuals or organizations and the moral principles governing the conducting of an activity by the same. This is a values-based approach to “right” and “wrong,” or what is good for people and the society in which they live and work. The concept of right and wrong behavior is fundamental to ethics and acts as a systematic discipline in order to guide decisions on how to act.

Ethics draws its foundations from five branches, each one of which is useful to inform a practical and discipline perspective for a corporate compliance program.

  • Normative ethics contemplates the questions which arise in consider how one should act morally, in line with the norms and expectations of society or a community/organization in which the actions are taken. What are the different interests at stake and what are the potential consequences and outcomes of the possible actions to be taken? This view is very helpful in ethical decision-making and designing defense strategies to encourage identifying and choosing good decisions while discouraging and removing incentives or rationales for bad decisions.
  • Meta ethics focuses on what morality actually is and means – in general as well as in context. This involves the careful analysis of the level of understanding about moral considerations as well as an analysis of the situational status and scope of it. This approach is imperative for defining a values-based culture and corresponding corporate identity and business strategy. These values must be organic and intrinsic from the beginning in order for them to truly imbed as genuine. If they are imposed upon the business culture with no respect for what original standards were set for the organization at its inception, then a values-based approach to a culture of compliance will not permeate the company’s actions- customer service, product design, hiring and retaining employees – and a strong tone at the top cannot succeed.
  • Applied ethics goes in-depth into the practicality of really using ethical theory in order to analyze actual moral issues in both private and public life. The practical skills inherent for this discipline are incredibly useful for creating the dialogs that support compliance awareness. Taking a critical look at real-life moral issues that would be encountered in one’s personal time or on an everyday basis at work is a very useful way to get comfortable with approaching ethical dilemmas. Dilemma analysis and discussion is key for encouraging a robust culture of compliance at all organizational levels.
  • Moral ethics is the philosophical area of ethics that centers on defining, choosing, and suggesting behavior with classifications of “right” and “wrong” in mind. This practice is the most directly influential in determining standards and expectations for conduct. Elevating moral conduct by clearly defining it as a corporate cultural norm is imperative for encouraging employees to value it as such as well. Senior leadership should genuinely demonstrate this as well, acting as good conduct role models to embody the cultural values and categorizations for understanding the difference between right and wrong and making good choices within that dichotomy.
  • Finally, descriptive ethics is the study of attitudes of individuals or groups of people aimed at characterizing and understanding their beliefs. The objectives of this branch of ethics are very important for compliance risk management because they help to expose heuristics and routines in play that may encourage or hinder ethical decision-making and the cultivation of strong compliance themes within the corporate values. This is crucial for providing positive support for organizational and employee integrity.

Given the above, there are great affinities between the principles of ethics and those of compliance. The two disciplines share prolifically in their application in life in general and specifically in the workplace. It is very useful for compliance professionals to have some foundation in the discipline of ethics and an understanding of the practical application of its system of principles.

Using ethical dilemmas for creating a compliance training dialog

For effective compliance training, learners must be prepared to discuss and challenge dilemmas independently and with others. The details of specific policies, directives, and regulations can quickly become very dry and irrelevant, whether the audience is made up of compliance officers, senior managers, or new starters. To prevent topic fatigue and keep important compliance training vivid and engaging for those attending awareness sessions, it is important to encourage discussion. An active participant will think, care, and learn more than one who is just watching the clock for the end of the program.

One way to spark discussion that can be employed at all levels is using ethical dilemmas. This is effective either as a stand-alone program, where attendees are introduced to ethical dilemmas and spend time in groups discussing their ideas and views, or as an icebreaker to a content session, to grab the audience’s attention and test their knowledge from the beginning. This can provide an approach to then thinking about the practical handling of compliance subject which is both easy and enjoyable.

Considering and responding to ethical dilemmas helps learners to build fluency with ethical decision-making and evaluating potential conflicts of interest, especially in balance with their own possible interests. Giving meaning to the impact of behavior and choice is significant for establishing cultural values that emphasize individual responsibility and integrity. Dilemma analysis involves several simple but thought-provoking steps following the prompt:

  • What is the ethical question?
  • What personal values are relevant in considering this ethical question?
  • Who are the parties with interests in this dilemma?
  • What are their interests and how do they conflict?
  • How can the ethical question be answered and what are the potential consequences?
  • What is the decision in response to the ethical question?
  • Is the choice that came from the decision-making process of the dilemma possible/practical to do in light of all considerations and consequences?

Ethical dilemmas used as such for prompts in compliance training should be universal and straightforward. In general, dilemmas used to teach this style of thinking to beginners or to instigate audience participation in at the start of a session should not focus on specific employee responsibilities or business functions. For very advanced and targeted audiences it may be acceptable to give a anonymized example of a dilemma they may come across in their work, but for the most part, daily life dilemmas are more relatable and more fun to discuss, regardless of the experience level of the participants.

Some examples of simple dilemmas that can be analyzed as described are:

  • You are meeting some friends at a standing room-only concert and arrive late. As you approach the venue you walk past your friends, who are got there early and are waiting near the front of the line. They tell you they have been there for almost two hours and invite you to join them where they are in the line, even though the end of the line is very far behind them.
  • Your company has been considering some wellness initiatives to offer to employees as benefits but hasn’t contacted any providers yet. Your roommate just finished yoga teacher training and wants to get experience as a corporate instructor.
  • You are taking an exam after studying hard for days to prepare and attending every class the entire term. However, you woke up this morning with a terrible cold and can’t focus. You know the professor will not allow a rescheduled or make-up test. There is no proctor in the room and you have all of your course material with you.
  • You and your partner have a joint bank account where you are both named. Your partner is one week into a two week trip abroad when a letter comes from the bank. You have to fill out and return a form with both your and your partner’s signatures. If you don’t return the form within two business days you will not be able to use your credit card.
  • You are taking your relative to an urgent doctor’s appointment. The parking lot is quite busy but all three of the parking spots designated for disabled drivers are empty. Your relative has no problem walking, but you are already five minutes late for the appointment.

Choosing simple prompts like the ones suggested above will allow the learners to be more creative and perhaps to even engage in discussion with themselves. The facts may be straightforward, but the huge array of perspectives and outcomes that people can suggest is always impressive. By keeping the dilemma prompt at a level everyone can understand regardless of his or her own background and initial interest, the dialog can be truly inclusive. This allows the person who is running the training session to fall into the role of a true facilitator, which offers the enriching experience of watching individuals converse organically on these provocative questions.

Communication strategies for increasing employee engagement in compliance programs

Every compliance professional’s strategic annual plan will include seeking increased employee engagement in and attention to the organization’s compliance program. Communication strategies must be carefully devised with the goal in mind of making compliance vivid and interesting to employees. The compliance message can quickly become routine and dry: sign an attestation, request pre-approval, complete a checklist. This sort of messaging alienates employees rather than engaging them. They have only a small function in the compliance operations this way. Nothing is learned or shared, they are just doing a “tick the box” type exercise.

Instead, the true aspiration of the compliance messaging is that employees take interest, learn something new, ask questions, and feel connected to the story of the organization’s compliance program. This is accomplished via effective and appealing communication that speaks to all audiences and sets a new, compelling tone.

  • Key moment messaging: Compliance is highly relatable to current events and new stories. Therefore compliance communications should take full advantage of key moment messaging opportunities. Relate communication topics to outside events to make the objectives of the compliance program even more concrete. For example, if there is a major earthquake somewhere in the world and your office is located in Southern California, take that opportunity to engage with employees about disaster recovery and business continuity policies and procedures. Their interest will already be heightened and the necessity of the information will be at its most tangible.
  • Positive reinforcement: Start with a kudos, congratulations, or positive sentiment. Any action that needs to be taken or improvement that needs to be made based upon the communication will be much better received if the message gets off to a welcoming start. Set a productive tone by thanking employees for their participation in the last request or calling out good insights or high engagement. Then build off that encouragement to bring in the next steps needed and issue the call to action.
  • Branding: Branding and marketing are now important considerations across all business lines and functions. Compliance is not immune to this, as messages from so many sources fight among themselves for precious attention and airtime from employees. Therefore compliance professionals must carefully consider branding options that will maintain the substantive content of their communications yet be adequately branded to be appealing. Using humor or a catchy, fun theme to introduce the communication, before getting to the meat of the message, can provoke curiosity and prompt engagement. Don’t take it too far and make it a joke – but a little bit of amusement can go a long way.
  • Give visuals/shortcuts: On a similar note, think about making simple takeaways from the communication, however complex its overall message. One way to do this is to provide a visual, like an example of a new form that has to be filled as standard procedure, or a chart showing results on an initiative over previous periods and projected future results. If a visual is not applicable, try using acronyms or slogans that will work as mnemonics to help people remember your message and keep the meaning in mind.
  • Make it interactive: The best way to engage employees in compliance communications is to concretely incorporate them in it. Make the messages interactive for them. Ask an open-ended question and promote any responses received so that employees know the request for input is credible. Take a poll or offer a quiz. This way, employees can share in the mission and the effort by weighing in themselves, which allows them to personalize the message and be more likely to remember it.

To interest and appeal to all employees, compliance communications should not be generic or routine. Taking advantage of opportunities to make compliance relatable, and capitalizing on human interest or emotional connections that can be made, will help to make the mission of the compliance program much more interesting and effective.

The Office and culture of non-compliance

The Office is a very popular US television comedy series, based on a UK series of the same name. It follows the daily lives of the employees working in the Scranton branch office of a paper company. Filmed as a “mockumentary,” to imitate the style of a documentary, the show features many “interviews” with the employees and management. While it does address things in their private lives and personal relationships between the characters, most of the action of the show occurs in the workplace and is based around the dynamic of the characters as colleagues and employees.

In this light, the show offers many interesting insights and tropes about the experiences of working in a small or branch office, with an eccentric boss and idiosyncratic colleagues, dealing with policies from head office and the challenges of working together effectively. Scenarios relevant to compliance are touched upon often in the series, frequently showing examples of very poor management practices or problematic cultural values.

  • “Sexual Harassment” (Season 2, Episode 2): In this episode, the office’s HR personnel are providing sexual harassment refresher training and reviewing policies after an incident at corporate headquarters. Instead of setting a tone at the top to reinforce how important a respectful and safe working environment should be, and how inappropriate harassing behavior of any kind is, the manager Michael Scott has a tantrum and makes light of the importance of the policies. He never embraces his duty as a leader to model positive behavior; even when he defends one of his staff against the rude joke of another, it is accompanied by an improper comment of his own, as he misses the opportunity to step up and reinforce a culture of compliance.

 

  • “WUPHF.com” (Season 7, Episode 9): In the cold open of this episode, the power goes out in the office and the server goes down. Instead of having reliable disaster recovery procedures on hand or a controls framework that would enable business continuity in this sort of situation, the staff must resort to guessing the password as a group. Obviously this is not advisable in light of critical cybersecurity concerns which face all businesses today, especially small offices such as this one which might be assumed to have weaker controls and be targeted by intruders hoping to gain access to the larger company network.

 

Actually, the “WUPHF.com” episode, in its entirety, is another good example of poor compliance practices. Ryan Howard, with Michael’s encouragement and financial backing, claims that he has devised a web-based messaging system called WUPHF.com. In reality, Ryan is committing a fraud, in that the website does not function (despite his attempts to advertise to the contrary) and the only purpose for it is to try to sell off the domain name. Instead of uncovering and disclosing this fraud, and protecting the other investors, Michael backs Ryan. Though he later withdraws his support for Ryan, the fraud is allowed to continue because Michael does not step up and see beyond the conflict of interest posed by his personal relationship with Ryan in order to act on behalf of the investors as he could do.

 

  • Scott’s Tots (Season 6, Episode 12): In surely one of the more cringe-worthy moments for Michael Scott – that’s saying a lot – he fails to keep the promise he made years before to pay college tuition for a group of lower-income children. Upon their high school graduation, he must confess that he has not upheld the duty to them that he created with his promise. Instead, he apologies and tries to give them batteries as a conciliatory gesture. Apart from the terrible awkwardness of the concept itself (this episode aired in December 2009, deep within the global financial crisis, an uncomfortable time to try to address financial fraud humorously), it’s unfortunate, and a sign of weak leadership, that Michael doesn’t seem to acknowledge at all the reliance upon his integrity he created by making that commitment.

 

  • The Incentive (Season 8, Episode 2): In the absence of Michael Scott, his former employee and now new office branch manager Andy Bernard is proving that the apple doesn’t fall far from the tree when it comes to insufficiently ethical leadership. Andy finds himself at a loss for how to motivate his employees and decides to create a points-based incentive system to encourage their performance. Rather than appealing to their values or accepting lower performance in exchange for more sustainable and strategic efforts, Andy chooses a management method which will yield only short-term, temporary improvement or engagement.

From the above it is abundantly clear that The Office does not depict a corporate culture of compliance or a values-based approach to business strategy. Rather, it shows a company that is run, at least in the Scranton branch, with an ethos of non-compliance in the workplace.

Key compliance culture values for promoting employee integrity

Employee integrity is the cornerstone value for establishing organizational integrity, and therefore for the success of any compliance program. As fundamental as employee integrity is, it is also complex, elusive, and affected by a huge array of factors and influences. Perceptions and biases can defeat individual intentions for ethical behavior. External forces on the decision-making process and the impact of management in a complicated organizational structure and business world can defeat incentives for integrity and honesty.

What can a compliance program do to address the need for employee integrity in a world which presents so many obstacles and hindrances to developing and maintaining this trait? Compliance professionals should be the organizational standard bearers for encouraging good people to do good things and limiting access of the occasional bad people to do bad things. This message can be very simple and should focus on reinforcing positive perceptions of corporate values and leadership expectations so that employees aspire to model their own character within this.

  • Openness: Transparency and honest, active communication are crucial to the success of a compliance program. Employees must see that openness of communication and transparent reporting and sharing are highly valued. Open communication is directly linked to reduction of reputational risk and perceptions of greater honesty. Establishing a culture where employees feel it is encouraged or expected to speak up and speak out requires management to be meaningfully open, accessible, and relatable. In an environment where employees feel that all behavior and performance can be discussed openly, they will also be aware that it will all be noticed, and therefore will feel positive pressure to meet best expectations for integrity.
  • Clarity: Clarity of expectations and perceptions is essential for a culture of integrity. As with all objectives for compliance culture at an organization, norms and values must be clear and consistent across all employee populations. Communicating different or confusing messages, or giving information that impacts everyone to only some and leaving others out to hear it indirectly, is disastrous for imbedding ethical traits in an organization. Clarity promotes understanding and discussion, both of which are necessary for employees to take up the cultural objectives of the organization as their own.
  • Leadership: Tone at the top is just the first step. Leadership should be encouraged as a professional competency at all levels in the organizations, so that advocacy for the compliance culture can take root everywhere. Employees need to see leaders speaking up about the importance of integrity, but they individually also need to feel they are in the position to speak up themselves, and will be looked upon as vested with responsibility for their own integrity and choices in everyday ethical dilemmas.
  • Trust: Trust is the most simple factor for encouraging integrity in organizations, and indeed in all interactions and relationships, and it is also one of the most difficult and fraught qualities to meaningfully establish and maintain. Trust is constantly threatened and questioned. It cannot be given automatically and still have meaning, but it must be given confidently and with expectation that it will be received in return. Investments in mutual trust cannot be forced or demanded. The pain of having colleagues or managers who are not trustworthy can cause deep damage in teams and organizations and impede individual development. The only solution to this is to see trust as a reward and an ongoing evaluation, and to embrace frank and open dialogs which can help to resolve prior mistrust and discourage future violations.
  • Engagement: Engagement discussions usually focus on employees, but the quest for achieving it starts with management. Employees should see that management follows up, takes integrity seriously by individually espousing all the values, responds visibly to problems and complaints, and confronts issues boldly and confidently. Management engagement in the compliance culture should embrace professional skepticism and pursue public accountability. When employees see this, then they are empowered in turn to engage with their direct managers, peers, and direct reports to have discussions about integrity matters and to demonstrate all the traits that support ethical decision-making.

Modelling the key values of a compliance culture to create strong organizational drivers for integrity should be the focus of the conduct objectives of every compliance program. The fundamental message should be that performance and behavior linked to demonstrating integrity will be encouraged and appreciated.