Skip to content

The Perils of a Weak Speak-Up Culture

Many times on this blog I’ve written about the importance of a strong speak-up culture. Today we should flip the script and consider: what are the consequences of a weak speak-up culture? 

Alas, compliance officers can ponder plenty of real-world examples to help us answer that question.

If we want one case drawn straight from the headlines, look no further than Twitter. In August its former head of security, Peiter Zatko, went public with an 84-page whistleblower complaint that alleged a laundry list of compliance and cybersecurity failures at Twitter. Among his claims:

  • Compliance failures. The company failed to identify and separate user data kept for safety and security purposes, versus data kept for marketing purposes. That left Twitter in violation of a previous consent decree with the Federal Trade Commission.
  • Operational failures. The company didn’t govern employee access to confidential data, allowing far too many to operate in “God mode” and posing huge risks for breaches of user accounts — which happened in 2020, when attackers acting in God mode broke into dozens of high-profile accounts.
  • Executive misconduct. Management lied about the number of spambot accounts, to evade pointed questions from Elon Musk as he retreated from his original offer to buy Twitter for $44 billion.

Any one of the above points would be enough to send corporate compliance and senior executive teams reaching for the aspirin. By far, however, the most serious allegation is the third, because it directly supports Musk’s claim that he was misled about Twitter’s performance. Now Twitter has sued Musk in court to compel him to buy the company.

Nobody knows when that court fight will end, but for Twitter employees, it does nothing other than distract them from their jobs trying to serve Twitter users (and, ultimately, shareholders).

A Speakup Culture Solves Issues

Zatko’s complaint is a powerful reminder of what a speak-up culture is really about: bringing issues to management’s attention, so that management can solve those issues more quickly.

Without such a culture, management might not understand the problems it has until regulators come knocking with a subpoena in hand, or whistleblowers tell their tales via social media or other channels. Then comes all manner of disruption, cost, and missed opportunities.

Let’s look at a few other examples where the lack of a strong speak-up culture costs a company dearly.

  • Biogen. In July of this year, pharmaceutical company Biogen agreed to pay $900 million to settle a lawsuit filed by a former employee, who accused Biogen of offering kickbacks to doctors in exchange for them prescribing more of its multiple sclerosis drugs. The former employee also accused Biogen of demoting him after he raised concerns about Biogen’s practices internally.
  • Boeing. In 2021 aircraft manufacturing giant Boeing agreed to pay $2.5 billion to settle criminal charges that it allowed flaws in its new 737 MAX jet, which ultimately led to two crashes in the late 2010s that killed 346 people. A congressional investigation later found that “a culture of concealment” led Boeing employees to keep quiet about their safety concerns. The company later paid $200 million more to settle separate charges with the Securities and Exchange Commission and lost untold billions more as airlines around the world canceled MAX orders. And the cost to Boeing’s previous high reputation, now that the world knows its corporate culture led to the deaths of hundreds of people? Incalculable. 
  • Vale. Brazilian mining giant Vale agreed to pay $7.5 billion in 2021 for a negligent safety culture that culminated in the Brumadinho dam collapse in 2019 — a disaster that killed 290 people and caused billions in environmental damage. The most egregious part of this example is that Vale executives deliberately lied about their dams’ safety. They falsified documents, fabricated safety audits, and stifled internal dissent; all to cover up their lack of progress on a previous dam disaster from 2015. 

In every example above (and countless others we could cite as well), the company had a culture of ignoring ethics and compliance concerns. That is, numerous people within Biogen, Boeing, and Vale had tried to raise alarms about the misconduct in question, but corporate leaders deliberately and persistently tried to stifle those messages. They designed a culture that discouraged speaking up. Look at the results.

Speaking Up and Listening Up

The important point for compliance officers is to remember that most employees want to speak up. They want their companies to get problems fixed and do well. That is a wonderful natural resource for corporate success — if you harness it correctly.

The real challenge for compliance officers is to shape a corporate culture where managers listen to those internal reports and respond to the issues raised. That culture requires several things to succeed:

  • An easy internal reporting system. Employees should know where and how to submit a report. The system they use should be accessible, both in the language the employee typically speaks and the communication tools the employee typically uses. 
  • Strong investigation and case management. The compliance team should be able to triage each report quickly, and then assign it to appropriate, competent people for investigators. Cases should be managed efficiently (so employees can know what happened) and consistently (so employees will feel like they were treated predictably and fairly). 
  • Effective training. Employees and managers should be taught about the importance of filing a complaint when they see an issue and not retaliating against others who do. 
  • Effective policies. Have a policy that requires employees to report misconduct when they see or suspect it, even if they aren’t direct witnesses to the issue. Have another that expressly prohibits retaliation, complete with disciplinary action for those who violate it.
  • Reporting and analytics. As a compliance officer, you need to see the complete picture of internal reporting, investigations, and findings across your whole enterprise. Only then can you identify deeper or broader issues (flawed policies, complicated procedures, troublesome executives) that might be harming the culture.

Bring all those elements together, and you can reap the benefits of a strong speak-up culture. Despite the costs to design and implement that culture, it’s still a far better investment than living with the problems of a weak one.

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Implement a tailored Third-Party Risk Management solution