Skip to content


The Trouble with Corporate Compliance Programs & ‘Doing the Right Thing’

By Matt Kelly

There is a trope in pop culture and the media that says people, deep down in their gut, always know the right thing to do — that the real challenge for “doing the right thing” is simply to summon the courage to defy social pressures and do it.

That’s a nice idea. It also falls apart quickly when it encounters the real world.

In the real world, people don’t always know what the right thing to do is. Or they’re forced to choose from several possible right things that conflict with each other. Or one person’s plainly visible right thing is radically different from another person’s right thing.

In the real world, the trope of “doing the right thing” falls apart when applied at scale. You bring together thousands or tens of thousands of people, and quickly find that they have all sorts of ideas for what doing the right thing actually means. Good luck getting them to achieve bigger objectives while that fundamental difference exists.

Or, enter the corporate compliance program.

Why ‘Doing the Right Thing’ Isn’t as Simple as It Sounds

The issue here is that large corporations are trying to implement one set of expectations across multiple groups of people, each one steeped in its own experiences, customers, expectations, and circumstances. So even as the corporation stresses certain values that might seem universal (honesty, collaboration, respect, equal treatment, and so forth), each group interprets those concepts differently.

Corporate compliance programs exist to assure that those interpretations don’t wander too far from the company’s original intent. A compliance program uses training, messaging, policies, procedures, and controls to assure that all employees’ conduct aligns with your original intent, and overcome those different interpretations that might steer some employees astray.

Again, a nice idea. So why do compliance programs sometimes fail at the goal?

Why Compliance Programs Fail

Compliance programs can fail to show employees how to “do the right thing” for any number of reasons. The common theme, however, is that senior executives fail to anticipate the amount of help and guidance that will be necessary to transcend cultural barriers.

For example, compliance programs can fail because they don’t anticipate issues of:

  • Culture. Two businesses might merge into one corporate entity, and those operating units have vastly different practices — for incentive compensation, go-to-market strategies, career development, or even just going out for drinks after work. That scenario can result in each group seeing the other as a rival or untrustworthy, rather than as colleagues.
  • Region. Different parts of the world have different social customs or meaning behind certain words. For example, in some cultures you might naturally favor working with a vendor headed by your close relative; in others, talking about coworkers’ conduct is seen as a privacy violation, but chatting about salaries is fine. Different legal systems, economics, and histories can all shape how groups of people perceive what “the right thing” is.
  • Business operations. When different business units operate in different ways, one universal message about conduct might not work. For example, if one unit meets in person often while the other unit is entirely remote, they could have radically different experiences of workplace bullying (physical versus virtual). A single message of “don’t violate employees’ personal space” could ring hollow.
  • Pressure. Different groups can feel different pressure to behave in certain ways. Sometimes that can happen within one corporation: a certain operating unit feels more pressure to hit sales goals, perhaps to hit a performance bonus. Sometimes it happens within a region: employees working in an economically deprived market, or one where they are a persecuted minority, might be terrified to speak up and risk losing their jobs.

Compliance officers need to understand how those influences affect your company’s workforce. Under the right circumstances, employees might believe it’s perfectly acceptable to:

  • Bribe customers or governments to win business, so the employee can help the company to hit a performance goal;
  • Decline to report sexual harassment of another employee, because it wouldn’t be proper to make allegations against the harasser unless you personally are the victim;
  • Keep silent about company financial practices that push the bounds of tax avoidance, since tax strategies are the purview of senior executives and “above my pay grade” to discuss;
  • Ignore Covid-19 protocols, either because the employee believes it’s more important to stay on the job or because vaccination protocols are none of the company’s business.

In all of the above scenarios, the employee might genuinely believe that he or she is doing the right thing. The company’s compliance program needs to provide clear guidance about why that is not the case, and what the employee should do instead.

Guidelines to Make Doing the Right Thing Easy

A corporate compliance program succeeds by giving employees the right support so they understand two things. First, employees need to know what standards of good conduct the company expects of them; and those expectations need to be as clear as possible. Second, employees also need to know how the company would like them to make ethical decisions — because, sooner or later, they’ll be confronted with an ethical dilemma your training didn’t anticipate. In that moment, the employee will need to make his or her own judgment about what “the right thing” is.

In practice, this means your program’s Code of Conduct, training materials, executive communications, policies, and other pronouncements will need to focus on a few basics.

First, articulate the company’s core ethical values, and define what those values mean. List those values plainly — ideally in one word, or in short, declarative sentences. Provide those values in all major languages that your employees use in their daily lives.

Be sure to define those ethical values as well. For example, if one value is, “Treat coworkers respectfully,” include a definition such as, “Do not yell at, strike, steal from, or lie to a coworker.” If the value is “Integrity,” you could define it as, “Obey all laws, rules, and company policies; never cheat to win business, even if that costs the company profit.”

Second, help employees put conflicting values in priority. Employees will often encounter situations where multiple actions might seem right, and they aren’t sure what to do. Offer examples in your training materials to help them reach the correct decision. For example, specifically state, “Employees should never offer bribes to win business, even when the contract would bring in lucrative business.” Or, “Employees should always report managers abusing others, even when that manager is your friend or you’re not entirely sure what happened.”

Third, offer examples that are culturally relevant. Some regions and cultures value personal privacy quite deeply. In that case, your training and related materials should talk at length about why reporting misconduct is always the right thing to do, even if that seems invasive and culturally taboo. Other cultures might need more explanation of your company’s standards for harassment, discrimination, or manager-employee relations. Make sure such guidance is readily available; otherwise employees either won’t understand what you want, or will just dismiss it outright as management being out of touch with “how things really work” at the local level.

Fourth, have managers talk about ethics. A chief compliance officer’s most important allies are that cadre of middle managers and immediate supervisors whom employees encounter every day. Court those managers assiduously, and have them talk to their direct reports about ethics.

Those conversations don’t need to be formal and rigid training sessions. In fact, it can often be more effective when managers talk about ethical conduct informally and at random times. They are the ones who best know what “the right thing” is to their teams, in their particular niche of the world. Work with them so they understand what the company wants for good conduct. Then set them loose.

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.

We respect your privacy. Your data will be kept confidential and will not be sold or shared with third parties. For more information, please see our Privacy Notice.