Beyond Compliance

If you have ever worked for or with a large company, you will be familiar with the word “compliance”. The website of almost every multinational refers to a “compliance policy”, “code of ethics”, “code of conduct”, “corporate responsibility statement”, “diversity and inclusion statement”, “statement of principles”, “supplier code of conduct”... the list of available policies seems endless. Many companies also include on their websites a link to a helpline where whistleblowers can report allegations of wrongdoing.

Dig only a tiny bit deeper, and it becomes clear that almost all compliance programmes have been developed in response to laws and regulations, such as Sarbanes-Oxley, the US Foreign and Corrupt Practices Act and the UK’s Bribery Act 2010 and Modern Slavery Act 2015. Government authorities produce regulations and guidelines on what a compliance programme should look like and how to go about building an “ethical culture”. The effectiveness of the programme is measured and quantified by reference to the adequacy of the company’s statements, its performance in audits, the existence of employee training, how many calls are made to its hotline and, when a violation is found, the size of the fine.

An entire industry has grown up providing services designed to ease the burden of increasing regulation. Law firms and accountancies now have departments that specialise in assisting with everything from the development of compliance programmes to conducting investigations and managing the fallout that happens when a violation is found. Perhaps predictably, none of this has made business any more ethical. Instead, responsibility for avoiding legal and regulatory issues is typically pushed further and further down the chain of command. Senior executives are free to drive employees harder and harder in pursuit of profits provided that, along with the cracking of the whip, the company’s compliance programme trains those same employees that they must not indulge in bribery, harassment, anti-competitive conduct, or fraud.

Compliance, however, is no guarantee of integrity. It tells the world nothing about a company’s standards beyond the fact that it follows the rules that its leaders believe apply to it. While compliance policies exhort employees to “act with integrity”, they rarely attempt to explain how, much less to define what integrity is. However well-intentioned the policy, the overall message is not “act with integrity”, but “fail to comply, and you will lose your job (or worse)”. In today’s world of social media and increasing demands for transparency, this approach is no longer enough. Just because an activity is technically legal does not mean that it is perceived to be decent.

The Merriam-Webster online dictionary defines integrity as “firm adherence to a code of especially moral or artistic values”, “an unimpaired condition”, “the quality or state of being undivided”. ( The origin of the word is the Latin “integr/integer” meaning “entire”. In short, integrity is closely connected with wholeness. The definition is clear, but integrity is too readily dismissed as a subjective and nebulous concept, simply because it cannot sensibly be measured. Either it is there, or it isn’t — there is no such thing as partial integrity.

Fear is often the underlying reason for a failure to act with integrity. At the same time, laws and corporate policies use fear to ensure compliance: break the rules, and you will be punished. Of course we need laws, and larger organisations generally need codified policies, but fear of punishment does nothing to encourage people to act with integrity. If anything, it drives the opposite behaviour, encouraging the covering up of both mistakes and deliberate wrongdoing. Yet “to err is human”, and errors are more effectively resolved if they can be openly admitted. In a values-based organisation, employees can speak up without fear of reprisals, whereas in a fear-driven organisation, whistleblowers are as vulnerable as wrongdoers — maybe even more so.

There is a growing body of evidence that companies which prioritise operating with integrity have better results over the long term. LRN’s How Report 2016, for example, found that companies which promote self-governance among their employees perform better financially, innovate more, have more engaged employees, are better at sustainability and more effective in dealing with what little misconduct does occur (see to download the report).

I believe the reasons for this are simple. Where there is integrity, there can be trust; where there is none, no compliance programme can compensate for its absence. Although integrity cannot be quantified, its presence or absence is clearly felt. When a commitment to operating with integrity applies to everyone in an organisation the results speak for themselves. All of us need to be allowed to to operate as human beings rather than machines, to admit to mistakes without fear of the consequences, and to be encouraged to do better each day. Any organisation that fosters a working environment founded on integrity will go beyond compliance and find itself on the way to doing better business.