September 29, 2021

According to the UNODC, about 70% of all criminal money flows through the financial sector, making it by far the biggest institutional conduit for money laundering. So, it will come as no surprise that the authorities’ focus in fighting financial crime has been to regulate and supervise this sector’s activities. Over the years, this has led to the passing and amendment of many laws, the issuance of a host of rules of conduct, appointment of overseers and punishment of the many offenders.

Interestingly, as the system of rules and controls grew this did not lead to a significant reduction of the amount of criminal money passing through the sector. This has surprised and frustrated authorities and financial institutions alike and led to the predictable reaction of expanding the rules handbook and handing out harsher penalties to errant institutions.

The rules- and controls-based compliance paradigm

Organisations rely on rules, controls and training to ensure compliance with laws and regulations. They set up policies and procedures, implement codes of conduct and provide training on these to employees. Staff need to confirm that they know and understand what is expected of them and that they will comply, knowing that non-compliance will be sanctioned. As pressure on management mounts due to failures and negative publicity, a ‘zero tolerance’ attitude for misconduct and breaking the rules prevails. Then, if something ‘bad’ happens, the focus is on finding who is responsible and on how the organisation can make sure this will never happen again.

If we assume that people are rational actors, responsibility for a ‘bad thing’ implies guilt. Being guilty of breaking the rules in a rules-based paradigm requires and justifies sanctions, sometimes even dismissal. To achieve the second aim of making sure that it will not happen again usually means implementing more rules, tighter controls and more training.

The problem with a rules- and controls-based approach to compliance is that it does not provide very effective guidance when dealing with ethical situations such as is the case with financial integrity, e.g., prevention of money laundering. In fact, when rules are our guide, it is easy to forget the underlying reason for them. Rules can make us stop thinking. Rules can get in the way or challenge sound judgment of what is the right thing to do. On top of that, the severe consequences of ‘getting it wrong’ leads to a reluctance to take responsibility and a tendency to pass the buck in such ambiguous situations – at all levels in the organisation.

Behaviour-based compliance management

Recognising the drawbacks of a rules-based paradigm, many organisations have started to adopt behaviour-based approaches to compliance management. These consider the complexities of human cognition and behaviour and the importance of context and to link compliance management more firmly with the organisation’s culture.

Understanding that effective compliance with financial integrity is not only about following rules but also about values and ethics and making good decisions, we need to take a closer look at how people make ethical decisions.

Deciding what is the right thing to do is a subjective process. The outcome depends on our environment and personal disposition. What complicates things further is that we can and do deceive ourselves regularly when facing an ethical decision. To give an example, we know that breaking the speed limit is wrong and illegal, but we all do it from time to time. Does that make us a ‘bad person’? Most of us will not think so, because we speed just a little, and only sometimes. When and how much speeding is justifiable will depend on our assessment of the risks and our risk appetite. But if we are stopped by the police, they will not care why we broke the rules.

Behavioural science experiments have shown that human beings are not always rational in their decision making. Under strong situational circumstances, even with good intentions we can end up in a bad situation. Also, we all have the potential in us to bend our reality to our own advantage and if we can keep a positive self-image that is okay.

If we accept that people are conditionally ethical, it is worth investigating how to create an organisational environment that is conducive for doing the right thing. In other words, what is the ‘right’ organisational culture and how do we build it?

Most people adjust their decision making and their behaviour to what they see other people doing around them. If they are in an environment where they see other people making decisions based on clear values and ethical principles and where compliance with rules and regulations is the norm, they will adjust their behaviour and act likewise, creating, ideally, a virtuous circle of positive reinforcement. Conversely, if they are in an environment where they see people taking shortcuts and breaking rules, they are likely to adjust their behaviour to be more self-serving.

There are many environmental factors that play an important role in affecting people’s decision making in organisations, such as strong norms and institutions, situational factors like all forms of pressure, all facets of fear, like fear of punishment for failure or for not achieving one’s objectives, a spirit of ‘pushing the boundaries’ of compliance, an ‘ask no questions’ culture where challenging the status quo or decision made by superiors is frowned upon or not tolerated at all, and many more. A toxic cocktail that can lead to all forms of justification, rationalisation and normalisation of questionable if not outright unethical decisions.

In his book “Why good people sometimes do bad things – 52 reflections on ethics at work” Muel Kaptein[1] describes seven factors which influence people’s behaviour in corporations.

  • Clarity (with respect to what constitutes desirable and undesirable behaviour);
  • Role modelling (the better the examples given in an organisation, the better people will behave – the Tone at the Top);
  • Achievability (the better people are equipped, the more likely they will do what is expected);
  • Commitment (the more people are treated with respect and involved in the organisation, the more likely they are to serve the organisation’s interest);
  • Openness (the more room people have to talk about moral issues, the more they do this and the more they learn from each other);
  • Transparency (the better people can observe their own and others’ behaviour, the better they can adjust their behaviour to the expectations of others);
  • Enforcement (rewarding desirable behaviour and sanctioning undesirable behaviour will make occurrence of desirable behaviour more likely)

Mr. Kaptein’s seven factors offer a good guide for building an ethical organisational culture. But beware, an ethical organisational culture is not established by decree. It is a multi-year collective journey, with pitfalls. Nevertheless, the benefits far outweigh the effort in the long run.  If for no other reason, this strategy is your best assurance of keeping a nasty headline with your company’s name out of the newspapers. The single most essential ingredient? Leading by example – setting the right tone at the top.

Pieter van den Akker – September 2021

[1] Kaptein, S.P. (2013). Why good people sometimes do bad things. ISBN 978-1-78350-162-5