How to Scandal-Proof Your Company

by Paul Healy and George Serafeim

IN THE LATE SUMMER of 2016 allegations that employees of Wells Fargo’s retail banking unit had opened more than a million unauthorized accounts and sold customers thousands of unneeded products hit the national news. The scandal cost Wells Fargo dearly. On September 8 the Consumer Financial Protection Bureau (along with the Office of the Comptroller of the Currency and the City and County of Los Angeles) fined the company $185 million—and after revelations of more consumer abuses came out, Wells Fargo would later be fined an additional $1 billion and shell out $575 million to settle legal claims. By the end of September, the bank’s stock price had fallen 13%, slashing Wells Fargo’s capitalization by some $20 billion, and it continued to stagnate while the market soared. John Stumpf, who resigned as CEO that October, and Carrie Tolstedt, the head of the retail bank who’d announced her retirement that July, were forced by the board to forfeit tens of millions of dollars in pay. Four of the unit’s senior managers were terminated for cause. Wells Fargo’s reputation was left badly tarnished—a humiliation for the 160-year-old institution.

Misconduct was widespread in the retail unit even though Wells Fargo had control and risk-management systems, which were overseen by its board of directors. So what went wrong? An investigation commissioned by the board found that a warped corporate culture, a decentralized organizational structure, and poor leadership were to blame. The postmortem revealed that much of the illegal behavior had been prompted by pressure to hit overly aggressive sales targets linked to bonuses and promotions. Management had received ample warning signs: From 2000 to 2004 the number of cases in which employees had gamed sales and compensation goals rose 10-fold, and critical articles that raised questions about the new accounts, the pressure on the sales force, and increasing employee turnover had appeared in the Wall Street Journal in 2011 and the Los Angeles Times in 2013. Yet leaders of the retail bank had blamed a few bad employees for the problems. Accustomed to deferring to the business units, Stumpf simply accepted that explanation.

Unfortunately, the Wells Fargo saga is not unique. White-collar crimes—such as fraud, embezzlement, bribery, and money laundering—have destroyed enormous amounts of shareholder value at companies like Alstom, Odebrecht, Petrobras, Rolls-Royce, Siemens, Telia, Teva Pharmaceutical, VimpelCom, and Volkswagen. In aggregate, the losses add up to billions of dollars. The legal penalties companies incur can be substantial: Siemens was hit with $1.6 billion in fines, Odebrecht $3.5 billion, and Volkswagen about $20 billion. And then there are the business costs: the time and energy that management must devote to cleaning up the mess and negotiating settlements rather than to beating rivals; the reputational damage; the impact on sales, profits, and stock price; declines in employee engagement and productivity; and increases in employee turnover. Research by the University of Washington’s Jonathan Karpoff and others indicates that those costs swamp the legal penalties.

In response to high-profile cases and rising public concern, regulators in the United States and other countries have demanded that companies increase their efforts to deter wrongdoing. As a result, almost every multinational company now invests heavily in compliance and espouses zero tolerance of illegal behavior by employees. Yet in practice, increased regulation and controls alone do not guarantee that crimes are detected early or averted. Indeed, both anecdotal evidence and the data indicate that white-collar crime not only is still rampant but is actually rising. In a 2018 PwC survey, 49% of 7,228 organizations reported that they had experienced economic crime and fraud in the prior year—up from 30% of organizations in a 2009 survey—and that more than half the perpetrators were “internal actors” Meanwhile, stories about white-collar crime—including allegations that Goldman Sachs employees were involved in a multibillion-dollar fraud in Malaysia, that Deutsche Bank helped clients transfer money from criminal activities to tax havens, and that Airbus engaged in corrupt contracting practices—continue to abound in the media.

The root cause of the problem isn’t ineffective regulations and compliance systems, however. It’s weak leadership and flawed corporate culture.

Indeed, our research reveals that many of the firms hit by major scandals had controls similar to their peers’ and, like Wells Fargo, had received early warning signs of impending problems. But at each of those companies, a culture of making the numbers at all costs trumped any concerns about how the targets were being met.

For the past 10 years we’ve studied white-collar crime and explored how companies can create an environment that discourages it. We used data from individual companies and from surveys by PwC, Transparency International (an NGO founded in 1993 to combat corruption), the World Bank, executive recruiting firms, and other organizations. All told we looked at data on thousands of organizations and individuals. In addition, we interviewed more than 50 senior and middle managers at 10 organizations that had experienced scandals. And in our research we’ve found time and again that while compliance systems are important, leadership plays a critical role in shaping an organization’s attitudes toward preventing crime and its responses when wrongdoing is detected. Yet all too often, executives abdicate responsibility.

In our interviews we heard a common sentiment: Senior executives at most companies that suffered highly publicized transgressions didn’t see these incidents as their personal responsibility to address or as evidence that something was fundamentally amiss in their organizations. Rather, those leaders viewed them as extremely rare occurrences caused by “a few bad apples” and insisted that they couldn’t have been prevented. Although the leaders accepted the importance of investing in compliance systems and said they expected employees to act with integrity, they typically saw outperforming competitors and wowing investors—not enforcing high legal and ethical standards—as their priorities. Even worse, all too many leaders overlooked questionable business practices or were lenient toward members of their old-boy networks who were caught committing crimes. That indifference trickled down to employees. It encouraged them to develop a “check the box” mentality: to satisfy training and reporting requirements without internalizing the standards that compliance programs are supposed to instill.

Our research also shows that the leaders who are effective in combating illicit employee behavior are deeply involved in setting social norms at their firms and in managing the risk of misconduct. They do so by broadcasting a clear message that crime hurts everyone in the organization. They do not make exceptions when they punish perpetrators. They recruit and promote managers who value integrity, and they create decision-making processes that reduce the opportunity for illegal or unethical acts. Finally, they go the extra mile in making their transactions in corrupt countries transparent, are proactive when it comes to cleaning up their industry’s dirty practices, and support societal institutions that empower corporate accountability and honest business behavior.

Send the Message That Crime Doesn’t Pay

In our work we made two startling discoveries: Business obtained through illicit means adds little or nothing to the bottom line, and people across the company—not just the perpetrators, their supervisors, and the CEO—suffer when a crime is exposed. Leaders need to understand this and spread the word throughout their organizations.

Illegally acquired business isn’t very profitable

In public, leaders of multinationals state that their companies do not tolerate corruption. But many turn a blind eye when people in their organizations pay bribes—either directly or through local partners—in developing economies where anticorruption laws are weakly enforced. Their rationale: “We have no choice. If we don’t pay bribes, we won’t be able to compete in those markets and will suffer financially.”

The facts paint quite a different picture. Two cases in point are Siemens and SNC-Lavalin, engineering and construction companies that in the past 12 years were separately charged with bribery. Senior executives at those firms told us that audits conducted afterward revealed that the profits on the transactions involving the illicit payments were unexpectedly low—largely because of the substantial cost of the bribes (as much as 10% of the contract value).

Those companies’ experiences appear to be the rule, not the exception. In our research we looked at the financials of 480 multinationals that had been rated by Transparency International in 2006 on the anticorruption systems and activities disclosed in their annual reports and on their websites. When we compared their performance from 2007 through 2010, controlling for industry, host country, stock market listing, and other relevant factors, we found that the firms with poor anticorruption ratings had 5% higher annual sales growth in weakly regulated regions than firms with good ratings did. However, the multinationals with poor ratings also saw lower profitability on their sales growth in weakly regulated regions than their highly rated peers did. The profitability differences were comparable in magnitude to the bribes typically paid in those regions.

The extra sales growth generated by illicitly obtained business also doesn’t boost shareholder value—even if the bribes go undetected. Using standard valuation models, we found that among poorly rated firms, the increase in shareholder value from additional sales in weakly regulated regions was offset by lower profitability. Of course, if corrupt practices come to light, a company’s reputation will suffer and its stock price will take a hit. That is no small risk: When we examined the data from 2007 to 2010, we found that companies with poor anticorruption ratings had a 28% higher likelihood of having a scandal break in the media.

Everyone suffers

Perpetrators of crimes who are punished obviously pay a price financially and professionally. But what is less obvious or widely recognized is the damage to employees who had nothing to do with the crime. When we studied more than 2,000 senior managers (C-level executives and leaders of business units and functions) who had changed employers, we found that people who had left companies with criminal scandals to join new organizations were paid nearly 4% less than their peers. The difference in salaries persisted for years, resulting in a significant loss of wealth for the affected executives—even those who’d left a company before a scandal and were completely uninvolved. The cost of this stigma was greater for more-senior executives (a 6.5% difference in annual pay), for women (7%), and in countries with strong regulatory and governance systems (6%).

All these findings, not to mention the legal penalties and business costs, should persuade leaders to take a personal stand against corruption. They should use the data from our and others’ research to show people throughout their organizations that crime is costly to the firm and to their own careers, and that it’s everyone’s job to fight it.

Of course, leaders must also take seriously any concerns raised by employees about possible wrongdoing and performance pressures. A failure to do so makes it more likely that good people will find themselves in situations where they feel compelled to behave badly or to tolerate transgressions. Though that may sound obvious, we have found that in far too many instances, leaders don’t act on problems that have been brought to their attention. The board-commissioned postmortem of the Wells Fargo scandal found that Tolstedt, who had led the retail unit since 2007, didn’t like to be challenged or to hear negative information; she intimidated people—even senior managers—at the retail bank. Stumpf, the parent bank’s CEO, minimized concerns about misconduct in retail banking that were first raised in 2002 and then raised again in 2004 and from 2012 to 2014. When the critical Los Angeles Times articles appeared in 2013, Stumpf (and the board) failed to recognize the full harm to customers and adequately investigate the allegations. And although the reports of misconduct under Tolstedt were persistent, Stumpf continued to support her, even when Wells Fargo’s lead independent director and the chairman of the board’s risk committee suggested that she be dismissed in late 2015.

Ensuring that whistle-blower programs work effectively is crucial. (Recent research conducted by our colleague Eugene Soltes found that 20% of whistle-blower hotlines do not function properly and that organizations with weak internal controls do not permit whistle-blowers to remain anonymous.) Leaders should honor—or at least protect—whistle-blowers, who too often are treated poorly by managers and their colleagues for “ratting out” perpetrators. Even generous financial rewards for whistle-blowing, which can take years to collect, pale in comparison with the steep costs: lost relationships, stress on the individuals and their families, difficulty in landing another job.

Last, leaders must be crystal clear with employees about the behavior they won’t tolerate. Interviews we did at Siemens and SNC-Lavalin revealed that those firms’ executives failed to set explicit boundaries between acceptable and unacceptable practices for salespeople and business partners operating in highly corrupt countries. One Siemens executive told us that the message employees received from their managers was “Get the business—I do not need to know how you got it.”

In contrast, consider the steps a large pharmaceutical maker that had experienced a fraud took to communicate its stance on such behavior: It commissioned Harvard Business School to write a case about the incident and used that case in its own training sessions to help managers diagnose the causes of the problem and brainstorm ways to deter future incidents.

Don’t Play Favorites

To make it clear to everyone that they really mean it when they say illicit behavior will not be tolerated, leaders must respond decisively to crimes, dismissing and taking legal action against all perpetrators on a uniform basis. Yet anecdotal evidence and our research show that many leaders fail to do this.

Siemens permitted managers caught paying bribes in Italy to retire with full pensions, and it paid a $1.6 million settlement to the departing CFO responsible for overseeing the contract involved. The #MeToo movement’s spotlight on harassment and assault faced by women has brought to light numerous cases in which corporate leaders, and in some cases boards, allowed senior male executives to remain in their jobs despite multiple allegations that they had abused female employees. And leaders of the Roman Catholic Church treated clergy accused of child molestation leniently, often by moving them to other parishes rather than expelling them or supporting their prosecution.

To examine whether that kind of permissiveness is pervasive in business, we analyzed the punishments companies gave to perpetrators of white-collar crimes. We used data from a PwC survey that asked firms about their experiences with crime in 2011, including data on the nature of the offenses, punishments, and main-perpetrator demographics. Of the 3,877 firms responding, 608 reported detecting white-collar crimes by employees that year. When we looked at the most serious crime each firm reported, we found that 42% of the main perpetrators had been dismissed or left the organization and faced legal action, 46% had been dismissed with no legal action, and 13% remained with the organization (with or without a transfer or warning). The low rate of legal action against the perpetrators most likely reflects the practical challenges of prosecuting white-collar criminals: Evidence that an individual committed an act doesn’t suffice; there also has to be proof that he or she intended to commit it or had knowledge of wrongdoing. Given the potential penalties and reputational risks to companies, corporate attorneys often advise executives to quietly dismiss perpetrators without any legal action.

Treating perpetrators leniently, however, sends a message to potential offenders that crime pays or isn’t risky, and it also damages the morale of honest employees. At several companies plagued by crime, the employees we interviewed expressed frustration over their leadership’s unwillingness to remove senior managers accused of wrongdoing; the employees said it hurt morale and led some people to quit.

Another troubling finding of our research was the uneven pattern of punishment. Controlling for the type of crime and its magnitude, our analysis of the PwC data revealed that perpetrators who were junior managers or staff members were 24% more likely to face legal action and dismissal than perpetrators who were senior executives. Even when crimes were similar, senior executives were more likely to be given a warning or an internal transfer, and junior managers were more likely to be dismissed.

Undoubtedly, leaders are more reluctant to fire a senior executive because of his or her relationships with customers or the belief that the person’s expertise will be difficult to replace. But our findings about how women are treated relative to men suggest that this is not the full story and that cronyism and favoritism are significant factors. Senior women, who are often seen as outsiders in informal male social networks and are less likely to have close personal relationships with the male decision makers who determine punishments, are disciplined more severely than senior men who’ve committed crimes of the same type and magnitude.

Companies operating in countries with greater workforce gender inequality (such as India, Turkey, Middle Eastern nations, Indonesia, and Italy) were also more likely to impose harsher punishments on senior women than on senior men. In addition, we found that punishments were harsher for senior women at firms that had a weaker commitment to internal controls and that failed to report crimes to regulators, thereby making it easier to respond to them inconsistently.

The obvious remedy is to create and religiously enforce a policy of punishing everyone equally. That’s what Erik Osmundsen did at Norsk Gjenvinning (NG), a Norwegian waste management company. Soon after being appointed CEO, in 2012, he set out to eliminate widespread fraud, theft, and corruption at the firm. He created a set of values that included behaving like a responsible entrepreneur—one who did not cut corners—and being a team player within both the company and society. The values were translated into specific codes of conduct for each job, which every employee had to agree to follow. The company then implemented a four-week amnesty period, during which employees could confess any transgressions they had performed or witnessed. After that, nobody was forgiven for any infraction. Altogether about 170 operating and staff managers—roughly half the total—left the firm over the next 18 months. The vast majority chose to quit; a handful were fired. (See “We Were Coming Up Against Everything from Organized Crime to Angry Employees,” HBR, July–August 2019.)

Recruit Leaders with a Record of Integrity

To change the culture of a company plagued by systemic crime, you need to bring in new leaders with a reputation for honesty. If the industry itself is rife with corruption, it may be necessary to hire executives from other industries, who will have a different perspective and are likely to shake up the status quo.

Siemens replaced Klaus Kleinfeld, who had stepped down as CEO during the bribery investigation, with Peter Löscher, an executive from the pharmaceutical industry. One key factor in Löscher’s appointment, cited in the press release (in a rare move for such announcements), was “his upright character.” Recognizing the challenges in changing the culture at Siemens, Löscher brought in from the outside several senior managers whom he had worked with previously and who he knew had high integrity. They included Andreas Pohlmann as chief compliance officer and Peter Solmssen as general counsel and member of the management board. Both men, along with Barbara Kux, who came in as chief sustainability officer and member of the management board, played a critical role in developing a plan to address the problems at the company and reform its culture. (See “The CEO of Siemens on Using a Scandal to Drive Change,” HBR, November 2012.)

Since NG’s problems were endemic to the waste management industry, Osmundsen opted to recruit fresh blood from outside it (from building materials, aluminum, retail, oil and gas, and soft drink firms). He persuaded people to join NG with his vision of making it a model green company—one that, by pursuing innovative approaches to waste management, could play a significant role in furthering environmental sustainability. In the short term, employee turnover hurt the company’s financial performance. But within three years it had recovered financially and was well-positioned for more-profitable growth.

Require Employees to Make Tough Decisions in Groups

When Statoil, a Norwegian energy company (recently renamed Equinor), established a large market presence in Angola, its executives and board recognized that its employees would face pressure to pay bribes there. (Transparency International has ranked Angola one of the most corrupt countries.) To reduce the likelihood that they would succumb, the company’s leaders ordered employees to make decisions in groups. This was a direct result of Statoil’s experiences in Iran. In 2004 and 2006 the company agreed to pay fines in Norway and the United States, respectively, for bribing a government official to secure a contract in Iran (though the firm neither admitted nor denied guilt). A senior executive told us that one lesson from that scandal was that employees were much more likely to cut corners and do the wrong thing when they made calls on their own.

Making a tough decision in a group requires people to have open and honest discussions, and that doesn’t happen automatically. Employees must have faith that other group members are committed to hearing and valuing their opinions and that the firm’s leaders will support the group’s decisions, even if they have adverse financial consequences. If leaders don’t inspire that trust, simply relegating decisions to groups is unlikely to solve the problem. Research by our Harvard colleague Amy Edmondson has shown that it takes strong leadership to create a climate of psychological safety. Leaders must actively promote the behaviors they expect people throughout the organization to adopt—by, for example, showing that it’s OK to ask tough questions and express dissenting views, empowering frontline employees to speak frankly to their superiors about signs of potential trouble, being candid about the organization’s past errors and openly discussing them, and acknowledging their own ignorance about a topic or area of expertise.

Champion Transparency

After Statoil’s bribery charge, Helge Lund, its new CEO at the time, decided that the company would become one of the first firms in an extractive industry to publicly disclose the payments they made to foreign governments to gain access to countries’ natural resources—a practice that regulators and public interest groups had long advocated for. This decision sent a strong message to employees that the old ways of conducting business would no longer be tolerated.

Supporting institutions that investigate and report on corruption is another way that leaders can demonstrate to employees that they’re serious about conducting business in an ethical fashion. The work of these organizations promotes fair competition and increases the public’s confidence that business crimes are detected and punished; and to the extent that it reduces corruption, it stimulates economic development.

Statoil became one of the original members of the Extractive Industries Transparency Initiative (EITI), which aims to bring together companies, governments, and NGOs to reduce corruption in resource-rich countries and increase transparency about payments by oil, gas, and mining companies there. Over time participation in the initiative has steadily increased, and while early EITI reports provided aggregate information on company payments and country revenues, the latest frequently include detailed company disclosures of payments. Collective action appears to be moving things in the right direction: Our empirical research, analyzing data from 186 countries over more than 10 years, suggests that countries with EITI reporting have experienced a significant decrease in corruption, especially those that began with high levels of it.

At Siemens, Löscher and Solmssen reached out to competitors, governments, NGOs, and other stakeholder groups to make a case for broader reform. In 2009, as part of its settlement with the World Bank for its past misconduct, the company agreed to spend $100 million over 15 years to support organizations and projects fighting corruption through collective action, education, and training. By the end of 2017, it had made $73 million in grants for 55 projects. In addition, Siemens became a member of the World Economic Forum’s Partnering Against Corruption Initiative (PACI), which includes 87 major companies.

Transparency International and the World Bank (which created a program to fight corruption in 1996) both are active in educating and informing companies and the public. These organizations support research on corruption and regularly rate countries on perceptions of the extent of their public-sector corruption.

Another institution that plays an important role is the media. Smaller organizations that report on corruption are emerging beside the major news outlets. For example, the FCPA Blog publishes news, commentary, and research findings to help compliance professionals, business leaders, and others understand how anticorruption laws work, how corruption arises, and how it affects people and organizations. In Russia, Alexey Navalny operates RosPil, a nonprofit at which a small group of lawyers investigate and report on potential incidents of corruption. In India, Ramesh and Swati Ramanathan have created ipaidabribe.com to provide a platform for people to report incidents when they’ve been asked to pay a bribe.

Research by Aymo Brunetti of the University of Bern and Beatrice Weder of the Graduate Institute Geneva confirms what you would expect: A free press lowers corruption. But press freedom is under attack: Hostility toward the media is no longer limited to authoritarian countries; it has spread to democratic nations, where efforts to threaten and delegitimize the media are on the rise, according to Reporters Without Borders, an NGO that publishes the annual World Press Freedom Index. Business leaders serious about combating corruption can and should support journalists, by publicly recognizing their legitimacy and defending them when they come under attack.

In large organizations, mistakes will be made. The world is a messy place, and humans are imperfect. But by creating a culture that encourages employees to act ethically and legally, leaders can minimize the likelihood that a scandal will hit their company and increase its ability to bounce back from any illicit actions that do occur. To set the right tone, leaders have to model high standards in both their professional and personal lives.

All too many leaders still fail to continually stress the importance of organizational integrity. They either underinvest in compliance systems or have a check-the-box mentality toward risk management and delegate the responsibility to lawyers and accountants. Red flags go unheeded. When crimes are detected, they’re dealt with quietly and unequally. These leaders justify their behavior by saying, “Corruption is an industry problem that we cannot fix,” “It’s the way business is conducted in these countries,” or “We can’t afford to lose the business.”

In contrast, other leaders, many operating in high-risk countries or sketchy industries, set high standards and practice what they preach. They don’t just install strong compliance systems; they also support training programs and performance-feedback and whistle-blowing systems; create an atmosphere where it’s psychologically safe to speak up when something seems wrong; and engage their industry peers to fight corruption together. Our research indicates that organizations with such leaders don’t pay a high financial price for their integrity. Although they may not grow as quickly as their less-scrupulous peers, their growth is more profitable.

Then there are the less widely discussed benefits. Many employees who have chosen to work at high-integrity companies in high-risk countries and industries have told us that they did so because of those firms’ values. Some people even told us that they accepted lower pay from those employers. Such companies and their leaders have the respect of their customers, regulators, and communities. They are more likely to prosper and endure.

Where Is Your Company Most Prone to Lapses in Integrity?

by Eugene Soltes

EVERY SIZABLE ORGANIZATION HAS integrity gaps—areas where what’s considered appropriate behavior diverges from the norms set by its leaders. Within these pockets, things like offensive language, overly aggressive sales practices, or conflicts of interest may be overlooked or even implicitly condoned. Such lapses not only endanger the reputation of the company but also pose regulatory and liability risks.

Many corporate leaders don’t discover the magnitude of integrity gaps until a problem has blown up into a crisis and the threat of government action or litigation looms. Board members are often taken by surprise, asking, Why didn’t we spot this earlier? Shouldn’t we have known where we were vulnerable and how? Compliance and ethics programs are supposed to prevent such crises, but the people running them are often playing defense rather than strategically rooting out trouble before it grows and spreads. Fortunately, however, company leaders can get ahead of the risks by setting up systems for early detection through routine data collection.

Integrity gaps arise for several reasons. In a geographically dispersed organization, local norms and cultures can vary widely, making it a challenge to set unified standards and expectations. In an extensive global survey examining fraudulent business practices, for instance, EY found that no senior managers in Switzerland approved of misstating financial performance. But the same survey found that more than a quarter of managers in Vietnam and Indonesia were willing to engage in such deception. Attitudes and ethics can also differ by demographic segment. EY’s survey revealed that one in five employees under age 35 could justify paying cash bribes to help a business survive an economic downturn, but among employees over 35, only one in eight could.

Before your organization can develop a plan to identify integrity gaps in its culture, it needs to accept two things:

First, some misconduct occurs at your firm. When I looked at data from a host of internal reporting sources for three innovative Fortune 100 companies—none of which has faced a recent civil or criminal charge—I found that on average, each firm had experienced a violation that could lead to regulatory sanctions (such as a bribe or financial fraud) once every three days. While their organizations have issues more frequently because of their size, these companies also have some of the most robust and effective controls I’ve seen. Their violations were much smaller than the kind that hit the news, but they illustrate that even companies that invest heavily in compliance will have some malfeasance within their ranks.

Second, a considerable amount of misconduct is not going to be internally reported. Violations that company leaders learn about through traditional channels are probably only the tip of the iceberg—and that should make leaders nervous. Though some attorneys argue that a company shouldn’t proactively try to identify misconduct because it could turn into discoverable evidence that might be used against the firm, “ignorance is bliss” is not a sustainable way to run a business. Allowing integrity gaps to grow is especially unwise in an era when employees are increasingly likely to bring allegations straight to the media or regulators if they feel ignored by their leadership.

Gathering Data to Identify Gaps

Once you’ve acknowledged that integrity gaps exist in your organization, how can you figure out where they are? Just ask.

Randomly giving employees a simple survey can provide a ground-level view of practices that senior leadership may be missing—and help you identify where the problems lie. The survey has three questions:

1. In the past quarter have you observed any of the following? Please check all that apply.

• Conflicts of interest
• Sexual harassment
• Bribes or inappropriate gifts
• Accounting irregularities
• Antitrust violations
• Theft

While the kinds of misconduct companies need to ask about will vary with their business models and risks, the question above includes examples of the most pertinent problem areas. Different organizations, and subgroups within them, will get dramatically varying responses to this part of the survey. I have seen some companies where fewer than 0.5% of employees report observing certain types of questionable behavior. But that figure can reach 10% or more in individual geographic and functional subgroups in some firms.

When analyzing the survey data, you should focus on looking for integrity problems rather than strictly legal violations. For example, a senior manager might regularly say things that wouldn’t legally constitute sexual harassment but that nonetheless make employees deeply uncomfortable. Or an employee might believe he witnessed a payment that would violate the U.S. Foreign Corrupt Practices Act when it was technically a facilitation payment permitted under the law. These issues are still worth identifying because anything employees perceive to be a violation can affect workplace morale. Moreover, they often can be leading indicators of more-serious misconduct that will develop into legal or regulatory exposure.

2. If you observed questionable conduct, did you report it? Please answer yes or no for each of the following:

Conflicts of interest ________________________________________________

Sexual harassment _________________________________________________

Bribes or inappropriate gifts _____________________________________

Accounting irregularities _________________________________________

Antitrust violations ________________________________________________

Theft ____________________________________________________________________

Leaders, especially those who are legally focused, sometimes take false comfort in the fact that they have a code of conduct that requires employees to report any violations they see. In reality, however, that promise is a check-the-box exercise for many employees. The responses to the second question will often illuminate gaps between the code and actual behavior.

Gartner, which is regularly asked to survey companies’ employees about their organizational culture, has observed that reporting rates vary significantly for different kinds of violations. Workers are most likely to report a theft of company property or accounting irregularities; 46% of those who observed a theft reported it, and 41% of those who saw fraudulent accounting practices did. However, the reporting rate is considerably lower in other instances, including inappropriate gift giving (27%) and conflicts of interest (34%). Notably, Gartner’s data shows that the average reporting rate is less than 50% for all types of violations, whether they’re HR related, sales related, or regulatory related.

3. If you noted in question two that you didn’t report the questionable conduct, why not?

Conflicts of interest ________________________________________________

Sexual harassment _________________________________________________

Bribes or inappropriate gifts _____________________________________

Accounting irregularities _________________________________________

Antitrust violations ________________________________________________

Theft ___________________________________________________________________

The potential reasons employees don’t report wrongdoing are numerous. They may fear retaliation, be reluctant to get involved, feel conflicted because the incident involved a friend, or worry that exposing the misbehavior could undermine the firm’s goals or financial performance. Fear of retaliation tends to be most common; in surveys done within companies, 10% to 30% of employees list it as their major concern.

Many of the barriers to reporting are institutional problems that require understanding the source of employees’ concern. Others, like not wanting to get involved, indicate that the reporting process itself is—or at least is rumored to be—too cumbersome. Companies that work to reduce that perception can increase reporting rates. In a recent internal pilot, compliance leaders at Kimberly-Clark went back to employees who had reported integrity issues (nonanonymously) and asked them whether they felt the reporting process was fair and whether they would recommend it to a colleague. Notably, the compliance executives did not ask whether the people reporting problems agreed with the outcome of investigations; instead they emphasized the aim of improving the process to ensure that people knew their input was valued and respected in the organization. On the basis of the feedback, Kimberly-Clark now is refining how it communicates to and trains people about the reporting process.

To get answers to these three questions, organizations can simply send employees a short “pulse” survey or integrate a survey into routine compliance training. Critically, data collection should be conducted anonymously—that is, without capturing individuals’ names or identities—to encourage complete candor. Anonymity can be preserved while the firm gathers nonidentifying metadata, including the location and rank of employees (assuming there are more than a few dozen people in each subgroup). That information will reveal to managers which parts of the organization deserve greater attention. To ensure employee confidentiality, many companies hire a third-party consultant to conduct the surveys and restrict access to their data to in-house compliance, legal, and audit teams.

Learning from the Data

Data from this simple survey can produce three types of insights:

Where to focus

Identifying the location of specific integrity gaps—by both function and geography—can be extremely valuable. By analyzing data on violations in these areas, companies can unearth the causes of misconduct and devise a strategy to address them—perhaps by redesigning incentives, creating new controls, or conducting training.

Identifying gaps is not a onetime HR exercise in finding the “bad apples” and separating them from the good. Violations often happen among the most dedicated and successful employees. These people may even be especially susceptible to certain kinds of misbehavior. For example, high-performing sales employees may feel more pressure to inappropriately book sales if they’re behind on the budget at the end of a quarter. This is why data collection should be done periodically across different groups of employees throughout the year. Ideally, each quarter a randomized subset of employees would be surveyed.

Better ways for employees to voice concerns

While it may be obvious that norms will differ among countries, offices, and even teams, figuring out how they differ and what to do about them is a challenge. Employees’ survey responses helped a large consumer products company tackle this. From them the firm learned that in one country where citizens feared monitoring and reprisal by an authoritarian government, workers were hesitant to call their local integrity hotline. To make them more comfortable about reporting their concerns, the company created a toll-free number for them in the United Kingdom.

The true size of the iceberg

To prevent wrongdoing, you need to understand issues that may be developing below the surface. Yet it’s often difficult to know what kinds of problems are slipping through compliance processes (like hotlines) and other internal controls. The survey data can help companies better estimate the actual amount of misconduct within the organization—and the amount that’s not being reported. Ultimately, this kind of modeling will help senior leaders get a clearer picture of the integrity issues and violations that otherwise would probably never come to their attention.

Many leaders publicize their firms’ commitment to integrity and say that their employees should feel empowered to speak up if they see something questionable. Yet the best leaders don’t rely on these statements alone. Instead they collect data to monitor and assess whether their organizations actually adhere to their ethical standards. Sustaining a company’s cultural integrity requires constant vigilance—and measuring progress is the best way to manage it effectively. Data that allows leaders to proactively identify emerging gaps is a critical tool for staying one step ahead of problems that might land their companies in the next day’s headlines.

Originally published July–August 2019. Reprint R1904B