The person who has never appeared on a watchlist.
If you asked most compliance officers to describe their highest-priority concern, the answer would likely involve some variation of the following: a fraudulent supplier, a corrupt intermediary, a rogue employee with a history of boundary-crossing, a jurisdiction with elevated bribery risk.
These are legitimate concerns. The work of identifying and managing them is real, necessary, and often demanding. But there is a category of risk that rarely appears on a compliance risk matrix, and it is, in many organisations, the most significant risk of all.
It is the honest employee. The one who has no file. No flag. No record of anything that would cause concern. The one who has come to work every day for years with every intention of doing the right thing — and who is now, quietly, running out of resources to keep doing it.
The mechanism no risk assessment captures.
Compliance programmes are, by design, built around risk. They identify the categories of exposure, the people and processes most likely to be involved in misconduct, and the controls most likely to prevent it. This is rational. It is also structurally incomplete.
Because the risk that an honest person will make a poor decision under pressure is not a risk that registers until after it has materialised. It does not appear as a red flag in a due diligence report. It does not trigger an alert in a monitoring system. It does not have a name in the risk register.
But it is real. And it is, in many organisations, the mechanism through which the most damaging compliance failures actually occur — not the calculated fraud of someone who planned it, but the gradual erosion of someone who didn't.
The person who starts by rounding a number, because the honest figure would cause a difficult conversation. Who then omits a detail from a report, because including it would delay an approval that everyone is waiting for. Who eventually finds themselves in a position that, if described out loud, they would not have believed themselves capable of — because nobody, at any point along the way, gave them the support or the language to make a different choice.
This is not an unusual story. It is, in various forms, the most common compliance story there is. The question is not whether it is happening in your organisation. The question is what your compliance programme is doing about it.
Building capacity before pressure arrives.
Investing in your most honest employees does not mean treating them with suspicion. It means treating them as the valuable, vulnerable asset they are — and giving them what they need before they need it.
It means training that prepares them for the moment of genuine difficulty, not just the moment of obvious wrongdoing. Most compliance training teaches people to recognise clear cases of bribery or conflict of interest. The cases that actually matter — the ones that involve real dilemmas, genuine pressure, and no obviously right answer — are rarely addressed.
It means creating the conditions in which asking for help feels safe. An employee who faces a difficult situation and knows they can raise it without consequence — without being seen as weak, without being blamed for not handling it alone — is an employee whose good instincts have somewhere to go. An employee who has learned, through experience or observation, that raising concerns leads to difficulty is an employee whose good instincts have been systematically trained out of them.
It means recognising and rewarding integrity when it is visible. Not as a performance, but as a consistent signal about what the organisation values and what it protects.
The investment required is not large. The return — in avoided losses, preserved reputation, and the accumulated credibility of an organisation that actually does what it says — is substantial. And unlike most compliance investments, this one compounds over time.
Diesen Artikel herunterladen
Speichern Sie eine PDF-Kopie zum Offline-Lesen oder teilen Sie sie mit einem Kollegen, der sie nützlich finden könnte.