What Senior Leaders Get Wrong About Compliance Culture

Good intentions are not a compliance programme.

Most senior leaders who are asked about their organisation's commitment to ethics and compliance give answers that are sincere. They mean what they say. They believe, in most cases, that their organisation takes these things seriously — that the people around them are operating with integrity, that the systems in place are adequate, and that the culture reflects the values they have spent time articulating.

This confidence is not always misplaced. There are organisations that have built something genuinely robust — where the distance between declared values and lived experience is small, where the speak-up culture is real, where compliance is embedded in how decisions are made rather than layered on top of them.

But in a significant number of cases, the confidence of senior leadership is disconnected from the experience of the people working below them. Not through deliberate misrepresentation, but through a set of predictable misunderstandings about what compliance culture requires and what it actually looks like when it is functioning — and when it is not.

Saying the right things is not the same as building the right environment.

The most common misunderstanding among senior leaders who are genuinely committed to ethics is the conflation of communication with culture. A compelling integrity message. A well-produced training programme. A code of conduct that expresses the right values in the right language. These are necessary. They are not sufficient — and treating them as sufficient is one of the most consistent patterns in organisations that experience significant compliance failures despite visible senior commitment.

Culture is not what people are told to believe. It is what they observe, in the behaviour of those around them and above them, about what is actually valued and what is actually tolerated. An organisation that communicates a strong ethics message and simultaneously rewards commercial results achieved through methods that compromise it is not building an ethical culture. It is building a sophisticated form of cognitive dissonance — one that, under sufficient pressure, resolves in favour of the behaviour that is actually rewarded.

No news is not good news.

Senior leaders who have not been told about compliance problems frequently conclude that there are no compliance problems to be told about. This conclusion is sometimes correct. It is also one of the more dangerous assumptions that a compliance programme can rest on.

The absence of reports to a speak-up channel does not mean that nothing is wrong. It may mean that people do not believe the channel is safe to use. That they have absorbed, through observation, that raising concerns leads to consequences for the person who raises them rather than the person they raise concerns about. That the culture around speaking up has been shaped by what happened the last time — or the time before — someone tried.

Senior leaders who understand this build systems designed to surface information that the normal reporting structures are unlikely to deliver. They ask questions in operational settings that create space for honest answers. They treat the absence of reported concerns with the same analytical scrutiny they would bring to an unexpected result in a financial report.

The compliance function supports culture. It cannot create it.

The compliance officer is responsible for the compliance programme. The compliance culture belongs to every leader in the organisation — and most directly to those at the top. An organisation that has delegated its compliance culture to the compliance function has made a category error that no amount of investment in compliance infrastructure can correct.

This is not a criticism of compliance functions. It is an observation about what compliance functions can and cannot do. They can build the architecture. They can design the training. They can develop the policies. They can run the risk assessment. They cannot, by their own actions, create the environment in which those tools function as intended. That environment is created by leadership — through the decisions leaders make, the questions they ask, the behaviour they model, and the things they are willing to be honest about.