Tag: compliance

We continue our exploration of corporate culture. Today, we consider the intersection of the Fraud Triangle and a toxic culture.

The Fraud Triangle is well-known to most compliance practitioners. It is pressure, opportunity, and rationalization. When these three factors converge, there is a danger of an ethical lapse that could violate the law. Bribery and corruption under the Foreign Corrupt Practices Act (FCPA) are types of fraud in which the employee or employees do not keep the direct proceeds of their conduct but enrich the company. Of course, if their collective bonuses are drawn from fraudulent conduct, the cycle is complete around how the Fraud Triangle applies to the FCPA.

Bret Hood, writing in a Fraud Magazine article, entitled Twisted Rationalization, said the following: “We might commonly assume that fraudsters choose to commit fraud by deploying rational cost-benefit analyses of potential rewards against the consequences of being caught. However, most fraud perpetrators completely ignore this calculation. Most of their decisions are automatic and unconscious. Sometimes, others massage circumstances so the fraudulent decision maker doesn’t comprehend the ethical implications.”

That sounds suspiciously like someone who has been treated so poorly in a toxic culture that they feel like they have nothing to lose.

David Schrieberg, writing in a Forbes.com article entitled How Does Corporate Culture Fuel Fraud? Start With Volkswagen And Wells Fargo, cited to Steve Morang, who said of those entities and their scandals, “The brains behind the strategic decisions that organizations make, whether Volkswagen or Walmart or Wells Fargo, don’t understand that those decisions, as they get implemented and trickle down the organization, could very much affect their fraud risk profile.” These comments were aimed at the culture of sales, but those same cultural morals created a toxic culture in both organizations. I believe the Fraud Triangle provides insights for compliance professionals to help adapt a compliance program to prevent fraud that leads to bribery and corruption.

Todd Haugh, an assistant professor of business law and ethics at Indiana University’s Kelley School of Business, posited in an MIT Sloan Management Review article entitled The Trouble With Corporate Compliance Programs that even best practices compliance programs fail to take into account behavioral best practices, and one important, but too often overlooked, key to strengthening both individual and overall corporate behavior is eliminating rationalizations.

Haugh’s conclusions were drawn from his long-term research on the causes of white-collar crime and more general corporate wrongdoing. His research has led him to flagrant rationalizations engaged in by those who commit white-collar crimes. This insight led him to see the behavioral aspect of compliance programs as lacking, but that can be remedied. He listed eight different types of rationalizations.

The first is simply denying responsibility. When offenders “deny responsibility by pleading ignorance, they were acting under orders, or contending that larger economic forces caused them to act.” In denying an injury, “an offender often excuses his or her behavior if no clear harm exists.” In denying a victim, the offenders claim the “victim deserved the harm; or when the victim is unknown or not clearly defined.” Through condemning the condemners, “offender’s conduct is to attack the motives of others, such as regulators, prosecutors, and government agencies.” By appealing to higher loyalties, the fraudster claims “to protect a boss or employee, shore up a failing business, or maximize shareholder value.” By using a ledger metaphor, employees claim there is a “behavioral balance sheet” whereby employees “balance out negative actions against positive accomplishments.” Through claiming entitlement offenders assert “that they deserve the fruits of their illegal behavior.” In claiming acceptability or normality, employees compare their “bad acts with those of others to relieve moral guilt.” The FCPA violator has probably several of these rationalizations going on at once. The compliance professional needs to look for ways to counter-act or overcome them.

Haugh considers the Wells Fargo scandal, not from the actions of the former Chief Executive Officer or other senior executives but from the failure of the company’s ethical culture and compliance program to stem illegal conduct. He believes the scandal occurred in large part because of multiple rationalizations at multiple levels, stating “preliminary reports suggest it allowed an environment riddled by employee rationalizations. On the heels of the bank’s $185 million settlement agreement with the Consumer Financial Protection Bureau, a number of former employees have reported that, despite ethics training and messages from headquarters to not create fake accounts, the bank’s aggressive sales culture drowned out any explicit compliance measures.”

Haugh believes the “compliance program failed to address the systemic problem of managers pressuring employees to meet unrealistic sales goals.” He cited to one former employee on the pressure employees felt, quoting “The reality was that people had to meet their [sales] goals. They needed a paycheck.” It was this push by management that led employees, under pressure to meet unrealistic goals, to rationalize their conduct by denying responsibility and claiming relative normality in creating fraudulent accounts. Also remember that the fraudulent accounts were not limited in geographic or any other scope. They were literally created across the U.S. by Wells Fargo branches.

As a prescription, Haugh recommends several steps. The first was one of the most intriguing and it was for a company to employ a behavioral specialist to take current research and theory into practice in an organization. He believes such a behavioral specialist could help multiple corporate departments construct both training and communications by creating “a behavioral compliance curriculum tailored to various groups of employees, giving all members of the organization insight into their ethical decision-making processes. Such a curriculum can become the backbone of a behaviorally cognizant compliance program.” Note how Haugh’s suggestion on a tailored approach to training echoes the language from the DOJ’s Evaluation of Corporate Compliance Programs (Evaluation) to have tailored anti-corruption training. Wedding these two types of tailored employee training, anti-corruption and anti-fraud, could be quite powerful.

Haugh’s next suggestion was to “use behavioral best practices to eliminate rationalizations.” He believes that the compliance practitioner should use behavioral insights to improve company practices. When you consider that most compliance programs were initially written by lawyers, this is not too surprising. He wrote, “This will necessarily go beyond the traditional law-driven compliance practices employed by the vast majority of Fortune 500 companies.”

Haugh advocates that compliance programs should attack rationalizations directly, with an aim towards eliminating them. Here Haugh provided the simple yet direct example of an honesty certificate on an employee gift, travel and entertainment (GTE) reimbursement form as a starting point. I would add this has the added significance of an effective internal control. He also noted that companies should facilitate communications around fraud, rationalizations and, compliance by encouraging “employees to openly discuss rationalizations and how they affect ethical decision-making. This can be accomplished through storytelling by employees and the company. Employees should be encouraged, even required, to meet periodically in small groups to explore the potential effects of compliance violations and white-collar crimes.” To make this communication technique more powerful and to make this strategy more powerful is to fully operationalize by having business leaders guide such discussions including “topics such as what regulations are relevant to the business, common compliance pitfalls, and how some business practices produce externalities that negatively impact stakeholders.”

Finally, every compliance practitioner is well-aware of the role of financial incentives in compliance. I write about this topic on a regular basis. But Haugh takes the incentives discussion in a different direction, suggesting there are non-monetary incentives that could positively impact compliance. Haugh concludes by noting that companies should “use incentives to influence behavior in the right direction” by understanding how rationalizations come into play. Most interestingly, Haugh believes that employee “praise and expressions of gratitude motivate more than money”. Think of the cost of a good word now and then or a pat on the back. But more than a pat on the back, such an approach emphasizes that good compliance is seen as the “governing ethos” of the company where the goal is “to build a corporate culture that incentivizes the rejection of rationalizations through the creation of shared values.”

Haugh concludes by recognizing that no compliance program will always eliminate bad employee behavior. However, his article and research give the compliance practitioner new insights into how to motivate employees and to make compliance more effective in an organization. Further, many of the ideas and suggestions put forth by Haugh would help to operationalize your compliance program more fully, as specified by the DOJ in the 2023 Evaluation of Corporate Compliance Programs. Finally, the use of behavioral techniques can add a powerful tool to the compliance practitioner in more fully integrating a good culture into your organization.