This week, I want to pay tribute to my former Compliance Week colleague, Aly McDevitt, who announced on LinkedIn that she was retiring from CW to become a full-time mother. I wrote a tribute to Aly, which appeared in CW last week. To prepare to write that piece, I re-read her long-form case studies, which she wrote over the years for CW. They are as compelling today as when she wrote them. This week, I will be paying tribute to Aly by reviewing five of her pieces. The schedule for this week is:
Monday: A Tale of Two Storms
Tuesday: Coming Clean
Wednesday: Inside a Dark Pact
Thursday: Reaching Into the Value Chain
Friday: Ransomware Attack: An immersive case study of a cyber event based on real-life scenarios
In this story, Aly’s reporting did what the best compliance journalism always does: it moved beyond the headline scandal to examine the operating mechanics of cultural repair. McDevitt did not simply retell Dieselgate. She walked through how Volkswagen tried to recover from one of the great corporate compliance failures of modern times through a U.S. monitorship, structural reform, and a sustained effort to replace fear with integrity.
For the corporate compliance professional, Coming Clean is more than a case study about emissions cheating. It is a case study on whether a company permeated by misconduct can rebuild trust in a credible, measurable, and durable way.
McDevitt begins with the plain truth. Dieselgate was not the act of a single rogue employee or a single bad executive. The defeat device was developed, installed, and concealed by many. Volkswagen’s diesel vehicles used software that sensed when emissions testing was underway and shifted performance to produce compliant results; during normal operations, emissions controls underperformed, resulting in nitrogen oxide pollution up to 40 times above permitted levels, according to U.S. officials. In total, Volkswagen sold approximately 590,000 such vehicles in the United States and roughly 11 million worldwide.
That alone would have made this a historic scandal. But the deeper compliance failure was cultural. McDevitt reports that the company did not come clean voluntarily. It admitted wrongdoing only after regulatory pressure forced the issue. As she recounts, former New York Attorney General Eric Schneiderman alleged that hundreds of senior executives and engineers knew what was happening and that no one was willing to say, “Maybe we should not do this” or “This is against the law,” a devastating indictment of the company’s ethical environment.
That is the first lesson for compliance officers. Compliance breakdowns at this scale are rarely caused by one missing policy. They come from pressure, silence, and a culture that normalizes rationalization.
Volkswagen’s business ambition played a central role. McDevitt notes that the company’s push to become the world’s most successful automaker was accompanied by an integrity deficit, unrealistic goals, and a culture of fear. Later in the case study, she connects this to Strategy 2018, a corporate objective that sought market dominance and, in many observers’ view, created unbearable pressure to deliver results. This is an old lesson, but it remains evergreen. When growth goals are decoupled from ethics, misconduct begins to look like problem-solving.
Volkswagen’s 2017 guilty plea resulted in $4.3 billion in criminal and civil penalties and a three-year U.S. monitorship. McDevitt rightly focuses on the monitorship not as a humiliation ritual, but as an instrument of recovery. Former Deputy Attorney General Larry Thompson was appointed independent compliance monitor and auditor, and Hiltrud Werner became the executive on the Volkswagen side responsible for integrity, legal affairs, and much of the internal reform effort.
One of McDevitt’s great strengths in this piece is her attention to the relationship between monitor and company. Too often, practitioners think of monitorships as adversarial. Volkswagen’s experience suggests something more nuanced. Werner explicitly framed the monitor as an investment in Volkswagen’s future, not merely a punishment for its past, and she stressed that having someone on-site who knew the required standard was a positive element of reform. That is a practical insight. External oversight works best when the organization treats it as a pathway to transformation rather than a box-checking burden.
McDevitt also highlights the mechanics of making that relationship work. Volkswagen held a pre-monitorship “boot camp” in May 2017 to accelerate understanding, create transparency, and build human relationships between the monitor team and company personnel. Werner’s takeaway was one every compliance professional should write down: do not focus only on process; focus on people, too. I find that insight especially powerful because compliance functions often overinvest in control language and underinvest in trust architecture.
That same lesson appears in Volkswagen’s Project Management Office. McDevitt reports that the company created a neutral PMO to coordinate the monitorship across departments, manage over 1 million pages of documents and more than 8,000 meetings, and connect the monitor team to knowledgeable personnel across the enterprise. The PMO was not clerical support. It was organizational muscle. It mirrored the monitor’s work streams, established clear lines of contact, and brought together 80 staff from the first, second, and third lines of defense. That is another lesson worth underlining. In a major remediation project, project management is not ancillary to compliance. It is compliance.
McDevitt then turned to one of the most significant reforms: a single Code of Conduct for all employees across all 12 brands and companies, the first such common code in Volkswagen’s history. Hiltrud Werner described it as the company’s first stable anchor for culture. The Code was not meant to be an abstract statement. It included case studies and examples, and the training was updated to include “Dieselgate Lessons Learned” on compliance, integrity, culture, realism, personal responsibility, and speak-up expectations. Every employee and all board members received training on those lessons. For compliance professionals, this is exactly right. If your code cannot explain what went wrong in your own organization, then it is not yet a living document.
McDevitt’s reporting on Together4Integrity (T4I) is especially useful for practitioners. T4I emerged from the ashes of the failed growth-at-all-costs model and was built on two pillars: designing processes and positively influencing them, and inspiring employees to do the right thing out of conviction. It was not a one-size-fits-all rollout. Volkswagen recognized that a global organization with strong local identities needed both centralized standards and local ownership.
I particularly appreciated how McDevitt showed the practical texture of this effort. Local managers were empowered to choose engagement formats, from discussion breakfasts to integrity activities designed to reduce the distance between managers and employees and support a more open speak-up culture. Stephanie Davis, Volkswagen Group of America’s CECO, put it plainly: serious topics cannot be so scary that employees refuse to engage with them. Demystifying the work is part of the work.
The company also understood that culture had to be measured. This is perhaps the most practical part of McDevitt’s analysis. Volkswagen used perception workshops and its annual Stimmungs barometer survey to assess whether employees believed integrity was possible within their organizational units, identify weak areas, and build risk-based action plans. Werner reported that these measures showed year-over-year improvement, and the company used them to target workshops and resources where risk was greatest.
This is where many companies still fall short. They conduct training and communications, but they do not build a credible measurement framework for whether culture is actually changing. Volkswagen’s approach, as McDevitt presents it, offers a more mature model.
She also addresses the root causes of silence. Volkswagen identified “chimney careers,” or promotion paths entirely within one silo, as a structural factor that discouraged speaking up, as employees became too dependent on a single chain of command. That diagnosis is remarkably important. Speak-up culture is not only about hotline posters or anti-retaliation language. It is also about mobility, organizational design, and whether employees believe dissent will end their careers.
Finally, McDevitt looks at trust. Internally, Volkswagen viewed the increase in non-anonymous whistleblower reports as evidence that fear had begun to recede. In 2020, the company received 2,800 whistleblower tips, 90 percent of which were non-anonymous, a figure Werner said was unusually high and a signal that employees no longer felt the same degree of fear. Externally, regaining customer trust was slower and more difficult. Volkswagen repositioned around electric vehicles, carbon neutrality, and Electrify America, but Werner candidly admitted that rebuilding credibility was still a long process.
That candor may be the final lesson. After a scandal of this magnitude, a campaign cannot restore trust. It is restored by years of disciplined conduct, transparent accountability, and evidence that the company has truly understood what went wrong. Aly McDevitt’s Coming Clean is therefore not simply a story about Volkswagen. It is a guide to the difficult middle stage of compliance work: what happens after the plea, after the headlines, after the first promises. That is where the real labor begins.
Join us tomorrow, where we review Aly’s piece on Lafarge in Syria. I am a columnist for Compliance Week.
