Tag: Speak Up

Categories
Blog

John Locke and the Legitimacy of Compliance Governance

We continue our exploration of Enlightenment Thinkers to see their influence on modern compliance programs. This week’s category is broader than philosophers, as many of these men excelled in numerous fields such as science, mathematics, calculus, and medicine. However, each contributed a key component that relates directly to our modern compliance regimes. In this post, we consider René Descartes and what he teaches as the next step beyond Bacon: evidence must be examined rigorously.

If Francis Bacon teaches us that compliance must be grounded in evidence, and René Descartes teaches us that evidence must be examined with rigor, John Locke brings us to the next great question: why should anyone trust the system itself? That question sits at the center of every modern compliance program. Employees are asked to report concerns, managers are expected to model ethical behavior, boards are charged with oversight, and companies routinely tell regulators that their compliance program is real, effective, and embedded in the business. But none of that works if the people inside the organization do not believe the system is fair, credible, and worthy of trust. That is why John Locke matters so much to the modern compliance professional.

Locke is often remembered as a philosopher of liberty, consent, rights, and accountable government. He argued that authority is legitimate only when it is exercised responsibly and for the benefit of those subject to it. Power, in Locke’s world, is not self-justifying. It must be bounded, accountable, and tied to obligations. That idea is highly relevant to corporate compliance. A compliance program is not legitimate simply because senior management approved it, or because the board receives quarterly updates, or because policies have been published on an intranet site. It is legitimate when employees experience it as fair, when reports are taken seriously, when retaliation is not tolerated, when discipline is consistent, and when leadership is seen to be accountable to the same standards as everyone else. That is not abstract philosophy. That is compliance governance.

Why Locke Matters to Compliance

Locke’s central insight is that authority derives its legitimacy from responsible exercise and reciprocal obligation. In a political context, that meant government existed to protect rights and serve the governed, not simply to command obedience. In the corporate context, the analogy is not exact, but the lesson is powerful. Employees will not trust a compliance program merely because it exists. They will trust it only if they believe it operates fairly, protects those who raise concerns, applies standards consistently, and treats power as accountable.

This is where Locke helps compliance professionals understand something many organizations still miss. Trust in a compliance system is not automatic. It has to be earned. An employee deciding whether to call a hotline is making a deeply practical judgment. Will anyone listen? Will the matter be reviewed fairly? Will the reporter be protected from retaliation? Will the senior executive who generated the concern be treated differently from everyone else? If the employee believes the answer to those questions is no, the reporting system has already failed, no matter how polished the company’s policy language may be.

The DOJ’s Compliance Expectations Are About Legitimacy

The Department of Justice does not use the language of social contract theory, but its Evaluation of Corporate Compliance Programs (ECCP) is filled with Locke’s concerns. The ECCP asks whether the program is well-designed, applied in good faith, and works in practice. It asks about tone at the top and tone in the middle. It asks whether reporting mechanisms are trusted, whether investigations are handled properly, whether discipline is applied consistently, and whether there is protection against retaliation. Those are all questions of legitimacy. A compliance program that employees do not trust cannot work in practice.

This point is critical because too many organizations still frame culture as something soft and secondary, a matter of messaging rather than system design. Locke would reject that categorically. In his framework, legitimacy is not a decoration added to authority. It is what makes authority durable and acceptable. In a company, that means culture and governance cannot be separated. Speak-up systems, fair treatment, board attention, transparent escalation, and consistent discipline are not peripheral to compliance. They are core structural elements of it.

Speak-Up Culture Is a Test of Governance

Few areas of compliance reveal Locke’s relevance more clearly than a speak-up culture. Every company says it wants employees to raise concerns. Every company says it prohibits retaliation. But the real issue is whether employees believe those statements are true in lived experience. That belief is shaped more by organizational behavior than by slogans.

If employees see complaints buried, if they watch high performers protected despite repeated concerns, if they hear that reporting a problem is career-limiting, or if they conclude that management is more interested in identifying the reporter than addressing the underlying issue, the company has lost legitimacy. In Lockean terms, authority has ceased to be trustworthy because it is no longer being exercised for the benefit of those subject to it.

This is why non-retaliation is so important. It is not simply an employment-law consideration or a human-resources aspiration. It is a governance imperative. Retaliation tells employees that the system serves power rather than principle. Once that lesson is absorbed, reporting declines, silent resignation grows, and risk moves underground. A company may still claim to have a hotline, but it no longer has a functioning speak-up culture.

Fairness Is Not Soft. It Is a Control.

Locke also helps us understand the role of fairness in a compliance program. In many organizations, fairness is discussed as a value. It should be discussed as a control. Why? Because fairness shapes behavior. When employees believe standards will be applied consistently, they are more likely to follow them, more likely to report deviations, and more likely to trust the company’s response when issues arise. When employees believe discipline is arbitrary, selective, or influenced by rank and revenue generation, the opposite occurs. Cynicism spreads quickly. Policies become performative. Reporting drops. Informal norms replace formal standards.

That is why the ECCP pays so much attention to disciplinary consistency. Regulators understand that a compliance program loses credibility when senior leaders are treated differently from line employees. Locke would have recognized the point immediately. In any system of authority, legitimacy is undermined when rules are used to bind the weak but not the powerful.

Board Oversight and Accountable Authority

Locke’s philosophy is equally useful when thinking about board oversight. He believed that those entrusted with authority must remain accountable for how they exercise it. That is a principle every board member should understand in the context of compliance.

Board oversight is not merely about receiving information. It is about ensuring that authority inside the company is properly bounded, monitored, and answerable. The board does not run day-to-day compliance, but it is responsible for ensuring that management has created a system worthy of trust. That means asking whether reporting channels work, whether investigations are independent, whether non-retaliation protections are real, whether major risks are escalated, and whether compliance has stature and access.

This is particularly important because boards sometimes fall into the trap of treating compliance as a downstream operational matter. Locke would have viewed that as a category mistake. Governance is not something separate from legitimacy. Governance is how legitimacy is maintained.

For the modern board, that means compliance oversight must be substantive. Directors should ask not only for dashboards, but for explanations. How does management know employees trust reporting channels? What evidence supports claims of a strong culture? How is middle management assessed? What happens when senior leaders are implicated? What trends in reporting, substantiation, retaliation, and discipline should concern the board? Those questions move oversight from ceremonial to real.

In that sense, Locke also speaks directly to Caremark-era expectations. Directors have obligations not simply to exist, but to oversee. A board that does not ensure the company has credible systems of information and response is not exercising accountable authority. It is abdicating it.

Culture and the Middle Management Problem

No discussion of compliance legitimacy would be complete without examining middle management. The DOJ, in both the ECCP and the FCPA Resource Guide, 2nd edition, has long emphasized that “tone at the top” is not enough. Tone in the middle matters enormously, because employees experience the company most directly through their immediate supervisors.

This is another place where Locke offers real insight. In any system of authority, legitimacy rises or falls through those who exercise power closest to the governed. If middle managers pressure employees to ignore controls, discourage escalation, roll their eyes at compliance training, or quietly punish bad news, the company’s formal commitments will collapse in practice.

This is why companies must treat middle management behavior as a governance issue. Are managers trained not just on rules, but on their duty to support reporting and ethical decision-making? Are they evaluated on how they build culture? Do promotion and bonus structures reinforce ethical leadership, or only financial performance? Are there consequences when managers create pressure that undermines compliance expectations?

These are not marginal considerations. They are central to whether the compliance program is experienced as legitimate in daily operations. Locke reminds us that people judge institutions less by official declarations than by how authority is exercised.

The Compliance Officer as Steward of Institutional Legitimacy

Locke casts the compliance officer as a steward of institutional legitimacy. That is an important and underappreciated role. The compliance officer helps the company earn trust, not through public relations, but through structure, fairness, and accountability. The compliance officer helps ensure that when people speak up, they are heard; when misconduct occurs, it is handled consistently; when leaders exercise authority, they do so under standards that bind them as well. In this sense, compliance is not just about preventing legal violations. It is about making the institution worthy of confidence.

That is why legitimacy matters so much. A company with high trust in its compliance system detects issues earlier, responds more effectively, learns more quickly, and sustains a stronger ethical culture over time. A company without that trust becomes opaque to itself. Risk goes silent. Problems surface late. Governance becomes reactive. The institution loses one of its most important defenses: its own people’s willingness to tell it the truth.

Five Lessons Learned for the Modern Compliance Professional

First, a compliance program must be legitimate to be effective. Employees must believe the system is fair, credible, and trustworthy.

Second, speak-up culture is a governance test. Reporting mechanisms only work when employees believe concerns will be taken seriously and retaliation will not follow.

Third, fairness is a control. Consistent discipline, equal treatment across levels of seniority, and transparent standards strengthen compliance credibility.

Fourth, boards must exercise accountable oversight. They should test management’s claims about culture, reporting, and non-retaliation with real evidence.

Fifth, middle management is where legitimacy lives or dies. A company must align manager incentives, expectations, and accountability with its compliance values.

Coming Next: Thomas Hobbes and Why Every Compliance Program Needs Order

If John Locke teaches us that compliance governance must be legitimate, Thomas Hobbes will remind us that legitimacy alone is not enough. A company also needs structure, clear rules, assigned authority, escalation pathways, and credible enforcement. In Part 4, I will explore how Hobbes helps explain the roles of policies, procedures, internal controls, and operational discipline in a best-practices compliance program. Trust matters, but so does order.

Categories
Great Women in Compliance

Great Women in Compliance: Culture Check: Are Your Speak Up Channels Effective?

Ever wish you could benchmark your Speak Up channels against more than just volume, issue types, and time to close? 

The Speak Up Self-Assessment (SUSA) was designed to help you go deeper by assessing organizational infrastructure—including reporting channels, confidentiality safeguards, follow-up processes, and governance of whistleblowing systems.

In this roundtable episode, we speak with guests: 

  • Professor Jessica McManus Warnell
  • Dr. Mary Gentile 
  • Allison Narmi 

about the work they are doing to bring a free, anonymous diagnostic tool to self-assess speak-up channels. Building on the work done in the EU, our guests today are members of the project team that has developed an American version of the tool, with support from the Notre Dame Deloitte Center for Ethical Leadership. Link to the EU version here – https://edhec.az1.qualtrics.com/jfe/form/SV_eleMjkHraHzw6Hk

U.S. version coming soon.  

Categories
All Things Investigations

ATI In-House Insights: Cultivating a Speak Up Culture: Whistleblower Management Insights with Maria Buccieri and Ashley Smith

Welcome to the Hughes Hubbard Anti-Corruption & Internal Investigations Practice Group’s podcast, All Things Investigation. This is a special series featuring sights from in-house practitioners, hosted by Mike DeBernardis. In this podcast, Mike visits with Maria Buccieri and Ashley Smith, Deputy General Counsel at Amtrak, about Encouraging and Managing Whistleblowers.

Ashley and Maria, both compliance and legal leaders from Amtrak, discuss how to encourage and manage whistleblowers as a core element of an effective compliance program, emphasizing that a lack of reports does not indicate a healthy organization. They describe a “speak-up” culture as one where employees feel heard, senior leaders model speaking up, and reporting is accessible across a diverse workforce through multiple channels (phone, email, QR codes, mobile tools, in-person availability) and languages. Key barriers include fear of retaliation (often through subtle workplace ostracism), disappointment when nothing happens, and loss of anonymity. They outline best practices for handling reports consistently with other serious complaints, preserving confidentiality “as much as possible,” training mid-level managers and investigators, and maintaining communication with reporters during lengthy investigations. They also caution against dismissing “serial reporters,” recommending contextual analysis and internal process checks.

Key highlights:

  • Healthy Speak Up Culture
  • Why Employees Stay Silent
  • Handling Reports Fairly
  • Protecting Confidentiality
  • Keeping Reporters Updated
  • Serial Reporters and Sparse Tips

Resources:

Hughes Hubbard & Reed Website

Mike DeBernardis

Maria Buccieri on LinkedIn

Ashley Smith on LinkedIn

Categories
Blog

AI Governance and Speak-Up Culture: The Earliest Warning System May Already Be in Your Workforce

There is a hard truth about AI governance that too many companies are still avoiding: the first people to spot an AI problem are usually not board members, not senior executives, and not even the governance committee. It is the employee using the tool, reviewing the output, dealing with the customer, watching the workflow break down, or seeing the machine produce something that feels off. That is why AI governance is not only about policies, models, controls, and oversight structures. It is also about culture. More specifically, it is about a culture of speaking up.

If employees see an AI tool making questionable recommendations, generating inaccurate summaries, mishandling sensitive information, producing biased outcomes, or being used beyond its approved purpose, do they know that this is a reportable issue? Do they know where to raise it? Do they believe someone will listen? Do they trust that raising a concern will help rather than harm their career? Those are not soft questions. They are governance questions.

In anti-corruption compliance, we have long since learned that hotlines, reporting channels, and anti-retaliation protections are not mere ethical ornaments. They are detection mechanisms. They are how organizations surface risks before they become scandals. AI governance now needs the same mindset. If your employees are your earliest warning system, then your speak-up culture may be one of your most important AI controls.

Why Employees See AI Failures First

AI rarely fails in the abstract. It fails in use. A board deck may describe a tool in elegant terms. A vendor demo may look polished. A pilot may be carefully supervised. But once a system enters daily operations, it interacts with real people, real data, real pressures, and real shortcuts. That is when the problems begin to show themselves.

An employee may notice that a tool is confidently wrong. A manager may realize that staff are over-relying on generated summaries without checking the source material. Someone in HR may see that a screening tool is producing odd results. A sales employee may notice that a customer-facing chatbot is inventing answers. A compliance analyst may find that an AI-assisted monitoring process is missing obvious red flags. A procurement professional may discover that a vendor quietly changed a feature set or data practice.

In each of those examples, the problem shows up at the point of use, not at the point of approval. That is why the old compliance lesson still applies: the people closest to the work are often closest to the risk. In AI governance, that means employees are often the first line of detection. But detection is useless if the culture tells them to keep their heads down.

The Governance Blind Spot

Many organizations are investing significant effort in AI principles, governance committees, acceptable-use policies, and risk classification. That is all important. But many of these programs have a blind spot. They are built as if AI risk will reveal itself only through formal testing, audit reviews, or leadership dashboards. It will not.

Some AI failures will surface through monitoring and controls. But many will first appear as employee discomfort, confusion, skepticism, or observation. Someone will notice that a tool is being used in a way that feels wrong. Someone will catch a factual error before it leaves the building. Someone will realize that human review is not actually happening. Someone will see mission creep. Someone will spot a gap between policy and practice.

If the governance model does not actively encourage employees to raise those concerns, the company has built an AI oversight program with one eye closed. That is a dangerous place to be because AI risk is often cumulative. A small issue ignored today becomes a larger issue tomorrow. An inaccurate output tolerated in a low-stakes setting becomes normalized in a higher-stakes one. A quietly expanded use case becomes a de facto business process. Silence is how minor flaws become systemic failures.

Speak-Up Culture as an AI Control

Let us be clear about terms. Speak-up culture is not simply a hotline number posted on the intranet. It is the set of signals an organization sends about whether employees are expected, supported, and protected when they raise concerns.

In the AI context, a healthy speak-up culture means employees understand that reporting concerns about AI outputs, use cases, data handling, or control failures is part of responsible business conduct. It means managers know that AI concerns are not “just tech issues” to be brushed aside. It means investigators and compliance teams are prepared to triage and assess AI-related reports intelligently. It means retaliation protections apply as much to someone challenging a machine-enabled workflow as they do to someone reporting bribery, harassment, or fraud.

This matters because AI can create a special kind of silence. Employees may hesitate to challenge a system that leadership has praised as innovative. They may worry that questioning the tool makes them sound resistant to change or insufficiently sophisticated. They may assume someone more senior has already validated the output. They may think, “Surely the machine knows better than I do.” That is exactly the kind of cultural dynamic compliance should distrust.

Machines do not deserve deference. Controls deserve scrutiny. A mature AI governance program, therefore, needs to treat employee reporting as a formal part of its control environment. Speak-up culture is not adjacent to AI governance. It is part of AI governance.

What CCOs Should Be Asking

If you are a Chief Compliance Officer, there are several questions you should be asking right now.

First, do employees understand that AI-related concerns are reportable? Many organizations have not made this explicit. Staff know they should report harassment, bribery, theft, and retaliation. They may not know whether to report unreliable AI output, a suspicious recommendation, a data input concern, or a business team using a tool outside its approved scope. If you have not told them, do not assume they know.

Second, are your reporting channels equipped to receive AI-related concerns? Hotline categories, case-intake forms, and triage protocols may need to be updated. If an employee reports that an AI tool is generating misleading outputs in a regulated workflow, who receives that report? Compliance? Legal? Security? IT? HR? Some combination? If ownership is unclear, reports will stall, and stalled reports teach employees not to bother.

Third, are managers trained to respond appropriately when AI concerns are raised informally? This is critical. Many concerns will not begin in a hotline. They will begin in a meeting, a hallway conversation, a team chat, or an email to a supervisor. If the manager shrugs, dismisses, or minimizes the issue, the detection system fails before it starts.

Fourth, are anti-retaliation protections being reinforced in the AI context? Employees who challenge AI use may be questioning a high-profile project, a popular vendor, or a senior executive’s initiative. That can create subtle pressure to stay quiet. Compliance should be ahead of that dynamic, not behind it.

Building an AI Speak-Up Framework

What does a practical approach look like?

The first step is to define what types of AI concerns employees should raise. Be concrete. Tell them to report suspected misuse of AI tools, outputs that appear inaccurate or biased, use of AI in sensitive decisions without proper review, input of restricted data into unapproved systems, unauthorized expansion of use cases, missing human oversight, and vendor or system changes that appear to alter risk.

The second step is to build AI examples into training and communication. Employees need realistic scenarios, not vague encouragement. Show them what an AI red flag looks like. Show them what “raising a hand” looks like. Show them where to go and what happens next.

The third step is to update the hotline and investigations protocols. Add intake categories if needed. Develop triage guidance. Decide when AI matters should be handled as compliance cases, operational incidents, model-risk issues, or cross-functional reviews. The goal is not bureaucracy. The goal is clarity.

The fourth step is to train managers as escalation points. In every effective compliance program, middle management is the translation layer between policy and daily operations. AI governance is no different. Managers need to know when a concern can be resolved locally, when it must be escalated, and when the pattern itself suggests a control problem.

The fifth step is to close the feedback loop. Employees are more likely to report concerns when they believe reporting leads to action. That does not mean revealing confidential case details. Communicating that the company takes these issues seriously, investigates them, learns from them, and improves controls as needed. Silence from management breeds silence from employees.

What to Monitor in an AI Speak-Up Program

Here is where compliance can bring its trademark discipline. Track the volume and type of AI-related concerns. Look for concentration by business unit, geography, or tool. Monitor whether concerns are coming in through formal hotlines or informal channels. Review time to triage and time to resolution. Look for patterns involving data handling, output reliability, human review failures, or scope creep. Compare the reported concerns with the company’s list of approved use cases. If you see repeated confusion or repeated exceptions, that tells you something important about your governance design.

Just as importantly, look for the absence of reporting. If your company has materially deployed AI tools and no employee has ever raised a concern, I would not automatically celebrate. I would ask whether employees know what to report, trust the channels, or believe leadership wants candor. In compliance, no reports can mean no problems. It can also mean no trust. Wise CCOs know the difference is everything.

Why This Is Good for Business

Some executives still hear “speak-up culture” and think of delay, friction, and complication. I hear something different. I hear early detection, faster correction, and better decision-making.

A workforce that feels empowered to raise AI-related concerns provides the company with a real-time sensing mechanism. It catches problems before they scale. It surfaces control failures before regulators, plaintiffs’ lawyers, journalists, or customers do. It gives management better information. It helps the board exercise real oversight. Most of all, it creates a culture where innovation is more sustainable because people are not afraid to challenge what does not look right. That is not anti-innovation. That is responsible innovation.

Compliance has always been at its best when it helps the business move fast without becoming reckless. Speak-up culture does exactly that. It does not tell employees to fear AI. It tells them to use judgment, raise concerns, and protect the enterprise when the technology does not behave as expected.

Final Thoughts

Every company deploying AI should ask itself a simple question: Who will notice first when something goes wrong? In many cases, the answer is your employees. The next question is even more important: have you built a culture where they will say something?

If the answer is uncertain, then your AI governance program has a serious weakness. You may have policies. You may have committees. You may have training modules and vendor reviews. But if employees do not feel empowered to raise a hand when they see a problem, then one of your most valuable detection controls is missing in action.

Categories
Great Women in Compliance

Great Women in Compliance – When Women Speak Up: Gender, Whistleblowing and Retaliation

In this roundtable episode of the Great Women in Compliance Podcast, Lisa Fine and Ellen Hunt are joined by whistleblower attorney Mary Inman and Professor Kate Kenny from the University of Galway to explore what really happens when women speak up. Drawing on Professor Kenny’s decade-long research on whistleblowing—including recent work with Transparency International—the conversation examines why women whistleblowers often face greater challenges, which deter them from raising concerns or from deciding to leave a job, rather than speaking up.

The discussion unpacks how gender stereotypes, gaslighting, and organizational culture shape how concerns are received and why women are more likely to speak up when strong protections, anonymity, and collective reporting options are in place. Mary Inman adds a practitioner’s perspective, sharing what she sees in real cases and why many women choose to report together rather than go it alone.

As Ethics and Compliance practitioners consider how to help people speak up, this episode challenges us to review our programs and make improvements to support anyone raising concerns.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Using Comms to Drive Speak Up

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice for navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we consider the role of communications in your reporting system.

For more on this topic, check out The Compliance Handbook: A Guide to Operationalizing your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Examining the Impact of Reducing Middle Management on Corporate Culture

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Seeking insightful perspectives on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly discuss the implications of reducing the number of middle managers in corporate America.

Kelly’s blog post, inspired by a Wall Street Journal article, serves as the foundation for a broader discussion on how the reduction of managers impacts corporate culture, employee dynamics, and compliance programs. They explore the reasons behind this trend, such as the desire for agility or cost-cutting, and its effects on communication, institutional knowledge, and the role of compliance officers. They also explore potential solutions, including the use of AI, enhanced training, and adaptive compliance strategies, to mitigate the risks associated with fewer middle managers.

Key highlights:

  • Corporate America’s Managerial Shift
  • Implications for Corporate Culture
  • AI and Compliance Solutions
  • Institutional Knowledge and Risks
  • Compliance Takeaways and Final Thoughts

Resources:

Matt on Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

A multi-award-winning podcast, Compliance into the Weeds was most recently honored as one of the Top 25 Regulatory Compliance Podcasts, a Top 10 Business Law Podcast, and a Top 12 Risk Management Podcast. Compliance into the Weeds has been conferred the Davey, Communicator, and W3 Awards for podcast excellence.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – AI, Whistleblowing and a Culture of Speak Up

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide you with bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How can AI enhance your whistleblower program, improve your culture of Speak Up, and crowdsource intelligence from your employees?

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th edition, which LexisNexis recently released. It is available here.

Categories
Trekking Through Compliance

Trekking Through Compliance: Episode 45 – Beyond the Arena: Compliance Hotlines, Speak-Up Culture, and Lessons from “The Gamesters of Triskelion”

For compliance professionals, building a culture where employees feel empowered to speak up, whether as victims or as bystanders, is both an ethical imperative and a business necessity. Yet, fostering this environment goes far beyond simply installing a hotline or posting policies on the intranet. It requires trust, accessibility, and leadership that encourages all voices, especially those witnessing misconduct, not just those experiencing it firsthand.

No episode of Star Trek: The Original Series illustrates the importance of courage, communication, and the role of bystanders quite like “The Gamesters of Triskelion.” It is an allegory that resonates in the modern workplace, where power imbalances, fear, and bystander inaction can allow harassment and misconduct to flourish in the shadows.

But just as Kirk and his crew refuse to be mere pawns, so too must organizations encourage employees to break free from silence, whether as victims or witnesses, to foster a truly ethical and accountable culture.

Lesson 1: Accessibility and Trust—The Foundation of Any Hotline Program

Illustrated By: Kirk’s first attempts to communicate with the Providers, demanding answers and voicing his protest against the system.

Compliance Lesson: A hotline or internal reporting system is only as effective as its accessibility and the trust employees have in it.

Lesson 2: Bystander Empowerment—Everyone Has a Role in Speaking Up

Illustrated By: Uhura witnesses Chekov being attacked by another thrall and later supports Shahna when she faces abuse from the Providers.

Compliance Lesson: A true speak-up culture extends beyond encouraging direct victims to report. It actively enlists bystanders, colleagues, supervisors, and contractors who observe misconduct or questionable behavior.

Lesson 3: Remove Barriers to Reporting—Simplify and Normalize the Process

Illustrated By: Kirk negotiates with the Providers, insisting on open communication, transparency, and fair treatment for himself and the others.

Compliance Lesson: Internal reporting mechanisms should be straightforward and widely communicated. Complicated processes or unclear outcomes deter people from coming forward.

Lesson 4: Leadership Sets the Tone—Champion Speak-Up Behavior at the Top

Illustrated By: Kirk rallies Uhura, Chekov, and Shahna, modeling courage and vocal opposition even under surveillance.

Compliance Lesson: Tone at the top matters. Leaders who demonstrate, support, and reward speaking up create an environment where others feel safe to do the same.

Lesson 5: Close the Loop—Respond, Resolve, and Communicate Outcomes

Illustrated By: After Kirk’s defiance and challenge, the Providers agree to his terms, ultimately restoring freedom and dignity to the captives.

Compliance Lesson: Effective reporting systems require not only intake but meaningful response. Employees must see that their concerns are taken seriously and addressed appropriately.

Final ComplianceLog Reflections

The Gamesters of Triskelion” demonstrates that courage, solidarity, and a voice can challenge even the most entrenched power structures. For compliance professionals, the episode serves as a poignant reminder that hotlines and policies are only the starting point. The real work is building an environment where every employee, victim, or bystander knows they have the right, the tools, and the support to speak up, and that their concerns will be heard and acted upon.

Live long, prosper, and always encourage your crew to speak up.

Resources:

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha

Categories
Blog

Beyond the Arena: Compliance Hotlines, Speak-Up Culture, and Lessons from Star Trek’s “The Gamesters of Triskelion”

For compliance professionals, building a culture where employees feel empowered to speak up, whether as victims or as bystanders, is both an ethical imperative and a business necessity. Yet, fostering this environment goes far beyond simply installing a hotline or posting policies on the intranet. It requires trust, accessibility, and leadership that encourages all voices, especially those witnessing misconduct, not just those experiencing it firsthand.

No episode of Star Trek: The Original Series illustrates the importance of courage, communication, and the role of bystanders quite like “The Gamesters of Triskelion.” In this memorable installment, Captain Kirk, Lieutenant Uhura, and Chekov are kidnapped and forced to fight as gladiators for the amusement of alien “Providers.” While the spectacle is one of brute force, the true victory comes not from physical strength but from challenging the system, refusing to remain silent, and advocating for oneself and others.

Today, we beam down and explore the key compliance lessons, literally scene by scene, from this classic episode, and see how it can help us reimagine our approach to hotlines, internal reporting, and speak-up culture in today’s organizations.

The Gamesters of Triskelion” places our heroes in an alien arena, stripped of their autonomy and pitted against each other. Their every move is watched, wagered upon, and manipulated by unseen masters. It’s an allegory that resonates in the modern workplace, where power imbalances, fear, and bystander inaction can allow harassment and misconduct to flourish in the shadows.

But just as Kirk and his crew refuse to be mere pawns, so too must organizations encourage employees to break free from silence, whether as victims or witnesses, to foster a truly ethical and accountable culture.

Lesson 1: Accessibility and Trust—The Foundation of Any Hotline Program

Illustrated By: Kirk’s first attempts to communicate with the Providers, demanding answers and voicing his protest against the system. When Captain Kirk is abducted, his first instinct is to seek information, challenge authority, and demand a platform for his concerns. But the providers initially deny him any means to voice his objections. Reflecting a system where grievances are suppressed and channels for reporting are inaccessible.

Compliance Lesson: A hotline or internal reporting system is only as effective as its accessibility and the trust employees have in it. Too often, organizations install a hotline as a check-the-box exercise, but if employees don’t trust the process or fear retaliation, it becomes as useless as shouting into the void. Build trust by ensuring anonymity, robust anti-retaliation protections, and transparent processes for follow-up. Empower all employees, not just those harmed directly but also those who witness wrongdoing, to report concerns with confidence.

Lesson 2: Bystander Empowerment—Everyone Has a Role in Speaking Up

Illustrated By: Uhura witnesses Chekov being attacked by another thrall and later supports Shahna when she faces abuse from the Providers. Uhura’s actions exemplify the power of the bystander. Though she is a victim of abduction, she does not remain passive when she witnesses Chekov in danger or Shahna being mistreated. She steps forward, speaks up, and supports those around her, even putting herself at risk.

Compliance Lesson: An authentic speak-up culture extends beyond encouraging direct victims to report. It actively enlists bystanders, colleagues, supervisors, and contractors who observe misconduct or questionable behavior. Compliance professionals should provide training on bystander intervention, communicate that speaking up is a shared responsibility, and recognize those who do. This not only prevents harm but also signals to all employees that silence is not neutrality; it is complicity.

Lesson 3: Remove Barriers to Reporting—Simplify and Normalize the Process

Illustrated By: Kirk negotiates with the providers, insisting on open communication, transparency, and fair treatment for himself and the others. Throughout the episode, Kirk persistently challenges the opaque rules of the Triskelion arena. He demands not just a voice, but a fair and understandable process—something the providers grudgingly grant after repeated confrontation.

Compliance Lesson: Internal reporting mechanisms should be straightforward and widely communicated. Complicated processes or unclear outcomes deter people from coming forward. Normalize reporting by making it a routine, non-threatening part of workplace culture, much like regular safety drills or team meetings. Remind employees frequently, in plain language, of how and why to report concerns, and ensure that doing so is free from bureaucratic or emotional hurdles.

Lesson 4: Leadership Sets the Tone—Champion Speak-Up Behavior at the Top

Illustrated By: Kirk rallies Uhura, Chekov, and Shahna, modeling courage and vocal opposition even under surveillance. Kirk’s leadership in the arena is marked by his refusal to comply quietly with unjust commands. He models courage and vocal opposition, inspiring those around him, especially Shahna, a bystander-turned-ally, to question the status quo and ultimately join his cause.

Compliance Lesson: Tone at the top matters. Leaders who demonstrate, support, and reward speaking up create an environment where others feel safe to do the same. Encourage managers and executives to share stories of when they reported concerns or acted as ethical bystanders. Celebrate transparency and moral courage, not just technical compliance. When leaders set the example, the entire organization takes notice.

Lesson 5: Close the Loop—Respond, Resolve, and Communicate Outcomes

Illustrated By: After Kirk’s defiance and challenge, the Providers agree to his terms, ultimately restoring freedom and dignity to the captives. The climax of the episode comes when the Providers, confronted with Kirk’s unwavering demands and the support of his crew, capitulate. They not only allow complaints to be aired, but they also listen, act, and restore justice.

Compliance Lesson: Effective reporting systems require not only intake but meaningful response. Employees must see that their concerns are taken seriously and addressed appropriately. This includes timely investigation, resolution, and, where possible, communication back to the reporter (even if only in general terms). When employees see real action and outcomes, trust grows and participation in the system increases. Closing the loop is essential to sustaining a robust speak-up culture.

Final ComplianceLog Reflections

The Gamesters of Triskelion” demonstrates that courage, solidarity, and a voice can challenge even the most entrenched power structures. For compliance professionals, the episode serves as a poignant reminder that hotlines and policies are only the starting point. The real work is building an environment where every employee, victim, or bystander knows they have the right, the tools, and the support to speak up, and that their concerns will be heard and acted upon.

As you assess your organization’s internal reporting and speak-up culture, ask yourself:

  • Are your hotlines and reporting channels truly accessible and trusted?
  • Have you equipped and empowered bystanders, not just victims, to act?
  • Are you constantly removing barriers to speaking up and normalizing the process?
  • Does your leadership model champion the values you expect from everyone?
  • Do you always close the loop by providing feedback and taking visible action?

True compliance is not measured by silence, but by the willingness of all to speak, intervene, and challenge injustice. Like Kirk and his crew, our mission is not just to survive the arena but to change it for the better.

Live long, prosper, and always encourage your crew to speak up.

Resources

Excruciatingly Detailed Plot Summary by Eric W. Weisstein

MissionLogPodcast.com

Memory Alpha