We continue our on our series of compliance lessons from The Odyssey. Today we consider the tale of the Lotus-Eaters and the drifting of corporate culture.
Odysseus and his crew did not always face monsters with teeth. Sometimes the danger was softer. After leaving Troy, Odysseus and his men came to the land of the Lotus-Eaters. There was no battle. No ambush. No roaring beast. No angry god hurling thunderbolts. The locals simply offered the crew lotus flowers. Those who ate them lost all desire to return home. They forgot the mission. They forgot Ithaca. They forgot the purpose of the journey.
That is what makes the episode so unsettling. The Lotus-Eaters did not defeat Odysseus’s crew by force. They defeated them through comfort, distraction, and forgetfulness. Welcome to one of the most common compliance risks in modern corporate life: culture drift.
Not every compliance failure begins with greed. Not every ethical collapse starts with a suitcase of cash, a fake invoice, or someone whispering, “Let’s take this offline.” Some failures begin when people simply forget why the rules matter. They remember the annual training deadline. They remember the attestation. They remember where the Code of Conduct lives, assuming the intranet search function is having a good day. But they no longer connect compliance to the mission of the company. That is the lotus.
The Corporate Translation
Every organization has its own version of the island of the Lotus-Eaters. It may be a high-performing business unit that hits its numbers, avoids obvious scandal, and quietly stops engaging with compliance. It may be a remote office that has not seen a live compliance conversation in years. It may be a leadership team that talks about values during onboarding but never mentions them again unless there is an investigation. It may be a group of employees who click through training modules while answering emails, eating lunch, and wondering whether the quiz has unlimited attempts.
Everyone is pleasant. Everyone is busy. Everyone is productive. Everyone is slowly detaching from the company’s stated values. This is the direct analogy: the lotus is the business unit where nothing looks obviously wrong, but no one can explain how compliance connects to the work they actually do. That is a dangerous place. Not because people are evil. Because they are comfortable.
Risk Assessment: Finding the Islands Before People Forget
A good compliance program begins with risk assessment, not vibes. Odysseus had to know where his crew was vulnerable. Were they hungry? Exhausted? Demoralized? Homesick? Easily distracted by local hospitality? The answer, unfortunately, was yes.
Companies need the same kind of self-awareness. Where are employees most likely to forget the mission? Where are they under the most pressure? Where are the policies most disconnected from daily operations? Where has training become a ritual instead of a reinforcement?
The DOJ’s Evaluation of Corporate Compliance Programs emphasizes risk-tailored compliance and asks how a company identifies, assesses, and addresses risks, including whether the company updates policies, procedures, and training as risks evolve. It also asks whether training is tailored, whether employees understand it in practice, and whether the company measures effectiveness rather than merely delivering content.
That is an important distinction. A weak risk assessment asks, “Did everyone receive the training?” A better risk assessment asks, “Who needs what training, on which risks, at what level of depth, in what language, through what format, and how do we know it changed behavior?” That is the difference between counting lotus flowers and understanding why people are eating them.
Policies: The Mission Written Down
Policies are supposed to tell employees how the company expects them to act. But too many policies are written like they were designed to survive litigation rather than guide human beings. They are long, dense, passive, and beloved mainly by the people who drafted them. Employees do not use them. Managers do not reinforce them. Business teams treat them like airport terms and conditions: technically available, rarely read, and accepted under pressure.
That is policy failure by design. A policy is not effective because it exists. It is effective when employees can find it, understand it, apply it, and believe the company expects them to follow it. The DOJ’s Evaluation of Corporate Compliance Programs (ECCP) asks whether policies and procedures are accessible, searchable, communicated to employees and relevant third parties, integrated into operations, and reinforced through internal control systems. It also asks whether gatekeepers receive guidance and training on what misconduct to look for and when to escalate concerns.
That is practical compliance. Policies should not be museum pieces. They should be field guides. The anti-corruption policy should help a sales manager understand what to do before a government customer asks for “support.” The data privacy policy should help an operations team understand when customer information can be shared. The conflicts policy should help a procurement employee understand why her cousin’s consulting firm is not just “a good local option.” The speak-up policy should help employees know where to go before silence becomes complicity. Policies should bring people back to Ithaca. They should remind the organization: this is who we are, this is how we do business, and this is the route home.
Training: More Than the Annual Click-Through
Now we come to training, the place where many compliance programs go to become lotus farms. You know the scene. An employee gets an email: “Mandatory Compliance Training Due Friday.” The employee opens the module, clicks through the slides, answers a few questions, and receives a certificate. Somewhere, a dashboard turns green. The compliance team exhales. The business moves on.
But did anyone learn anything? That is the uncomfortable question. As Ronnie Feldman continually reminds us, training is not effective because it was assigned. Training is not effective because completion rates are high. Training is not effective because the quiz average was 94 percent, especially if the questions were written so that “Do not commit fraud” was the challenging option.
Effective training helps employees recognize risk in the moment. It gives managers language to lead. It teaches employees how to pause, ask, escalate, and document. It uses realistic scenarios, not cartoon villains. It respects the audience’s time but does not insult their intelligence. The ECCP specifically points to tailored training and communications, including practical advice, case studies, shorter targeted sessions, opportunities for employees to ask questions, and measurement of whether employees are engaged and have learned the subject matter. It also asks whether training has an impact on employee behavior or operations. The goal is not training completion. The goal is better decisions.
Ethical Fatigue Is Real
There is another reason the Lotus-Eaters matter. They remind us that people get tired. Employees face pressure, complexity, change, layoffs, new systems, reorganizations, market stress, and competing messages from leadership. Then compliance arrives with another policy update, another module, another certification, another “quick reminder” that is neither quick nor memorable.
Ethical fatigue sets in. When employees are exhausted, they do not necessarily become unethical. They become passive. They stop asking questions. They stop reading carefully. They assume someone else reviewed the issue. They treat compliance as background noise. This is where culture drift becomes dangerous. The organization may still have the right words, but the words no longer move anyone.
The solution is not more noise. It is better communication. Compliance teams should ask: What does this audience need to know? What decisions do they actually face? What mistakes are we seeing? What near misses have occurred? What questions are employees asking? What risks are emerging? What would make this guidance useful on Tuesday afternoon when the customer is angry, the deadline is real, and the manager wants an answer? That is where compliance becomes practical.
What a Better Program Does
A better program treats culture as something to be measured, tested, and renewed. It does not assume that because employees took training, they absorbed it. It does not assume that because a policy exists, employees know how to use it. It does not assume that because leadership talks about integrity, middle management reinforces it. A better program looks for signs of forgetting.
Are hotline reports dropping because misconduct is down, or because trust is down? Are policy questions coming from all regions or only headquarters? Are employees passing training but failing audits? Are managers escalating issues or solving them quietly? Are high-risk teams receiving generic training when they need tailored guidance? Are employees afraid to ask “basic” questions because they think they should already know the answer? The compliance function should use surveys, training analytics, audit results, hotline data, investigation trends, control testing, manager feedback, and employee questions to understand whether the message is landing. And when the message is not landing, the answer is not to blame the crew. Odysseus did not leave his men among the Lotus-Eaters and say, “Well, they should have remembered Ithaca.” He dragged them back to the ships. That is leadership.
The Compliance Takeaway
The land of the Lotus-Eaters is not a place of obvious corruption. That is why it is so dangerous. It is the place where mission fades into routine. Where values become posters. Where policies become files. Where training becomes a click. Where employees are not hostile to compliance; they are simply detached from it.
For compliance officers and business leaders, the lesson is clear: culture must be refreshed before it drifts. Policies must be usable before they are needed. Training must be memorable before the crisis. Risk assessment must identify not only where misconduct could occur, but where people are most likely to forget why compliance matters.
Odysseus’s crew did not need a lecture. They needed to be reminded of the journey. So do organizations. The question is not whether your people have eaten the lotus. The question is whether your compliance program would know.
Join us tomorrow in Part 3 where we consider Circe’s Island: Third-Party Influence and Culture Capture.