The Coldplay Concert and University of Michigan-Sherrone Moore imbroglios about consensual relationships introduced multiple issues for the compliance professional. While many saw them as romantic issues, others viewed them as corporate governance issues. Corporate compliance professionals spend a great deal of time talking about tone at the top, culture, and ethical leadership. Yet many organizations continue to ignore one of the most predictable sources of ethical failure, litigation exposure, and cultural rot: unmanaged workplace relationships.
Let me be clear at the outset. A corporate relationships policy is not about policing romance, friendship, or personal lives. It is about managing power, influence, and risk. If your organization has people, hierarchies, incentives, and decision-making authority, then you already have relationship risk. The only real question is whether you are managing it or pretending it does not exist.
The DOJ has been consistent on one point in the ECCP. Risks must be identified, assessed, and addressed in a way that reflects how the company actually operates. Relationships are part of how companies operate. Ignoring them is not cultural sensitivity. It is a governance failure.
Relationships Create Risk When Power Is Involved
Not all workplace relationships are problematic. The risk arises when one person can influence another’s pay, promotion, performance evaluation, assignments, or career trajectory. That is where favoritism, coercion, retaliation, and conflicts of interest live.
In enforcement actions, civil litigation, and internal investigations, I have seen the same fact pattern repeated again and again. A relationship is known. No controls are put in place. A complaint is made months or years after the incident. Suddenly, the organization is explaining to regulators, plaintiffs’ lawyers, and the board why it failed to act despite having notice. A corporate relationships policy forces the organization to confront a simple but uncomfortable truth: disclosure alone is meaningless unless it triggers action.
Disclosure Without Structure Is Theater
Many companies comfort themselves with a disclosure requirement that sounds reasonable on paper. Employees are told to disclose relationships, conflicts, or personal connections. After that, very little happens. From a compliance perspective, this is theater, not control.
A mature corporate relationships policy answers several follow-up questions, including “Then what?” and “Who reviews the disclosure?” ” How quickly must influence be removed? What interim controls apply? How is compliance documented and monitored?
Without these answers, disclosure becomes a liability. It creates notice without mitigation. Regulators do not reward that. Courts do not forgive it.
Culture Is Permanently Damaged When Employees Believe the System Is Rigged
One of the most corrosive effects of unmanaged relationships is the cultural one. Employees notice who gets promoted, who gets protected, and who gets opportunities. When relationships appear to trump merit, trust collapses.
This is where a corporate relationships policy becomes a culture document, not merely a legal one. A clear, consistently applied policy sends a powerful message: decisions will be made fairly, transparently, and without hidden influence. When employees believe the system is fair, they report concerns earlier, cooperate with investigations, and remain engaged. When they do not, they disengage or go external. Neither outcome is good for the organization.
Boards and Regulators Expect Speed, Not Intentions
Modern compliance is measured by response time and effectiveness, not good intentions. When a relationship presents a risk, the organization must act quickly to separate influence. That means changing reporting lines, removing decision authority, or imposing interim controls while structural changes are made.
A corporate relationships policy establishes clear timelines, ownership, and accountability. It gives managers a clock, not discretion. It provides a measurable compliance metric to report to the board. It gives the organization defensibility when regulators ask what happened and when it happened. The absence of such a policy almost guarantees inconsistent handling. Inconsistent handling almost guarantees enforcement risk.
This Is Not an HR Policy; instead, it’s a Governance Control
One of the most common mistakes companies make is treating relationships as purely an HR issue. That framing is outdated and dangerous. Relationships intersect with bribery risk, conflicts of interest, retaliation, and abuse of authority. Those are compliance and governance issues. A corporate relationships policy should be owned jointly by compliance, legal, and human resources, with board-level visibility. It should be integrated into investigations, promotions, succession planning, and risk assessments. Anything less is siloed thinking.
The Bottom Line
A corporate relationships policy does three things that every effective compliance program must do. They are:
- Identifies a risk that everyone knows exists but few want to name.
- Forces timely action instead of passive disclosure.
- Protects culture by reinforcing fairness and accountability.
If your organization does not have a clear, enforceable corporate relationships policy, you do not have a blind spot. You have a known vulnerability. And known vulnerabilities are exactly what regulators expect compliance professionals to address. That is not about being intrusive. It is about being responsible.
