Building A Culture Of Compliance At Your Organization


Post By: Tim Ward, Director Of Product Strategy & Marketing, StarCompliance

High-level thinking on exactly what organizational culture is, practical steps you can take to shape it, and where technology comes in.

Corporate culture is a hot topic. But what exactly is it? And how do you point it in the direction you want it to go? Following is an overview of some high level thinking on the subject from the field of organizational psychology.


  • Culture is a mindset. When you embed a culture it shapes behavior. It becomes the instrument people fly by. And it’s unconscious, so it’s a very powerful form of behavioral control, of social control. It’s socialization. It’s why we have cultures. Human beings are wired to create cultures.
  • Culture is a story we make up about what it means to be in an organization. How we get rewarded, or avoid punishment. Every employee makes up that story based on what she sees.


  • Culture can nudge us to do the right thing or wrong thing. Why do firefighters run into burning buildings? It’s culture. Deep socialization. And socialization affects our behavior. Firefighters aren’t calculating. Running into burning buildings is what they do. That’s deep culture.
  • All people are corruptible. That’s why social psychology and behavioral ethics are so important, because they help us understand what affects behavior. The trustworthy company creates a culture that nudges people to doing the right thing.


  • Culture is a tournament of competing pressures that employees must respond to. As compliance officers, you’re in the business of affecting those pressures. You’re in the systems business, but you’re also in the culture business. You’re leaders that help embed the culture.
  • Most major trust violations are preceded by cultural drift. An ethical culture is a social control mechanism that can prevent drift. Compliance officers are in the drift-prevention business. Your job is to say: “Look where we’ve gotten to. Let’s find a way to get back to where we were.”


  • In every company, there’s a competition going on about what the real values are. We can say these are our values, but there’s a fight going on about what they are in practice.
  • Employees want to work for a good company. It’s about building a trustworthy organization, one that’s self-regulating. Because when you don’t self-regulate, you invite external regulation.


  • “‘Trust is good but control is better.” So goes a famous quote attributed to Lenin. This implies that trust and control are opposites. That you can have trust or control but you can’t have both. In the compliance business you have to have both, and you can have both.
  • If you have all controls and no trust then you have a very risky situation. On the other hand, if you have all trust, meaning great culture but no control, you also open your firm up to risk.


  • Trust is a judgment of confident reliance on a person, group, organization, or system when there is risk or uncertainty. Trust only matters when there’s risk and uncertainty. If everything’s totally certain—if you can predict the outcome—you don’t need to trust.
  • When people trust, they do it based on expectations of positive future behavior. If that trust is violated, there’s a trust violation, and people lower their expectations. The relationship is damaged, and people get angry. That’s what distrust is: low expectations about future behavior.


  • We look for sources of evidence as to whether an organization is trustworthy. From that evidence we make a decision to trust. But you don’t manage trust directly, like you don’t manage love directly. You manage other things that lead to that outcome.
  • Think about managing trust as embedding trustworthiness. You can embed trustworthiness in a person, i.e., a leader, but you can also embed trustworthiness in a company, a system.


  • We’re not all equal in the degree to which we’re willing to trust. You manage trust by managing trustworthiness. Embed the following six elements into your leadership style and even those with a naturally low disposition to trust will begin to trust you.
  • Communication: Communicate openly and frequently.
  • Benevolence: Demonstrate that you care about them.
  • Alignment Of Interests: Demonstrate that your interests are aligned.
  • Similarities: Communicate that you have similar values, and that you have similar loyalties.
  • Integrity And Predictability: Show them you can be predictable and that you practice what you preach.
  • Capable And Competent: Demonstrate that you’re capable and competent at what you do.


  • In any company there’s social control, or culture. There’s behavioral control, or monitoring. And there’s output control, or reporting. Social control is trust inducing. Behavioral control and output control can cause distrust. They can send signals to employees that you don’t trust them.
  • But you can’t trust all employees. You wouldn’t be a trustworthy company, from a client’s perspective, if you blindly trusted all employees all the time. But employees get upset when you don’t trust them. So it’s important how you implement behavioral and output controls.
  • If controls are justified, trust is enhanced. If controls are arbitrary, distrust can result. When controls are enabling, they enhance trust. When they’re coercive, they create distrust.
  • This is the paradox of trust and control. You need both. Low controls are risky. Too much control means people become disengaged and check the box. Optimal trust is the spot in the middle.

It’s easy to see where compliance technology can be part of the control system: part of that balance, that point of optimal trust, between too much and too little control. First, such systems aren’t arbitrary.

If an employee’s position in the company necessitates personal trade monitoring, chances are there are others in the company in the exact same position. Compliance monitoring systems also aren’t coercive. It’s up to the employee to physically enter their data. Compliance tech also demonstrates openness on the part of the firm. There’s transparency into what’s being asked. No one is above the rules.

It’s also worth noting that technology like this helps keep compliance on top of organizational drift, by providing data that may indicate standards are slipping. This data-driven capability is a fine complement to the compliance officer’s own intuitive sense of what’s happening in the organization, and is a good reminder that technology on its own is rarely a be-all, end-all.

The subject matter for this post is attributed to organizational psychologist Dr. Robert Hurley, who spoke on the subject of company culture and ethics at the StarCompliance 2018 US User Conference.