Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Beyond compliance (Part One): Ethics and trust are voluntary

Recently a small group of open-minded trust, ethics and compliance professionals met for an informal lunch in New York City to discuss the intersection of the three disciplines and their respective roles in organizations.

I was fortunate to be included among the attendees.

During the conversation a visual representation of the functional interaction between organizational compliance, ethics and trust began to take shape. It’s the image above.

While organizations require compliance as a minimum “rule setting/obeying standard,” compliance does not necessarily imply an ethics or a trust mandate. It is simply a starting point. At times, compliance can be the worst enemy of trust, particularly when it is assumed that compliance has ethics and trust “covered.” 

Compliance is regulated while ethics and trust are voluntary. In most companies, the compliance and ethics officer, often an attorney whose function is simply to enforce the “laws,” does not make this distinction. He or she may have no understanding of ethics or formal training, and certainly none of trust as a business strategy or imperative.

The “character” component of trust is ethics, and unlike compliance, ethics is a personal and organizational choice, tied to a predetermined set of core values and embraced by the board of directors, not the CEO. A chief ethics officer may be the distiller of these values, and being an attorney is not a prerequisite for this position.

Unfortunately, both individuals and organizations can be compliant and ethical and yet still be missing the trust component, because there are two more attributes that must be present for trust to flourish.

In order for an individual or organization to be trustworthy it must at a minimum exhibit not only character (ethics) but competence and consistency in all internal and external relationships. “High trust” companies understand the distinction between compliance, ethics and trust.

Going beyond compliance and ethics by adding the trust component brings:

  • Less need/emphasis on compliance and it’s seemingly oppressive laws and regulations
  • Greater employee satisfaction and lower turnover
  • Faster decision-making and innovation
  • Less risk and fewer crises
  • Better relationships not only with customers but all stakeholders
  • A happier workplace
  • Higher profits
  • Long-term organizational sustainability

In Part Two, I’ll explain how organizations can evolve toward trust as a business strategy.


Barbara Brooks Kimmel is the CEO & Co-founder of Trust Across America-Trust Around the World (here), whose mission is to help organizations build trust. She’s also the editor of the Trust Inc. book series and the Executive Editor of Trust! Magazine.

Share this post



  1. Hi Barb,

    I beg to differ on the diagram. Ethics: is a system of rules and laws. It addresses questions about morality, about concepts like good and bad, right and wrong, justice… (Ethics policy) and Compliance is demonstrating adherence to a standard or regulation. So for compliance to be in place it first needs certain rules / guidelines (ethics) that need to be established. Compliance than comes into picture to ascertain the adherence. Therefore the sequence in the diagram should be
    Ethics -Compliance – Trust (Integrity)
    In organisations, a policy on Ethics lays the foundation for Compliance.

  2. Great post Barb! I like your visual. One problem in this arena are CEOs who think they or someone else can run out and "create" ethical culture and organizational trust.Certainly that's a noble goal, but how? A few years ago,in this RAND Symposium we were able to explore these issues in some detail with some of the world's top thought leaders on organizational culture The discussion was eye-opening. From my team's work evaluating compliance and culture within organizations, I've come to believe that there are many interconnected ways to embed a culture of ethical leadership and organizational justice into companies, and I've observed the "ripple effect" is a good way to think about it, as I explain here I also think that CCOs need to seriously embrace their roles as ethical culture leaders. All the more reason to move to Compliance 2.0!

  3. Hi Nirav- your perspective is very interesting, and thank you for taking the time to respond. My thought is that employees can follow compliance mandated rules and regulations and still not be ethical (as the chart above shows) and as we have witnessed in many industries, financial services coming to mind first. On the flip side and to support your comment, companies with strong ethical cultures may have only a secondary need for rules and regulations, and so the chart, in that case, would be represented by Ethics, Compliance and Trust, as you suggest. I am hopeful that over time, more companies, especially in the US will move in this direction.

    Anyone else choose to join the conversation?

  4. I don't think any diagram can replace the trust and ethics that a clean leadership brings. I say that with the perspective of having worked all over the world from 1975 onwards.

    Let me give you a personal example – I headed the Asia operations of a small Silicon Valley tech company for about a decade, 1999-2009. Compliance in Asia, especially India, were my responsibility and for that one decade we built a great company in Asia, without in any way raising any flags on the compliance angles. We had best of breed clientele and would pass their audits for everything without any issues. If you stay on top of the rules, if you build up an image of not breaking them, and if you are willing to take it on the chin if things go wrong then all you need in addition is a good law firm and a good tax/accounts firm and leading from the front kind of integrity.

    Around 2008/2009 we were taken over and then merged with a large listed US company. From the word "go", I realized this was a different kettle of fish. A little bit of work online and I figured out stuff like how the Chairman's son-in-law worked in internal audits as his point-man-despite having criminal convictions subsequently pardoned for taking the eye of a fellow college mate out. So along came this huge US listed company's Chairman's son-in-law and he is sent to India to check things out a few weeks after I got my first Arizona and Georgia kind of culture shocks after decades on either Coast in the US.

    All the new owner's rep (as he called himself) wanted was to play with women, teach me how to cook books and assume from day-1 that for Government of India business we would have to bribe all the way to an extent that I departed soon thereafter. The new guys were more pliable and I kept hearing about what they were up to. Which was, to put it mildly, atrocious by any standards.

    In other words, even when and where there was no need to bribe, the books were cooked to show that cash had to be spent.

    This company now has the most expensive systems in place but in the new rush of global investigations are in deep dodo with FCPA, SEC and others in the US and the authorities in India. The then Chairman is out and the new management is sending me feelers – but once tainted is forever gone.

    Ethics could be re-built but trust once lost never returns, and corporates need to learn this simple lesson, is the way I put it. Compliance is regulatory driven, but if a good corporate can pre-empt the changes forthcoming and stay ahead of the curve with compliance, then that is how growth flourishes.

  5. "Compliance" is a relatively clearly-defined term; "ethics" is a little less clear, and "trust" is a concept loaded with definitional nuances. Hence "is" statements, particularly those involving trust, have to be read with care. Saying that one is a necessary condition for another, or that one contains another, is likely to be suspect on definitional grounds.

    For what it's worth, my own study of trust in business suggests a few things relevant to this discussion:
    1. You're not likely to find a high-trust institution – regardless of what that means – without high levels of high trust individuals.
    2. High focus on trust will probably help compliance; the reverse is not so clear.
    3. High-trust institutions get there not through the traditional corporate change tools of metrics, missions and motivation, but through values, virtues and lots of shared discussion.

  6. "Compliance" is also voluntary. While the law may require compliance, it is still a risk assessment issue for most companies. They look at the risks of bribery in a particular situation (chance of being caught, cost of the potential fine etc.) weigh that against the benefits that would accrue if they do pay the bribe (perhaps a lucrative contract, an extraction license etc) and make a decision accordingly.

    As we see ongoing bribery is still very prevalent, it is clear that the risk analysis usually favors the bribe.

Comments are closed for this article!