Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Tom Fox: Compliance is there to reinforce culture

In his most recent book Thank You for Being Late, Thomas Friedman cited for the following definition of culture:

It is the “pattern of responses discovered, develop or invented during the group’s history of handling problems which arise from the interaction of its member, and between them and their environment. These responses are considered the correct way to perceive, feel, think and act, and are passed on to new members through immersion and teaching. Culture determines what is acceptable or unacceptable, important or unimportant, right or wrong, workable or unworkable.”

Adapting the above to the business setting, I would say that a company’s culture shapes its business decisions and its senior management shape the company’s culture. This definition seems to answer the question of how companies such as Volkswagen and Wells Fargo fell so far with their recent and ongoing scandals.

Robert Armstrong, writing in the Financial Times, expanded this idea to corporate governance as a key issue for VW. He noted that with its “fractious and unfocused board” there was no adult in the room overseeing senior management in its slide down the ethical hill which led to the ever burgeoning scandal.

Friedman and Armstrong both seem to point towards a larger concept, which is the importance of an integrated approach to compliance which works to prevent, detect and remediate issues and problems before they arise to become full legal violations.

Each part of a compliance interacts and flows both up and down a corporate organization to help build and reinforce culture. The FCPA Guidance talks about compliance from the board room to the shop floor. The board must engage in oversight, senior management must set the tone, compliance must lead the communication, training and provide the subject matter expertise to push compliance into the very fabric of an organization.

Armstrong ends his piece, saying “culture is there and it matters. And if we ignore it, there will be more dieselgates in the future.”

I would add that compliance is there to reinforce culture and it also demonstrates why those who advocate a paper compliance program are wrong. It is the doing compliance, not simply having it on paper, that makes it all work.


Tom Fox is a Contributing Editor of the FCPA Blog. He has practiced law in Houston for 30 years. He’s the creator of the award winning FCPA Compliance and Ethics website. He is the Compliance Evangelist. His best-selling seminal book, “Best Practices Under the FCPA and Bribery Act: How to Create a First Class Compliance Program” (available from Amazon here) is widely viewed as one of the top volumes on the nuts and bolts of compliance.

Share this post



  1. Understanding the importance of culture in determining what is right and wrong in an organization is critical for an effective ethics and compliance program. However, investing in culture remains relatively low (as a % of overall compliance budgets) compared to other standard program elements such as training, policies, and hotlines. One reason is that culture is often taken for granted within organizations (another is that culture can be difficult to measure). So long as there are stated values, an ethics policy, and the requisite tone-at-the-top, culture is assumed to be present and working.

    However, as behavioral scientists will tell you, organizations are not unicultural. Rather, they are complex ecosystems with both formal and informal structures that have varying degrees of influence on employee behavior. Formal and informal cultural systems wrap around employees like the layers of an onion. But, research continuously shows that informal cultural systems (i.e. those cultures based on history, local customs, immediate leaders and peers) are closer to employees and therefore have a much greater impact on employee decisions and behavior than formal systems (such as the compliance program itself). To the extent these formal and informal systems are inconsistent (a clear accountability of management and senior leadership), the potential for misconduct is heightened. Perhaps, this is what happened at both VW and Wells Fargo?

    If ethics and compliance professionals are to leverage culture in their organizations, they must first become students of culture and explore its many nuances and complexities. Adding more layers of formal structure (like policies and training) and pushing those onto the organization is not necessarily the answer. To effectively influence culture and embed ethics and compliance into the fabric of an organization, we need to move from a “push” strategy to a “pull” strategy. That is, when leaders at all levels of the organization are pulling for alignment to an organization’s formal and informal systems, compliance is truly reinforcing culture.

    Brian Beeghly
    Co-Founder and CEO – Informed360

  2. This entry perfectly aligns with a "compliance vis-a-vis ethical culture" discussion subtopic I assigned my online MBA students last week, as well as my personal perspective developed during a CCO stint at a Fortune 500 MNC, so much so that in my review of the CSR class's discussion posts I linked them to it. Thanks for helping to educate the next generation of business leaders, Tom.

Comments are closed for this article!