Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Jessica Tillipman: Enough with your ‘this is how we have always done it’ spiel

It’s a phrase every compliance officer or compliance consultant is familiar with: “This is how we have always done it.”

Readers — you know what I’m referring to. You try to implement new policies or provide guidance regarding compliance best practices and some pushback is always inevitable (I am looking at you, sales team!).

“Why do we have to conduct due diligence on our business partners? We’ve worked with these businesses for years and never had a problem. We don’t need complicated, invasive and expensive due diligence procedures. This is how we’ve always done business with our partners — I don’t see a reason to change things.”

“What do you mean I can’t take that official out to lunch? We always take officials out for a meal to talk about our services. How do you expect me to make a sale if I can’t do this? It’s the way we’ve always negotiated business opportunities and look how successful we are!”

Most, if not all, compliance experts have encountered this scenario. The facts may differ some but the gist is clear: “This is how we have always done it” is a significant obstacle to successful ethics and compliance programs.

It’s a mindset based on the assumption that if the “old way” has always worked, there is no reason to change things even when the “old way” is incredibly risky given the current anti-corruption enforcement landscape.

Some folks seem to think this is a valid reason for maintaining the status quo — even in the face of new regulatory requirements or best practice pointers.

Imagine if this rationale were applied in other areas…

For example, I was born in the 1970s. I grew up during a time when no one wore a bicycle helmet and seatbelts weren’t mandatory. I still remember spending my days riding my bike on busy streets without a helmet. When we would go on road trips in my parents’ station wagon, they would put the (rear-facing!) seat down so we could take naps in our sleeping bags during the road trip.

Thankfully, I survived these experiences, and the government had the good sense to pass mandatory bicycle helmet and child safety seat laws.

Fast-forward several decades to last August, when I was standing in the aisle of Buy Buy Baby, inspecting car seats for our then-gestating daughter. Imagine if I had the “this is how we have always done it” mindset during that shopping trip? “Why do we need a car seat? I used to sit in the front bench seat of my parents’ car without a seatbelt and I turned out fine!”

Sounds ridiculous, eh? So why is this mindset OK in the ethics and compliance context?  Just as there are now laws mandating car seats and bicycle helmets, there are laws prohibiting bribery, and governments have outlined their expectations regarding sufficient ethics and compliance programs.

Even in the absence of legal mandates, many compliance “best practices” are just that — the best practices a company can adopt to avoid or mitigate instances of corrupt or ethically dubious behavior.

The next time you hear someone say “this is how we have always done it,” remind them that past practices don’t guarantee future success and times have changed. If they still don’t listen, remind them of all the reasons why kids who grew up in the 1970s shouldn’t have survived.


Jessica Tillipman is a Senior Editor of the FCPA Blog and Assistant Dean at The George Washington University Law School. You can follow her on Twitter at @jtillipman

Share this post



  1. Outstanding.

  2. Well said! The Bad Guys know how it has always been done, and look for new ways to get around established practices (and mindsets).

    Which is why we argue that Compliance and Integrity System people need to be 'thinking like a criminal' – for the same reason that we update our virus protection regularly, and get a new 'flu shot every winter…

Comments are closed for this article!