Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

New Company Policy: Don’t pay bribes

One of Mary Barra’s first acts as CEO of General Motors was crazy. The HR department and others opposed it. But she went ahead anyway.

She replaced the company’s 10-page dress code with just two words: “Dress appropriately.”

Her target was GM’s stifling hierarchal culture and bureaucratic mindset. The new two-word dress code — Dress appropriately — said to supervisors: “You’re accountable to lead your team. Go do it.”

It worked. GM’s culture shifted. People felt empowered. They became problem solvers.

“If you let people own policies themselves — especially at the first level of people supervision — it helps develop them,” Barra said.

Is there a lesson here for compliance? Could a company ever replace a 50-page anti-corruption policy with three words: Don’t pay bribes?

Would supervisors, managers, and executives take ownership of a three-word policy? Would they, as Mary Barra’s first-line supervisors did, become problem solvers in ways a centralized compliance group had never thought of?

Some of that might happen. But let’s be real. Compliance isn’t the same as a dress code.

Wearing blue jeans and flip-flops to a meeting with government auditors might be foolish and embarrassing, but it’s not a felony. Whereas offering too much corporate hospitality to a foreign official could be a criminal act, and people might go to jail.

A three-word compliance policy would freak out the company’s lawyers, for good reason. How do you prove you tried to comply with the FCPA or UK Bribery Act unless you have a 50-page policy that says so?

Still, Barra’s approach to the dress code is important. It goes to the heart of the culture question. She knew from her 30 years at the company, starting on the factory floor and working her way to the top, that GM’s first-line supervisors would never truly own a policy imposed from above.

So let’s ask: How far toward a “Don’t pay bribes” approach to compliance can a company go? If not all the way, is there middle ground, somewhere between three words and 50 pages, that might work better?

There are lots of reasons why a truncated compliance policy might not work. Just as there were lots of reasons why Mary Barra’s two-word dress code was a dumb idea.

But change doesn’t always come in predictable ways. Maybe there’s someone out there now, like Mary Barra, who understands better than anyone else how their company works. And maybe that person already has a crazy idea about how to do compliance better.


Richard L. Cassin, pictured above, is the publisher and editor of the FCPA Blog.

Share this post



  1. "It goes to the heart of the culture question." And here, perhaps, is the question that company CEOs, executives, compliance officers and third party vendors all need to ask themselves and answer as honestly as possible: "At the core of my being, do I truly believe that it is wrong to offer inducements in order to get the results I want? Or does my answer depend on whether I can get away with it?" That might be the difference between a 50 page compliance manual and a 3-word anti-bribery policy.

  2. Years ago, when I was asked by my young children, "What is compliance?" the age-appropriate description I gave them was, "We don't pay people to use our products." As a mature profession in a highly-regulated global environment, we are never going to eliminate the need for policies, procedures, and training that illuminate the fine points of compliance, but it is useful to remember the bottom line which is the point of all the policies and structure around compliance. Namely, we don't pay bribes. Full stop.

  3. In our ABAC Policy our 1st policy statement is "All bribery is prohibited." Our 2nd policy statement is "Bribery of Government Officials is prohibited." Everything else in our policy is in support of these first 2 policy statements by way of required actions, approvals, and responsibilities.

  4. For compliance to summarise what is expected of the employees and partners of the organisation would depend on the length of summary. I think there is a case for compliance documentation to be simplified in terms of content, format and accessibility. That said; the entire compliance body of knowledge should be missional having a short sentence that describes the why of compliance. This would be like a mission statement of an organisation and would describe in a few words 'why compliance'. For example it may state 'We in ABX company are committed to do business with Integrity, openness and fairness. This would ideally be easy to recall when an employee or Third party are faced with various compliance challenges such as bribery.

  5. An interesting idea! Companies have policies coming out of their ears and most remain unread in a dark corner of the intranet, but they drive the processes and systems. It would be refreshing to read a policy that said 'don't engage in, or facilitate, financial crime'. because it is simple and easy to understand. However, I'd still want to know how the terms were defined and how it translated across the business. The risk to my mind isn't so much that local variations might stray from what is acceptable in the UK but that controls are inadequate to ensure appropriate oversight and. I don't think the amount of paper would decrease, but it would shift the emphasis.

Comments are closed for this article!