Chapter 1
Is the value of integrity at risk?
Organizations need to improve their approach to integrity to maintain stakeholder trust.
The current state of integrity shows improvement
In emerging markets, 58% of respondents believe compliance has improved, which is a positive development given the inherent integrity and compliance risks experience in such markets.
Top reasons cited for improved integrity across all respondents globally suggest that improvements are coming both from better direction from management and leadership, and stricter regulation and pressure from regulators.
Headwinds to sustain integrity are intensifying
However, respondents also admit that an increasingly complex integrity landscape makes it difficult to navigate legal and regulatory challenges. The research points to a number of key external and internal challenges:
- External risks: Nearly half (49%) of global respondents are finding it difficult to adapt to the speed and volume of change in regulations, and say economic pressures, such as inflation, unemployment and exchange rates, make it harder to carry out business with integrity. Geographically, global respondents cite China, Eastern Europe (including Russia), US and Canada and Middle East and North Africa as regions posting the greatest integrity risks, including compliance and fraud risks, for doing business in the next two years.
- Employee risks: Continuing challenges around misconduct are making it difficult for organizations to drive higher standards of integrity across the business and among third-parties and supply chains. More than one-third (38%) of global respondents say they’d be willing to behave unethically if asked by a manager. Nearly half (47%) of respondents say employees inside their organization pose the greatest integrity risk for the organization over the next two years.
- Operational risks: While 40% cite privacy and security as their greatest operational integrity risks, 53% of global respondents say that employee turnover and employees not understanding policy are the greatest internal threats to organizational standards of integrity.
When conducting risk assessments, it’s important for companies to consider the impact of both internal and external factors on business strategies, commercial activities and employee pressures. It’s also important to understand not only which factors apply but also how and why they apply to link directly to compliance risks and help inform compliance priorities.
Chapter 2
What is the root cause of misconduct?
The behavior of potentially compromised employees may be less about being inherently “bad” and more about learned or rationalized behavior.
To better understand what breeds misconduct and how it can thrive, EY teams conducted a deeper analysis of the report data. The results suggest that most organizations can divide their employees into one of three types, based on their willingness to exhibit illegal or unethical behavior:
- “Principled employees” are unwilling to act unethically for personal gain or at the request of a manager.
- “Potentially compromised employees” are willing to act unethically for personal gain or at the request of a manager.
- “Potential enablers” are willing to act unethically at the request of a manager but would not do so for personal gain.
More than half (58%) of employees take a principled approach, indicating that a majority of employees are already inclined to uphold a culture of integrity. However, this leaves a significant remainder of employees within the organization (42%) who are willing to sacrifice integrity under the right conditions. As a result, employees must therefore be properly incentivized and supported when they have the courage to come forward and report wrongdoing, so that misconduct can be appropriately addressed and corrected.
The research shows that potentially compromised employees have a more negative view of their organization’s compliance environment. They are less likely to say their organizations have programs, policies and controls in place to encourage integrity. They’re more likely to say unethical behavior is often tolerated at their organization. Further, they are nearly three times more likely to say that unethical conduct is ignored within their teams, and more than five times more likely to say that unethical conduct is ignored within the supply or distribution chain.
Interestingly, potentially compromised employees are more likely to work for organizations that experienced major integrity events in the past two years, causing more potential reputational harm and incurring more regulatory action.
For potentially compromised employees, breaking with integrity guidelines may be less a question of being hardwired to behave badly and more a question of learned — or rationalized — behavior. They may have the attitude that “if others are doing it, I can get away with it too.” Or “if the company doesn’t care, I would be open to behaving badly if needed or pressured into it.” Fundamentally, it seems that potentially compromised employees can rationalize their behavior because they don’t trust the integrity of the organization.
Similarly, a significant proportion of leaders admit a willingness to behave unethically. Two-thirds (67%) of board members admit they’d be prepared to behave unethically in one or more ways to improve their own career progression or remuneration package (versus only a quarter (25%) of employees).
Board’s willingness to behave unethically
67%of board members admit they’d be prepared to behave unethically in one or more ways to improve their own career progression or remuneration package.
Further, of those who acknowledge that their organization experienced an integrity incident, 45% attribute the root cause to a lack of appropriate tone from senior leadership or pressure from management.
Tone at the top issues is also reflected in leadership’s willingness to address reported misconduct. While more than half (52%) say they’ve reported misconduct in the last two years (down from 59% in 2022), nearly two-thirds (65%) of those who reported felt under pressure not to report (versus 62% in 2022).
Nearly half (47%) of board members and 40% of senior management also admit that, in the last two years, they’ve seen behavior by other employees that would damage their organization’s reputation if it was known externally and that no action was taken.
Why should employees speak up if leaders don’t act?
Organizations need to create an environment where employees feel psychologically safe to speak up and confident that their concerns will not only be heard, but also acted upon. Whistleblowing, or a “speak- up” culture, is a powerful tool that empowers individuals to speak up against misconduct and unethical behavior, and serves as a crucial safeguard against corruption, fraud and other forms of wrongdoing. According to the Association of Certified Fraud Examiners (ACFE), 43% of all fraud is uncovered through tips by whistleblowers (of those, more than half were employees).
Without an internally supportive environment to speak up when they see wrongdoing, employees may feel better incentivized to report their grievances externally. For example, the Department of Justice’s new Whistleblower Pilot Program in the US, announced in early 2024, aims to incentivize whistleblowers to come forward with information related to corporate misconduct. This program, in addition to other whistleblower programs in the US and globally, may add pressure to an organization’s efforts to encourage employees to report misconduct through internal channels. It’s vital that organizations design and implement internal whistleblower systems that employees trust and all levels of the organization are willing to use without fear of retribution.
Chapter 3
Which approach to integrity are you taking?
Organizations typically take one of four approaches to their integrity culture.
Based on the report data and deeper analysis around organizational policies and programs, and how often management speaks about the importance of integrity, EY professionals have learned that, generally, organizations take one of four distinct approaches to their integrity culture:
- Integrity-first: In an integrity-first organization, management speaks frequently about the importance of integrity and puts policies and programs in place to back their words up with actions. In other words, they close the say-do gap. Only 22% of organizations fall into this category, down from 32% in our last report.
- Policy-driven: For 23% of organizations (versus 17% in our previous report), management has taken a policy-driven approach, selecting a range of policies and programs to boost integrity and meet compliance obligations without fully embracing an integrity-first mindset.
- Say-do gap: Executives speak frequently about integrity in organizations that fall into this category. However, they don’t back their words up with actions by implementing policies and programs. Slightly less than half (49%) of organizations take this approach to integrity — roughly the same (47%) as our last report.
- Not a priority: Interestingly, 5% of organizations don’t prioritize the promotion of integrity at all — a statistic that has remained largely static since our last report.
While nearly one-third of organizations were taking an integrity-first approach two years ago, this has dropped to fewer than a quarter based on this year’s findings. Given the increase in organizations that are taking a policy-driven approach, it’s possible that organizations that were previously taking an integrity-first approach believe that, now they have the appropriate policies in place, they no longer need to communicate the importance of integrity as frequently, nor do they see the need to be as vigilant about activating policies as they did before.
These organizations appear to have moved from being on the front foot regarding integrity to allowing integrity to take a back seat while they focus on navigating their business through more volatile economic terrain. Yet it’s in difficult times that an integrity-first approach is most critical. It’s a threshold to which every organization should aspire — in good times and bad times.
Four ways to build a people-centered, integrity-first organization
If the goal is to become an integrity-first organization, the next question leaders may ask is: How do I do that? It starts by putting people at the center of the integrity agenda. People are an organization’s most valued asset and greatest liability when it comes to integrity. As such, they need to be at the heart of the organization’s approach to integrity. This includes implementing supportive frameworks and structures, as well as creating an integrity-first culture that drives positive behaviors and a strong commitment to integrity. Here are four ways GCOs and CCOs can help their companies take to build an integrity-first culture.
1. Lead from the top
The report data demonstrates that integrity can’t be built or sustained on an approach of all talk and no action. Organizations need to focus on preventing and addressing misconduct by starting at the top. GCOs and CCOs should work with leadership to do more than promote ethical behavior — they need to demonstrate it. Additionally, leaders need to not only establish mechanisms for reporting and investigating incidents of misconduct — they must support and follow them. If organizations want to close the say-do gap, leaders need to act with integrity as much as they encourage integrity for those lower down in the organization.
This can be a significant step in creating the supportive environment that employees need to feel comfortable not only behaving with integrity but also intervening or reporting when they see wrongdoing. The more employees see leaders standing up for them and taking concrete action in response to reports of misconduct, without retaliation, the more likely they are to report wrongdoing when they observe it.
2. Design and implement a structure to execute strategy
Structure follows strategy. A strategy without structure can limit the effectiveness of an organization’s integrity program. Organizations need to establish sound governance structures that:
- Align with the organization’s defined roles and responsibilities.
- Establish clear accountability through both key performance indicators (KPIs) and key behavioral indicators (KBIs).
- Break down the silos to allow the free flow of information to those who need it.
- Build trust through transparency.
Further, they need to identify the root cause of wrongdoing, looking beyond simply assigning blame to potentially compromised employees to address systemic challenges.
3. Strengthen a culture of integrity across the organization
Organizations need to recognize that integrity is a team effort. Compliance should not be viewed as a stand-alone support function. Compliance and integrity standards need to be embedded directly into operations and procedures. GCOs and CCOs should work with leadership to incorporate KPIs and KBIs into performance and remuneration across the board. This includes compensation structures that reward employees for demonstrating integrity rather than punishing them for misconduct or noncompliance. In the findings, half of global respondents specifically call out employee and executive compensation structures that punish noncompliance. Metrics should equally focus more on positive reinforcement for behaving with integrity.
4. Boost awareness, training and communication
Respondents say better awareness, training and communication, stronger compliance-related procedures, and improvements to governance and leadership are at the top of their agenda to address integrity risks over the next two years.
Leaders, meanwhile, need to clearly communicate why integrity is important rather than just telling employees what they need to do to comply. Currently, fewer than half (47%) of management teams frequently communicate to their employees the importance of behaving with integrity. Employees are more inclined to comply when they understand the meaning behind what they’re being asked to do.
The value of integrity rests on trust
Integrity is an essential component of trust. Without trust, from employees, customers, suppliers and investors, the future viability of the organization can come under threat. By acknowledging the seriousness of misconduct and taking proactive steps to prevent, detect and address it, companies can build an integrity-first organization that puts people at the center and establishes a robust culture that is supported by unwavering commitment from leadership and on-demand support from employees.
However, for any integrity and compliance program to succeed, companies must start (but not end) with board members and executives, who must set the tone for a culture that doesn’t tolerate misconduct. Words alone won’t inspire loyalty, or even participation. Leaders need to listen, practice what they preach and act against misconduct.
Sadly, there will always be some potentially compromised employees. But, by creating an integrity-first culture that not only encourages but also incentivizes employees to act with integrity, even when no one is looking, organizations can create an environment that truly reflects its belief system and doing the right thing, even in times of adversity and uncertainty.
Summary
Against a backdrop of rapid change, persistent macroeconomic and geopolitical uncertainty, and increased regulatory scrutiny, organizations are finding it more difficult to act with integrity. Yet the findings of the EY Global Integrity Report 2024 suggest it’s not external risks that pose the biggest integrity threat — it’s the organizational culture. The report spells out the urgency to close the gap between what leaders say and how they act, and the steps organizations can take to achieve it.