How can trust survive without integrity?

The current state of integrity shows improvement

In emerging markets, 58% of respondents believe compliance has improved, which is a positive development given the inherent integrity and compliance risks experience in such markets.

Top reasons cited for improved integrity across all respondents globally suggest that improvements are coming both from better direction from management and leadership, and stricter regulation and pressure from regulators.

To better understand what breeds misconduct and how it can thrive, EY teams conducted a deeper analysis of the report data. The results suggest that most organizations can divide their employees into one of three types, based on their willingness to exhibit illegal or unethical behavior:

1. “Principled employees” are unwilling to act unethically for personal gain or at the request of a manager.
2. “Potentially compromised employees” are willing to act unethically for personal gain or at the request of a manager.
3. “Potential enablers” are willing to act unethically at the request of a manager but would not do so for personal gain.

More than half (58%) of employees take a principled approach, indicating that a majority of employees are already inclined to uphold a culture of integrity. However, this leaves a significant remainder of employees within the organization (42%) who are willing to sacrifice integrity under the right conditions. As a result, employees must therefore be properly incentivized and supported when they have the courage to come forward and report wrongdoing, so that misconduct can be appropriately addressed and corrected.  

The research shows that potentially compromised employees have a more negative view of their organization’s compliance environment. They are less likely to say their organizations have programs, policies and controls in place to encourage integrity. They’re more likely to say unethical behavior is often tolerated at their organization. Further, they are nearly three times more likely to say that unethical conduct is ignored within their teams, and more than five times more likely to say that unethical conduct is ignored within the supply or distribution chain.

Interestingly, potentially compromised employees are more likely to work for organizations that experienced major integrity events in the past two years, causing more potential reputational harm and incurring more regulatory action. 

For potentially compromised employees, breaking with integrity guidelines may be less a question of being hardwired to behave badly and more a question of learned — or rationalized — behavior. They may have the attitude that “if others are doing it, I can get away with it too.” Or “if the company doesn’t care, I would be open to behaving badly if needed or pressured into it.” Fundamentally, it seems that potentially compromised employees can rationalize their behavior because they don’t trust the integrity of the organization. 

Similarly, a significant proportion of leaders admit a willingness to behave unethically. Two-thirds (67%) of board members admit they’d be prepared to behave unethically in one or more ways to improve their own career progression or remuneration package (versus only a quarter (25%) of employees).

Further, of those who acknowledge that their organization experienced an integrity incident, 45% attribute the root cause to a lack of appropriate tone from senior leadership or pressure from management.

Tone at the top issues is also reflected in leadership’s willingness to address reported misconduct. While more than half (52%) say they’ve reported misconduct in the last two years (down from 59% in 2022), nearly two-thirds (65%) of those who reported felt under pressure not to report (versus 62% in 2022).

Nearly half (47%) of board members and 40% of senior management also admit that, in the last two years, they’ve seen behavior by other employees that would damage their organization’s reputation if it was known externally and that no action was taken.

Why should employees speak up if leaders don’t act?

Organizations need to create an environment where employees feel psychologically safe to speak up and confident that their concerns will not only be heard, but also acted upon. Whistleblowing, or a “speak- up” culture, is a powerful tool that empowers individuals to speak up against misconduct and unethical behavior, and serves as a crucial safeguard against corruption, fraud and other forms of wrongdoing. According to the Association of Certified Fraud Examiners (ACFE), 43% of all fraud is uncovered through tips by whistleblowers (of those, more than half were employees).

Without an internally supportive environment to speak up when they see wrongdoing, employees may feel better incentivized to report their grievances externally. For example, the Department of Justice’s new Whistleblower Pilot Program in the US, announced in early 2024, aims to incentivize whistleblowers to come forward with information related to corporate misconduct. This program, in addition to other whistleblower programs in the US and globally, may add pressure to an organization’s efforts to encourage employees to report misconduct through internal channels. It’s vital that organizations design and implement internal whistleblower systems that employees trust and all levels of the organization are willing to use without fear of retribution.

Based on the report data and deeper analysis around organizational policies and programs, and how often management speaks about the importance of integrity, EY professionals have learned that, generally, organizations take one of four distinct approaches to their integrity culture:

1. Integrity-first: In an integrity-first organization, management speaks frequently about the importance of integrity and puts policies and programs in place to back their words up with actions. In other words, they close the say-do gap. Only 22% of organizations fall into this category, down from 32% in our last report.
2. Policy-driven: For 23% of organizations (versus 17% in our previous report), management has taken a policy-driven approach, selecting a range of policies and programs to boost integrity and meet compliance obligations without fully embracing an integrity-first mindset.
3. Say-do gap: Executives speak frequently about integrity in organizations that fall into this category. However, they don’t back their words up with actions by implementing policies and programs. Slightly less than half (49%) of organizations take this approach to integrity — roughly the same (47%) as our last report.
4. Not a priority: Interestingly, 5% of organizations don’t prioritize the promotion of integrity at all — a statistic that has remained largely static since our last report.

While nearly one-third of organizations were taking an integrity-first approach two years ago, this has dropped to fewer than a quarter based on this year’s findings. Given the increase in organizations that are taking a policy-driven approach, it’s possible that organizations that were previously taking an integrity-first approach believe that, now they have the appropriate policies in place, they no longer need to communicate the importance of integrity as frequently, nor do they see the need to be as vigilant about activating policies as they did before.

These organizations appear to have moved from being on the front foot regarding integrity to allowing integrity to take a back seat while they focus on navigating their business through more volatile economic terrain. Yet it’s in difficult times that an integrity-first approach is most critical. It’s a threshold to which every organization should aspire — in good times and bad times.

Four ways to build a people-centered, integrity-first organization

If the goal is to become an integrity-first organization, the next question leaders may ask is: How do I do that? It starts by putting people at the center of the integrity agenda. People are an organization’s most valued asset and greatest liability when it comes to integrity. As such, they need to be at the heart of the organization’s approach to integrity. This includes implementing supportive frameworks and structures, as well as creating an integrity-first culture that drives positive behaviors and a strong commitment to integrity. Here are four ways GCOs and CCOs can help their companies take to build an integrity-first culture.

1. Lead from the top

The report data demonstrates that integrity can’t be built or sustained on an approach of all talk and no action. Organizations need to focus on preventing and addressing misconduct by starting at the top. GCOs and CCOs should work with leadership to do more than promote ethical behavior — they need to demonstrate it. Additionally, leaders need to not only establish mechanisms for reporting and investigating incidents of misconduct — they must support and follow them. If organizations want to close the say-do gap, leaders need to act with integrity as much as they encourage integrity for those lower down in the organization.

This can be a significant step in creating the supportive environment that employees need to feel comfortable not only behaving with integrity but also intervening or reporting when they see wrongdoing. The more employees see leaders standing up for them and taking concrete action in response to reports of misconduct, without retaliation, the more likely they are to report wrongdoing when they observe it.

2. Design and implement a structure to execute strategy

Structure follows strategy. A strategy without structure can limit the effectiveness of an organization’s integrity program. Organizations need to establish sound governance structures that:

• Align with the organization’s defined roles and responsibilities.
• Establish clear accountability through both key performance indicators (KPIs) and key behavioral indicators (KBIs).
• Break down the silos to allow the free flow of information to those who need it.
• Build trust through transparency.

Further, they need to identify the root cause of wrongdoing, looking beyond simply assigning blame to potentially compromised employees to address systemic challenges.

3. Strengthen a culture of integrity across the organization

Organizations need to recognize that integrity is a team effort. Compliance should not be viewed as a stand-alone support function. Compliance and integrity standards need to be embedded directly into operations and procedures. GCOs and CCOs should work with leadership to incorporate KPIs and KBIs into performance and remuneration across the board. This includes compensation structures that reward employees for demonstrating integrity rather than punishing them for misconduct or noncompliance. In the findings, half of global respondents specifically call out employee and executive compensation structures that punish noncompliance. Metrics should equally focus more on positive reinforcement for behaving with integrity.

4. Boost awareness, training and communication

Respondents say better awareness, training and communication, stronger compliance-related procedures, and improvements to governance and leadership are at the top of their agenda to address integrity risks over the next two years.

Leaders, meanwhile, need to clearly communicate why integrity is important rather than just telling employees what they need to do to comply. Currently, fewer than half (47%) of management teams frequently communicate to their employees the importance of behaving with integrity. Employees are more inclined to comply when they understand the meaning behind what they’re being asked to do.

The value of integrity rests on trust

Integrity is an essential component of trust. Without trust, from employees, customers, suppliers and investors, the future viability of the organization can come under threat. By acknowledging the seriousness of misconduct and taking proactive steps to prevent, detect and address it, companies can build an integrity-first organization that puts people at the center and establishes a robust culture that is supported by unwavering commitment from leadership and on-demand support from employees.

However, for any integrity and compliance program to succeed, companies must start (but not end) with board members and executives, who must set the tone for a culture that doesn’t tolerate misconduct. Words alone won’t inspire loyalty, or even participation. Leaders need to listen, practice what they preach and act against misconduct.

Sadly, there will always be some potentially compromised employees. But, by creating an integrity-first culture that not only encourages but also incentivizes employees to act with integrity, even when no one is looking, organizations can create an environment that truly reflects its belief system and doing the right thing, even in times of adversity and uncertainty.