The EY Global Integrity Report 2024 reveals that rapid change and economic uncertainty make it harder for companies to act with integrity.

In brief

• Overall, integrity standards are improving; however, corporate misconduct appears to be on the rise.
• The gap between what leaders say about integrity versus how they act is growing, which perpetuates integrity risk within the organisation.
• General counsel can help to build an integrity-first organisation that puts people at the center.

The EY Global Integrity Report 2024 (pdf) reveals some good news: Almost half (49%) of global respondents think compliance with their organisation’s standards of integrity has improved in the last two years. This marks an increase of seven percentage points from our EY Global Integrity Report 2022 findings. However, headwinds continue:

• Nearly four out of 10 (38%) global respondents admit they’d be prepared to behave unethically in one or more ways to improve their own career progression — more than one and a half times higher than the findings in the last report.
• Employee misconduct is directly influenced by the behaviors they observe from leaders — where 25% of workers say they’d behave unethically for their own benefit, the percentage rises to 67% among board members and 51% among senior management.
• Leaders face pressure to look the other way on misconduct. Nearly two-thirds (65%) of board members and 57% of senior management feel under pressure not to report misconduct.
• A lack of training and awareness, and insufficient resources, open the door to misconduct. More than half (54%) of global respondents say that employees not understanding policies or requirements, combined with a lack of internal resources to manage compliance activities, creates opportunities for employees to violate integrity standards.

The General Counsel Imperative Series provides critical answers and actions to help leaders reframe the future of their organisations. The findings of the EY Global Integrity Report 2024 suggest that general counsel and chief compliance officers (CCOs) are seeing their roles and responsibilities expand. This is adding pressure to an increasingly long list of requirements and skills they need to keep current within a rapidly changing environment.

Integrity Incidents Are on the Rise

One in five respondents admits that their organisation has had a significant integrity incident, such as a major fraud, data privacy and security breach, or regulatory compliance violation, in the last two years. Notably, of those who say their organisation had a significant integrity incident, more than two-thirds (68%) say the incident involved a third party.

An analysis of corporate violations in the US and the UK from 2010 to 2023¹ highlights the following:

• Almost US$1trillion in penalties have been incurred since 2010 (inflation adjusted), with over 40% growth in both the number of violations and the number of companies violating.
• Certain financial and employment violations have become two to 10 times more frequent since 2010, including accounting deficiencies, anti-money laundering (AML) deficiencies, tax violations, labor standards, workplace safety and consumer privacy.
• On the flip side, there has been a sharp drop in violations related to employee compensation, public safety, banking and the environment, and limited progress on anti-competitive behavior, discrimination or whistleblower retaliation.
• Repeat offending is linked to an erosion of culture. In instances where companies were repeat offenders, systemic issues within their compliance program or organisation may not have been remediated or addressed. The number of different violation types steadily climbs from one in four companies with a violation in a single year up to 8.3 for those with a violation every year since 2010.

The Gap Between Talk and Action Remains Wide 

The “say-do” gap is an issue we raised in the EY Global Integrity Report 2022. The latest findings suggest little has changed to close the gap between what leaders are saying about corporate integrity and what they are doing — or what their people are doing. This is especially concerning at the board level, where executives appear more likely to behave badly themselves and tolerate the behavior of potentially compromised employees if they are senior or high performers.

More than eroding (or erasing) trust within and outside the organisation, a top-down, “all talk, no walk” mentality puts the organisation’s reputation and bottom line at risk. One recent research finding suggests that US corporate fraud destroys roughly 1.6% of a company’s equity value annually, equal to US$830b in 2021.²

Organisations Can Create A Virtuous Circle of Integrity

In times of rapid change and difficult market conditions, it can be challenging for organisations to maintain or strengthen their standards of integrity. Arguably, this is exactly the time to make integrity a top priority. By taking an agile, human-centered approach to integrity — one that puts the right programs in place to drive behavior, to create a strong culture and a strong belief in their commitment to integrity — organisations can keep pace with evolving regulations and increasing societal expectations. Equally, they can create a virtuous circle of integrity that sets a course to renewed trust within the organisation, and among customers, investors, government and society.

Chapter:1 Is the Value of Integirty at Risk?

Organisation need to improve their approach to integrity to maintain stakeholder trust

The Current State of Integrity Shows Improvement

In emerging markets, 58% of respondents believe compliance has improved, which is a positive development given the inherent integrity and compliance risks experience in such markets.

Top reasons cited for improved integrity across all respondents globally suggest that improvements are coming both from better direction from management and leadership, and stricter regulation and pressure from regulators.

Headwinds to Sustain Integrity Are Intensifying

However, respondents also admit that an increasingly complex integrity landscape makes it difficult to navigate legal and regulatory challenges. The research points to a number of key external and internal challenges:

• External risks: Nearly half (49%) of global respondents are finding it difficult to adapt to the speed and volume of change in regulations, and say economic pressures, such as inflation, unemployment and exchange rates, make it harder to carry out business with integrity. Geographically, global respondents cite China, Eastern Europe (including Russia), US and Canada and Middle East and North Africa as regions posting the greatest integrity risks, including compliance and fraud risks, for doing business in the next two years.
• Employee risks: Continuing challenges around misconduct are making it difficult for organisations to drive higher standards of integrity across the business and among third-parties and supply chains. More than one-third (38%) of global respondents say they’d be willing to behave unethically if asked by a manager. Nearly half (47%) of respondents say employees inside their organisation pose the greatest integrity risk for the organisation over the next two years.
• Operational risks: While 40% cite privacy and security as their greatest operational integrity risks, 53% of global respondents say that employee turnover and employees not understanding policy are the greatest internal threats to organisational standards of integrity.

When conducting risk assessments, it’s important for companies to consider the impact of both internal and external factors on business strategies, commercial activities and employee pressures. It’s also important to understand not only which factors apply but also how and why they apply to link directly to compliance risks and help inform compliance priorities.

Chapter 2: What is the Root Cause of Misconduct?

The behavior of potentially compromised employees may be less about being inherently “bad” and more about learned or rationalised behavior.

To better understand what breeds misconduct and how it can thrive, EY teams conducted a deeper analysis of the report data. The results suggest that most organisations can divide their employees into one of three types, based on their willingness to exhibit illegal or unethical behavior:

1. “Principled employees” are unwilling to act unethically for personal gain or at the request of a manager.
2. “Potentially compromised employees” are willing to act unethically for personal gain or at the request of a manager.
3. “Potential enablers” are willing to act unethically at the request of a manager but would not do so for personal gain.

More than half (58%) of employees take a principled approach, indicating that a majority of employees are already inclined to uphold a culture of integrity. However, this leaves a significant remainder of employees within the organisation (42%) who are willing to sacrifice integrity under the right conditions. As a result, employees must therefore be properly incentivised and supported when they have the courage to come forward and report wrongdoing, so that misconduct can be appropriately addressed and corrected.

The research shows that potentially compromised employees have a more negative view of their organisation’s compliance environment. They are less likely to say their organisations have programs, policies and controls in place to encourage integrity. They’re more likely to say unethical behavior is often tolerated at their organisation. Further, they are nearly three times more likely to say that unethical conduct is ignored within their teams, and more than five times more likely to say that unethical conduct is ignored within the supply or distribution chain.

Interestingly, potentially compromised employees are more likely to work for organisations that experienced major integrity events in the past two years, causing more potential reputational harm and incurring more regulatory action.

For potentially compromised employees, breaking with integrity guidelines may be less a question of being hardwired to behave badly and more a question of learned — or rationalised — behavior. They may have the attitude that “if others are doing it, I can get away with it too.” Or “if the company doesn’t care, I would be open to behaving badly if needed or pressured into it.” Fundamentally, it seems that potentially compromised employees can rationalise their behavior because they don’t trust the integrity of the organisation.

Similarly, a significant proportion of leaders admit a willingness to behave unethically. Two-thirds (67%) of board members admit they’d be prepared to behave unethically in one or more ways to improve their own career progression or remuneration package (versus only a quarter (25%) of employees).

Further, of those who acknowledge that their organisation experienced an integrity incident, 45% attribute the root cause to a lack of appropriate tone from senior leadership or pressure from management.

Tone at the top issues is also reflected in leadership’s willingness to address reported misconduct. While more than half (52%) say they’ve reported misconduct in the last two years (down from 59% in 2022), nearly two-thirds (65%) of those who reported felt under pressure not to report (versus 62% in 2022).

Nearly half (47%) of board members and 40% of senior management also admit that, in the last two years, they’ve seen behavior by other employees that would damage their organisation’s reputation if it was known externally and that no action was taken.

Why Should Employees Speak Up if Leaders Don’t Act?

Organisations need to create an environment where employees feel psychologically safe to speak up and confident that their concerns will not only be heard, but also acted upon. Whistleblowing, or a “speak- up” culture, is a powerful tool that empowers individuals to speak up against misconduct and unethical behavior, and serves as a crucial safeguard against corruption, fraud and other forms of wrongdoing. According to the Association of Certified Fraud Examiners (ACFE), 43% of all fraud is uncovered through tips by whistleblowers (of those, more than half were employees).

Without an internally supportive environment to speak up when they see wrongdoing, employees may feel better incentivised to report their grievances externally. For example, the Department of Justice’s new Whistleblower Pilot Program in the US, announced in early 2024, aims to incentivise whistleblowers to come forward with information related to corporate misconduct. This program, in addition to other whistleblower programs in the US and globally, may add pressure to an organisation’s efforts to encourage employees to report misconduct through internal channels. It’s vital that organisations design and implement internal whistleblower systems that employees trust and all levels of the organisation are willing to use without fear of retribution.

Chapter 3: Which Approach to Integrity Are You Taking?

Organisations typically take one or four approaches to their integrity culture.

Based on the report data and deeper analysis around organisational policies and programs, and how often management speaks about the importance of integrity, EY professionals have learned that, generally, organisations take one of four distinct approaches to their integrity culture:

1. Integrity-first: In an integrity-first organisation, management speaks frequently about the importance of integrity and puts policies and programs in place to back their words up with actions. In other words, they close the say-do gap. Only 22% of organisations fall into this category, down from 32% in our last report.
2. Policy-driven: For 23% of organisations (versus 17% in our previous report), management has taken a policy-driven approach, selecting a range of policies and programs to boost integrity and meet compliance obligations without fully embracing an integrity-first mindset.
3. Say-do gap: Executives speak frequently about integrity in organisations that fall into this category. However, they don’t back their words up with actions by implementing policies and programs. Slightly less than half (49%) of organisations take this approach to integrity — roughly the same (47%) as our last report.
4. Not a priority: Interestingly, 5% of organisations don’t prioritise the promotion of integrity at all — a statistic that has remained largely static since our last report.

While nearly one-third of organisations were taking an integrity-first approach two years ago, this has dropped to fewer than a quarter based on this year’s findings. Given the increase in organisations that are taking a policy-driven approach, it’s possible that organisations that were previously taking an integrity-first approach believe that, now they have the appropriate policies in place, they no longer need to communicate the importance of integrity as frequently, nor do they see the need to be as vigilant about activating policies as they did before.

These organisations appear to have moved from being on the front foot regarding integrity to allowing integrity to take a back seat while they focus on navigating their business through more volatile economic terrain. Yet it’s in difficult times that an integrity-first approach is most critical. It’s a threshold to which every organisation should aspire — in good times and bad times.

Four Ways to Build A People-Centered, Integrity-First Organisation

If the goal is to become an integrity-first organisation, the next question leaders may ask is: How do I do that? It starts by putting people at the center of the integrity agenda. People are an organisation’s most valued asset and greatest liability when it comes to integrity. As such, they need to be at the heart of the organisation’s approach to integrity. This includes implementing supportive frameworks and structures, as well as creating an integrity-first culture that drives positive behaviors and a strong commitment to integrity. Here are four ways GCOs and CCOs can help their companies take to build an integrity-first culture.

1. Lead from the top

The report data demonstrates that integrity can’t be built or sustained on an approach of all talk and no action. Organisations need to focus on preventing and addressing misconduct by starting at the top. GCOs and CCOs should work with leadership to do more than promote ethical behavior — they need to demonstrate it. Additionally, leaders need to not only establish mechanisms for reporting and investigating incidents of misconduct — they must support and follow them. If organisations want to close the say-do gap, leaders need to act with integrity as much as they encourage integrity for those lower down in the organisation.

This can be a significant step in creating the supportive environment that employees need to feel comfortable not only behaving with integrity but also intervening or reporting when they see wrongdoing. The more employees see leaders standing up for them and taking concrete action in response to reports of misconduct, without retaliation, the more likely they are to report wrongdoing when they observe it.

2. Design and implement a structure to execute strategy

Structure follows strategy. A strategy without structure can limit the effectiveness of an organisation’s integrity program. Organisations need to establish sound governance structures that:

• Align with the organisation’s defined roles and responsibilities.
• Establish clear accountability through both key performance indicators (KPIs) and key behavioral indicators (KBIs).
• Break down the silos to allow the free flow of information to those who need it.
• Build trust through transparency.

Further, they need to identify the root cause of wrongdoing, looking beyond simply assigning blame to potentially compromised employees to address systemic challenges.

3. Strengthen a culture of integrity across the organisation

Organisations need to recognise that integrity is a team effort. Compliance should not be viewed as a stand-alone support function. Compliance and integrity standards need to be embedded directly into operations and procedures. GCOs and CCOs should work with leadership to incorporate KPIs and KBIs into performance and remuneration across the board. This includes compensation structures that reward employees for demonstrating integrity rather than punishing them for misconduct or noncompliance. In the findings, half of global respondents specifically call out employee and executive compensation structures that punish non-compliance. Metrics should equally focus more on positive reinforcement for behaving with integrity.

4. Boost awareness, training and communication

Respondents say better awareness, training and communication, stronger compliance-related procedures, and improvements to governance and leadership are at the top of their agenda to address integrity risks over the next two years.

Leaders, meanwhile, need to clearly communicate why integrity is important rather than just telling employees what they need to do to comply. Currently, fewer than half (47%) of management teams frequently communicate to their employees the importance of behaving with integrity. Employees are more inclined to comply when they understand the meaning behind what they’re being asked to do.

The Value of Integrity Rests on Trust

Integrity is an essential component of trust. Without trust, from employees, customers, suppliers and investors, the future viability of the organisation can come under threat. By acknowledging the seriousness of misconduct and taking proactive steps to prevent, detect and address it, companies can build an integrity-first organisation that puts people at the center and establishes a robust culture that is supported by unwavering commitment from leadership and on-demand support from employees.

However, for any integrity and compliance program to succeed, companies must start (but not end) with board members and executives, who must set the tone for a culture that doesn’t tolerate misconduct. Words alone won’t inspire loyalty, or even participation. Leaders need to listen, practice what they preach and act against misconduct.

Sadly, there will always be some potentially compromised employees. But, by creating an integrity-first culture that not only encourages but also incentivises employees to act with integrity, even when no one is looking, organisations can create an environment that truly reflects its belief system and doing the right thing, even in times of adversity and uncertainty.

The article was first published here.

Photo by Bernard Hermant on Unsplash.