The Critical Connection Between Culture and Misconduct Failures

By Caroline Stroud and Emma Rachmaninov, Partners, and Holly Insley, Senior Associate, Freshfields Bruckhaus Deringer LLP

Misconduct is one of the most significant symptoms of cultural failure and examples of it have been rife in the financial services sector over the past 10 years. What are its common causes and potential lessons?

From a regulatory perspective, the belief that culture and conduct risk are inextricably linked has been made clear. The UK's Financial Conduct Authority has stated that culture is a priority area and has made no secret of its view that the conduct failings of recent years have been driven by the culture of financial services firms. The Financial Stability Board, moreover, recently published a toolkit on mitigating misconduct risk including cultural drivers of misconduct.

William Dudley, former President and CEO of the Federal Reserve Bank of New York, captured the significance of misconduct during a banking culture panel he participated in last year. “I think there's a pretty broad acceptance of the notion that regulation and compliance only takes you so far, and that bad conduct really does undermine the effectiveness of the financial system, because it basically reduces trust,” Dudley said. “You need a good regulatory regime supplemented by various good conduct and culture in the organizations.”

Whether or not an organization is subject to the expectations and scrutiny of a regulator, there is widespread acceptance that achieving the ‘right’ corporate culture can go a long way toward helping to manage risk. A core part of risk management is developing a corporate culture where expectations as to behaviour are clear, appropriate behaviour is rewarded (and inappropriate behaviour punished) and employees are empowered to speak up if they spot an issue.

Lessons Learned from Experience

Faced with the need to focus on culture, an obvious question is where to start. There is a rich body of academic and regulatory material on culture, and a range of views on how best to measure and influence culture in the workplace. Given that culture is a behavioural set of norms, some firms are looking to behavioural science to predict and measure cultural drivers as part of their assurance processes.

As lawyers at an international law firm, we have a wealth of experience in investigations and have seen first‐hand the consequences of misconduct, including, for example, regulatory breaches and boardroom disputes.

Drawing upon our experience of investigations across a range of sectors and geographies, we recently carried out an empirical analysis of the underlying cultural factors that may have allowed misconduct to take place, whether as a direct cause or by creating an environment in which misconduct was able to flourish.

Cultural Drivers of Misconduct

We identified 12 cultural factors present in environments in which misconduct or other problems occurred. The 12 factors identified through our research are grouped into three categories, depending on the frequency with which they arose.

There are many examples of each of these factors arising in practice and there is frequently a degree of overlap between them. Not all of these factors can – or should, necessarily – be eliminated. Instead, the focus should be on identifying whether they are present, considering what risks they may pose and deciding what steps could be taken to reduce those risks.

Let's now focus on 3 of the 12 factors that most commonly arose: strong personalities; lack of speak‐up culture; and highly technical areas. What's their impact, and what actions can be taken to reduce the risk that they pose?

Strong Personalities

The presence of strong personalities within a business is almost inevitable. Successful leaders tend – and often need – to have strong personalities. This can bring with it many positives, such as the ability to drive change, motivate and inspire.

The potential risky behaviour that we have seen arising around strong personalities includes excessive deference from junior staff, and a lack of challenge or scrutiny from the oversight and control functions. (When an individual has handpicked subordinates, who see their loyalty as being to their manager rather than to the organization, the former can be particularly problematic.)


Inadequate challenge and scrutiny can often arise in smaller overseas offices. In such locations, distance from head office can have an impact on the degree of oversight that is exercised and the extent to which local employees feel there is anything they can do to raise their concerns.

Closer to home, these obstacles may arise in businesses where a particular individual has had a huge amount of success and is highly respected, to the extent that no‐one contemplates that they might be doing something wrong. Consequently, red flags may be overlooked.

Alternatively, employees may feel that very charismatic, respected and successful senior people (particularly those who have a close relationship with management) are untouchable. Indeed, there may be a ‘culture of fear’ or ‘cult of personality’ around such people – or a belief that concerns will not be taken seriously, even if they are raised.

The culture of fear can also impact the risks that team members are prepared to take. We have seen examples of a domineering personality who focusses on the business outcome he or she wants to achieve, and then leaves others to work out how to achieve it. The fear of failing to meet that challenge may then lead more junior employees to take inappropriate risks to achieve results.

Where there is a strong personality driving teams to achieve results, the importance of a strong second line of defense is heightened. However, there may be significant pressure on legal and compliance not to stand in the way of business results, and executives in the second line may be pushed to answer a very narrow question (“Is it legal?”), rather than stepping back to ask whether something is appropriate or gives rise to other concerns.

Given that the presence of strong personalities in the business world is inevitable, the challenge for companies is to identify where their own strong personalities sit; be aware of the risks that can be created by those strong personalities; and think about how to manage the risks. This may require a combination of robust challenge or oversight from other strong personalities; a strong second line of defence; proper appraisal and development of strong personalities as they rise up the corporate ladder; and a strong speak‐up culture, with routes for reporting and escalation that allow employees to raise their concerns anonymously and/or to bypass any perceived allies of the strong personality.

When evaluating an organization's governance structures, consideration must be given to both the roles in the structure and the individuals who fill them. This is crucial to governance effectiveness.

Speak‐Up Culture

Unfortunately, “whistleblowing” does appear to have an image problem – a lot of the headlines around whistleblowing are either framed in a relatively negative light, or suggest that it is an act with significant consequences.

Concerns that blowing the whistle may result in a formal investigation and the involvement of legal and compliance may be off‐putting. Alternatively, employees may be mindful of incidences they have seen of whistleblowing being “weaponized” – for example, being used cynically to attack (potentially legitimate) redundancy or performance management exercises and increase a departing employee's negotiating leverage. This image problem can lead to a real reluctance to raise concerns.

Fear of negative consequences may also be a significant factor in generating a reluctance by employees to raise concerns.

In a survey carried out by Freshfields of 2,500 managers across the US, Europe and Asia, almost one in five respondents said that they thought the average employee would expect to be treated less favorably if they blew the whistle. Moreover, 55% of respondents thought that concerns about damage to reputation and career prospects would prevent whistleblowing in their organization. The negative consequences feared by whistleblowers may often be more perception than reality – but in either case, the impact on speak-up culture is significant.

Trying to strengthen speak-up culture is a focus for many organizations. They appreciate the importance of issues being brought to their attention early – and, ideally, being flagged to them directly. However, transforming this aspect of an organization's culture can be a slow process, and the harm done by whistleblowers who feel ignored or neglected can be extensive.

In many cases, whistleblowers may believe incorrectly that their concerns have been ignored (simply because they are not told otherwise), so improving feedback processes can be an important tool in trying to overcome the ‘futility’ factor.

Organizations may need to think not just about ‘speak up’ but also ‘listen up’ – for example, training managers on what to do if employees raise concerns with them, so that they respond appropriately. Indeed, it's helpful to encourage managers (especially those who are viewed as strong personalities) to demonstrate openness and responsiveness to employees who raise concerns. This can be made part of the appraisal process – to really test whether they are demonstrating the required behaviour.

Other options include rewarding employees who have spoken up – either through financial rewards, recognition in their appraisals or even just a simple “thank you” from senior management.

Striking the right balance in relation to feedback is difficult. The issues raised by a whistleblower may be sensitive, and, in some cases, could be the subject of regulatory or even criminal proceedings. What's more, confidentiality is a requirement in certain jurisdictions, and disclosing details of the outcome of an investigation could involve divulging confidential or business‐sensitive information.

For all of these reasons, businesses are typically unable or unwilling to recognize “compliance champions” publicly. However, even a high‐level response – an acknowledgement of receipt, a confirmation that an investigation has been or will be undertaken, or an expression of thanks for raising the issue – may go a long way to overcoming the perception that speaking up is a pointless exercise.

Read More



BylawsCode of ConductPrivacy NoticeTerms of Use © 2023 Global Association of Risk Professionals