Skip to content
Compliance Software Ethics & Culture

A Culture Of Compliance: How Software Can Help You Create One

What exactly is culture? How can you shape it? How do you go about changing the culture of an organization? For all this and more, keep reading

Corporate culture is a hot topic. The idea that it’s a primary driver for all sorts of company activity. Good and bad. Helpful and not so helpful. But it’s an especially hot topic in the world of finance, particularly since the financial crisis, as senior leadership in firms of all shapes and sizes and governments from around the world struggle to find ways to keep firms and the people who populate them on the right side of the regulatory rulebook. But what exactly is organizational culture? And how do you get your head and hands around it in a practical way? To shape and point it in the direction you want it to go?

Following is an overview of some high level thinking on the subject from the field of organizational psychology, as well as some guidance on how automated compliance software, like Star’s, can be the perfect practical complement to the more philosophical aspects of transforming company culture.


  • Culture is a mindset. When you embed a culture it shapes behavior. It becomes the instrument people fly by. And it’s unconscious, so it’s a very powerful form of behavioral control, of social control. It’s socialization. It’s why we have cultures. Human beings are wired to create cultures.
  • Culture is a story we make up about what it means to be in an organization. How we get rewarded, or avoid punishment. And every employee makes up that story based on what she or she sees. But you don’t manage culture directly. You manage the things that shape behavior, and once those behaviors get observed and experienced they get internalized as culture.


  • Culture can nudge us to do the right thing or wrong thing. Why do firefighters run into burning buildings? It’s culture. Deep socialization. And socialization affects our behavior. Firefighters aren’t calculating. Running into burning buildings is what they do. That’s deep culture.
  • All people are corruptible. That’s why social psychology and behavioral ethics are so important, because they help us understand what affects behavior. The trustworthy company creates a culture that nudges people to doing the right thing.


  • Culture is a tournament of competing pressures that employees must respond to. As compliance officers, you’re in the business of affecting those pressures. You’re in the systems business, but you’re also in the culture business. You’re leaders that help embed the culture.
  • Most major trust violations are preceded by cultural drift. An ethical culture is a social control mechanism that can prevent drift. Compliance officers are in the drift-prevention business. Your job is to say: “Look where we’ve gotten to. Let’s find a way to get back to where we were.”


  • In every company, there’s a competition going on about what the real values are. We can say these are our values, but there’s a fight going on about what they are in practice.
  • Employees want to work for a good company. It’s about building a trustworthy organization, one that’s self regulating. Because when you don’t self regulate, you invite external regulation.


  • “‘Trust is good but control is better.” So goes a famous quote attributed to Lenin. This implies that trust and control are opposites. That you can have trust or control but you can’t have both. In the compliance business you have to have both, and you can have both.
  • If you have all controls and no trust then you have a very risky situation. On the other hand, if you have all trust, meaning lots of great culture but no control, you also open your firm up to risk.


  • Trust is a judgment of confident reliance on a person, group, organization, or system when there is risk or uncertainty. Trust only matters when there’s risk and uncertainty. If everything’s totally certain—if you can predict the outcome—you don’t need to trust.
  • When people trust, they do it based on expectations of positive future behavior. If that trust is violated, there’s a trust violation, and people lower their expectations. The relationship is damaged, and people get angry. That’s what distrust is: low expectations about future behavior.


  • We look for sources of evidence as to whether an organization is trustworthy. From that evidence we make a decision to trust. But you don’t manage trust directly, like you don’t manage love directly. You manage other things that lead to that outcome.
  • Think about managing trust as embedding trustworthiness. You can embed trustworthiness in a person, i.e., a leader, but you can also embed trustworthiness in a company, a system.


  • We’re not all equal in the degree to which we’re willing to trust. You manage trust by managing trustworthiness. Embed the following six elements into your leadership style and even those with a naturally low disposition to trust will begin to trust you.
  • Communication: Communicate openly and frequently.
  • Benevolence: Demonstrate that you care about them.
  • Alignment Of Interests: Demonstrate that your interests are aligned.
  • Similarities: Communicate that you have similar values, and that you have similar loyalties.


  • Integrity And Predictability: Show them you can be predictable and that you practice what you preach.
  • Capable And Competent: Demonstrate that you’re capable and competent at what you do.


  • In any company there’s social control, or culture. There’s behavioral control, or monitoring. And there’s output control, or reporting. Social control is trust inducing. Behavioral control and output control can cause distrust. They can send signals to employees that you don’t trust them.
  • But you can’t trust all employees. You wouldn’t be a trustworthy company, from a client’s perspective, if you blindly trusted all employees all the time. But employees get upset when you don’t trust them. So it’s important how you implement behavioral and output controls.
  • If controls are justified and rationalized, trust is enhanced. If controls are arbitrary, distrust and disengagement can result. When controls are enabling, they enhance trust. When they’re coercive, they create distrust.
  • This is the paradox of trust and control. You need both. Low controls are risky. Too much control means people become disengaged and check the box. Optimal trust is the spot in the middle. It’s the perfect combination of trust and control—culture and control systems—administered in just the right manner and in just the right places. This is what a trustworthy organization looks like.

Thinking along these lines, it’s easy to see where compliance technology can be part of the control system: part of that balance, that point of optimal trust, between too much and too little control. An employee conflicts of interest monitoring system like Star’s—whether it be employed for personal trading, gifts and entertainment spending, political donations, private investments, or outside business activity—is a control element that can be justified and rationalized to the employee base.

First, systems like this aren’t arbitrary. Just the opposite, in fact. If an employee’s position in the company necessitates personal trade monitoring, for example, chances are there are others in the company in the exact same position—probably people the employee works with on a regular basis and can readily relate to. Compliance monitoring systems also aren’t coercive, or at least they don’t come across that way. It’s up to the employee to physically enter gift or entertainment spends, for example. Yes, it’s required, but it’s still up to the employee to voluntarily complete the task, and it therefore offers some measure of personal empowerment.

Compliance tech also demonstrates openness on the part of the firm. There’s transparency into what’s being asked, i.e., everyone is working in the same system doing the exact same thing. No one is above the rules. The firm is practicing what it preaches. Also, because, as we now know, culture is always moving, it’s worth noting that technology like this helps keep compliance on top of organizational drift: by providing data that may indicate standards are slipping and that the firm is sliding towards greater risk and possible ill repute.

This data-driven capability is a fine complement to the compliance officer’s own intuitive sense of what’s happening in the organization, and is a good reminder that technology on its own is rarely a be-all, end-all. Technology is an enabler, a helper: something humans partner with to make a task easier to accomplish and more effective overall. Compliance technology helps firms get to that optimal trust spot. That perfect combination of trust and control. That balance of culture and control systems. That true culture of compliance.

The subject matter for this post is attributed to organizational psychologist Dr. Robert Hurley, who spoke on the subject of company culture and ethics at the StarCompliance 2018 US User Conference.