Skip to content
Ethics & Culture

The Paradox Of Trust And Control: Why Understanding It Is Key To Organizational Risk Management

The first of two blogs covering organizational psychologist Dr. Robert Hurley’s Star US User Conference lecture

The StarCompliance 2018 Annual US User Conference was held October 8 and 9 in Washington, DC. This nationwide gathering was a chance for STAR Platform users to interact face-to-face, trade software tips and techniques, and talk with Star staff on topics of macro and micro concern. In addition, a series of noted guest speakers brought wide-ranging, multi-disciplinary expertise to everyone in attendance.

One of those guest speakers was organizational psychologist Dr. Robert Hurley. Dr. Hurley is President of Hurley Associates, a leadership and organizational effectiveness consulting firm, and has been a Professor of Executive Education at Columbia University for over 25 years. He first studied organizational culture analyzing the culture at NASA in the wake of the 1986 space shuttle Challenger accident.

Dr. Hurley delivered the Star conference keynote—Trust, Control, And Culture—deftly applying his decades of experience analyzing organizational culture to the field of financial compliance. The following excerpts focus on trust and the crucial role it plays in a well-functioning organization. It’s the first of two blogs covering his talk.

“This is a famous quote by Lenin: ‘Trust is good but control is better.’ Now, what does that mean? What Lenin is saying is: ‘I’d rather have control. Because if I have control, I don’t have to trust.’ This implies that these are substitutes, or opposites. That you can have trust or control but you can’t have both. I would argue that in the compliance business you have to have both. And that you can have both.”

“If you have all controls and no trust, i.e., no social trust, i.e., no culture, then you have a very risky situation. On the other hand, if you have all trust, meaning lots of great culture but no control, you also have a risky situation. My revision to Lenin’s quote would be: ‘Trust is good. Control is good. But trust and control is best.’ So I’m going to try and get you to think about this a little differently. I’m going to help you define what trust is. What trustworthiness is. How to make a good decision to trust. How to think about trust as a risk-management tool.”

“Trust is a judgment of confident reliance on a person, group, organization, or system when there is risk or uncertainty. Trust only matters when there’s risk and uncertainty. If everything’s totally certain—if you can predict the outcome—you don’t need to trust. You only offer trust when there’s vulnerability. And trust is a relational concept, which makes it different than ethics. Ethics is about how people ought to act. The problem is, it’s not enough about how people actually do act.”

“When people trust us, or when they trust our company, they do it based on expectations of positive behavior in the future. If that trust is violated, there’s a trust violation. When that happens, people lower their expectations. So there were high expectations, there’s a trust violation, and now the relationship is damaged. And people get angry. That’s what distrust is: low expectations about future behavior.”

“We look for sources of evidence as to whether a person or organization is trustworthy. From that evidence we form a trustworthiness belief, or make a trustworthiness judgment, and we make a decision to trust. That is, we put ourselves in a situation where we’re vulnerable. And then there’s a feedback loop. When trust is reinforced the relationship gets stronger. When it’s violated the relationship gets weaker. There’s damage, which must be repaired.”

“But you don’t manage trust directly. It’s like how you don’t manage love directly. You don’t go to someone and say ‘love me more.’ You do all sorts of other things that lead to that outcome. So when I think about managing trust I think about embedding trustworthiness. You can embed trustworthiness in a person, i.e., a leader, but you can also embed trustworthiness in a company, a system. This is called the decision-to-trust model.”

We’re not all equal in the degree to which we’re willing to trust. Imagine you’re a leader. You have ten people working for you and you want to earn their trust. Not all of those ten people have an equal disposition to trust. For some it will be high and for some it will be low. You’ll have to devote more energy to gain the trust of the people for whom it’s low. There are three variables that help us understand people’s disposition to trust: risk tolerance, adjustment, and power.”

“Those with a high tolerance for risk don’t need that much assurance to trust. Those that are high in adjustment, i.e., low in neuroticism, don’t need that much assurance to trust. Those that are high in power don’t need that much assurance to trust, because they know they can punish those who betray their trust. But if you have two or three people in your group who are low in all of these variables, they’re going to have a naturally low disposition to trust. And it has nothing to do with you.”

“You manage trust by managing trustworthiness. Embed the following six elements into your leadership style and even those with a naturally low disposition to trust will, over time, begin to trust you. These six items can be arranged into the acronym CBASIC.”

“(1) Communication: Communicate openly and frequently. (2) Benevolence: Demonstrate that you care about them. (3) Alignment Of Interests: Demonstrate that your interests are aligned. (4) Similarities: Communicate that you have similar values, and that you have similar loyalties. (5) Integrity And Predictability: Show them you can be predictable and that you practice what you preach. (6) Capable And Competent: Demonstrate that you’re capable and competent at what you do.”

“If the only elements of trust are in the systems, it’s risky. It’s not full trustworthiness. It also has to be in the culture and the leadership and the strategy of the company. So a trustworthy company has an integrated system, or integrated organization, embedded with the elements of trustworthiness. CBASIC defines that trustworthiness. Part of the job of compliance is embedding these elements into the organizational architecture.”

“In any organization there’s social control, which is culture. There’s behavioral control, or monitoring. And there’s output control, which is reporting. Social control, through culture, is actually trust inducing, because it’s a relational form of control. Behavioral control and output control can cause distrust. It can send signals to employees that you don’t trust them.”

“But you can’t trust all employees. You wouldn’t be a trustworthy company, from a client’s perspective, if you trusted all employees all the time. But employees get upset when you don’t trust them. So it’s important how you implement behavioral and output controls. If the controls are justified and rationalized to people, it enhances trust. If they’re arbitrary, it creates distrust and disengagement. When controls are enabling, they enhance trust. When they’re coercive, they create distrust.”

“This is the paradox of trust and control. You need both. Low controls are risky. Too much control means people become disengaged and check the box. Optimal trust is the spot in the middle. It’s the perfect combination of trust and control—culture and control systems—administered in just the right manner and just the right places. This is what a trustworthy organization looks like.”

For more from Dr. Robert Hurley’s StarCompliance US User Conference speech, look for part two of our two-part blog series. StarCompliance is at the forefront of the automated compliance technology revolution. We’ve been writing compliance software and building compliance platforms for nearly 20 years, and our user base is worldwide. For more actionable advice on building a strong compliance program, check out our new guide: The Compliance Officer’s Ultimate Compliance Guide. Download your FREE copy now.