Skip to content

Culture, compliance, and corporate governance in the new decade

This year marks the beginning of a new decade, challenging us to look back at the progress and innovation the business community has made with regard to compliance and corporate governance, but also to look ahead to the 2020s and what will be required of companies to thrive in an increasingly diverse and global consumer market. 

In this new decade, "corporate culture" has a much broader definition and now includes, among other things, employer attentiveness to employee concerns, diversity and inclusion, and, more generally, corporate social responsibility. How companies respond to this broader culture mandate will have a significant impact on how well companies succeed in the new decade. Those companies that recognize and adapt early to the changing cultural dynamic in which we all operate will fare far better than entities that remain stagnant or turn a blind eye to the inevitable changes occurring in communities throughout the world.

"Corporate culture refers to the beliefs and behaviors that determine how a company's employees and management interact and handle outside business transactions. Corporate culture is also influenced by national cultures and traditions, economic trends, international trade, company size, and products. Corporate cultures, whether shaped intentionally or grown organically, reach to the core of a company’s ideology and practice, and affect every aspect of a business."[1]

After the global financial collapse over a decade ago, both the public and private sector introduced external and internal reforms to ensure it would not happen again. Whether these reforms proved successful remains an open question[2].  Nevertheless, there were some common messages with regard to culture that many companies integrated into their ethics and compliance programs in light of the 2008 collapse:

  • Emphasis on organizational values: a set of clear values that, among other things, emphasizes the organization’s commitment to legal and regulatory compliance, integrity and business ethics.
  • Tone at the top: executive leadership and senior managers across the organization encourage employees and business partners to behave legally and ethically, and in accordance with compliance and policy requirements.
  • Consistency of messaging: operational directives and business imperatives align with the messages from leadership related to ethics and compliance.
  • Middle managers who carry the banner: front-line and mid-level supervisors turn principles into practice. They often use the power of stories and symbols to promote ethical behaviors.
  • Comfort speaking up: employees across the organization are comfortable coming forward with legal, compliance, and ethics questions and concerns without fear of retaliation.
  • Accountability: senior leaders hold themselves and those reporting to them accountable for complying with the law and organizational policy, as well as adhering to shared values or organizational values.
  • The hire-to-retire life cycle: the organization recruits and screens employees based on character, as well as competence. The onboarding process steeps new employees in organizational values, and mentoring reflects those values. Employees are treated respectfully when they leave or retire;
  • Incentives and rewards: the organization rewards and promotes people based, in part, on their adherence to ethical values. It is not only clear that good behavior is rewarded, but that bad behavior—such as achieving results regardless of method—can have negative consequences.
  • Procedural justice: internal matters are adjudicated equitably at all levels of the organization.[3]

The items highlighted above are undoubtedly important to emphasize at any company seeking to instill a strong corporate culture of compliance and good governance. However, they alone are not enough. As evinced by the recent 1MDB, emissions, and foreign bribery scandals, corporate entities with highly-developed and formalized ethics and compliance programs often still find themselves inculpated in nefarious acts of corruption and fraud. Evidently, the well-meaning reforms instituted at many companies in the aftermath of the financial collapse are simply insufficient to quell rogue employees from acting badly, or to overcome a corporate culture that has not fully adopted and prioritized compliance and governance measures of integrity.[4]

Increasingly, companies are realizing not only must they clearly outline their principles of ethics and compliance, like the ones described above, they must also actively create and maintain a culture that promotes compliance. One-size-fits-all annual compliance training programs are wholly inadequate to create the work environment companies seek, employees desire, and regulators and the government demand. They are also dangerous and likely to subject a company to civil and criminal liability. Indeed, “culture” is referenced by the U.S. Federal Sentencing Guidelines, which include expectations for companies to promote an “organizational culture that encourages ethical conduct” and “a commitment to compliance with the law.”[5] Similarly, The Organisation for Economic Co-operation and Development’s Convention on Combating Bribery of Foreign Public Officials in International Business Transactions refers to the importance of a strong culture of organizational ethics.  

Creating an effective compliance program requires companies to go beyond a list of written rules. It requires instilling a top-to-bottom environment of achieving business goals with a commitment to compliance. It involves using data analytics, companywide open reporting, and live and online training, including “gamification” (using gaming tools), to help employees believe to their core that their conduct is right for the company, right for them, and something to be proud of. Indeed, today’s employees -- that increasingly include Millennials (members of Generation Y) -- value corporate culture more than ever. They are scrutinizing the culture of both the companies they work for and buy from.[6]

Employees want to be heard

While salary is important to today’s employees, the culture and environment in which they work is equally important, if not more so. A healthy work-life balance is essential. Employees want to work in an environment that prioritizes the health (both physical and mental) and happiness of its workers—even if it means a lower salary. Flexible hours, flexible vacation time, personal time, and an appreciation for personal needs (occasionally over professional needs) are expected.[7]

As importantly, today’s employees want to know that their voice counts and they are being listened to. They want to work for an employer that encourages their employees to speak up in a safe environment where they will not feel victimized. Over the past few years, there has been a lot of attention paid to whistleblowing hotlines. Significant operational resources have been devoted to training in conduct and culture, expressly to encourage speaking up and calling out misconduct, particularly allegations of non-financial misconduct that involves issues of race, sex, and sexuality. Nevertheless, most companies, despite giving the right message and having correct written policies and a framework in place, have difficulties engendering the right culture to ensure the fair treatment and confidentiality of both the whistleblower and those subsequently investigated. Today’s employees recognize that the way in which a company deals with employee complaints, whistleblowing, and negative comments and critiques in general is a litmus test of the health of the firm’s culture more generally.[8]

Diversity and inclusion

One of the many reasons diversity and inclusion is important to today's employees is because they themselves are more diverse and inclusive than the generation before them. Millennials in the United States are the most racially diverse generation in American history, a trend driven by the large wave of Hispanic and Asian immigrants who have been coming to the U.S. for the past half century, and whose U.S.-born children are now aging into adulthood. In this realm, Millennials are a transitional generation. Some 43% of Millennial adults are non-white, the highest share of any generation. About half of newborns in America today are non-white, and the Census Bureau projects that the full U.S. population will be majority non-white sometime around 2043. More than any other generation, Millennials consider themselves politically independent, religiously unaffiliated, and interested in a wide variety of different nations, cultures, ideas, and beliefs.[9]

Companies that acknowledge this reality, hire and work with a more diverse range of people, and develop authentic diversity and inclusion programs, will be better positioned to create the cultural environment today's employees seek. Moreover, companies must realize that diversity and inclusion mean different things to employees in different countries, requiring emphasis on race, color, religion, gender, gender expression, sexual orientation, physical ability, social mobility, and more.[10] Companies must be intentional about bringing diversity into meetings and work opportunities. The goal of inclusivity is to make sure that everyone feels included in everything they do and that each individual feels she, he, or they belongs. 

Diversity and inclusion is not only good for morale, but good for employee performance: Research has found that hiding our true identities dramatically declines our professional performance. For diversity initiatives to be successful, we must be open to different points of view and allow workers to express their individuality.[11]  Relatedly, diversity and inclusion is also good for business. Study after study has shown that diversity leads to more creative teams and increases a company’s bottom line. According to McKinsey, companies ranking in the top quartile of executive-board diversity were 35% likelier to financially outperform the industry medians.[12] Other research finds that inclusive teams make better business decisions 87% of the time.[13]

Diversity and inclusion matter to today's employees. In addition to being the right thing to strive for, having a diverse workforce helps companies acquire and retain the best talent, build employee engagement, increase innovation, and improve business performance. Robust, well-crafted, and consistently followed antidiscrimination policies; effective training to mitigate biases and increase cultural competency; and removing bias from evaluation and promotion decisions should be priorities for any organization that wants to improve diversity.[14] Companies that refuse to create a diverse and inclusive workplace culture will inevitably fail.

Corporate social responsibility

It is no secret that companies must be responsive to both customer and employee demands and expectations if they want to survive. Both constituencies expect more than ever from the companies and brands they associate with — and increasingly are rewarding companies whose services and products are both good for them and good for society.[15]  In its 2015 Nielsen Global Corporate Sustainability Report, Nielson found that “66% of global consumers say they are willing to pay more for sustainable brands — up 55% from 2014.[16]” It also found that 73% of global Millennials are willing to pay extra for sustainable offerings — up from 50% in 2014.[17] Indeed, corporate social responsibility matters to today’s employees and it weighs heavily in their evaluation of their company’s corporate culture.

"Corporate social responsibility (CSR) is a self-regulating business model that helps a company be socially accountable—to itself, its stakeholders, and the public. By practicing corporate social responsibility, also called corporate citizenship, companies can be conscious of the kind of impact they are having on all aspects of society, including economic, social, and environmental.

To engage in CSR means that, in the ordinary course of business, a company is operating in ways that enhance society and the environment, instead of contributing negatively to them."[18]

Today’s employees want to know they are working for a company that respects the environment and human rights, monitors its supply chain for abuses and potential negative impacts, and acts as a good corporate citizen that aligns with their values. Recent headlines demonstrate that the intersection of business and human rights should no longer be a passing concern for companies. Debate surrounding the human rights responsibilities of the private sector has touched on all sectors of the economy, highlighting the effect of business activities on climate change and the associated impacts on current and future generations. Participation in discussions regarding current and future business and human rights regulation is essential in industries with complex supply chains and multi-jurisdictional operations. To combat potential human rights abuses, there is a growing emphasis on creating best practice resources through collaboration not only across the industry but also with NGOs and government bodies.[19]

Businesses that are unable or unwilling to proactively incorporate environmental considerations into their day-to-day operations expose themselves to significant litigation and reputational risk. Of particular note is the way in which the human rights of the most vulnerable are threatened by climate change, and how claimants have used arguments grounded in the violation of such rights to seek to establish liability on the part of corporations.  One method by which companies can facilitate transparency as to their potential impact on climate change is by publicly disclosing climate-related data concerning their business.[20]

Employees and consumers alike want to know that the companies they work for and buy from are good corporate citizens. The bottom line is that the corporate world cannot ignore the demands and expectations of their customers and employees, who are devout in their desire to associate with companies aligned with their values. Businesses that under-appreciate the need for CSR do so at their peril.


The global conversation about corporate culture is gathering speed.[21] And for good reason.  Both employees and consumers are demanding that the companies they work for and buy from operate as good corporate citizens that manifest cultures of compliance and ethical governance. Today, a successful corporate culture includes one in which employees are provided i) a safe environment in which they are encouraged to speak up and report misconduct; ii) a diverse and inclusive workplace that reflects the society in which we live and individuals feel like they belong; and iii) a workplace that values corporate social responsibility, which includes respect for the environment and human rights.

Notably, government authorities and regulators are also making clear the importance of companies to have a strong compliance program. Most recently, the Department of Justice reiterated its position that if a company has a strong compliance program, it should be given special consideration:

"The Justice Department has to make clear through its resolutions—in public charging documents or settlement agreements—when and why a company was rewarded for creating a strong compliance program, Mr. Miner [Deputy Assistant Attorney General] said. “If we don’t do that, the policies will ring hollow,” he said.

Ultimately, compliance should be treated as a “super mitigator,” Mr. Miner said—meaning if a company has a strong compliance program, it should be given special consideration. The Justice Department is looking for cases where it can send that message, he said."[22]

The new decade in which we have entered presents novel and interesting challenges for companies when it comes to culture, compliance, and corporate governance. It also presents an excellent opportunity for companies to re-evaluate their compliance programs to ensure they are congruent with their employee-, customer-, and government/regulator-demands. Those companies that recognize and adapt early to the changing cultural dynamic will be better positioned to handle the new risks and expectations. Allen & Overy stands ready to assist.



  1. Investopedia, s.v., "Corporate Culture," by Sandra Lim, last modified May 7, 2019.
  2. Financial Times,"Lessons since Lehman about corporate culture," by Michelle Scrimgeour, November 1, 2018.
  3. Wall Street Journal, "Corporate Culture: The Center of Strong Ethics and Compliance," by Nicole Sandford and Keith Darcy, January 19, 2018.
  4. Id ("Many regulators now realize that without a culture of integrity, organizations are likely to view their ethics and compliance programs as a set of check-the-box activities or—even worse—as a roadblock  to achieving their business objectives.”).
  5. U.S. Sentencing Guidelines Manual § 8B2.1 (2018).
  6. Forbes, “How Millennials Are Reshaping What's Important In Corporate Culture,” by Larry Alton, June 20, 2017.
  7. Id.
  11. Forbes, The Truth About Diversity -- And Why It Matters, by Shelley Zalis, November 30, 2017.
  13. Forbes, New Research: Diversity + Inclusion = Better Decision Making At Work, by Erik Larson, September 21, 2017.
  14. Harvard Business Review, Survey: What Diversity and Inclusion Policies Do Employees Actually Want?, by Matt Krentz, February 5, 2019.
  17. Id.
  18. Investopedia, s.v., "Corporate Social Responsibility (CSR)," by James Chen, last modified November 27, 2019.
  20. Id. While companies face increasing pressure to provide more ESG (Environmental, Social, and Governance)-related disclosures, companies must be mindful of the potential legal risks and litigation costs that may be associated with making the disclosures. Although the federal securities laws generally do not require the disclosure of ESG data except in limited instances, potential liability may arise from making ESG-related disclosures that are materially misleading or false. In addition, the anti-fraud provisions under the federal securities laws apply not only to SEC filings, but also extend to less formal communications such as CSRs, press releases and websites. Generally, under the securities laws, heightened liability potentially exists for material misstatements or omissions contained in SEC filings. Lastly, in addition to potential liability stemming from federal securities laws, potential liability could arise from other statutes and regulations, such as federal and state consumer protection laws.
  21. For an in depth discussion on the ever-expanding personal accountability faced by company directors with regard to corporate culture, among other things, see
    "Directors are now in the firing line not only for their own behaviour, but for failing to do more to drive widespread good conduct throughout their businesses. In our survey, respondents say they are broadly confident that they understand their organisation’s culture, but less confident that that culture matches up to the business’s stated values or that they have an ability to change the culture if required. This, we expect, will become a key focus of attention for regulators and claimants.
    The challenge in driving good culture may be what lies behind the fact that both litigation risk and reputational risk feature high in the list of director concerns. For the first time, in 2019 both appear in the top five legal, regulatory and business risks that are worrying respondents."
  22. Wall Street Journal, "How the Justice Department Incentivizes Companies to Invest in Compliance," by Dylan Tokar, December 24, 2019.