Compliance culture and excellent sheep


Compliance culture and excellent sheep Ethical BoardroomBy Samantha Sheen – AML Director, Europe ACAMS




In January 2018, three managers employed by a financial institution (FI) agreed to a settlement with the US regulator, the Financial Industry Regulatory Authority (FINRA).

The settlement was reached in relation to FINRA’s allegation that the three managers had violated FINRA Rule 2010. This rule requires that in the conduct of business, its members ‘shall observe high standards of commercial honour and just and equitable principles of trade’.[1]

The managers had worked for the FI for several years and held positions in which they headed up specific product divisions within the securities line of business. They each had previously worked for other financial institutions.

As with other regulated businesses, the FI was required to ensure that the managers and other staff received and took part in ongoing training. Similar to other global FIs, this training was delivered via an intranet-based e-learning system. Employees log on and work through a module, after which the employee needs to successfully complete a short exam to evidence their understanding of the materials. Records are kept by the FI, in part so that evidence can be given to their regulator that this training requirement has been satisfied.

‘Proxy’ trainees

Rather than complete each of the modules themselves, the managers, over several years, provided their log-in credentials to different administrative assistants and requested that they complete some of training modules for them. Essentially, the assistants were enlisted and asked to act as ‘proxy’ trainees for the managers.

Among the modules completed by the assistants were the ones covering the annual compliance certification – Unauthorised Trading Awareness and Education Certification: Understanding Money Laundering, Terrorist Financing, Sanctions and Corruption and training on Global Records Management.

Regulator & FI response

FINRA in all three cases agreed to settle without admission of responsibility by any of the three managers. Each one received a censure and were required to re-sit the exam necessary to requalify for the statutory position they held at the time.

Now this does not seem that harsh, relative to the unethical behaviour involved. After all, it is bad enough to cheat but to enlist the assistance of your subordinates to help you, is profoundly wrong.

And it would be great to suggest that this conduct is exceptional. However, a quick internet search shows this is not the case.

For example, in 2008 FINRA reached a settlement with another FI manager for similar activity. In that case, the manager arranged for a junior employee to complete the firm’s e-learning course for him. Providing both his user ID and password to the junior employee, the manager later received a congratulatory email from the junior who wrote: “Please know that I have ‘helped* [name] and the other identified investment associates with this mandatory training and you have all passed with flying colors [sic].”[2]

What makes the current 2018 case interesting, however, is how the FI itself responded. Quite apart from FINRA’s censure (which is published and available online as part of the managers’ permanent disciplinary records), each of the managers in the 2018 cases were:

  • Required to pay a fine representing a percentage of their incentive compensation payment from the previous year
  • Issued a disciplinary letter
  • Required to retake selected e-learning modules

These measures were not hidden away in some HR file but are publicly accessible. So that if a future employer were to conduct an adverse media check of these individuals, this information is easily retrievable.

Importance of culture in financial institutions

The point I found particularly egregious in both the 2009 and 2018 cases was the deliberate enlistment of subordinate or more junior staff to enable and perpetuate the unethical conduct. We often speak about the ‘tone from the top’, but how about for others outside of the executive suite?

This year the UK’s financial regulator, the Financial Conduct Authority (FCA), published a compendium of papers entitled Transforming Culture in Financial Services (collectively, the Culture Papers).[3]

At the papers’ outset, it’s acknowledged that culture in financial services is widely accepted as a key root cause of the major conduct failings that have occurred within the industry in recent history.[4] And there is an unequivocal recognition in the foreword by Jonathan Davidson, director of supervision for retail and authorisations, that a focus on culture is the responsibility of everyone in a firm. Davidson notes that: “It should be a collaborative effort, by all areas and at all levels – and industry must take responsibility for delivering the standards it aspires to.”[5]

So, clearly, in the cases I’ve described, there was a lack of perceived ownership on the part of the perpetrators of their behaviour and how it influenced the FI’s compliance culture. But why might this have happened?

The role of middle management in fostering compliance culture

The Culture Papers include a very interesting paper about the role of middle management.[6] The authors found that while senior managers do influence culture by creating a tone that others follow, the role of middle managers is even more important because they translate top management expectations into front-line employee behaviour.

Middle managers play a critical role in converting high-end strategic goals into work-related objectives for the rest of the staff. The problem, in terms of culture, begins when senior management set difficult-to-achieve goals. While some organisations see this as inspiring and motivating high-performance outcomes, it can, in other instances, dampen this objective.

In their study, the authors found that some of the middle managers whose financial incentives were based upon the ability of their staff to meet these goals, realised they could not be met for a variety of reasons.

However, instead of pushing back and telling senior management the goals were not realistic, the managers instead devised other ways to meet the goals by seeking out ’structural vulnerabilities’. These were activities or processes within their organisation that could be exploited to create fake good performance or conceal actual poor performance. This then allowed the managers to make look it as if the goals had been met. This, in turn, resulted in a false representation of performance being reported to the senior management.

To achieve this, the managers had to coerce their staff to engage in multiple behaviours that made it appear as if the goals were being met and to ensure that those ‘structural vulnerabilities’ were taken advantage of. In some cases, the managers used measures to shame staff into cooperating with this ruse, as though to not take part in these activities was being disloyal or a bad team member.

The staff who worked with or around these managers, knew what was going on. The authors found that front-line employees were uncomfortable with the behaviours they were expected to support or engage in. Many also called it unethical and fraudulent and resisted from having to take part as much they could.[7]

The authors found this surprising because other research suggests that a lot of unethical behaviour in business is ‘blind’  – employees engage in it without ethical awareness. But in the study, the majority of the front-line employees who took part were ethically aware.[8] And for many of them, their attitudes toward the organisation and its leadership were quite negative because of the managers’ conduct.

Having worked at FIs and as a regulator, I have seen and heard about the ‘toxic [middle] manager’.  It’s quite amazing when you consider how often the presence of a toxic manager (or sometimes more than one) goes hand in hand with a compromised compliance culture and yet the problem persists. These managers, usually high performers from a commercial perspective, are also known for viewing compliance as a necessary evil or even an obstacle to work around. Known for being dismissive or even confrontational towards compliance personnel, the best their staff can hope

“The potential influence that middle managers have on compliance culture means that there is still merit in trying to root out some rotten apples”

for is to have a more senior executive take the manager aside for a ‘quiet word’. They are rarely held to account and hardly ever challenged about their attitudes towards compliance.

In his contribution to the Culture Papers, Professor Roger Steare, explains: “It is my experience that culture is best shaped, experienced and improved locally. Yes, the team cultures of the board and executive committee are critical to a high-performing, high-integrity firm. But good people will still exhibit poor conduct unless every leader and every team has the discipline to make good, principles-based decisions in every meeting.”[9]

Another of the Culture Papers’ contributors argues that organisations tend to think too narrowly about how they motivate employees’ behaviour, focussing on financial incentives to the neglect of these strong forces that organisations largely control – the direction they point employees in, the perspective they provide employees about how to understand their goals and objectives and the positive social regard that propels them to act.[10]

Bad apples and excellent sheep

But one author from the Culture Papers uses an expression that I think best describes the manager culture dilemma described at the start of this article – ‘Bad Apples vs Excellent Sheep’. Forward Institute’s founder and director, Adam Grodecki, argues that we tend to overrate the importance of individual character and underemphasise the significance of context and the power of situations and incentives that compel behaviour. He argues that we overestimate the power of individual character and underestimate the power of environment and the company we keep. He calls this moving the conversation from ‘bad apples’ to ‘excellent sheep’ and how groupthink, pressure to conform and lack of internal challenge, form the basis of almost all post-crisis event reviews.[11]

Grodeski suggests that the answer is not to ‘repair’ managers through ethics training, but to address organisational culture and the processes and policies that shape it.

Grodeski says it best when he says: “We are all rewarded in some way for complying with organisational ‘norms’. Most of us in large organisations get ahead by playing internal politics, delivering on internal projects and building our internal network. Technical expertise is valued over broad perspective and, as we get more senior, we also tend to narrow in our outlook. So, over 10, 15, 20 years, many of us, whatever our background, come to see the world through the same lens as our colleagues. We lose valuable perspective, miss changes in the external environment and come to accept as ‘normal’ ideas and practices that are anything but.”[12]

Concluding thoughts

Establishing and maintaining an effective compliance culture is an ongoing challenge.  The contributors to the Culture Papers make it clear this is no easy task and requires concerted effort and attention.

When you look at the cases I’ve described, I think there’s value in addressing cultural challenge at both the individual and organisational level. The potential influence that middle managers can have on compliance culture means there is still merit in trying to root out some rotten apples. But when FIs, rather than firing or allowing managers to resign for unethical conduct, instead hold them to account, revoke incentives and require that they do the right thing, this sends a powerful signal to all employees that senior management is committed to a strong compliance culture and is not content to simply watch over a flock of ‘excellent sheep’.


About the Author:

Samantha Sheen is AML Director – Europe of ACAMS. Based in London, Samantha’s career has recently including the holding Global group AML positions for 2 global financial institutions in the banking and insurance sectors, where she focused on enhancing their financial crime measures across offices in three continents. Samantha previously worked as the inaugural director of the Financial Crime Division for the Guernsey Financial Services Commission. Samantha joined the Commission in 2010 as its first general legal counsel and worked for both an offshore fund administration firm and trust and corporate service provider beforehand.

Prior to moving to Guernsey, Samantha worked as a solicitor having qualified to do so in both in Canada and Australia. Originally from Montreal, Canada, Samantha started her legal career in Toronto, Ontario. Samantha holds a bachelor’s degree in public administration, an LLB and a master’s degree in business, in the subject of risk management. She is also a graduate of the Harvard University Kennedy School of Government Strategic Management of Regulatory and Enforcement Agencies program


1. ; ; 





6.Den Nieuwenboer, N. A., Vieira da Cunha, J., Treviño, L. K. (2017). Middle Managers and corruptive routine translation: the social production of deceptive performance. Organization Science, 28, 781–803, Note 4.

7.Supra. Note 6.

8.Supra. Note 6.

9.Professor Roger Steare, Corporate Philosopher in Residence; Corporate Philosopher and Cass Business School, ‘Character, culture and conduct: why good people do bad things in a fear-driven culture’, Note 4.

10.Dr. Celia Moore, Associate Professor and Academic Fellow, Ethics and Compliance Initiative, Department of Management and Technology, ‘How do organisations motivate people to act?’, Note 4.

11.Adam Grodecki, Forward Institute, ‘The permafrost problem: from bad apples to excellent sheep. Creating an environment where we can truly think’. Note 4. 12Supra. Note 4.