By Professor Guido Palazzo is Academic Director at Executive Education HEC Lausanne.

A recent report from the Association of Certified Fraud Examiners (ACFE) found that almost seven out of 10 anti-fraud professionals have experienced or observed an increase in fraud levels during the Covid pandemic, with a-quarter saying this increase has been significant. Almost all of those questioned (93%) said they expected an increase in fraud over the next 12 months and nearly three-quarters said that preventing, detecting, and investigating fraud has become significantly more difficult.

For corporations, banks and financial directors, this is a clear warning signal of new risks ahead. Indeed, it’s not difficult to predict that the birth of next big corporate scandal will be traced back to this period. As the ACFE put it, the pandemic is “a perfect storm for fraud. Pressures motivating employee fraud are high at the same time that defenses intended to safeguard against fraud have been weakened.”

If we want to stop corporate misconduct, where should we be focusing our efforts? What should we do to minimise the chances of corporate scandals, fraud and unethical decision-making? Compliance and risk management are obviously critical in detecting fraud, but given that corporate scandals keep happening, perhaps it’s time to ask ourselves whether we need to take a different, more holistic approach to combat unethical behaviour.

Bad Apples or Toxic Cultures?

Most compliance is based on the premise that we need to keep bad people in check and to root out the ‘bad apples’ who usually get blamed when there’s a corporate scandal. When the scandal breaks, we all ask, “how was that possible? What were they thinking?” And we also tell ourselves that we could never behave like that and that it could never happen in our organisation – it’s not our problem.

But are those who succumb to this temptation really ‘bad apples’ or rather people like you and I? Most models of (un)ethical decision-making assume that people make rational choices and are able to evaluate their decisions from a moral point of view. However, if you made a list of the character traits of a rule breaker in an organisation and then compared it to a list of your own, you might be surprised to find a lot of overlap.

When we examine corporate scandals, what we invariably see is good people doing bad things in highly stressful circumstances. If you put sufficient pressure on an individual and they start making ill-advised decisions or behaving unethically, the first reaction is fear as they realise what they are doing is wrong. But then they will start to rationalise their actions to justify what they are doing. Over time, such behaviour becomes normalised and they convince themselves that there is no wrongdoing involved. That’s something that my HEC Lausanne colleagues, Franciska Krings and Ulrich Hoffrage, and I have termed ‘ethical blindness’, and it is a phenomenon that plays a fundamental role in systematic organisational wrongdoing.

The trouble with conventional technical and regulatory compliance strategies is that while policies, codes of conduct and formal processes are all very necessary, they don’t take into consideration the importance of leadership behaviour or human psychology. We can’t pre-empt those who succumb to the temptation to do bad things in difficult circumstances unless we understand why they behave in the way they do. If we simply attribute problems to the psychological failings of ‘bad apples’ while ignoring the context, culture and leadership style which made their wrongdoing possible, then the barrel will still be contagious.

So what can be done to reduce the chances of new corporate scandals emerging in these challenging times? One take-away from previous scandals is the learning how to read the warning signals. This entails a deep understanding the psychological and emotional factors behind human risk, which surprisingly is not included in most compliance and ethics training. These small signals viewed in isolation may seem insignificant, but over time they can combine to create a dysfunctional context and culture where it can be all too easy for people to slip into the dark side.

Develop a Speak Up Culture

One of the most potent antidotes to that sort of dysfunction and the ethical blindness it encourages is a culture in which individuals at all levels feel able to speak up to their superiors about problems and ethical issues without fear of retaliation. But that will only happen if their own bosses are prepared to speak up and the tone for this must be set at the top. So, the critical question every executive needs to ask themselves is, “do I speak up?” Then they need to reflect on whether people come to them and speak up freely without fear of the consequences. That’s an approach to compliance that offers real protection against the onset of ethical blindness in a way that no conventional strategy can match.

This understanding of human risk element also elevates compliance to a leadership topic with all kinds of positive implications beyond compliance. Whilst on the one hand, this approach helps to boost the status of the compliance and risk function, my experience of working with senior executives is that when they start to understand the psychological elements of the dark side, it shines a light on their own behaviour. One thing they realise is that, yes, it perhaps could have been them doing those things in one of those scandals. The other is understanding that their leadership style can unwittingly creating the context for unethical behaviour.

That’s one reason I invited two former senior executives who were involved in corporate scandals to share their first-hand experience as teachers on our new certificate in ethics and compliance. Andy Fastow is the former CFO of Enron and Richard Bistrong is a former sales executive involved in an international bribery scandal. Amongst other things, the valuable insights of people like these can help others to understand how risks accumulate over time and how this can impact the integrity of an organisation. Their stories also highlight the temptation that people can face as a result of the tension between the pressure to succeed and the pressure to comply.

Traditionally, compliance training and development has been technical and regulatory – what are the rules, what are people allowed to do or not allowed to do, and how do we demonstrate to the authorities that we did everything possible to ensure that people understand the laws and regulations? But what’s becoming increasingly clear is that it’s time for a multi-disciplinary approach if we are to start redressing the balance between the legal dimension of risk management and the human element.