Hammurabi’s Code, ca. 1772 BCE, included 282 laws, some
of which often prescribed punishing noncompliance with the
removal of one’s hand.


Compliance and ethics (“C&E”) programs are organizational policies put in place to promote law abiding and ethical conduct. To be effective, they must be supported by procedures, communications efforts, and cultural attributes. While the principal drivers for such programs are laws and regulations which offer leniency to companies with good C&E programs, there are further reasons to embrace C&E and make it a priority. C&E program law is to some extent the codification of sound management practices. While these programs mostly originated in the US, other countries are increasingly passing legislation to encourage or require C&E programs, making this area truly global in nature.

Many of the other topics discussed elsewhere on this site—such as corruption, conflicts of interest, cheating, and whistleblowing—are addressed in business organizations through the mechanisms provided by C&E programs. As such, C&E programs can provide ready-made “ethical systems blueprints,” bringing behavioral ethics ideas and information into the workplace. (For example: risk assessment training; methods for encouraging whistleblowing; accountability measures; systems for addressing conflicts of interest. See this article for further information.).

Additionally, for those who teach business classes, it is important to be familiar with C&E programs because knowledge of such programs is likely to play a growing role in the work lives of today’s students. Insufficient appreciation of C&E can—even in the absence of an outright legal violation—be harmful to one’s career. On the other hand, understanding and embracing C&E is increasingly seen as an attribute of effective leadership. If, as expected, both the government and C&E professionals increasingly do more to promote “cultural” approaches to C&E programs, these trends are likely to continue.


Ideas to Apply

Areas of Research

Case Studies

Open Questions

To Learn More


IDEAS TO APPLY (Based on research covered below)

 ​Back to top

  • Empower senior leaders to own C&E programs. While the technical aspects of a C&E program are the province of C&E officers, when senior managers are seen as owners of the program it is possible to take a “cultural” approach through which legal and ethical behavior becomes a reflex in the organization. As responsible owners, such managers should periodically ask themselves the following questions, among others:
    • How has my organization dealt with any employees who are top performers from a business perspective but weaker performers on C&E matters?
    • Can my organization show that it is willing to give up profitable business opportunities that would be lawful but unethical to pursue? Such decisions send a powerful signal that ethics matters.
    • Are my C&E officers treated as strategic partners—e.g., brought into business decisions early on – or are they in a largely ministerial role?
  • Support mid-level managers in promoting C&E. The “tone in the middle” is every bit as important as the “tone at the top,” but mid-level managers often find promoting C&E a greater challenge than do senior executives. Mid-level managers should be encouraged to:
    • Regularly communicate about C&E issues to employees in their work unit;
    • Ensure that C&E “performance” is adequately reflected in employee evaluations and compensation decisions;
    • Be alert to exemplary ethical behavior in the work unit, and—as appropriate—praise that behavior to others in the unit.



Back to top

  • How effective are C&E programs in preventing and detecting unlawful and unethical acts? The 2013 National Business Ethics Survey, conducted by the Ethics Resource Center, found that workplace misconduct is at “a historic low; the decline in misconduct is widespread; and the percentage of workers who said they felt pressure to compromise standards also fell substantially.” Similarly, a 2012 survey by the UK-based Institute for Business Ethics of employees in certain Western European countries showed that “[t]he presence of a formal ethics programme correlates with having a supportive ethical culture, higher perceptions that honesty is practiced, lower pressure to behave unethically, lower awareness of misconduct and higher levels of reporting by employees aware of misconduct in the past year at work.”

  • Do companies with strong C&E programs (and the ethical cultures that such programs help nurture) provide positive benefits—beyond reducing the risks and costs of civil and criminal penalties? Do they lead to greater employee engagement and customer trust? Research conducted by the Corporate Executive Board suggests that there is such a correlation. A paper by Schminke et al. (2014) studied employees’ reactions to ethical failures in companies. The authors found that “exemplary organizational efforts to recover internally from ethical failure may enhance employee perceptions of the organization to a more positive level than if no ethical failure had occurred.”

  • How can federal regulations make it easier for firms to develop effective C&E programs? Stucke (2013) argues that current guidelines rely too strongly on direct incentive-based approaches to E&C, assuming that people will be ethical only if it is in their financial interest to do so. This encourages a “check-the-box” approach to demonstrating compliance. Stucke offers ideas for a more psychologically sophisticated approach which would draw on more intrinsic motivations. 


 Back to top


Academic studies on C&E program failures are rare. One compelling example is: Tammy L. MacLean and Michael Behnam, The Dangers of Decoupling: The Relationship Between Compliance Programs, Legitimacy Perceptions, and Institutionalized Misconduct, 53 ACAD. MGMT. J. 1499, (2010).

Beyond traditional case studies, published reports of legal cases under the Foreign Corrupt Practices Act (“the FCPA”) and certain other laws often include the identification by the government of C&E program failures. E.g., an FCPA case against Alcatel-Lucent in 2010 accused the company of, among other things, failing “to provide appropriate incentives to perform in accordance with [its] compliance and ethics program.” Future posts on this page will catalog instances of C&E failures from FCPA and other types of cases.


Studies of C&E success often involve a company recovering from a legal/ethical catastrophe, but a potentially more useful line of inquiry would concern organizations that developed strong programs without the powerful motivation to do so that a prosecution or other disaster provides; for instance, cases of pure prevention rather than of remediation. However, conducting this sort of study is also challenging, given that a researcher may not be informed about wrongdoing that lies beneath the surface at a company. Indeed, in the past few years many companies have been given awards or otherwise been publicly lauded for exemplary ethical performance where, it was shown by subsequent criminal cases or other scandals, they were engaged in seriously wrongful behavior at the time of their purported ethical triumphs. Future posts will seek to identify factors contributing to success and failures in identifying individual cases of ethical successes.

However, as a statistical matter, C&E programs have been shown to be at least somewhat successful, as reflected in the above-cited research conducted by the Ethics Resource Center, Institute for Business Ethics and Corporate Executive Board.


 Back to top

  • While under applicable law, C&E programs are intended to promote ethical as well as law-abiding behavior, as a practical matter much more attention is generally by companies paid to compliance than ethics. Does too great an emphasis on corporate compliance “crowd out” corporate ethics? And a related question is whether implementing the formal aspects of a C&E program leads to a “false consciousness” of ethicality in an organization. (The Trevino & Weaver, Regan and Killingsworth works cited below address aspects of these topics.)
  • Is the deterrence model that provides the key motivator for C&E programs flawed due to the operation of what could be considered “C&E moral hazard” (i.e., managers reap the benefits of crime but the costs of non-compliance—which tends to be prosecuted years after the offense, when the managers may have left the company—are borne by shareholders?)
  • Do C&E programs do enough to prevent/address misconduct by high-ranking corporate officials or is C&E, as practiced, mostly for “the little people” in a company?
  • What are the attributes of an effective C&E program? Implementing some C&E program elements—such as codes of conduct—is relatively straightforward. But others—particularly risk assessment (where there is need to avoid a “Maginot Line” approach to identifying risk), training and C&E incentives—can be more challenging. Some survey research has been done on aspects of C&E program efficacy (see link below to List of “empirical studies” on the web site of the Society of Corporate Compliance and Ethics) but much of it is conducted by or on behalf of C&E program vendors and the area could use more independent research effort.

In an era of escalating competitive pressure, lean production and “economic headwinds,” research that makes the economic case for these programs—i.e., that good C&E is in fact good for business—will be keenly important to the success of the field.


 Back to top



  • Cultures of Compliance, American Criminal Law Review, September 2016.
  • Read or subscribe to the Risk and Compliance Journal, a blog at the Wall Street Journal

  • Advice from Deloitte: A financial sector playbook for ‘strong’ risk management. Lays out best practices for getting the “strong” rating for compliance specified in Dodd-Frank.

  • Milton C. Regan, Moral Intuitions and Organizational Culture, Milton C. Regan, Jr. May 8, 2008, St. Louis University Law Journal, Vol. 51, p. 941, 2007, Georgetown Law and Economics Research Paper No. 1130858 Georgetown Public Law Research Paper No. 1130858, (discussing, among other things, how moral intuitionist research findings support the use of “values-oriented” C&E programs).

  • Scott Killingsworth, Modeling the Message: Communicating Compliance Through Organizational Values and Culture, Georgetown Journal of Legal Ethics, Vol. 25, No. 4, 2012 (reviewing, among other things, how “behavioral science findings on how cultural attributes and management practices can either promote or undermine voluntary adherence to ethical standards, workplace rules and legal requirements, with special attention to the communicative aspect of management practices”).

  • Joseph Murphy and William Kolasky, The Role of Anti-Cartel Compliance Programs In Preventing Cartel Behavior, Antitrust, Vol. 26, No. 2, Spring 2012 (examining the attributes of an effective compliance program in the keenly important area of competition law and on the role of enforcement-related initiatives in promoting the adoption of such programs).

  • Jeff Kaplan, Semi-Tough, a Short History of Compliance and Ethics Program Law, from a Rand Symposium on “Corporate Culture and Ethical Leadership Under the Federal Sentencing Guidelines: What Should Boards, Management and Policymakers Do Now?“ (May 2012) (examining how relevant law has both succeeded and failed in promoting effective C&E programs).

  • Jason Stansbury and Bruce Barry, Ethics Programs and the Paradox of Control, Business Ethics Quarterly, Vol. 17, No. 2, April 2007.

  • David Hess, A Business Ethics Perspective on Sarbanes-Oxley and the Organizational Sentencing Guidelines, Michigan Law Review, Vol. 105, No. 8, June 2007

  • List of “empirical studies” on the web site of the Society of Corporate Compliance and Ethics. These are largely reports of surveys conducted by or on behalf of C&E-related vendors (such as consulting firms or training providers), and so should not be considered independent research. However, they often have interesting findings, and indeed some of their research topics themselves may be useful to those teaching or conducting studies in the areas of C&E programs.

Relevant Images and Videos


This page is overseen by Jeffrey Kaplan. Other researchers may have contributed content.

Miscellaneous Links & References 

  • Rachel Ensign, writing in WSJ, expresses skepticism that a positive ROI can be proven for compliance programs. Not that it’s not there, it’s just that she thinks it’s not possible to quantify the costs saved from scandals avoided. 
  • Jeffrey Kaplan, “Are you keeping track of your compliance costs?” Ethical Systems blog, February 17, 2014.
  • Mary Jo White, “Remarks at National Society of Compliance Professionals National Membership Meeting,” U.S. Securities and Exchange Commission, October 22, 2013. In her speech, White–chair of the SEC–said the SEC sees compliance officers as “a critical line of defense” against securities violations, though not the only one. In addition to the SEC’s support, also helping out are managers, internal auditors and the chief executive, while the board oversees everything. “An effective compliance and risk management program does not rest with you alone; it is an organization-wide effort and responsibility,” she said. “And the culture of compliance and ethics must be set at the top…but you are uniquely important.”​
  • Deloitte Insights, “Ethics and Compliance Issues: Deciding Where to Focus,” The Wall Street Journal, October 11, 2013. Reporting on the 2013 Compliance Trends Survey released by Deloitte and Compliance Week, WSJ notes that “the areas that ethics and compliance departments focus on can vary depending on the size of the organization, with smaller companies tending to focus more on tactical issues such as regulatory findings, while the larger ones said they focused on issues such as codes of conduct and ethical standards.”
  • Deloitte Insights, “Global Financial Crime Sparks New Focus on Compliance,” The Wall Street Journal, October 16, 2013. Since 2008, U.S. regulation of the banking industry has become globalized, harmonizing group-wide compliance policies across different jurisdictions and divisions. Heightened regulatory expectations are leading companies to adopt new performance metrics and to consider how their organizational structure affects compliance.
  • LRN 2014 Ethics and Compliance Effectiveness Report. Develops a “Program Effectiveness Index” from data provided by many companies, to track progress in improving E&C programs.