When Good People Cut Corners (Part 2 Of 2)

---

TAKEAWAYS

• Effective anti-bribery compliance isn’t about more policies; it’s about better process design.
• Human-centred design tools help organisations build compliance that works with human behaviour, not against it.
• Designing better controls is only half the battle. You also need to pitch them effectively to leadership.
• At the highest levels, compliance is stewardship: shaping environments where doing the right thing is expected, supported, and sustainable.

---

Part 1 of this article explored why good people make bad choices. We saw how Marcus, a regional sales director, crossed a line not because he was corrupt, but because the system rewarded results without asking how.

But diagnosing the problem isn’t enough. It should come with the question, “What do we do about it?”

Most organisations respond with more rules – more sign-offs, more training, more declarations. And yet, the organisations with the thickest policy manuals often have the weakest compliance cultures.

Here’s the reality: if your processes make it hard to do the right thing, people will find workarounds. If your compliance programme fights human nature, human nature will win. The solution isn’t more enforcement; it’s better design.

PEOPLE PROBLEM OR PROCESS PROBLEM?

Not all compliance failures are the same. Thus, the responses must not be the same either. Consider the following:

• Intentional misconduct: The employee knows the rules, understands the consequences, and chooses to break them anyway.
• Process-induced non-compliance: The employee wants to comply, but the process is too slow, too complex, or too disconnected from reality. She/He finds a workaround … not to cheat, but to get the job done.

The response to each must be different. Intentional misconduct requires consequences. Process-induced non-compliance requires redesign.

Far too often, organisations treat all failures as misconduct. But if the root cause is friction, not intent, more rules just add guilt to the pressure.

The first step is to ask the question, “Is this a people problem or a process problem?”

HUMAN-CENTRED DESIGN: A DIFFERENT LENS

Human-centred design (HCD) starts with understanding the people who use a system before designing solutions. It’s widely used in product design but rarely applied to compliance; that’s a missed opportunity.

When we design compliance processes without understanding the humans who navigate them, we create friction that breeds workarounds. We write policies for auditors, not for employees who face the grey zones.

HCD asks different questions:

• Who are the people in high-risk roles?
• What pressures do they face?
• Where do they encounter friction that tempts shortcuts?
• How can we make ethical choices easier?

Three tools are particularly useful:

1. Empathy mapping: Understanding the person behind the role

An empathy map captures what a person in a high-risk role sees, hears, thinks, and feels.

This is likely a regional sales manager’s perspective:

• Sees: Competitors winning deals with “flexible” approaches
• Hears: “Just get it done” from leadership
• Thinks: “If I don’t close this, I’ll miss target”
• Feels: Pressure, isolation, fear of failure

This isn’t about excusing misconduct; it’s about understanding the environment that makes misconduct feel rational, so you can change the environment.

2. Journey mapping: Finding where the process breaks

A journey map traces the steps through a high-risk process, identifying where friction occurs. Let’s look at a third-party vendor onboarding:

• On paper: Business identifies need → Procurement searches vendor list → Due diligence submitted → Compliance reviews → Contract signed → Vendor onboarded.
• In practice: Urgent deadline. Outdated vendor list. Twelve-page forms. Three-week review. Business engages vendor “provisionally”. Due diligence never completed.

Journey mapping exposes where the process breaks, not because people are corrupt, but because the design doesn’t fit reality.

These are the important questions to ask when journey mapping:

• Where do delays occur that create pressure to bypass?
• Where is the process unclear or overly complex?
• Where do employees lack the information or tools they need?
• Where are workarounds common, and what do they tell us?

3. Behavioural nudges: Making the right choice easier

A nudge is a small design change that makes the desired behaviour easier, without removing choice. Some examples are:

• Defaults: Pre-selected “No gifts received” on expense forms
• Timely prompts: Reminder about gift policies when booking client entertainment
• Friction for risk: Confirmation step before approving high-risk vendors
• Social proof: “94% of employees completed due diligence on time last quarter”

Nudges don’t replace controls, and they are not supposed to. Instead, they are intended to reinforce them by working with human behaviour. The best nudges are:

• Low cost: They don’t require major system changes
• Low friction: They don’t slow down compliant behaviour
• Highly visible: They appear at the moment of decision

THE THIRD-PARTY BLIND SPOT

Third-party relationships are where corruption risk concentrates. Agents, distributors, consultants, joint venture partners; these intermediaries create distance between the company and the misconduct, and that’s precisely why corrupt actors use them.

The question isn’t whether you have a third-party policy; it’s whether your third-party process actually works.

Red flags to watch for:

• Vendors repeatedly recommended by the same employee
• Agents with vague service descriptions
• Commission structures exceeding market norms
• Due diligence waivers granted “for speed”
• Contracts renewed without periodic review

Design questions to ask:

• How long does compliant onboarding actually take?
• Are due diligence requirements proportionate to risk?
• Do employees have a way to escalate concerns without fear?

FROM DIAGNOSIS TO PITCH: MAKING THE CASE FOR CHANGE

Identifying friction points is only half the battle; the harder part is convincing leadership to act.

The pitch isn’t “we need to be more compliant”. The pitch is:

• “Here’s where our process creates friction that tempts shortcuts.”
• “Here’s a low-cost intervention that reduces risk and improves efficiency.”
• “Here’s how this aligns with regulatory expectations.”

Frame it as risk reduction and operational improvement; that’s how you get the buy-in.

A Chief Compliance Officer (CCO) must be empowered to not just design policies but to challenge the business, and CCO must also have direct access to the board.

THE INTEGRITY FRICTION SELF ASSESSMENT

The Integrity Friction Self-Assessment is a tool for finance professionals to evaluate where processes may be creating unintended corruption risk. It examines 25 controls across five sections:

1. Tone and Culture: Does leadership communicate that how matters as much as results?
2. High-Risk Role Design: Are high-risk roles identified with realistic targets?
3. Third-Party Risk Management: Is due diligence proportionate and timely?
4. Process Design and Friction: Are compliance processes tested for usability?
5. Detection and Response: Are workarounds treated as feedback, not just violations?

The goal isn’t to check the boxes; it’s to surface friction points that may be pushing good people toward bad choices.

THE ROLE OF FINANCE PROFESSIONALS

Finance professionals see what others miss.

As auditors: Go beyond “Does the control exist?” to “Does the control work?”
As advisors: Help clients design compliance that fits operational reality.
As board members: Don’t just ask, “Are we compliant?” Go further with, “Where are we fragile?” Ensure the CCO has board access as well as the authority to challenge decisions.
As finance leaders: Recognise that every process you design either enables integrity or undermines it.

CONCLUSION: DESIGN FOR INTEGRITY

Neither enforcement, policies nor training alone will prevent corruption. What prevents corruption is designing systems where doing the right thing is easier than doing the wrong thing. This means:

• Understanding the pressures your people face
• Mapping the journeys where friction tempts shortcuts
• Building nudges that reinforce good choices
• Creating cultures where integrity is the norm

At the highest levels, compliance is not only rules and enforcement as it is centred on stewardship. Boards and senior management must shape environments where doing the right thing is expected, supported, and sustainable.

The crucible of governance is ultimately tested in moments of pressure, and in how institutions respond, reform, and lead forward.

So, keep in mind that the question isn’t “Do our people know the rules?”. Rather, it is “Do our systems make it easy to follow them?”

---

Julia Chin is Founder/CEO, JFourth Solutions.