people walking across bridge in la defense
people walking across bridge in la defense frame

The General Counsel Imperative

How can trust survive without integrity?

Photographic portrait of Jim McCurry
Jim McCurry

EY Global Forensic & Integrity Services Deputy Leader

15 minute read 06 Jun 2024
Related topics
Assurance
Forensics
Risk

The EY Global Integrity Report 2024 reveals that rapid change and economic uncertainty make it harder for companies to act with integrity.

In brief

  • Overall, integrity standards are improving; however, corporate misconduct appears to be on the rise. 
  • The gap between what leaders say about integrity versus how they act is growing, which perpetuates integrity risk within the organization.
  • General counsel can help to build an integrity-first organization that puts people at the center.

The EY Global Integrity Report 2024 (pdf) reveals some good news: Almost half (49%) of global respondents think compliance with their organization’s standards of integrity has improved in the last two years. This marks an increase of seven percentage points from our EY Global Integrity Report 2022 findings. However, headwinds continue:

  • Nearly four out of 10 (38%) global respondents admit they’d be prepared to behave unethically in one or more ways to improve their own career progression — more than one and a half times higher than the findings in the last report.
  • Employee misconduct is directly influenced by the behaviors they observe from leaders — where 25% of workers say they’d behave unethically for their own benefit, the percentage rises to 67% among board members and 51% among senior management.
  • Leaders face pressure to look the other way on misconduct. Nearly two-thirds (65%) of board members and 57% of senior management feel under pressure not to report misconduct.
  • A lack of training and awareness, and insufficient resources, open the door to misconduct. More than half (54%) of global respondents say that employees not understanding policies or requirements, combined with a lack of internal resources to manage compliance activities, creates opportunities for employees to violate integrity standards.

The General Counsel Imperative Series provides critical answers and actions to help leaders reframe the future of their organizations. The findings of the EY Global Integrity Report 2024 suggest that general counsel and chief compliance officers (CCOs) are seeing their roles and responsibilities expand. This is adding pressure to an increasingly long list of requirements and skills they need to keep current within a rapidly changing environment.

Integrity incidents are on the rise

One in five respondents admits that their organization has had a significant integrity incident, such as a major fraud, data privacy and security breach, or regulatory compliance violation, in the last two years. Notably, of those who say their organization had a significant integrity incident, more than two-thirds (68%) say the incident involved a third party.

Organizations struggle to navigate a complex integrity risk landscape
of global respondents say their organization has experienced a significant integrity incident in the last two years.

An analysis of corporate violations in the US and the UK from 2010 to 20231 highlights the following:

  • Almost US$1trillion in penalties have been incurred since 2010 (inflation adjusted), with over 40% growth in both the number of violations and the number of companies violating. 
  • Certain financial and employment violations have become two to 10 times more frequent since 2010, including accounting deficiencies, anti-money laundering (AML) deficiencies, tax violations, labor standards, workplace safety and consumer privacy.
  • On the flip side, there has been a sharp drop in violations related to employee compensation, public safety, banking and the environment, and limited progress on anti-competitive behavior, discrimination or whistleblower retaliation.
  • Repeat offending is linked to an erosion of culture. In instances where companies were repeat offenders, systemic issues within their compliance program or organization may not have been remediated or addressed. The number of different violation types steadily climbs from one in four companies with a violation in a single year up to 8.3 for those with a violation every year since 2010.

The gap between talk and action remains wide 

The “say-do” gap is an issue we raised in the EY Global Integrity Report 2022. The latest findings suggest little has changed to close the gap between what leaders are saying about corporate integrity and what they are doing — or what their people are doing. This is especially concerning at the board level, where executives appear more likely to behave badly themselves and tolerate the behavior of potentially compromised employees if they are senior or high performers. 

More than eroding (or erasing) trust within and outside the organization, a top-down, “all talk, no walk” mentality puts the organization’s reputation and bottom line at risk. One recent research finding suggests that US corporate fraud destroys roughly 1.6% of a company’s equity value annually, equal to US$830b in 2021.2

Organizations can create a virtuous circle of integrity

In times of rapid change and difficult market conditions, it can be challenging for organizations to maintain or strengthen their standards of integrity. Arguably, this is exactly the time to make integrity a top priority. By taking an agile, human-centered approach to integrity — one that puts the right programs in place to drive behavior, to create a strong culture and a strong belief in their commitment to integrity — organizations can keep pace with evolving regulations and increasing societal expectations. Equally, they can create a virtuous circle of integrity that sets a course to renewed trust within the organization, and among customers, investors, government and society.

ey-facade-of-markthal-market-hall-at-dusk.jpg
1

Chapter 1

Is the value of integrity at risk?

Organizations need to improve their approach to integrity to maintain stakeholder trust.

The current state of integrity shows improvement

In emerging markets, 58% of respondents believe compliance has improved, which is a positive development given the inherent integrity and compliance risks experience in such markets.

Top reasons cited for improved integrity across all respondents globally suggest that improvements are coming both from better direction from management and leadership, and stricter regulation and pressure from regulators.

How EY can Help

  • Integrity and Compliance

    As regulatory enforcement and public intolerance of corporate misconduct increase, EY professionals help you strengthen your integrity and global compliance frameworks. And, should violations occur or allegations of fraud or corruption arise, the EY Forensics teams help you respond quickly to safeguard your business.

    Read more

Headwinds to sustain integrity are intensifying

However, respondents also admit that an increasingly complex integrity landscape makes it difficult to navigate legal and regulatory challenges. The research points to a number of key external and internal challenges:

  • External risks: Nearly half (49%) of global respondents are finding it difficult to adapt to the speed and volume of change in regulations, and say economic pressures, such as inflation, unemployment and exchange rates, make it harder to carry out business with integrity. Geographically, from a list of twelve regions, global legal and compliance respondents cite China (22%), Eastern Europe, including Russia (21%), US and Canada (17%) and Middle East and North Africa (16%) as posing the greatest integrity risks, including compliance and fraud risks, for doing business in the next two years.
  • Employee risks: Continuing challenges around misconduct are making it difficult for organizations to drive higher standards of integrity across the business and among third-parties and supply chains. More than one-third (38%) of global respondents say they’d be willing to behave unethically if asked by a manager. Nearly half (47%) of respondents say employees inside their organization pose the greatest integrity risk for the organization over the next two years.
  • Operational risks: While 40% cite privacy and security as their greatest operational integrity risks, 53% of global respondents say that employee turnover and employees not understanding policy are the greatest internal threats to organizational standards of integrity.

When conducting risk assessments, it’s important for companies to consider the impact of both internal and external factors on business strategies, commercial activities and employee pressures. It’s also important to understand not only which factors apply but also how and why they apply to link directly to compliance risks and help inform compliance priorities.


evening commute with people passing a led illuminated viaduct
2

Chapter 2

What is the root cause of misconduct?

The behavior of potentially compromised employees may be less about being inherently “bad” and more about learned or rationalized behavior.

To better understand what breeds misconduct and how it can thrive, EY teams conducted a deeper analysis of the report data. The results suggest that most organizations can divide their employees into one of three types, based on their willingness to exhibit illegal or unethical behavior:

  1. “Principled employees” are unwilling to act unethically for personal gain or at the request of a manager.
  2. “Potentially compromised employees” are willing to act unethically for personal gain or at the request of a manager.
  3. “Potential enablers” are willing to act unethically at the request of a manager but would not do so for personal gain.

More than half (58%) of employees take a principled approach, indicating that a majority of employees are already inclined to uphold a culture of integrity. However, this leaves a significant remainder of employees within the organization (42%) who are willing to sacrifice integrity under the right conditions. As a result, employees must therefore be properly incentivized and supported when they have the courage to come forward and report wrongdoing, so that misconduct can be appropriately addressed and corrected.  

The research shows that potentially compromised employees have a more negative view of their organization’s compliance environment. They are less likely to say their organizations have programs, policies and controls in place to encourage integrity. They’re more likely to say unethical behavior is often tolerated at their organization. Further, they are nearly three times more likely to say that unethical conduct is ignored within their teams, and more than five times more likely to say that unethical conduct is ignored within the supply or distribution chain.

Interestingly, potentially compromised employees are more likely to work for organizations that experienced major integrity events in the past two years, causing more potential reputational harm and incurring more regulatory action. 


For potentially compromised employees, breaking with integrity guidelines may be less a question of being hardwired to behave badly and more a question of learned — or rationalized — behavior. They may have the attitude that “if others are doing it, I can get away with it too.” Or “if the company doesn’t care, I would be open to behaving badly if needed or pressured into it.” Fundamentally, it seems that potentially compromised employees can rationalize their behavior because they don’t trust the integrity of the organization. 


Similarly, a significant proportion of leaders admit a willingness to behave unethically. Two-thirds (67%) of board members admit they’d be prepared to behave unethically in one or more ways to improve their own career progression or remuneration package (versus only a quarter (25%) of employees).

Board’s willingness to behave unethically
of board members admit they’d be prepared to behave unethically in one or more ways to improve their own career progression or remuneration package.

Further, of those who acknowledge that their organization experienced an integrity incident, 45% attribute the root cause to a lack of appropriate tone from senior leadership or pressure from management.

Tone at the top issues is also reflected in leadership’s willingness to address reported misconduct. While more than half (52%) say they’ve reported misconduct in the last two years (down from 59% in 2022), nearly two-thirds (65%) of those who reported felt under pressure not to report (versus 62% in 2022).


Nearly half (47%) of board members and 40% of senior management also admit that, in the last two years, they’ve seen behavior by other employees that would damage their organization’s reputation if it was known externally and that no action was taken.

Why should employees speak up if leaders don’t act?

Organizations need to create an environment where employees feel psychologically safe to speak up and confident that their concerns will not only be heard, but also acted upon. Whistleblowing, or a “speak- up” culture, is a powerful tool that empowers individuals to speak up against misconduct and unethical behavior, and serves as a crucial safeguard against corruption, fraud and other forms of wrongdoing. According to the Association of Certified Fraud Examiners (ACFE), 43% of all fraud is uncovered through tips by whistleblowers (of those, more than half were employees).

Without an internally supportive environment to speak up when they see wrongdoing, employees may feel better incentivized to report their grievances externally. For example, the Department of Justice’s new Whistleblower Pilot Program in the US, announced in early 2024, aims to incentivize whistleblowers to come forward with information related to corporate misconduct. This program, in addition to other whistleblower programs in the US and globally, may add pressure to an organization’s efforts to encourage employees to report misconduct through internal channels. It’s vital that organizations design and implement internal whistleblower systems that employees trust and all levels of the organization are willing to use without fear of retribution.

person standing on bridge viaduct with circular steel construction
3

Chapter 3

Which approach to integrity are you taking?

Organizations typically take one of four approaches to their integrity culture.

Based on the report data and deeper analysis around organizational policies and programs, and how often management speaks about the importance of integrity, EY professionals have learned that, generally, organizations take one of four distinct approaches to their integrity culture:

  1. Integrity-first: In an integrity-first organization, management speaks frequently about the importance of integrity and puts policies and programs in place to back their words up with actions. In other words, they close the say-do gap. Only 22% of organizations fall into this category, down from 32% in our last report.
  2. Policy-driven: For 23% of organizations (versus 17% in our previous report), management has taken a policy-driven approach, selecting a range of policies and programs to boost integrity and meet compliance obligations without fully embracing an integrity-first mindset.
  3. Say-do gap: Executives speak frequently about integrity in organizations that fall into this category. However, they don’t back their words up with actions by implementing policies and programs. Slightly less than half (49%) of organizations take this approach to integrity — roughly the same (47%) as our last report.
  4. Not a priority: Interestingly, 5% of organizations don’t prioritize the promotion of integrity at all — a statistic that has remained largely static since our last report.

While nearly one-third of organizations were taking an integrity-first approach two years ago, this has dropped to fewer than a quarter based on this year’s findings. Given the increase in organizations that are taking a policy-driven approach, it’s possible that organizations that were previously taking an integrity-first approach believe that, now they have the appropriate policies in place, they no longer need to communicate the importance of integrity as frequently, nor do they see the need to be as vigilant about activating policies as they did before.

These organizations appear to have moved from being on the front foot regarding integrity to allowing integrity to take a back seat while they focus on navigating their business through more volatile economic terrain. Yet it’s in difficult times that an integrity-first approach is most critical. It’s a threshold to which every organization should aspire — in good times and bad times.


Four ways to build a people-centered, integrity-first organization

If the goal is to become an integrity-first organization, the next question leaders may ask is: How do I do that? It starts by putting people at the center of the integrity agenda. People are an organization’s most valued asset and greatest liability when it comes to integrity. As such, they need to be at the heart of the organization’s approach to integrity. This includes implementing supportive frameworks and structures, as well as creating an integrity-first culture that drives positive behaviors and a strong commitment to integrity. Here are four ways GCOs and CCOs can help their companies take to build an integrity-first culture.

1. Lead from the top

The report data demonstrates that integrity can’t be built or sustained on an approach of all talk and no action. Organizations need to focus on preventing and addressing misconduct by starting at the top. GCOs and CCOs should work with leadership to do more than promote ethical behavior — they need to demonstrate it. Additionally, leaders need to not only establish mechanisms for reporting and investigating incidents of misconduct — they must support and follow them. If organizations want to close the say-do gap, leaders need to act with integrity as much as they encourage integrity for those lower down in the organization.

This can be a significant step in creating the supportive environment that employees need to feel comfortable not only behaving with integrity but also intervening or reporting when they see wrongdoing. The more employees see leaders standing up for them and taking concrete action in response to reports of misconduct, without retaliation, the more likely they are to report wrongdoing when they observe it.

2. Design and implement a structure to execute strategy

Structure follows strategy. A strategy without structure can limit the effectiveness of an organization’s integrity program. Organizations need to establish sound governance structures that:

  • Align with the organization’s defined roles and responsibilities.
  • Establish clear accountability through both key performance indicators (KPIs) and key behavioral indicators (KBIs).
  • Break down the silos to allow the free flow of information to those who need it.
  • Build trust through transparency.

Further, they need to identify the root cause of wrongdoing, looking beyond simply assigning blame to potentially compromised employees to address systemic challenges.

3. Strengthen a culture of integrity across the organization

Organizations need to recognize that integrity is a team effort. Compliance should not be viewed as a stand-alone support function. Compliance and integrity standards need to be embedded directly into operations and procedures. GCOs and CCOs should work with leadership to incorporate KPIs and KBIs into performance and remuneration across the board. This includes compensation structures that reward employees for demonstrating integrity rather than punishing them for misconduct or noncompliance. In the findings, half of global respondents specifically call out employee and executive compensation structures that punish noncompliance. Metrics should equally focus more on positive reinforcement for behaving with integrity.

4. Boost awareness, training and communication

Respondents say better awareness, training and communication, stronger compliance-related procedures, and improvements to governance and leadership are at the top of their agenda to address integrity risks over the next two years.

Leaders, meanwhile, need to clearly communicate why integrity is important rather than just telling employees what they need to do to comply. Currently, fewer than half (47%) of management teams frequently communicate to their employees the importance of behaving with integrity. Employees are more inclined to comply when they understand the meaning behind what they’re being asked to do.

The value of integrity rests on trust

Integrity is an essential component of trust. Without trust, from employees, customers, suppliers and investors, the future viability of the organization can come under threat. By acknowledging the seriousness of misconduct and taking proactive steps to prevent, detect and address it, companies can build an integrity-first organization that puts people at the center and establishes a robust culture that is supported by unwavering commitment from leadership and on-demand support from employees.

However, for any integrity and compliance program to succeed, companies must start (but not end) with board members and executives, who must set the tone for a culture that doesn’t tolerate misconduct. Words alone won’t inspire loyalty, or even participation. Leaders need to listen, practice what they preach and act against misconduct.

Sadly, there will always be some potentially compromised employees. But, by creating an integrity-first culture that not only encourages but also incentivizes employees to act with integrity, even when no one is looking, organizations can create an environment that truly reflects its belief system and doing the right thing, even in times of adversity and uncertainty.


The EY Global Integrity Report

How can trust survive without integrity?

Download report

Summary

Against a backdrop of rapid change, persistent macroeconomic and geopolitical uncertainty, and increased regulatory scrutiny, organizations are finding it more difficult to act with integrity. Yet the findings of the EY Global Integrity Report 2024 suggest it’s not external risks that pose the biggest integrity threat ­— it’s the organizational culture. The report spells out the urgency to close the gap between what leaders say and how they act, and the steps organizations can take to achieve it.

Related articles

How to balance opportunity and risk in adopting disruptive technologies

Adopting disruptive technologies is a critical challenge for organizations seeking to drive stronger compliance strategy while embracing innovation. Learn more.

Todd Marlin + 1

    About this article

    Photographic portrait of Jim McCurry
    Jim McCurry
    EY Global Forensic & Integrity Services Deputy Leader
    Deputy Global Forensics Leader focusing on helping organizations build their integrity agenda so they better anticipate and mitigate risk.
    Related topics
    Assurance
    Forensics
    Risk

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.