Uncertainty is the most common driver of noncompliance – Help Net Security
Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty about how to be compliant, according to a survey by Gartner.
Three primary situations that lead to noncompliance
There are three primary situations that lead to noncompliance: Situations of uncertainty (not understanding how to comply), rationalization (thinking that noncompliance is not wrong in a certain context), and malice (not complying despite knowing it is wrong).
According to a Gartner survey of 1,012 employees in December 2023, uncertainty is the most experienced situation leading to employee noncompliance.
In the survey, 87% of respondents said they faced situations where they didn’t know how to comply in the last 12 months, followed by 77% of respondents who experienced situations of rationalization and 40% experiencing situations of malice.
“Compliance culture is a valuable part of mitigating misconduct, but it isn’t the best way to address the most common situation leading to employee noncompliance: uncertainty,” said Chris Audet, Chief of Research in the Gartner for Legal, Risk & Compliance Leaders practice.
The study revealed that improved quality standards – the design of policies, training, communications, and tools – has over double the impact of compliance culture on reducing uncertainty. Compliance culture has a greater impact on reducing situations of rationalization and malice, 1.5x and 1.4x respectively when compared to quality standards. Compliance culture therefore remains an important part of efforts to improve employee behavior.
Quality standards key to enhancing employee compliance
Given that many compliance functions already tend to prioritize compliance culture, however, and that situations of uncertainty are the most common driver of noncompliance, it is likely that focusing on quality standards will yield better overall improvements in employee compliance.
The fact that 40% of employees said they had been contemplating noncompliance even when they knew it was the wrong thing to do is likely to concern compliance and organizational leadership.
It’s important to note that this is measuring employees who wanted to noncomply for a malicious reason (e.g., to get revenge on the company or on a colleague), and that not all of them will follow through on this desire. But it’s still critical to put measures in place so momentary feelings of anger don’t escalate to misconduct.
“Quality standards also have a strong positive influence on compliance culture,” said Audet. “Therefore, a focus on quality standards should yield improvements in all situations that cause noncompliance, not just uncertainty.”