Study: Maybe Compliance Policies Don’t Matter
Here’s a rather glum start to your week: new academic research suggests that the design of corporate policies you use to train employees has no measurable effect on how well they retain knowledge about those policies, and might not do any better than not bothering to educate employees about corporate policies at all.
So says a study published last week by five professors at the University of Amsterdam and the University of California. They ran an experiment on more than 1,200 employees of a global technology firm rolling out an anti-corruption policy for the first time, to see what type of policy — long form, short summary, or infographic — might lead to the most knowledge retention.
They found that the structure of the policy made no difference on how well employees then scored on a subsequent test about the anti-corruption policy. More shocking, however: the employees who received training on the policy scored no better than a control group of employees who received no training on the policy at all.
Instead (and for reasons we’ll explore shortly), the professors concluded that employees’ ability to comprehend the anti-corruption policy depended more on the social norms they had already absorbed about how acceptable bribery is in general. The more employees believed bribery was just wrong, period; the better they scored on the test of the company’s anti-bribery policy.
Or, as the professors wrote in their study, “People, even when they study a text about rules, still rely on what they perceive to be the social norms when answering questions about such rules.”
Obviously this is a fascinating study for compliance professionals because we spend enormous amounts of time and money developing compliance policies and then training employees on what those policies are. This study, one of the first to investigate whether corporate policies actually work to improve employee behavior, suggests that those efforts are misguided.
That said, there’s no need for existential crisis. It’s only one study. Moreover, the research also raises important questions about what does influence employees’ compliance behavior — and pulling on those levers of organizational change would still keep compliance officers mighty busy.
Studying How Policies Work
Let’s first look at the experiment the professors ran. They worked with a “major global technology company” (never named in the study), headquartered in Europe and trading on the Nasdaq exchange. In March 2021, that company unveiled a new Code of Conduct. That fall, the company prepared to roll out its first-ever anti-corruption policy.
The professors then recruited 1,235 of the company’s employees (all of them from offices where English was the working language) to participate in their experiment. They randomly assigned the workers into four groups of roughly equal size, and gave each group a different version of the anti-corruption policy:
- A long-form policy that ran to 19 pages, “written in standard legalese” language;
- A short-form policy that was only four pages long;
- An infographic version, where employees received an illustrated overview of the essential rules on a single page;
- A control group that received no policy at all.
Employees studied the policies, taking as much time as they wanted; and then took a multiple-choice test to measure their knowledge of the policy. The questions were the sort that compliance officers probably know well. For example, one question asked, “Which of the following does NOT raise a red flag according to the company’s name blinded Anti-Bribery and Corruption policy?” and then offered four choices, where one scenario was the sketchy situation you’d want employees to avoid.
All four employee groups scored roughly the same on their tests, including the group that received no policy at all. Figure 1, below, shows a distribution curve of the answers. The purple group on the right received no policy; the yellow group at left is everyone else who did. If reading a policy left you better prepared to answer questions about acceptable behavior, then we’d expect the control group (with no policy) to get more questions wrong — and that bulge in the middle of the purple group would be lower than the bulge in the yellow group. Except, it’s not; the bulges are pretty much equal, because all groups scored pretty much the same on their anti-corruption training.
![](https://www.radicalcompliance.com/wp-content/uploads/2022/10/policies-fig1-1024x655.png)
Source: Academic paper
Now, this is only one study of one company. I also question the wisdom of giving employees static policy documents, no matter how long or short those documents might be. Much better would be to give employees interactive policy manuals, where they can start by asking questions relevant to them and the policy tool then guides them to the best answer for their specific situations. That technology exists, and large companies do use it already.
We should still appreciate what the study authors did here. They tested the hypothesis that shorter, simpler policies would be better to impart legal knowledge and encourage compliant behavior — and concluded that their hypothesis might be wrong. “From an applied perspective,” the authors wrote, “the study provides reasons for doubt about the effectiveness of written policies in training employees in the knowledge of organizational rules.”
That sentence hurts, but it does lead compliance officers to a deeper, important question. If policies aren’t the best way to encourage compliance behavior, what is?
The study gave us food for thought there, too.
Policies, Compliance, and Social Norms
The professors had another hypothesis, too: the more a policy aligns with people’s personal and social norms, the higher people score in their knowledge of those policies. To test that idea, they had participants read several vignettes about managers asked to grant funding requests; and participants then had to decide what the managers should do.
If you want a full recounting and analysis of that part of the experiment, read the paper. For our purposes here, suffice to say that social norms about bribery are the best indicators of whether employees will engage in bribery. That is, if they see bribery as something disgraceful, with a social stigma attached to it, they’ll have a better intuitive knowledge of how to avoid corrupt behavior. Your actual policies to explain and prohibit corrupt behavior won’t make a difference.
Or, as the study authors wrote:
[S]ocial norms most strongly drove the decision to engage in bribery. Hence, independent of the policy participants read, whether people believe bribery to be the norm most strongly predicts whether they engage in it themselves. The results again highlight the importance of perceived social norms for people’s willingness to engage in bribery.
If that conclusion is true, it means that you need to pay more attention to your control environment. It means you need to pay more attention to who gets hired, what senior executives say about ethical conduct, how middle managers stress good conduct, and how swiftly and certainly employees are disciplined for bad conduct.
You, the compliance officer, would need to work more closely with management across the whole enterprise to foster social norms against corruption, rather than spend weeks on end honing the perfect anti-corruption policy. For example, recall previous research published by Ethisphere, suggesting that one way companies can achieve better ethical behavior is to have middle managers just talk about the importance of ethics, often, without any specific training module telling them to talk about it.
There’s much more we can say about these findings, and I promise we’ll have more posts about it soon. For now, it’s a thought-provoking study worth your time to read and ponder. Maybe we need to revisit some long-held assumptions.