Culture Is Compliance: Why Inclusion and Psychological Safety Are Your Best Defences Against Financial Crime
9 May 2026
Guest Article by Jen Davidson | Culture and Inclusion Expert
Inclusion and psychological safety sit at the heart of every effective compliance culture.
Executive Summary
When financial institutions fail to prevent money laundering, fraud or sanctions evasion, the headlines focus on the fines. They also dwell on the tech gaps and the process failures. However, the organisational reality behind those failures rarely gets examined.
A culture where people didn't feel safe to speak up.
Where leaders brushed aside concerns from the margins.
And where profit consistently won out over protection.
This article makes the case that inclusion and psychological safety aren't soft people-management concerns. They aren't items hiding in an HR strategy. In fact, they are foundational to risk management. Their absence is nowhere more costly than in the fight against financial crime.
Drawing on major case studies, regulatory frameworks and the latest research, we make a clear argument. Organisations serious about compliance need to treat culture as a first-line control.
The Hidden Architecture of Financial Crime Failure
Look at virtually every significant financial crime scandal of the last two decades. You'll find the same pattern emerging: cultural failures preceded and enabled the technical ones.
That includes weak AML systems, poor KYC processes and inadequate transaction monitoring.
The rules existed on paper; whistleblower policies appeared in handbooks. However, between the policy and the practice, something broke down.
People saw things and said nothing. Red flags were raised and quietly buried. Concerns were escalated once, then discouraged.
That's not a coincidence; it's structural. Moreover, it always comes back to the same question: Who feels safe enough to speak up?
And which voices actually get heard when they do?
Case Study 1: HSBC
The Cost of a Culture That Couldn't Hear Its Own People
Between 2006 and 2010, HSBC Bank USA processed at least $881 million in drug trafficking proceeds. That total included funds from the Sinaloa Cartel, all moving through its accounts largely undetected.
In December 2012, the bank signed a deferred prosecution agreement with the US Department of Justice. It then paid $1.92 billion in penalties.
At the time, this was the largest AML fine ever imposed on a financial institution. The legal judgement called it a case of 'stunning failures of oversight.' However, the internal story was more troubling than that.
According to the DoJ's own Statement of Facts, HSBC Bank USA's AML compliance function was severely understaffed. Critically, employees who raised concerns were ignored. Court documents show something significant from April 2008. An AML employee flagged a 'staffing crisis' to a senior compliance executive. Yet requests for more resources were repeatedly knocked back.
Eventually, people stopped asking. By October 2009, a senior compliance executive reportedly noted that AML had 'gone down the hole'. Yet meaningful remediation didn't begin until late that year.
The culture had made speaking up feel pointless. As a result, the compliance team lacked the influence to force the issue. Underpowered and undervalued, they were unable to push back.
Key Source
US Department of Justice Statement of Facts, United States v. HSBC Bank USA, N.A., December 2012. https://www.justice.gov/sites/default/files/opa/legacy/2012/12/11/dpa-attachment-a.pdf
Case Study 2: Danske Bank
When Warnings Were Ignored
Danske Bank's Estonian branch processed an estimated €200 billion in suspicious transactions between 2007 and 2015. It remains one of the largest money laundering scandals in history.
The funds came predominantly from Russia and other former Soviet states. Yet they flowed through the bank with remarkably little challenge. What makes this case particularly instructive is the role of an internal whistleblower.
Reports suggest that this person raised concerns from as early as 2013. Had those warnings been taken seriously, the damage might have been significantly reduced. Instead, the concerns went uninvestigated and the whistleblower was ignored.
Senior management failed to exercise adequate oversight of the subsidiary. Meanwhile, local profit imperatives consistently won out over global compliance standards.
The eventual cost was enormous.
The CEO resigned, and the share price collapsed. Regulators opened investigations across multiple jurisdictions. In 2022, US authorities fined the bank over $2 billion.
Analysts estimated the reputational and market capitalisation damage ran into tens of billions of euros.
Key Source
Research analysis: 'Case Studies of AML Compliance Failures: Lessons Learned and National Interest Implications,' ResearchGate, 2025. https://www.researchgate.net/publication/393799079
Case Study 3: Wirecard
Groupthink, Exclusion, and the Silencing of Sceptics
Wirecard's 2020 collapse involved €1.9 billion in funds that auditors found had likely never existed. It's often framed as a straightforward accounting fraud. However, the cultural dimensions are just as instructive.
The Financial Times started raising concerns about Wirecard's accounting as early as 2019. Rather than treating those concerns as legitimate signals, the company's leadership attacked the journalists. Wirecard's leaders also complained to German financial regulator BaFin. BaFin, remarkably, initially went after the FT reporters rather than Wirecard.
Inside the company, anyone expressing scepticism faced an unwelcoming environment. The atmosphere discouraged challenge and sidelined dissent. The culture prioritised confirming the success story over questioning it. That, precisely, allowed the fraud to run for as long as it did.
For financial crime professionals, Wirecard makes something important clear. Psychological safety isn't only about reporting misconduct when you see it. It's also about creating an environment for difficult questions. People need to feel able to push back on assumptions. Crucially, they must raise concerns before things reach crisis point.
Case Study 4: NatWest
A Cautionary UK Tale
For a closer-to-home example, take NatWest.
In 2021, NatWest became the first UK bank to be convicted of three offences under the Money Laundering Regulations 2007.
The case followed laundering of approximately £365 million through accounts at Bradford-based gold dealer Fowler Oldfield. This activity ran between 2012 and 2016. The FCA fined the bank £264.8 million. At that time, this was the largest financial crime penalty ever imposed on a UK bank.
The significance went deeper, however. It marked the FCA's first ever criminal prosecution under the Money Laundering Regulations, not under POCA. Therefore, it became a landmark moment for UK financial crime enforcement.
What makes the NatWest case instructive is that it wasn't about complicit staff. Rather, it was about systems and culture failing to act on plainly visible signals. Cash deposits of extraordinary volume went through without adequate scrutiny. On one occasion, £700,000 moved through in a single day. Transaction monitoring flagged concerns that nobody properly followed up.
The FCA found NatWest had failed to apply its own policies. In the end, the gap between written policy and lived culture cost the bank dearly. The total ran to over a quarter of a billion pounds.
Key Source
FCA Final Notice: National Westminster Bank Plc, 13 December 2021. https://www.fca.org.uk/publication/final-notices/national-westminster-bank-plc-2021.pdf
Psychological Safety: What It Is and Why It Matters for Financial Crime
Harvard Business School Professor Amy Edmondson coined the term psychological safety. It describes the belief that speaking up with ideas, questions, concerns, or mistakes won't bring punishment or humiliation.
Researchers have studied it extensively, and the findings are consistent. Google's Project Aristotle examined hundreds of teams across the company. Psychological safety emerged as the single biggest factor in team effectiveness. Not talent. Not process. Safety.
In a compliance context, psychological safety acts as a foundational control. In practice, it shapes specific moments. Take the AML analyst raising a concern about a transaction their manager seems comfortable with. Consider the compliance officer escalating findings that might embarrass a profitable business line. Picture a junior employee filing a Suspicious Activity Report despite a sceptical supervisor. Imagine a whistleblower going through internal channels rather than straight to the regulator.
In every one of those scenarios, the decision isn't really shaped by policy. Culture shapes it. Specifically, whether speaking up feels safe, is genuinely valued, and actually leads anywhere.
Key Stat:
According to the ACFE's 2024 Occupational Fraud Report, the single most common method for detecting occupational fraud is a tip, and half of all tips come from employees. Organisations with reporting hotlines are twice as likely to detect fraud this way. In the UK, the Speak Up helpline managed by Protect (formerly Public Concern at Work) handles thousands of whistleblowing contacts each year, yet research consistently shows that the majority of workers who see wrongdoing still say nothing. The question is not whether your people see things. It's whether they feel safe enough to say something.
Key Stat:
In 2023, internal reporting programmes globally saw their highest-ever volume of use, according to NAVEX's 2024 Whistleblowing Benchmark Report, analysing 1.86 million reports from 3,784 organisations. Critically, the substantiation rate also hit an 11-year high: more reports were being made AND more were found to be true. High reporting volumes, in a psychologically safe culture, are a sign of organisational health, not dysfunction.
A consistent finding across compliance research is that a significant proportion of employees remain unaware of their organisation's whistleblowing policy, and many firms still fail to provide any formal training on how to use it. In the UK, the Public Interest Disclosure Act (PIDA) provides legal protection for whistleblowers, yet Protect (formerly Public Concern at Work) reports that many workers remain unaware of their rights or fearful of exercising them. The gap between policy on paper and lived culture is where financial crime takes root.
Inclusion: The Overlooked Risk Variable
Psychological safety and inclusion are closely linked but not the same thing. The first asks whether people feel safe to speak. The second asks whether voices from different backgrounds get genuinely sought and heard. Those backgrounds may include gender, ethnicity, neurodiversity, socioeconomic background or professional discipline.
For financial crime compliance, that distinction has real practical consequences.
Diverse Teams Catch More
Financial crime is sophisticated, adaptive and deliberate. Money laundering, fraud and sanctions evasion typologies evolve constantly. A homogeneous team develops blind spots. Such teams share the same professional background and assumptions about 'normal' business behaviour. They also share the same risk appetite. By contrast, diverse teams bring different lived experiences and analytical perspectives. They are better at spotting anomalies and questioning accepted narratives. They also see patterns that others miss.
The research backs this up. A 2018 IMF study linked greater gender diversity on bank supervisory boards to greater bank stability. McKinsey's Diversity Wins report (2020) reached similar conclusions on cultural and ethnic diversity. Top-quartile companies were 36% more likely to outperform peers on profitability. These findings aren't specific to financial crime, but the principle translates directly. Homogeneous decision-making environments are higher-risk environments.
Inclusion Failures Create Compliance Gaps
When employees don't feel included, the organisation pays a price. Routine dismissal of concerns silently erodes risk detection capability. The same is true when staff lack access to senior leadership. Unchecked bias also shapes who gets heard, draining capability further. Compliance functions that are siloed, under-resourced and culturally marginalised face an uphill battle. They consistently lose the internal battles to revenue-generating teams. As a result, what gets reported and what gets managed away depends on those battles.
You can see this clearly in the HSBC case. Compliance was structured as an advisory function rather than a controlling one. The team lacked the organisational clout to challenge business decisions effectively. When staff raised concerns, leaders deprioritised them. In short, structural sidelining of the compliance voice set the conditions for what followed.
The Demographic Dimension
There's another dimension here that's worth naming directly. In many financial institutions, compliance and AML functions are disproportionately staffed by people from underrepresented groups. Meanwhile, senior leadership and revenue-generating roles remain less diverse. When those at the top dismiss concerns from those further down, an intersecting dynamic often plays out. Voices from women, from ethnic minority backgrounds, or from non-traditional career paths may unconsciously carry less weight.
That's not just an ethical concern, though it absolutely is one. It's a material risk management failure. Consider what's happening structurally. The people most likely to spot problems are also the ones most likely to have their voices dismissed. Therefore, organisations are systematically underinvesting in their own early warning systems.
The FCA's Culture Agenda and What It Means for You
UK financial services firms should be in no doubt: culture sits squarely within the regulatory perimeter. The FCA has been explicit on this point. Toxic workplace cultures involve bullying, harassment, discrimination and the silencing of legitimate challenge. They represent both a conduct risk and a financial crime risk.
The FCA's Consumer Duty, introduced in 2023, places a clear obligation on firms to deliver good outcomes. It has also elevated culture as a supervisory lens. Indeed, the regulator has warned explicitly about toxic cultures. Such cultures drive away good people and suppress internal challenge. They also create conditions in which misconduct, including financial crime, takes root undetected.
The Senior Managers and Certification Regime (SM&CR) creates personal accountability for senior leaders. This applies to the conduct of those in their area of responsibility. That's not just a governance framework. In practice, it requires senior leaders to build cultures where people feel safe raising concerns. It also requires those concerns to be taken seriously. If compliance voices are being systematically ignored in your organisation, your SM&CR accountability is already at risk.
Regulatory reference
FCA, Culture in Financial Services: 'Toxic behaviour drives away good staff and creates a breeding ground for hidden risks.' FCA Discussion Paper DP18/2 and subsequent supervisory work on non-financial misconduct.
The Economics: Why This Is a Board-Level Risk
The financial crime consequences of cultural failure aren't theoretical. They're quantifiable, and they're enormous.
The ACFE's 2024 Occupational Fraud Report estimates that fraud costs organisations 5% of annual gross revenue on average. This figure aligns with UK findings. UK Finance's 2024 Annual Fraud Report recorded £1.17 billion lost in 2023. Losses spanned payment cards, remote banking and cheques. Meanwhile, the National Crime Agency estimates UK money laundering costs at least £100 billion annually. A single AML compliance failure of the HSBC, Danske Bank or NatWest variety can prove devastating. Consequences include billions in regulatory fines and years of enhanced monitoring. They also include wholesale leadership change and reputational damage that lingers for a decade or more.
The calculus for leadership is simple: investing in psychological safety, DEI programmes, speak-up culture, and compliance team capability costs a fraction of a single major regulatory fine. HSBC paid $1.92 billion in 2012. Danske Bank paid over $2 billion in 2022. The cultural interventions that might have prevented either would cost tens of millions at most. The question is not whether your organisation can afford to invest in culture. The question is whether it can afford not to.
What Good Looks Like: Practical Interventions
So what does good actually look like? Here are five evidence-based interventions worth taking seriously.
1. Measure Psychological Safety as a Compliance Metric
Boards should assess, track and report psychological safety alongside other compliance indicators. That means regular pulse surveys with specific questions.
- Do people feel safe raising concerns?
- Will those concerns lead to action?
- Have employees ever decided not to report something out of fear?
Crucially, leaders need to break the results down by team, function and demographic group. That's where the pockets of silence appear.
2. Treat Compliance as a Controlling, Not Advisory, Function
HSBC offers one of the clearest lessons here. Compliance functions structured as advisory bodies will always lose to revenue under pressure. They lack genuine authority to challenge and override business decisions. Boards and executive teams need to ask an honest question of themselves. Does their compliance function have the structural authority, the resources and the standing required? Or does it merely recommend rather than enforce?
3. Invest in Speak-Up Culture, Not Just Speak-Up Mechanisms
Whistleblower hotlines are necessary, but they're nowhere near sufficient on their own. Research consistently shows that most employees who witness wrongdoing still don't report it. They don't trust the system. Or, they've seen colleagues face retaliation. Sometimes, the culture has simply made it clear that challenge isn't welcome. Building a genuine speak-up culture takes visible senior leadership engagement. It requires real follow-through on concerns raised. It also requires active protection for those who raise them.
The data on retaliation makes for uncomfortable reading. NAVEX's whistleblowing benchmark research finds that retaliation reporting rates have grown consistently. Meanwhile, substantiation rates for retaliation remain the lowest of any risk category. The picture is stark. Retaliation is increasing, and organisations are failing to take it seriously. From a financial crime standpoint, that's a critical failure. The people most likely to know about wrongdoing are learning, repeatedly, that speaking up isn't safe.
4. Diversify the Compliance Function and Its Pathways to Leadership
Actively building diversity within compliance teams strengthens the breadth of risk detection capability. That diversity should span professional background, lived experience, cognitive style and demographics. Equally important is creating clear pathways for compliance professionals into senior leadership. The compliance function also needs genuine direct access to the board and audit committee. Such access should not be filtered through commercial leadership first.
5. Train Leaders, Not Just Employees
Most inclusion and psychological safety training focuses on frontline employees. However, the bigger lever is leadership behaviour. Research consistently shows the single greatest predictor of whether someone will speak up. It is how their direct manager responded the last time someone did. Training line managers and senior leaders to receive concerns well pays off. They must learn to listen without dismissing. They also need to avoid inadvertently closing down dissent. This investment delivers among the highest returns in any financial crime control environment.
Conclusion: Culture Is Not Soft. It Is Your Hardest Control.
Look at the organisations that have suffered the most catastrophic financial crime failures of recent years. HSBC, Danske Bank, Wirecard, NatWest and others. None failed because they lacked policies. They failed because their cultures silenced the right people at the right time.
Financial crime thrives in the dark. It finds its footing in the silence of employees who've learned that speaking up is futile or risky. It also finds footing in the blind spots of teams that all think the same way. Above all, it thrives in the slow marginalisation of the compliance voice relative to the commercial one.
Inclusion and psychological safety aren't HR initiatives that happen to be good for business. They're the conditions under which your most important early warning systems function properly. Those early warning systems are your people. Getting them right is a matter of values, yes. But it's also a matter of risk management. Moreover, the FCA, the NCA and HMRC are all sharpening their focus on culture. They see it as a driver of compliance outcomes. As a result, this investment may be the most important your organisation ever makes.
About the Author
Jen Davidson | Culture & Inclusion Expert
Jen Davidson is a specialist in organisational culture, inclusion, and psychological safety, with a particular focus on how these disciplines intersect with compliance, risk, and financial crime prevention. Jen works with leadership teams, boards, and compliance functions to help organisations move beyond policy and build the cultural conditions in which people genuinely feel safe to speak, challenge, and act with integrity. Her work bridges the often-siloed worlds of DEI and financial crime, making the case that the two are not separate agendas, but deeply and consequentially connected.
This article was written by Jen Davidson as a guest contribution to Argus Pro LLP's thought leadership programme. Argus Pro LLP supports financial services firms in building robust, people-centred approaches to financial crime risk and compliance culture.
To connect with Jen Davidson or discuss how Argus Pro can support your organisation, please get in touch.
References
US Department of Justice, HSBC Statement of Facts (2012): https://www.justice.gov/sites/default/files/opa/legacy/2012/12/11/dpa-attachment-a.pdf
NAVEX 2024 Whistleblowing & Incident Management Benchmark Report: https://www.navex.com/en-us/northstar/whistleblowing-incident-management-benchmark-report/
ACFE Occupational Fraud 2024 Report: https://www.acfe.com/fraud-resources/report-to-the-nations
PwC Global Economic Crime Survey 2024: https://www.pwc.com/gx/en/services/forensics/economic-crime-survey.html
ResearchGate, Case Studies of AML Compliance Failures (2025): https://www.researchgate.net/publication/393799079
Amy Edmondson, The Fearless Organization (2018), Harvard Business School Press
FCA Discussion Paper DP18/2, Transforming Culture in Financial Services