How to Tell If a Company Compliance Culture Is Just a Costume (also known as Compliance Theater)

(…and what to do before the seams start ripping during an SEC exam)

“Culture” is the most overused and under-measured word in corporate life. It appears in laminated values, all-hands meetings, and cheerful Teams messages from people who ghosted your last email. Everyone claims it matters; some even mean it. But how can you tell if a company actually has a culture or just a costume?

Enron literally had “Integrity” carved in stone on its lobby wall—proof that granite plus values doesn’t equal ethical behavior. Theranos had a beautifully typeset values statement plastered everywhere. Wells Fargo preached “Do what’s right for customers” while opening millions of fake accounts—right in the middle of its values messaging. Credit Suisse publicly celebrated risk awareness while being convicted in a cocaine money-laundering scandal and exposed by the massive “Suisse Secrets” leak.

Most of the banks fined billions went on to publish glossy ethics brochures, complete with soft-focus teams high-fiving over spreadsheets. But slapping “Integrity” on a lobby wall or values poster is about as useful as a “Live Laugh Love” sign in a burning building.

A culture isn’t what you claim—it’s what people do when no one’s watching and legal isn’t on the thread.

I’ve spent years wrestling with this question—as a compliance officer, a consultant, and a law professor who’s built a career reading policy manuals so you don’t have to. One pattern is painfully clear: the biggest risks companies face—misconduct, disengagement, reputational damage—often relate less to the rules and more to the culture people pretend exists. So here’s how to determine if your company culture is more performance than principle—and what to do about it.

Costume Culture: What It Looks Like

If a culture is mostly decorative, it might include:

• Core values no one can name (except “Integrity,” which is always listed first and rarely practiced).

• Compliance training that autoplays while people work on other things.

• Posters about transparency in a workplace where no one says what they’re actually thinking.

• A mission statement that reads like it was written by 15 McKinsey consultants.

These signs aren’t just embarrassing. They’re dangerous. Because a costume culture hides risk. It teaches people to perform rather than speak up, to conform rather than question, and to ignore problems until someone leaks them to the press or the DOJ.

What Culture Really Is (According to People Who Actually Study It)

Organizational scholar Edgar Schein defined culture as:

“A pattern of shared basic assumptions learned by a group as it solves its problems.”

Translation? It’s not what you say—it’s what you reward, what you tolerate, and what gets whispered when leadership isn’t around.

Global financial regulators understand this, which is why I’m writing a law review article on this topic. That’s why firms in the UK, Netherlands, and Australia now undergo culture assessments by their regulators. These assessments don’t just examine policies—they delve into leadership behavior, decision-making norms, psychological safety, and whether employees believe the hotline works (or if it’s where complaints go to die).

The FCA looks at four drivers: purpose, leadership, people, and governance. The Dutch central bank (DNB) has behavioral risk experts who observe meetings and challenge internal groupthink. The Canadian OSFI developed a risk culture framework that includes communication, challenge, and accountability.

And in the U.S.? We mostly wait until something explodes and then write a deferred prosecution agreement.

Five Signs Culture Is Just for Show

1. No one challenges decisions in meetings—only afterward in the hallway.

2. The CEO talks about “tone at the top” but can’t name the last time they heard bad news without punishing the messenger.

3. Middle managers manage PowerPoints, not people.

4. Every employee survey scores “trust in leadership” just high enough to avoid panic, but low enough to trigger nervous laughter.

5. You have a code of conduct. It’s beautiful, yet it’s mostly ignored

Three Things You Can Actually Do

Whether you’re in the C-suite, mid-level management, or just trying to stay sane at work, here are three real things you can do to move from performance to practice:

1. Ask the Culture Question That Actually Matters

Instead of: “What are our values?”
Ask: “What behaviors get rewarded around here—and which ones get quietly punished?”

This one question reveals more about culture than a 40-slide deck ever will.

2. Measure Trust, Not Just Tone

Culture surveys are fine. But if you’re not asking whether people feel safe disagreeing with leadership, you’re just measuring how well people fake it.
Try a quick anonymous pulse survey: “Can you raise concerns here without fear of retaliation?”
If the answer is “not really,” you’ve got work to do. (So does your legal team.)

3. Look at Who Gets Promoted

To understand a culture, don’t read the values statement—observe who gets promoted.

Is it the person who builds trust, supports their team, and raises concerns early? Or the one who meets their targets while quietly burning bridges and burying problems?

Promotions are culture-shaping moments. They send a loud, implicit message about what’s truly rewarded. If a company celebrates results without considering how they’re achieved, ethics become optional.

Gallup’s research is clear: managers account for 70% of the variance in employee engagement. When the wrong people get promoted, it doesn’t just hurt morale; it undermines trust, amplifies risk, and drives good people out the door.

Last Thoughts

A real culture is lived, not laminated.

It shows in the little things: who speaks, who listens, who gets heard, and what happens when things go wrong. If your company’s values are just a facade, they’ll tear at the seams the moment pressure hits.

But here’s the good news: culture isn’t fixed. It’s created—and recreated—every day. There’s a growing body of research, regulatory guidance, and leadership practice that can help. That’s what I’ll be writing about in future posts.

Want more honest takes on corporate life, compliance, and how to fix the things we pretend are fine?
Subscribe (it’s free): https://davidblourie.substack.com/subscribe

Or forward this to the colleague who silently screams during ethics training (I know I have).