Bribery exposure doesn’t start with policy failure. It starts with training.

But when something breaks, and eventually it does, those same documents are used to explain why no one caught it earlier. The training existed. So why wasn’t it followed?

In commission-driven environments, anti-bribery and corruption (ABAC) violations don’t begin with overt misconduct. They begin with rationalizations. A client who clears just below the threshold. A gift that feels excessive, but gets logged anyway. A deal was pushed forward because targets are due and the team is short for the quarter.

These moments aren’t uncommon. They’re routine. And in many cases, the person making the decision isn’t calculating exposure. They’re calculating payout.

The structure invites it. Revenue-producing employees see localized upside. Their compensation, their metrics, and their internal status, these are the variables they manage every day. What they don’t see is how enforcement actions unfold when something goes wrong. They don’t see the internal disruption, the multi-year monitorship, or the reputational drag that comes when misconduct moves from an isolated incident to a headline risk.

Most training does nothing to change that. It delivers definitions. It lists prohibited actions. It runs through examples that feel remote, stylized, and disconnected from the pressures of a real client conversation. Employees complete it because they have to. Not because it changes how they view risk.

What gets lost is the enterprise perspective. The idea that one onboarding, one referral, one discretionary exception can materially expose the firm doesn’t feel realistic to someone trying to close their month. Without training that makes that connection explicit, it becomes easier to rationalize conduct that sits in the gray.

This isn’t a theory. It’s observable. Enforcement cases rarely center on employees acting with malicious intent. They involve individuals who made decisions that were profitable, popular, or expected, but not examined. And when the firm gets pulled in, the employee’s rationale doesn’t matter. What matters is that the conduct occurred under a training regime that never prepared them to see the risk in the first place.

Boards are often told that the program is strong. Those policies exist. That completion rates are high. But few boards ask whether the employees driving revenue actually understand how ABAC violations unfold. Not legally. Institutionally. Whether they see the escalation pathway from a poorly vetted client to a public enforcement action. Whether they grasp how small actions can compound into reputational collapse. Whether they have ever been shown that risk from the firm’s point of view, not just their own.

Completion-based training doesn’t do that. It’s not built to. It is designed to check the box, satisfy documentation requirements, and ensure the firm has a paper trail. It is not designed to simulate pressure, provoke critical thinking, or connect risk to real business impact. And yet that is exactly what’s required if the goal is to change behavior.

Revenue pressure will always be part of financial services. No serious person argues otherwise. But that pressure must be counterbalanced by training that addresses the real risk landscape, not just the regulatory minimum. Compensation drives performance. It also drives exposure. Employees need to understand both.

This is not about rewriting incentive plans. It’s about equipping those operating under them with a realistic understanding of how bribery and corruption actually take root. Not in offshore wire transfers or luxury real estate deals. In subtle misjudgments made at desks, on calls, inside meetings where one small push gets rewarded, and no one raises their hand. That’s where exposure begins.

Firms that treat ABAC risk as a legal abstraction miss the opportunity to create actual institutional awareness. The best programs don’t focus on whether the policy was acknowledged. They focus on whether the risk is understood. That is a higher bar, and one that requires more than a learning management system (LMS) module.

The reason enforcement remains so persistent isn’t that firms don’t care. It’s because most of them haven’t translated policy into usable guardrails for the people most likely to be tested. When someone brings in revenue, the tendency is to accommodate. And when questions get raised, the instinct is often to look for a workaround. The longer that cycle continues without friction, the harder it becomes to intervene when the stakes escalate.

That is what serious ABAC training is designed to interrupt. It is not a firewall. It is an early-warning system. A tool for recalibrating decision-making before the regulator arrives.

And yet, in many institutions, training is still treated as an annual requirement to be cleared, not as a control mechanism to be evaluated.

If the firm is relying on policy language to hold the line in real time, it will lose. The employee trying to close a deal under performance pressure will not stop because a rule was posted. They will stop if they have been trained to recognize the inflection point between business opportunity and institutional risk, and have internalized what happens when that point is ignored.

The firms that avoid ABAC scandals going forward won’t be the ones with the best-looking policies. They’ll be the ones where the employees closest to the money understand what the real cost of a shortcut looks like.

That understanding doesn’t come from a module. It comes from training built to match the stakes.

And if no one is asking whether the current training clears that bar, then the board shouldn’t be asking whether the program is compliant.

It should be asking when the next failure will happen.