By Saba Janjua, Senior Associate, Teal Compliance
Anyone who has worked in compliance for more than a week knows this: most staff don’t withhold concerns because they want to break the rules. They withhold concerns because they’re afraid of the consequences of raising them.
During firm audits, the same quiet admissions come up again and again:
“I didn’t want to bother the MLRO.”
“I wasn’t completely sure it was suspicious.”
“I didn’t want to get the transactional partner into trouble.”
“I thought I’d get blamed if it was wrong.”
When you strip it back, the issue isn’t a lack of AML knowledge or gaps in process. It’s culture.
Below, I explain why staff hesitate to report red flags, what this means for your firm’s risk exposure, and how to build a culture where speaking up is the norm, not a source of fear.
The fear of “getting it wrong”
Many staff worry that reporting a concern will make them look inexperienced, overly cautious, or obstructive. In some teams, particularly those not seen as “AML heavy”, such as family or private client, the misconception persists that they’re “non-regulated” and don’t need to raise anything at all.
But the reality is simple: you are far safer reporting something that isn’t suspicious than staying silent about something that is.
Professional indemnity insurers take exactly this view. They prefer firms that report potential issues early. Silence is what alarms insurers, because it often means a problem has been allowed to grow unchecked.
In fact, when a firm never submits claims notifications or advice notifications, insurers become more suspicious, not less. No firm gets everything right. A total absence of notifications usually signals fear, not perfection.
And fear is not a risk management strategy.
“I didn’t want to get anyone into trouble”
This is one of the most common reasons people stay quiet. They don’t want to challenge a colleague, especially a senior one, or risk damaging relationships by flagging something that “feels off”.
But AML and fraud red flags don’t care about hierarchy.
A culture where people protect colleagues from scrutiny allows mistakes and blind spots to go unnoticed. Not because anyone is malicious, but because no one wants to be the person who “makes things awkward”.
One of the most powerful cultural shifts is reminding staff that reporting concerns protects colleagues, it doesn’t punish them. It prevents small issues from escalating, and stops someone becoming the subject of a regulatory or criminal investigation simply because nobody intervened early enough.
“I wasn’t 100 percent sure”
This is the big one. People think they need certainty before reporting. In reality, AML and risk obligations are based on suspicion, not proof.
Suspicion is a feeling, an observation, a detail that doesn’t fit. It’s the moment something makes you pause.
A strong compliance culture treats these moments as prompts to escalate, not ignore.
Amy Bell put it perfectly in one of recent Coffee Conversation webinars:
“You don’t need to know something is wrong. You just need a reason to look twice.”
If staff truly understood that, reporting rates would triple overnight.
Suspicion is only useful if people feel safe to speak up
We tell people to trust their instincts and escalate anything that feels suspicious. But the more important question is:
Do they feel safe doing it?
In many firms, the honest answer is no.
- Junior lawyers fear being labelled difficult.
- Associates fear losing favour with partners.
- Compliance officers fear being seen as blockers.
- Partners fear looking like they’ve lost control.
So even when suspicion is present, confidence to report it isn’t.
This is why culture matters more than checklists. Staff will only speak up when they believe:
- Their career won’t suffer for reporting.
- Their colleagues won’t resent them for slowing something down.
- The firm will support them – even if the concern turns out to be nothing.
That level of psychological safety is created through leadership behaviour, not policy documents. Regulators, insurers and clients all prefer firms that report concerns early and often. Once people feel safe, suspicion becomes a protective instinct, not a risk.
“I didn’t want to bother the MLRO”
In a healthy compliance culture, the MLRO is never “bothered” by suspicion reports, that is the job.
If staff hesitate because they worry they’re taking up time, the firm hasn’t yet normalised reporting.
The fix is simple: visible, repeated encouragement.
Senior leaders thanking people for raising concerns.
- MLROs saying, “I’d rather hear ten things that go nowhere than miss one thing that matters.”
- Sharing anonymous examples in team meetings.
- Treating reporting as routine, not exceptional.
Compliance thrives where curiosity is rewarded.
What firms can do to change the culture
Here are the interventions I recommend most often during audits:
1. Make the safe route the easy route
Provide a single reporting email address, an online form, and a clear intranet pathway. Remove friction.
2. Praise reporting publicly
Not the details, just the behaviour. “Thank you to colleagues who raised concerns this month. You helped protect our clients and the firm.”
3. Leaders must model the behaviour
When partners say, “I escalated something yesterday because it didn’t look right”, the message lands instantly.
4. Remove shame from mistakes
Mistakes are opportunities to strengthen controls, not occasions for blame. A no-blame culture reduces fear dramatically.
5. Train people to spot the grey areas
Most know the obvious red flags. Fewer recognise the subtle ones. Real examples build confidence.
6. Link AML and insurance risk
Explain why the silence is dangerous, for indemnity risk, client protection and reputation. People care more when they understand the bigger picture.
Silence is a cultural problem, not an individual one
If staff aren’t reporting concerns, it’s not because they’re disengaged. It’s because the environment hasn’t shown them that reporting is safe, valued, and expected.
Culture is a compliance control. It’s just as important as your CDD process, your file reviews and your written policies.
The good news? Culture can be changed. With the right messages, behaviours and systems, speaking up becomes the norm.
If you’d like help building a stronger reporting culture, or want a sense check on whether your controls meet regulatory or insurer expectations, we can help.
Get help early, not after the problem lands!
My colleagues and I at Teal support hundreds of firms through our Ask Teal service, providing fast, practical answers to day-to-day AML and risk questions.
Interested in this backup service?
Explore our AML and fraud compliance support
For a deeper review of your culture, controls and reporting framework, explore our AML and fraud support:
Thanks for reading,
Saba.
ps. Please do email me if you’d like more information on any of the above. You can email me here saba@tealcompliance.com
