The Real Problem Hidden by the Phrase “Lack of Awareness”
Shogakukan issued a statement regarding the arrest of the former president of its subsidiary “Manga One” for child prostitution, citing a “lack of awareness of human rights and compliance.”
Furthermore, at Michinoku Memorial Hospital in Aomori Prefecture, the established “Legal Compliance Committee” is deliberating on improvement reports regarding a series of inappropriate responses surrounding a patient’s death. Here too, the phrase “legal compliance” is front and center.
Every time such misconduct occurs, the phrases “enhancing compliance awareness” and “thorough enforcement of laws” are repeated. However, this merely shifts the essence of the problem onto “individual awareness or morality” and turns a blind eye to design flaws within the organization.
As a manager, what you should consider is not, “Are my employees’ awareness levels okay?” but rather, “Is my organization designed to detect and mitigate major risks without relying on ‘awareness’?”
“All-or-Nothing” Thinking Breeds “Cover-Ups”
The Michinoku Memorial Hospital case is highly instructive. When an unexpected patient death occurs in a medical setting, what kind of decision-making does the organization face?
Many organizations fall into “all-or-nothing” thinking. That is, a binary choice between “a complete accident (0% fault)” and “gross negligence (100% responsibility).” Trapped in this mindset, frontline staff become terrified of being categorized under “100% responsibility.” This is because they feel it directly leads to personal criminal liability or an existential crisis for the organization.
The resulting action is “concealment” or “downplaying the facts.” This is not due to “low awareness”; it is a rational (yet erroneous) judgment that occurs because the organization lacks a design to assess and manage risk as a continuous scale from 1 to 99.
In an “all-or-nothing” world, there is no process to publicly examine intermediate levels like “30% fault” or “70% oversight” and link them to improvement. Everything becomes “black or white.”
The Fundamental Issue AI Compliance Tools Don’t Solve
Meanwhile, other news reports the launch of AI-powered compliance check tools. Certainly, tools that automate legal checks on sales documents are useful in preventing human error.
But consider this: Was the Shogakukan case about typos in a sales document? Did the Michinoku Memorial Hospital incident happen because a report was in the wrong format?
No. The problem lies in the organization’s decision-making process itself. Tools can help enforce “already established rules,” but they cannot design the organization’s judgment flow when faced with “a major situation not anticipated by the rules.”
The idea that introducing an AI tool automatically strengthens governance is an illusion. It’s like placing a high-performance fire extinguisher in the kitchen; it doesn’t answer how to design the source of the fire (the decision-making process) itself.
“Continuous Risk Scale Design” That SMEs Can Start Today
So, how can SMEs escape this “all-or-nothing” thinking—which even large corporations fail at—and implement a design that manages risk on a “1 to 99” scale? We propose three concrete actions.
Action 1: Hold Regular “Scenario Meetings” for Major Incidents
“What if a major fraud is discovered at a key partner?” “What if an unexpected defect is found in our flagship product?” “What if baseless slander spreads on social media?”
Create a forum for management and key department heads to discuss such “what-ifs” before an actual incident occurs. The key is to discuss, not “who is to blame,” but “what to do first” in chronological order.
Example: When “potential customer data leakage” is detected.
1. First Hour: What does the IT lead do? (Evidence preservation, log acquisition)
2. 3 Hours Later: What does PR do? (Progress on fact-finding, preparing an initial statement)
3. 6 Hours Later: What does management do? (Reporting to the board, consulting external experts)
Simply discussing and documenting this scenario in advance drastically reduces the likelihood that “cover-up” is the first option that comes to mind in a crisis. Because action options are already prepared.
Action 2: Deliberately Create Mechanisms to Lower the “Barrier to Reporting”
Bad news does not naturally rise to the top. Information that might implicate oneself or one’s department is especially prone to being silenced or altered before reporting. To prevent this, you need a design where the act of reporting itself has benefits.
Concretely, establish an “Early Reporting Incentive System.” For example, formalize a policy that evaluates (does not discipline, or reduces discipline for) the act of self-reporting a mistake or problem one was involved in *before* it is pointed out by a customer or external party.
The crucial point is to evaluate not the “content of the error” but the “timing and sincerity of the report.” This encourages employees to think, “Let’s report early, contain the responsibility at a level of 30, and link it to improvement,” rather than hiding it out of fear of “100% responsibility.” This is the first step toward a culture that treats risk as a continuous scale.
Action 3: Use Experts as “Translators,” Not “Yes/No Arbiters”
When misconduct seems imminent, many managers ask legal experts, “Is this illegal?” If the expert says, “The risk is high,” the business stops. This is a state where “the law becomes the subject.”
The proper order is the reverse. First, you clarify “what you want to achieve (the business objective).” Then, you ask the expert, “To achieve that, what form would make it legally viable? How do we ‘translate’ it?”
For example, suppose there is a business objective: “We want to implement this new marketing technique.”
X “Does this technique violate the Premiums and Representations Act?” (The expert only answers, “Possibly.”)
O “The customer touchpoints and effects we want to achieve with this marketing are these. What are the conditions for making this viable while keeping the risk under the Premiums and Representations Act within an acceptable range (e.g., risk level 30 or below)?”
The latter question prompts the expert to think of “translation options into a non-violating form.” The discussion shifts from listing prohibitions to proposing conditions for viability. This is the practice of designing risk on a 1 to 99 scale, not an all-or-nothing one.
Governance Is Not “Raising Awareness” After an Incident
Phrases like Shogakukan’s “lack of awareness” or the hospital’s “Legal Compliance Committee” create the misconception that governance is something that “strengthens norms after the fact.”
True governance (corporate governance) is about designing in advance. It presupposes human imperfection and involves embedding, as mechanisms, processes and incentives that guide the organization autonomously toward appropriate judgments without over-relying on individual “awareness” or “goodwill.”
It is not about introducing complex regulations or expensive AI tools. Start by discussing one “what-if” scenario in your next management meeting. The quality of that discussion will vividly illustrate the true strength of your organization’s governance.
Risk cannot be reduced to zero. However, the organizational design that forces employees into an all-or-nothing dilemma can be changed starting today. That is a far more certain and powerful first step toward strengthening governance than any awareness campaign.
Comments