Harassment is a conduct risk signal.
Harassment as a Measurable Conduct Risk: A Blind Spot in Modern Compliance Frameworks
We Understand Risk
Harassment has traditionally been framed as an employee relations issue — addressed through policies, training, and, when necessary, investigations.
However, this framing is increasingly misaligned with how organisations understand risk today.
In highly regulated environments, particularly within global financial services organisations such as Experian, the expectation is clear: risks must be identified, measured, monitored, and governed.
Yet workplace conduct risk — and specifically harassment — remains one of the least quantified areas within the enterprise risk landscape.
This raises a fundamental question:
Can a risk be effectively governed if it is not measured?
From Conduct Issue to Conduct Risk
Harassment is not an isolated behavioural issue. It is a manifestation of deeper control failures within an organisation’s conduct and culture framework.
It intersects directly with:
Conduct risk
Culture and ethics frameworks
Regulatory obligations related to duty of care
ESG and social disclosure expectations
In this context, harassment should be understood not as an outcome to be managed, but as a signal — often an early indicator of:
Leadership breakdown
Weak control environments
Misaligned incentives
Ineffective escalation channels
Harassment is not just an incident risk — it is a systemic conduct risk.
The Structural Limitation of Current Compliance Approaches
Most organisations rely on three primary mechanisms to monitor workplace conduct:
Complaints and grievances
Whistleblowing channels
Formal investigations
These mechanisms are essential — but they share a critical limitation:
👉 They are lagging indicators.
By the time a complaint is raised:
Harm has already occurred
Trust has already eroded
Risk has already materialised
And importantly, a significant proportion of employees never report their experiences through formal channels.
This leaves compliance functions with partial visibility into a risk that is already unfolding.
The Measurement Gap in Non-Financial Risk
In most mature organisations:
Credit risk is modelled
Financial risk is quantified
Operational risk is tracked and reported
Yet workplace conduct risk — particularly harassment — remains:
Largely qualitative
Inconsistently measured
Difficult to benchmark
This creates a structural gap:
Limited ability to track trends over time
Reduced comparability across regions and business units
Challenges in providing robust, data-driven reporting to boards and regulators
A risk that cannot be quantified cannot be consistently governed.
Harassment as a Leading Indicator of Broader Risk
Emerging evidence suggests that elevated levels of harassment are not isolated phenomena.
They often correlate with:
Reduced productivity and engagement
Increased absenteeism and turnover
Safety incidents, particularly in operational environments
Broader governance and culture failures
In this sense, harassment risk can function as a leading indicator — providing early visibility into areas where:
Controls may be weakening
Culture may be deteriorating
Leadership behaviours may be misaligned
This presents a critical opportunity:
To move from reactive investigation to proactive risk identification.
Reframing the Role of Compliance
This shift requires a reframing of how harassment is positioned within the organisation.
Under this model, compliance functions are no longer limited to responding to incidents.
They become responsible for:
Instrumenting conduct risk
Monitoring leading indicators
Strengthening governance oversight
Towards a Measurable Framework for Workplace Conduct Risk
Leading organisations are beginning to adopt a more structured approach:
1. Quantify the Risk
Establish a baseline through anonymised, standardised measurement across the workforce.
2. Identify Patterns and Hotspots
Analyse results to detect high-risk areas, behavioural patterns, and variations across business units or geographies.
3. Implement Targeted Interventions
Move beyond generic training towards focused behavioural interventions, leadership accountability, and integration into operational processes.
4. Monitor and Report Over Time
Track changes longitudinally and integrate insights into:
Conduct risk dashboards
Board and committee reporting
ESG disclosures
The Emergence of Conduct Risk Measurement Infrastructure
To support this shift, new approaches are emerging that enable organisations to quantify workplace conduct risk in a structured and comparable way.
One such approach is the development of a Harassment Risk Assessment (HRA) and Harassment Risk Index (HRI) — designed to:
Provide a standardised measure of harassment risk
Enable benchmarking across organisations and industries
Offer actionable insights into behavioural drivers
Support compliance, ESG, and governance reporting
Importantly, this does not replace existing mechanisms such as whistleblowing or investigations.
It adds a measurement layer — providing visibility before issues escalate.
A Familiar Inflection Point
There is a broader parallel worth noting.
Credit risk was once assessed largely through judgement. Today, it is quantified, modelled, and continuously monitored.
Workplace conduct risk appears to be approaching a similar inflection point:
From anecdotal and reactive to measurable and proactively managed.
Conclusion: A New Standard for Governance
For compliance leaders, the question is no longer whether harassment exists within their organisation.
The question is whether it is being:
Measured
Monitored
Governed
with the same level of rigour applied to other enterprise risks.
As regulatory expectations, ESG scrutiny, and stakeholder demands continue to evolve, the ability to quantify and manage workplace conduct risk will become an increasingly important component of effective governance.
Where to from here?
Organisations that begin to instrument this risk now will be better positioned to:
Strengthen their control environment
Enhance board-level oversight
Demonstrate leadership in responsible and sustainable business practices
If this is an area of interest, I would welcome the opportunity to share further insights on how workplace conduct risk can be measured and integrated into existing compliance frameworks. Contact me on: https://hanlie.resilientwork.org/
