Defense Contracting Ethics: Why Compliance Alone Won't Save You
AIAI EthicsBusiness and Personal Ethicsbusiness ethicsChuck GallagherEthical Behavior

Defense Contracting Ethics: Why Compliance Alone Won’t Save You

Defense Contracting Ethics: Why Compliance Alone Won't Save You

By Chuck Gallagher — Business Ethics Keynote Speaker and Trainer

TL;DR: Chuck Gallagher, business ethics keynote speaker, examines the Odyssey DCS argument that ethics and compliance are “two pillars” of defense contracting integrity. The piece pushes back: treating them as parallel pillars is exactly how good companies end up in front of the DOJ. Compliance answers what you must do; ethics decides who you choose to be when the rules go quiet.

A few years ago, I was speaking at a conference where a defense contractor’s chief compliance officer pulled me aside during the break. She told me her training completion rates were at 98 percent. Her hotline was active. Her policies were freshly updated to reflect the latest DFARS revisions. “We’re solid,” she said. Then she paused and added, “But I have no idea what my people would actually do if a program manager told them to ship something that wasn’t ready.” That sentence has stayed with me. It captures the precise gap that an Odyssey Defense Commerce Solutions article on ethics and compliance circles around but never quite names.

The Odyssey piece, written by James Lusk, makes the case that ethics and compliance are “two pillars that uphold the integrity of defense contracting.” The author correctly notes that compliance ensures organizations follow laws and avoid penalties, while ethics ensures the spirit of those regulations is respected. He cites a Defense Contract Audit Agency finding that roughly 15 percent of audited contracts between 2018 and 2020 contained instances of non-compliance. He references DFARS, ITAR, and the very real consequences of non-compliance: fines, suspension, debarment, reputational damage. All of that is accurate. But the framing itself is the problem.

Two pillars suggests two equal, parallel structures. As a business ethics keynote speaker who has spent years inside organizations after the wheels have come off, I’d argue the truth is uglier. Compliance is downstream of ethics. When you elevate compliance to equal status with ethics, you teach your people that following the rules and being honest are interchangeable. They are not. A company can be 100 percent compliant on paper and still be rotten underneath. Wells Fargo had a values statement. Volkswagen had an ethics policy. Both organizations passed audits while their people committed fraud at industrial scale.

Why ethics and compliance are not the same thing

The False Claims Act is instructive here. The FCA holds defense contractors liable for “knowingly” submitting false claims, but “knowingly” doesn’t require malice. It includes reckless disregard for the truth. That is a legal standard with a deeply ethical core: you are responsible not just for what you intended, but for what a reasonable person should have known. Compliance training rarely teaches this. It teaches the rule. It does not teach the judgment that prevents the rule from being broken in the first place.

Consider the moments where defense contracting actually fails. A program manager is three weeks behind on a deliverable. A cybersecurity control is “in progress” but gets reported as “implemented.” A pricing analyst notices that a cost assumption no longer holds, but the proposal is due Friday. A subcontractor delivers components that don’t quite match specification, and the prime decides to “handle it internally.” None of these moments are caused by people who don’t know the rules. They are caused by people who know the rules and feel cornered. The compliance binder doesn’t help them. The culture either does or it doesn’t.

What defense contractor leaders should actually do

The Odyssey article ends with a recommendation to use better tools to harmonize efficiency with compliance. I have nothing against good tools. Software that automates labeling and reduces errors is genuinely useful. But tools cannot do the work that culture has to do. If your people learn that bad news is treated as betrayal, they will hide bad news. If they learn that the executive who ships on time gets promoted no matter what corners got cut, they will cut corners. Habits are shaped by leadership signals, not by software.

As a business ethics keynote speaker, I’ve argued at ChuckGallagher.com that the real distinction worth making isn’t ethics versus compliance. It’s reactive compliance versus proactive ethical decision-making. Reactive compliance asks, “What do we have to do to avoid getting caught?” Proactive ethical decision-making asks, “What do we owe the customer, the taxpayer, and the mission, even when no one is watching?” Those are different questions, and they produce different organizations. The Department of Justice has a pretty good track record of telling the difference.

Here’s what defense contractor leaders can do this week. Stop treating ethics training as an annual event. Build it into the moments where pressure is highest: proposal week, cost-overrun reviews, schedule slippage discussions. Reward the program manager who reports a problem early, even if it costs the company money. Make truth cheaper than concealment. And ask yourself a question that the Odyssey article hints at but doesn’t answer: if your team gets quieter when pressure rises, what does that tell you about the culture you’ve actually built?

Frequently Asked Questions

What is the difference between ethics and compliance in defense contracting?

Compliance means following external rules like DFARS, ITAR, and the False Claims Act to avoid penalties. Ethics is the internal commitment to truth and integrity that makes the rules unnecessary. According to the Defense Contract Audit Agency, roughly 15 percent of audited defense contracts between 2018 and 2020 contained non-compliance findings, but the deeper failures usually trace back to ethical breakdowns long before the audit caught them.

Why do defense contractors keep getting hit with False Claims Act cases?

The False Claims Act allows liability for “reckless disregard” of the truth, not just intentional fraud, and treble damages make settlements expensive. Most cases involve people who knew the rules but felt pressured to look the other way on cost data, cybersecurity attestations, or schedule reporting. Standard compliance training teaches the rule but rarely builds the decision-making reflexes needed when proposal deadlines, cost overruns, and customer escalation collide.

What are the biggest ethical risks in defense contracting today?

The most common pressure points include defective pricing in proposals, cybersecurity misrepresentations under CMMC and DFARS 252.204-7012, ITAR and export control violations, timekeeping fraud, and subcontractor oversight failures. As Chuck Gallagher, business ethics keynote speaker, has noted, the consistent thread is not ignorance of the rules but silence under pressure. Employees see something off and decide it’s safer not to escalate.

How can defense contractor leaders prevent ethical failures?

Leaders should treat ethics as decision-making under pressure, not as an annual training video. Practical steps include rewarding employees who report problems early, building case-based training around real workflows like proposal week and cost reviews, ensuring escalation paths are safe and visible, and tying executive incentives to honest reporting rather than appearance of success. The Department of Justice has consistently rewarded contractors with credible compliance cultures during enforcement actions.

Does better software solve compliance problems for defense contractors?

Software helps with documentation, labeling, error reduction, and workflow automation, but it cannot fix culture. A defense contractor with strong tools and weak ethics will still face False Claims Act exposure because the failures happen in moments of human judgment. Tools support compliant behavior; they don’t create it. Leadership signals, organizational habits, and reward systems are what determine whether employees tell the truth when it costs something.

I’d love to hear from you. If you lead a defense contractor team, or if you’ve sat in a meeting where the right thing and the convenient thing pulled in opposite directions, share what happened in the comments below. What does your organization actually reward when bad news arrives? I read every comment and respond personally. The questions below are designed to keep the conversation going inside your own team.

Five Questions for Further Thought and Consideration

  1. When was the last time someone in your organization brought you bad news early, and how did you respond in the room and afterward?
  2. If your incentive structure was published tomorrow on the front page of a defense industry publication, would it look like a culture committed to mission outcomes or a culture committed to appearance?
  3. What specific behaviors do you reward that might quietly teach your people that the appearance of compliance matters more than the reality of it?
  4. If a customer asked your team to walk them through how a recent cost or schedule decision was actually made, would the answer match what was reported up the chain?
  5. What would it cost your organization, in real dollars and reputation, if a single employee decided this week that telling the truth was no longer worth the risk?

Related Articles: 

The Ethics of Aggregation: Why Harmless Posts Become Intelligence

Defense Contractor Ethics: When Shared Responsibility Becomes No Responsibility

Next Post

Leave a Reply