Compliance Training Scenario Examples — Real Workplace Decisions

Xcelus builds scenario-based code of conduct training and compliance programs around situations like these — putting employees in realistic decision-making situations before they encounter them in real life. See full scenario video examples →

Conflicts of Interest — Vendor Relationship

An employee’s spouse works at a company that has just been hired as a vendor on a project the employee is directly involved with.

Decision: Stay quiet to avoid complications, disclose the relationship to a manager, or remove yourself from the project without saying why.

Right call: Disclose immediately. A conflict of interest exists even when no improper decision has been made. The company cannot manage what it doesn’t know about.

Conflicts of Interest — Business Opportunity

An employee learns of a business opportunity through their role that their company likely wouldn’t pursue. They pass the information directly to a friend who runs a consulting firm.

Decision: Share it — the company isn’t interested anyway, so there’s no harm. Or share it internally first, then pass it along if the company declines.

Right call: Share internally first. Opportunities discovered through the company role belong to the company first. Bypassing that step violates the Code of Conduct regardless of the company’s likely interest.

Gifts & Entertainment — Vendor Gift at Contract Renewal

A vendor offers tablet computers to the management team as a personal thank-you during contract renewal discussions. The vendor calls it a gift, not a condition.

Decision: Accept the tablets — they’re a thank-you, not a bribe. Decline and report the offer. Accept but disclose to a manager.

Right call: Decline and report. The timing and value place this firmly in bribery territory under most code of conduct training standards — bribes don’t need to be cash to be bribes.

Gifts & Entertainment — Holiday Client Gift

An employee wants to send a favorite client a rare autographed football as a holiday gift. The employee considers it a genuine personal gesture.

Decision: Send it — it’s a personal gesture with no business strings attached. Check the company gift policy first. Send a standard holiday card instead.

Right call: Check the company gift policy first. Most organizations set a monetary threshold for gifts. A rare autographed item almost certainly exceeds that threshold regardless of the intent behind it.

Reporting — Concern About a Manager

An employee suspects their manager is asking them to do personal errands on company time using company property. The employee reports it — and discovers they misunderstood the situation.

Decision: Stay quiet next time to avoid embarrassment. Report concerns as they arise, regardless of certainty. Wait until there is more evidence before reporting.

Right call: Report concerns as they arise. Non-retaliation policies protect good-faith reporting even when the concern turns out to be a misunderstanding. It is better to ask and be wrong than to stay silent.

Reporting — Confidential Complaint

A supervisor finds out someone filed a complaint about horseplay in the office. The supervisor wants to find out who made the report so they can address the issue directly.

Decision: Investigate to identify the reporter — it’s the supervisor’s job to manage the team. Respect the confidential reporting process and escalate to HR. Address the behavior without attempting to identify the reporter.

Right call: Respect confidentiality and escalate to HR. Attempting to identify a confidential reporter — even with good intentions — violates the non-retaliation policy and undermines the speak-up culture code of conduct training is designed to build.

Confidential Information — Social Setting

At dinner with friends, an employee mentions that a client under criminal investigation must not be worried — because they just started a new project with the employee’s company.

Decision: It’s fine — friends aren’t going to act on it. It’s a violation — client relationship information is confidential. It’s only a problem if the friends work in finance.

Right call: It’s a violation. Client relationship information is confidential regardless of the social setting or who the audience is. A useful standard: if you wouldn’t be comfortable reading it in the news, don’t say it at dinner.

Confidential Information — Social Media

An employee involved in a confidential new product launch shares their excitement about the upcoming announcement on their personal social media account before the official release.

Decision: It’s a personal account — company policy doesn’t apply. It’s a violation of confidentiality and potentially social media policy. It’s fine if no specific details are shared.

Right call: It’s a violation. Proprietary product information is confidential until officially released, regardless of how vague the post seems. Employees should assume that any non-public company information is confidential.

Anti-Corruption — Government Official

A government official at customs asks an employee to pay a $100 entry fee — and offers to expedite clearance for an additional $50. The employee doesn’t know if this is a standard charge.

Decision: Pay it — it’s a small amount and the trip is important. Ask for proof the fee is required and whether a receipt will be provided. Pay and document it as a business expense.

Right call: Ask for proof and a receipt. If none is offered, do not pay unless there is absolutely no other option — and if payment is made, document and report immediately. FCPA violations can occur even under pressure.

Anti-Corruption — Competitive Bid

A vendor facing competitive renewal offers to match pricing for three years — and provides tablets to each management team member as a personal thank-you. They frame it as appreciation, not as tied to the contract.

Decision: Accept — the pricing deal and the gift are separate. Decline the tablets and proceed with the open renewal. Accept and disclose the gift.

Right call: Decline the tablets and proceed with open renewal. The timing connects the gift to the business outcome regardless of how it is framed. Accepting creates anti-corruption exposure for both the employee and the organization.

Insider Trading — Social Disclosure

An employee tells a close friend about upcoming contracts that will significantly affect the company’s revenue. The friend buys company shares before the news goes public.

Decision: Only the friend is liable — the employee just had a conversation. Both the employee and the friend face potential insider trading charges. The employee is only liable if they knew the friend would trade.

Right call: Both face liability. Disclosing material non-public information — regardless of intent — can expose the person who disclosed it to insider trading charges, along with the person who traded on it.

Insider Trading — Investment Club

An employee’s investment club is reviewing a vendor that their company works with. The employee knows confidentially that their company plans to significantly increase business with this vendor.

Decision: Share the information — it’s about a vendor, not your own company. Recuse yourself from the club’s discussion. Stay silent but remain in the discussion.

Right call: Stay silent and recuse. Material non-public information about business partners — not just your own company — is subject to the same insider trading constraints. Code of conduct training on this topic applies beyond direct company stock.

Accurate Records — Backdating

A supervisor asks an employee to backdate a cash receipt by two days so the deal counts toward this quarter’s sales figures, affecting bonus calculations. The deal was verbally agreed upon before quarter-end.

Decision: Backdate it — the deal was real, and the date is just administrative. Decline and document the request. Ask the finance team how to handle the timing correctly.

Right call: Decline and consult finance or legal. Backdating financial records to affect reporting outcomes violates the Code of Conduct regardless of whether the underlying deal was legitimate. This scenario is a core topic in code of conduct training for finance and sales roles.

Accurate Records — Expense Claims

An employee lost a receipt for an entertainment expense and inflated their mileage claims the following month to cover the loss. They consider it fair since they genuinely incurred the original expense.

Decision: It’s fair compensation — they did incur the real expense. It’s a violation — false claims are prohibited regardless of reasoning. Report the lost receipt and follow the expense recovery process.

Right call: Report the lost receipt and follow the proper process. Submitting inflated claims to offset a legitimate loss is still a false claim. There is no good justification for falsifying expense records.

Social Media — Workplace Photo

A colleague photographs a coworker in a compromising position at work and shares the image with friends and on several social media platforms. The colleague considers it a harmless joke.

Decision: It’s harmless if intended as a joke, and the coworker isn’t upset. It’s harassment and a conduct violation regardless of intent. It’s only a problem if the coworker complains.

Right call: It’s a violation regardless of intent. Taking and sharing unauthorized workplace photos violates harassment and conduct policies. Impact — not intent — determines whether conduct violates company policy.

Social Media — Customer Complaint Response

An employee notices a negative post about their company on social media and wants to respond to correct the record and defend the organization.

Decision: Respond — defending the company is the right instinct. Report the post to the social media or communications team and let them respond. Ignore it.

Right call: Report to the social media team. Employees responding individually to public complaints can escalate the situation, create legal exposure, or contradict official messaging. Social media policy training addresses exactly this scenario.

Anti-Money Laundering — Vendor Payment Routing

A vendor based in Spain requests that all payments be sent to a bank account in the Cayman Islands. They say it’s for tax efficiency purposes.

Decision: Proceed — tax efficiency is a legitimate reason. Escalate to Legal or Compliance before entering any arrangement. Request that payment go to a domestic account instead.

Right call: Escalate to Legal or Compliance. Bank accounts in known tax havens that differ from the vendor’s operating jurisdiction are a standard AML red flag. This scenario belongs in code of conduct training for procurement and finance roles.

Anti-Money Laundering — Deposit and Redirect

A client places a large order with an unusually high deposit, then cancels and requests a refund to a different company that cannot be verified.

Decision: Process the refund — the client is just changing their mind. Hold the refund and contact the AML Compliance Officer. Request more information from the client before proceeding.

Right call: Hold and contact AML Compliance immediately. This transaction pattern — large deposit, cancellation, redirect to an unverifiable entity — is a classic money laundering red flag that compliance training is specifically designed to help employees recognize.

Export Controls — Embargoed Country

A client in Malaysia places an order for technology products and mentions during the call that a colleague in North Korea will receive part of the shipment.

Decision: Proceed — the customer is in Malaysia, which is not under an embargo. Hold the order and report to Compliance immediately. Split the order — fulfill the Malaysia portion and decline the North Korea portion.

Right call: Hold the entire order and report to Compliance. The destination of goods, not just the buyer’s location, determines export compliance. Diversion to an embargoed country violates US law even when the ordering party is in a permissible country.

Responsible AI — Confidential Data in Public Tools

An employee wants to paste a confidential strategy meeting transcript into a public AI tool to generate a summary for the team.

Decision: Proceed — AI tools are secure. Use only company-approved AI tools or sanitize the content first. Summarize it manually instead.

Right call: Use only approved tools or sanitize first. Public AI models may retain and train on submitted data. Pasting confidential strategy content into a public tool is a data privacy and confidentiality violation — a scenario directly addressed in responsible AI training.

Responsible AI — Voice Fraud

An employee receives a voice message that sounds exactly like the CFO requesting an urgent payment to a new supplier before close of business — outside the normal approval process.

Decision: Process it — the voice is clearly the CFO’s. Call the CFO directly on their verified number from the company directory before taking any action. Escalate to IT security.

Right call: Call the CFO directly on a verified number. AI voice cloning can replicate voices from publicly available audio. Urgency and bypassing normal approval channels are the key red flags — both are classic social engineering signals that code of conduct training and AI ethics training both address.

Build Training Around Scenarios Like These

Xcelus develops scenario-based code of conduct training and compliance programs for enterprise organizations. Each course is built around realistic workplace decisions — the situations your employees actually face.

View Code of Conduct Training
Contact Xcelus