Ed. Note-we conclude our three-part blog post series on three recent books by Hemma Lomax and Ashley Dubriwny. The are The Art of Ideation, The Art of Celebration and The Art of Implementation.
The final book in Hemma Lomax and Ashley Dubriwny’s trilogy, The Art of Celebration, completes the arc. Ideation imagines what is possible. Implementation gives that possibility form. Celebration sustains the culture by recognizing what matters, reinforcing what works, and creating the memory that carries the organization forward.
For compliance professionals, celebration may sound like the least obvious compliance discipline. That would be a mistake. The authors make clear that celebration is not decorative. It is strategic. It is a feedback system. It teaches people what the culture values. It turns behaviors into norms and norms into identity. The compliance lesson is profound: what the organization celebrates, it multiplies.
Lesson One: Recognition Is a Control Signal
The DOJ’ Evaluation of Corporate Compliance Programs (ECCP) focus on incentives and consequences gives compliance professionals a regulatory reason to take celebration seriously. The DOJ’s compensation and clawback Pilot Report states that prosecutors consider whether companies use positive incentives for ethical behavior and compliance leadership, whether compensation systems include compliance criteria, and whether companies penalize breaches of the compliance program.
That means recognition is not merely an HR activity. It is part of the control environment. When a company celebrates only sales growth, deal speed, cost reduction, or heroic problem-solving after avoidable chaos, employees learn what really matters. When a company celebrates employees who pause a transaction over a red flag, escalate a concern, improve a control, cooperate in an investigation, or protect a colleague from retaliation, employees learn a different lesson. The question for the CCO is not whether the company celebrates. Every company celebrates something. The question is whether those celebrations are aligned with the Code, controls, risk appetite, and ethical commitments.
Lesson Two: Celebration Can Strengthen Speak-Up Culture
The Art of Celebration explains that appreciation and recognition can create conditions associated with trust, belonging, openness, and moral reasoning. The book ties celebration to the willingness to speak up, take healthy risks, protect colleagues, and choose integrity. This has direct compliance relevance. Employees do not report concerns simply because the hotline exists. They report when they believe the organization values truth over comfort. They report when managers respond with care. They report when prior reporters were not punished, isolated, or ignored.
Celebration can reinforce this. A company should not publicly identify confidential reporters, but it can celebrate the behavior of raising concerns, asking hard questions, and improving systems. It can share anonymized stories showing that reports led to meaningful improvements. It can recognize managers who receive concerns well. It can reward teams that identify and remediate control gaps before they become enforcement problems.
Lesson Three: Celebration Must Be Aligned or It Becomes Dangerous
The authors are careful to address the shadow side of celebration. Misaligned recognition can distort culture. They cite examples where companies celebrated the wrong behaviors, including aggressive sales targets, engineering brilliance without ethical oversight, deal-making over transparency, speed over safety, and ambition over rigor.
This is where compliance professionals should pay close attention. Wells Fargo did not fail because it lacked stated values. It failed because its operating incentives and recognition systems pushed employees toward account openings at any cost. Boeing’s 737 MAX crisis offers another cautionary tale about what can happen when cost, schedule, and production pressure overwhelm engineering judgment and safety culture. Volkswagen shows the risk of celebrating technical performance while ethical guardrails lag behind. Celebration is therefore not harmless. It is a governance tool. If the company celebrates the wrong thing, it creates evidence of cultural misalignment. If it celebrates the right thing, it creates evidence of culture in practice.
Lesson Four: Metrics of Morale Must Be Ethical
One of the most forward-looking sections of The Art of Celebration addresses the “metrics of morale.” The authors explore how organizations can use communications data, sentiment analysis, wearables, AI-assisted pattern recognition, and cultural dashboards to better understand trust, stress, belonging, and burnout. They also warn that these tools must be used as coaching systems, not surveillance systems. Participation should be voluntary, data should be aggregated, and insights should improve systems rather than punish individuals.
That is a critical AI governance lesson. AI can help compliance detect cultural signals, emerging risks, retaliation patterns, training gaps, and control friction. But AI can also chill speech, invade privacy, amplify bias, or turn culture monitoring into employee surveillance. For CCOs, the right framework is clear. Use AI to improve governance, risk sensing, and employee support. Anchor it in transparency, purpose limitation, access controls, human review, and documented risk assessment. Align the work with NIST AI Risk Management Framework, ISO/IEC 42001, privacy principles, and the company’s own AI governance program.
Lesson Five: Rituals Preserve Culture Under Pressure
The book’s discussion of rituals is especially important for compliance. Rituals are repeated practices that teach a community what to remember. In compliance, rituals can include investigation debriefs, quarterly risk reviews, third-party red flag meetings, manager speak-up moments, annual Code refresh discussions, control owner certifications, AI use reviews, and post-remediation lessons learned.
A ritual is stronger than a reminder. A reminder tells people to do something. A ritual teaches people who they are. This matters under pressure. When a quarter-end target is at risk, when a sales team faces a red flag, when a senior leader wants to move quickly, the organization will not rise to the words in its Code. It will fall to the level of its practiced rituals. If those rituals include escalation, challenge, documentation, and accountability, the culture has muscle memory.
Compliance Application
Celebration belongs in the compliance program because it helps answer one of the DOJ’s most important practical questions: does the company incentivize compliance and ethical behavior in a meaningful way? The Criminal Division’s compensation pilot report states that companies proactively designing compensation systems to incentivize ethical behavior and company policies are better positioned to prevent misconduct, generate reports, address incidents before they grow, and build a company-wide culture of compliance.
A mature compliance program should therefore examine recognition, promotion, compensation, awards, leadership messaging, and performance management as part of the control environment. The CCO should ask not only what misconduct is punished, but what integrity is honored.
CCO Questions
What behaviors does the company currently celebrate, formally and informally?
Do performance reviews, promotions, bonuses, and awards reflect ethical leadership and control ownership?
Are speak-up, cooperation, remediation, and control improvement recognized as business contributions?
Do we use cultural data and AI responsibly, or are we creating surveillance risk?
What rituals reinforce the compliance program under pressure?
Practical Takeaways
- Inventory what the company celebrates in awards, town halls, performance reviews, and leadership communications.
- Align recognition with the Code, internal controls, speak-up expectations, and risk management priorities.
- Create anonymized speak-up success stories that show reporting leads to improvement.
- Review incentive structures for misconduct risk and compliance-positive behaviors.
- Build compliance rituals that preserve culture: pre-mortems, post-investigation lessons learned, control owner recognition, third-party red flag reviews, and AI governance check-ins.
Conclusion: The Compliance Culture Builder’s Discipline
Taken together, Hemma Lomax and Ashley Dubriwny’s trilogy offers compliance professionals something more than a culture-building framework. It offers a practical operating model for program effectiveness. The Art of Ideation reminds us that compliance begins with better questions, deeper listening, and the courage to design around the lived experience of employees. The Art of Implementation shows that even the best ideas fail unless they are operationalized through alignment, ownership, testing, adoption, and iteration. The Art of Celebration completes the cycle by showing that culture is sustained by what the organization chooses to recognize, repeat, and remember. This is the full arc of a mature compliance program: imagine wisely, execute consistently, and reinforce intentionally.
For the CCO, the message is clear. Culture is not an abstraction and it is not a slogan. It is built through the systems employees use, the controls they trust, the concerns they feel safe raising, the incentives they see rewarded, the investigations they experience as fair, and the stories leaders choose to elevate. The DOJ’s ECCP asks whether a compliance program is well designed, adequately resourced, empowered to function, and working in practice. This trilogy gives compliance professionals a human-centered way to answer those questions with evidence. Ideation creates the insight. Implementation creates the operating discipline. Celebration creates the cultural memory.
The larger lesson is that compliance professionals are not simply policy owners, trainers, investigators, or risk managers. They are culture builders. They help organizations decide what matters, make those commitments operational, and ensure those commitments endure under pressure. In an era of AI governance, third-party complexity, speak-up expectations, incentive scrutiny, and board oversight, that work has never been more important. The compliance programs that will matter most are not the ones with the most polished documents. They are the ones where employees know how to act, leaders know what to reinforce, controls work in practice, and the organization honors integrity as a business discipline.
That is the power of the trilogy. It takes us from possibility to practice to permanence. It reminds us that compliance effectiveness is not created in a single policy rollout, annual training event, or investigation report. It is created over time through disciplined attention to what people need, how work happens, and what the organization chooses to celebrate. For the modern compliance professional, this is both the challenge and the opportunity: to build a culture where ethics is not episodic, controls are not ornamental, and integrity is not merely stated. It is lived, reinforced, and carried forward.
