Tag: CCO

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 24 – Internal Reporting and Triage

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

On Day 24, we look into the critical internal reporting process and triaging of FCPA claims. As the CCO, you will oversee the initial steps when suspicious activities are reported. Jonathan Marks’ five-step process on early assessment of incoming information is explored, providing a structured approach for evaluating the severity of allegations from low-threat level to crisis management mode. Moreover, this episode emphasizes the necessity of effective hotlines, trained managers, and a culture of listening to employees to foster a safe reporting environment. Key takeaways include the DOJ and SEC’s emphasis on internal reporting lines, regularly testing hotlines, and the triage of claims to ensure appropriate investigation levels.

Key highlights:

  • Guidelines for Effective Compliance Programs
  • Jonathan Marks’ Five-Step Process for Early Assessment
  • Key Takeaways

Resources:

Click here to receive a 20% discount on The Compliance Handbook, 5th edition, for listeners to this podcast.

Categories
Creativity and Compliance

Creativity and Compliance – Creative Approaches to Corporate Compliance with Tyson Avery

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings, and Entertainment, utilizes the entertainment devices people use to consume information in their everyday, non-work lives and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible. In this episode of Creativity and Compliance, host Tom Fox and Ronnie Feldman are joined by Tyson Avery, the former Chief Ethics Compliance Officer at Starbucks and current Deputy General Counsel and Compliance Officer for Lucid Motors.

They discuss innovative strategies to make ethics and compliance engaging within organizations. Tyson shares insights into how he has leveraged creative methods to make serious compliance topics more relatable and accessible, emphasizing the importance of aligning corporate values with effective compliance programs.

One of the standout moments in the episode is Tyson’s recounting of the ‘Wally Awards,’ a unique initiative aimed at normalizing misconduct reporting and fostering a culture of transparency and trust. Through creative anonymization and employee engagement, the Wally Awards highlighted significant misconduct cases without compromising confidentiality, thereby encouraging ethical behavior across the company. The episode underscores the need for continuous, relatable, and engaging communications to embed compliance into the organizational culture.

Key highlights:

  • The Importance of Creativity in Compliance
  • Making Ethics Relatable
  • The Wally Awards: A Creative Compliance Initiative
  • Building Engagement and Trust
  • Advice for Implementing Creative Compliance

Resources:

Ronnie

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

Categories
Blog

Top Compliance Leadership Skills for the Wild Wild West that is Coming – Part 3, Humor

This week, the world changed when Donald Trump was inaugurated as the 47th President of the US. Indeed, the only thing I can guarantee with complete certainty is change. I was therefore intrigued by Melissa Swift’s recent MIT Sloan Business Review article, “Three Nonnegotiable Leadership Skills for 2025.” In this week of change, I cannot think of a more prescient article for the compliance professional.

I adapted Swift’s three critical leadership skills for the compliance professional: fairness, curiosity, and a sense of humor. In this concluding blog post of this three-part series, I will explore how compliance leaders can develop and leverage these skills to strengthen their programs and inspire their teams throughout the tumultuous next four years using humor.

Your Saving Grace: Sense of Humor

As Ronnie Feldman continually reminds us, do not be “Debbie Downer,” or as I would say, do not be Dr. No from the Land of No. In some ways, Ronnie focuses on attitude, while I tend to focus a bit more on the message. However, you might look at it. Between audits, policy rollouts, regulatory updates, and managing the risk employees inevitably want to take, a sense of humor is a powerful tool for staying grounded and maintaining perspective.

It is important to note that you need the right kind of humor for compliance leadership. This does not mean you should become the office comedian. Instead, humor in compliance leadership is about finding light in challenging situations and encouraging your team to do the same. For example, after navigating a tough audit and telling your team, “Well, we survived—and I didn’t even need to bribe anyone with donuts this time!” That simple quip can diffuse tension and signal that it’s okay to exhale.

The humor in your attitude and what you can bring to your customer base. Humor can reduce stress. Compliance work often operates under tight deadlines, high stakes, and relentless scrutiny. This pressure can weigh heavily on teams, leading to burnout and diminishing productivity. A leader who uses humor to lighten the mood helps to ease stress, making the workplace feel less like a pressure cooker and more like a place of collaboration and problem-solving.

Humor can help to build relationships, as compliance leaders often face the challenge of appearing approachable while maintaining authority. Humor humanizes leaders, making them more relatable and easier to connect with. When you can laugh at yourself or acknowledge the absurdities of compliance work with a smile, your team feels more comfortable sharing ideas, asking questions, and raising concerns.

Humor can make you a better compliance officer. When people are less stressed, their creativity and problem-solving abilities improve. Humor reduces the brain’s fight-or-flight response, allowing for more thoughtful and innovative approaches to challenges. A leader who fosters an environment where it’s okay to laugh at setbacks or unexpected hurdles creates a culture where solutions flow more freely. For example, if a compliance initiative hits a snag, a leader who can frame it with humor, “Okay, so maybe this isn’t Plan A…or Plan B…but I have high hopes for Plan C!” encourages the team to stay flexible and keep brainstorming.

The Right Kind of Humor for Compliance Leadership 

Humor in compliance leadership is not about cracking jokes or becoming the office comedian. Instead, it is about using levity strategically to foster positivity and resilience. Some key principles are as follows:

  1. Diffuse Tension, Don’t Deflect Responsibility. A well-timed, self-deprecating comment can make you more relatable, but humor should never be used to deflect accountability. For example, if a compliance policy rollout faces delays, saying, “Looks like my time management skills could use some compliance training of their own!” shows humility without shirking responsibility.
  2. Celebrate Compliance Wins Playfully. Recognizing team achievements doesn’t have to be dry or overly formal. Use humor to make celebrations memorable. Consider giving out light-hearted awards like “Most Persistent Policy Enforcer” or decorating the office with “Mission Accomplished” banners after a successful audit. These small gestures show appreciation while keeping the mood light.
  3. Maintain Perspective. Compliance is serious work, but that does not mean you must take every situation or yourself too seriously. Laughing at the absurdities of navigating complex regulations or managing a mountain of policies reminds your team that, while the work is important, it’s okay to have a sense of humor about the challenges.

Applying Humor to Compliance Challenges in 2025

Humor is not simply a feel-good tool. It can be strategically applied to some of the most pressing challenges compliance professionals face in 2025.

  • Building Ethical Cultures Amid Workforce Discontent

With employee engagement at a low and workplace polarization on the rise, leaders must model fairness and transparency to rebuild trust. Humor can complement these efforts by making leaders more relatable and approachable. For example, during a town hall on compliance updates, opening with a light joke about the complexity of the latest regulations, “I think the word paid the lawyers who wrote this!” can put employees at ease and make the session more engaging.

  • Navigating Emerging Risks

As AI, ESG, and privacy dominate the compliance agenda, staying ahead of these risks requires proactive engagement and innovation. Humor can make daunting challenges feel more manageable. For example, when introducing training on AI ethics, a leader might quip, “Don’t worry, our goal is to make sure the robots are working for us, not the other way around!” This approach encourages curiosity and open-mindedness.

  • Managing Regulatory Fatigue

As regulations grow more complex, compliance fatigue becomes a real risk for teams. Or, as the Trump Administration whipsaws the business communities with new mandates morning, noon, and night, business and compliance leaders who inject humor into routine tasks, like creating a fun, interactive quiz for compliance training or adding light-hearted captions to a policy presentation, can make the work feel less monotonous. A leader who acknowledges the challenges with humor, such as “Regulatory updates: the gift that keeps on giving!” helps your compliance team feel seen and supported, even as they tackle challenging workloads.

How to Integrate Humor Into Your Leadership Style

If you’re ready to harness the power of humor in your compliance leadership, here are some practical tips:

  1. Know Your Audience. Tailor your humor to your team’s preferences and sensitivities. Avoid sarcasm or jokes that could be misinterpreted.
  2. Start Small. During meetings, test the waters with light-hearted comments or anecdotes. Observe how your team responds and adjust accordingly.
  3. Encourage Teamwide Levity. Create a culture where humor is welcomed. For example, designate a “fun committee” to plan occasional light-hearted activities, like a compliance trivia game or themed office decorations.
  4. Keep It Contextual. Use humor to enhance, not detract from, the seriousness of compliance work. Acknowledge the gravity of issues like regulatory violations while using humor to build resilience.

The Bottom Line: Humor as a Leadership Strength

In 2025, compliance leaders will face mounting challenges, from increasing regulatory complexity to employee disengagement to a more focused enforcement presence in some verticals. A sense of humor can be your secret weapon for gracefully and effectively navigating these difficulties.

By reducing stress, building connections, and fostering creative problem-solving, humor enhances your leadership and the overall resilience of your compliance team. Remember, humor doesn’t diminish the importance of your work; it underscores your ability to lead with empathy, perspective, and authenticity.

In the high-stakes world of compliance, laughter truly is a saving grace. So, the next time you find yourself knee-deep in regulatory updates or preparing for a strict audit, don’t forget to take a moment to smile, laugh, and remind your team that even in the most serious work, a little levity goes a long way.

Categories
Blog

Top Compliance Leadership Skills for the Wild Wild West that is Coming – Part 2, Curiosity

This week, Donald Trump was inaugurated as the 47th President of the United States. I can only say with complete certainty that the world of compliance will never be the same. Trump not only promises tariffs and sanctions against America’s enemies and competitors but also promises them against America’s friends. His views on the Foreign Corrupt Practices Act (FCPA) are well known (‘a horrible law’), and so are his views on bribery.

He may well be the first President to employ the FCPA as a tactical weapon against companies from countries that are not only the US’s enemies and competitors but also our allies. This is nothing to say about how he will direct the Department of Justice to use the Foreign Extortion Prevention Act (FEPA) against our enemies, competitors, and allies. So prepare for the Wild West of corporate compliance for the next four years.

As compliance professionals face this miasma in 2025, compliance leadership skills will be more critical than ever. With these new, renewed, and mounting regulatory pressures, declining employee engagement, and intensifying demand for ethical corporate governance, the role of compliance leaders has never been more pivotal or challenging.

This week, I am looking at three leadership skills for the Chief Compliance Officer (CCO), compliance professional, or compliance practitioner to focus on for this sea change in compliance. One faces outward, one faces inward, and the third relates to your attitude. They are (1) fairness, (2) curiosity, and (3) a sense of humor. These three skills will enhance your team’s effectiveness and strengthen your organization’s overall compliance posture. Yesterday, we considered fairness. Today, we look at the curiosity of the compliance professional.

Curiosity: Your Secret Weapon for Compliance Growth 

From my experience, curiosity is a game-changer in compliance. Indeed, in the initial Radical Compliance podcast, Matt Kelly interviewed Hui Chen about the original (2017) Evaluation of Corporate Compliance Programs; she said it was designed to get compliance professionals and CCOs to ask questions about their compliance programs.

Besides the Trump Administration, in 2025, compliance programs will face emerging challenges such as AI ethics, ESG requirements, and new data privacy laws. Curiosity enables compliance leaders to stay ahead of these trends, fostering innovation and adaptability in their programs. Curious leaders break free from silos, seek new knowledge, and inspire their teams to think creatively. This mindset is critical for identifying risks and opportunities in an unpredictable regulatory environment.

Curiosity drives innovation, sharpens problem-solving skills, and helps compliance officers identify risks and opportunities others may overlook. But how can compliance professionals actively cultivate curiosity in themselves and their teams? Here’s a roadmap to help you stay informed, ask better questions, and fill critical knowledge gaps.

Stay Informed on Industry Trends 

Regulatory landscapes are shifting faster than ever, with new challenges arising in artificial intelligence (AI), environmental, social, and governance (ESG) standards, and data privacy. Compliance professionals must proactively stay informed about these trends to keep their programs agile and relevant. Indeed, every Deferred Prosecution (DPA) includes language mandating awareness of other businesses in their industry and any compliance developments.

What are some of the action steps a compliance professional or CCO can take? If you are reading this blog post, it is an excellent first step. You can listen to one or more of the 50 podcasts on the Compliance Podcast Network. Both steps will put you on the cutting edge of the nuts and bolts of compliance. For topical compliance news and analysis, you can read well-known commentators such as Matt Kelly on Radical Compliance. You can read industry publications like Compliance Week or law firm or consulting firm newsletters on topical compliance issues. Focus on emerging areas like AI ethics, ESG enforcement actions, and updates to GDPR or other privacy frameworks.

Attending webinars and conferences are excellent opportunities to hear from industry leaders, regulators, and peers. These conferences include Ethisphere and Compliance Week in the spring and SCCE and ACI in the fall. These events provide real-time insights and practical strategies for addressing emerging risks. When you attend such events, you can often garner as much information by networking with your peers. You can also join professional organizations, such as SEEC, ACFE, ECI, and others, which often have online forums to exchange knowledge and share best practices with other compliance professionals.

By staying informed, you can anticipate changes before they disrupt your organization and position yourself as a forward-thinking compliance leader.

Ask Better Questions 

Compliance professionals are often tasked with identifying risks and making decisions under uncertainty. The quality of the questions you ask determines the depth of your understanding and the effectiveness of your solutions. Traditional compliance questions like “What’s the risk here?” are essential but can be limiting. To foster curiosity, you need to dig deeper and challenge assumptions.

What are some examples of better questions you can ask? Start with such basics as “What assumptions are we making, and how can we test them?” This question helps uncover blind spots in risk assessments or compliance strategies. Follow up with questions like “How does this risk evolve?” Understanding the lifecycle of a risk can help you develop proactive mitigation strategies. Always add this query to your repertoire: “What can we learn from other industries?” Exploring how different sectors handle similar challenges can inspire innovative solutions in your company.

You should work to apply all of this in your everyday compliance work. Start by encouraging your team to approach problems from multiple angles. Take your risk assessment, where you can consider not just the likelihood and impact of a risk but also the assumptions underlying those ratings. This mindset shift leads to more robust and effective compliance strategies.

 Fill Knowledge Gaps 

In the compliance field, the more you know, the more you realize how much you still need to learn. Recognizing and addressing knowledge gaps is a critical skill for any compliance professional. Think about compliance issues in some of the following ways: Reflect on your recent projects or decisions. Consider if there were times when you felt unsure or relied heavily on external experts. Keep track of emerging topics where you only have surface-level knowledge, such as ESG reporting requirements or AI regulations. Finally, do not be afraid to ask your team for feedback. They may identify areas where additional expertise could strengthen the program.

Encourage Curiosity in Your Team

Curiosity is not simply a personal trait but a cultural value that compliance leaders can cultivate within their teams. A curious team is more likely to challenge assumptions, identify risks early, and propose creative solutions. You do not have to send your team to conferences to foster curiosity. You can do that yourself by creating opportunities for cross-functional in-house learning. Invite experts from other departments, such as cybersecurity, ESG, or finance, to share insights during compliance meetings. This not only broadens your team’s knowledge but also strengthens cross-departmental collaboration.

Encourage “What If” scenarios by asking your team to imagine hypothetical scenarios and explore how they would address them. Such as, “What if we faced a cyber breach tomorrow?” or “What if a supplier violated ESG standards?” It can be a perfect starting point for you and your entire team. Finally, celebrate curiosity by recognizing and rewarding team members who ask insightful questions, propose innovative ideas, or learn about emerging risks. By embedding curiosity into your team’s culture, you empower them to think critically and proactively, enhancing the overall effectiveness of your compliance program.

Curiosity is a powerful tool that enhances professional growth and strengthens compliance programs’ resilience and adaptability. In 2025 and beyond, compliance leaders who embrace curiosity will be best positioned to navigate uncertainty, address emerging risks, and lead their organizations confidently.

Join us tomorrow as we explain why having a sense of humor may be the most important skill for surviving the new administration’s inevitable chaos.

Categories
Blog

Top Compliance Leadership Skills for the Wild Wild West that is Coming – Part 1, Fairness

Today, Donald Trump will be inaugurated as the 47th President of the United States. I can only say with complete certainty that the world of compliance will never be the same after today. Trump promises tariffs and sanctions against America’s enemies, competitors, and friends. His views on the Foreign Corrupt Practices Act (FCPA) are well known (‘a horrible law’), and so are his views on bribery.

He may well be the first President to employ the FCPA as a weapon against companies from countries that are not only the US’s enemies and competitors but also our allies. This is nothing to say about how he will direct the Department of Justice to use the Foreign Extortion Prevention Act (FEPA) against our enemies, competitors, and allies. So get ready for the Wild West of corporate compliance for the next four years.

As compliance professionals face this miasma in 2025, compliance leadership skills will be more critical than ever. With these new, renewed, and mounting regulatory pressures, declining employee engagement, and intensifying demand for ethical corporate governance, the role of compliance leaders has never been more pivotal or challenging.

To navigate the first part of this Wild West, I propose three leadership skills for the Chief Compliance Officer (CCO), compliance professional, or compliance practitioner to focus on. One faces outward, one faces inward, and the third relates to your attitude. They are (1) fairness, (2) curiosity, and (3) a sense of humor. These three skills will enhance your team’s effectiveness and strengthen your organization’s overall compliance posture.

Fairness: The Cornerstone of Compliance Leadership

Fairness is the bedrock of a strong compliance culture. Employees who perceive their leaders as fair are likelier to adhere to policies, report concerns, and contribute to an ethical workplace. With 70% of workers dissatisfied with their pay and disengagement on the rise, fairness is no longer optional; it is essential. You only need to conference the entire controversy around Return to the Office (RTO) at JP Morgan when, as the Wall Street Journal reported, the company disabled its internal chat function because of the plethora of negative comments on the full implementation of RTO. Talk about not wanting to hear what is on your employees’ collective minds.

Fairness extends beyond legal compliance into the realm of interpersonal relationships. For compliance leaders, this means:

1. Relationship Justice-Treating employees with professionalism, dignity, and respect

Relationship justice is the foundation of trust in any organization and a critical component of compliance leadership. It involves treating employees as valued contributors, respecting them, and maintaining professionalism. Leaders who model relationship justice foster an environment where employees feel psychologically safe to raise concerns, share ideas, and report potential misconduct. For compliance professionals, this means actively listening to employee feedback, addressing grievances promptly, and avoiding behaviors that could be perceived as favoritism or bias. Consistently demonstrating respect and dignity reinforces ethical culture and strengthens employee morale and engagement, making them more likely to align with compliance initiatives.

2. Task Justice- Ensuring decisions are transparent and consistent.

Task justice focuses on the “how” of leadership—how decisions are made, communicated, and executed. Transparency is key to task justice; employees should understand the rationale behind decisions, especially when they affect their roles, responsibilities, or compensation. Consistency is equally important, as arbitrary or unpredictable decision-making undermines trust and can lead to perceptions of unfairness. Compliance leaders can implement task justice by using structured frameworks for decision-making, such as compliance risk matrices, and by documenting the process for policy updates or disciplinary actions. Clear communication of decisions and opportunities for employees to ask questions or provide feedback ensures that everyone feels included and informed, reducing resentment and fostering collaboration.

3. Distributive Justice – Aligning rewards with individual contributions

Distributive justice ensures that rewards, recognition, and outcomes are proportionate to the effort and contributions of individual employees. This dimension of fairness requires leaders to assess performance objectively and ensure that rewards—whether promotions, bonuses, or simple recognition—are distributed equitably. For compliance professionals, distributive justice can manifest in recognizing team members’ contributions to audits, investigations, or training programs. Leaders should avoid blanket recognition that overlooks individual effort and tailor rewards to highlight specific accomplishments. Employees who feel their contributions are valued and acknowledged are more likely to remain engaged, motivated, and committed to compliance goals. Ultimately, distributive justice reinforces the message that ethical behavior and hard work are consistently rewarded.

The CCO is pivotal in embedding fairness within the compliance program and the broader corporate culture. The DOJ refers to this as Institutional Justice and Fairness in the 2024 Evaluation of Corporate Compliance Programs. Whatever you (or the DOJ) might call this, the CCO must prioritize transparency, consistency, and respect across all compliance and cultural touchpoints to achieve this.

First, fairness starts with transparent processes in the compliance program. The CCO should establish clear protocols for investigations, audits, and disciplinary actions, ensuring employees understand the steps and criteria used in decision-making. The CCO can reduce bias and promote consistency by leveraging tools such as decision matrices or documented frameworks. Regular communication about compliance updates, policy changes, and enforcement actions reinforces transparency and builds trust.

Second, fairness in corporate culture is achieved through relationship-building and recognition. The CCO should foster open dialogue by creating channels for employees to voice concerns without fear of retaliation. Training programs emphasizing fairness—such as workshops on unconscious bias or ethical leadership—can cultivate a more respectful workplace. The CCO must ensure that ethical behavior and contributions to compliance efforts are consistently acknowledged and rewarded.

Ultimately, by modeling fairness in leadership and weaving it into compliance processes and cultural practices, the CCO sets the standard for ethical behavior, fostering employee trust and long-term organizational integrity.

Join us tomorrow to explore curiosity and the CCO/compliance professional.

Categories
Great Women in Compliance

Great Women in Compliance – Catherine Razzano on Leading with Passion

In this week’s episode, Hemma visits Catherine Razzano, a veteran legal and compliance expert and Head of Global Legal Compliance at social media giant TikTok.

Learn about Catherine’s transition from private practice to in-house compliance work as she shares her journey from a prestigious clerkship and partnership track in Big Law with an FCPA and white-collar practice to leading in-house compliance teams at General Dynamics, Panasonic, and TikTok. Hemma asked Catherine about the challenges and benefits of working under a monitorship, with Catherine emphasizing the importance of relationship building and trust. Catherine also shared her experiences leading teams under scrutiny and pressure, including during the pandemic and at TikTok.

Catherine discusses the source of her firm commitment to mentoring and sponsoring the next generation of ethics and compliance leaders. Tune in to hear inspiring insights on the importance of intentionality and finding your passion when navigating transitions as we enter the second quarter of the century in 2025.

Highlights include:

  • Managing compliance teams under scrutiny and pressure
  • Culture-building in global organizations
  • Navigating different industries as a compliance professional
  • Following your passion for career growth and transitions
  • The importance of mentoring and sponsorship

Biography:

Catherine Razzano is the Head of Legal Compliance at TikTok, the social media giant where she leads a global team of compliance professionals. She joined TikTok from Panasonic Avionics Corp., where she was hired in 2018 to help the company strengthen its compliance systems while under independent oversight following an investigation into violations of U.S. antibribery law. Before Panasonic, Catherine was an Associate General Counsel and Director of International Law & Compliance at General Dynamics after leaving her white-collar criminal practice at prestigious law firms, Cadwalader Wickersham and Taft and Clifford Chance, LLP, and serving as Judicial Law Clerk to the Honorable John M. Facciola in the United States District Court for the District of Columbia

Thanks, as always, to our sponsor, Corporate Compliance Insights, and our wonderful #GWIC community. You can join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

The Personalization Imperative: Lessons for Compliance Professionals 

Personalization has emerged as a transformative force in modern business and modern communications. Marketing is no longer about addressing a customer by name in an email but delivering tailored experiences at scale, powered by artificial intelligence (AI) and data-driven insights. In a recent article in the Harvard Business Review, entitled Personalization Done Right, authors Mark Abraham and David Edelman wrote about how companies like SonderMind, Spotify, and Sweetgreen lead the charge, using innovative personalization strategies to create value and delight their customers. However, personalization presents some interesting opportunities for compliance professionals to balance innovation with regulatory obligations, ethical considerations, and data privacy concerns.

Today, I want to examine the lessons that compliance professionals can draw from the personalization strategies outlined in the BCG Personalization Index. I will focus on maintaining compliance while enabling businesses to leverage personalization as a competitive advantage. 

The Five Promises of Personalization 

Personalization leaders succeed by fulfilling five implicit promises to their customers:

  1. Empower Me – Make my experience seamless and intuitive.
  2. Know Me – Use my data responsibly to understand my needs.
  3. Reach Me – Engage with me at the right time, on the right channel.
  4. Show Me – Provide relevant, tailored content.
  5. Delight Me – Continuously improve my experience through innovation.

Each of these promises presents opportunities and risks that compliance professionals must navigate.

  • Empower Me: Enhancing the Customer Journey 

Businesses like SonderMind demonstrate how personalization can empower users. SonderMind’s mental wellness app analyzes individual data to suggest actionable steps, such as meditation or journaling, and arm therapists with anonymized insights to optimize treatment plans. This results in better outcomes for patients and reduced costs for insurers.

For the compliance professional empowering employees (the customers of compliance), Personalization leaders start by asking: How can I make the employee’s experience better by personalizing it? For a compliance professional, this means understanding an employee’s unique needs at every step of their journey and deciding how personalization can best help them. The Department of Justice calls this ‘targeted’ training and communications.

  • Know Me: Building Trust Through Data 

The authors point to Sweetgreen, “a newcomer to the restaurant business relative to the largest chains,” which illustrates this point well. Right from its start, in 2007, it invested in building digital customer relationships. It launched a mobile app in 2013, ahead of many large restaurant chains, and progressively added features such as mobile ordering, delivery, personalized offers and challenges, and a loyalty program to drive digital engagement.

Here, the compliance professional can not only stream compliance communications more efficiently but also use those same communications to build relationships and trust with your employees. Obviously, this is directly in the compliance wheelhouse, as data governance is paramount. Compliance teams must oversee the integration of customer data across systems, ensuring it is accurate, secure, and used in accordance with stated policies.

  • Reach Me: Engaging Responsibly 

Having the data to know the customer is not enough. Your organization must use AI to identify triggers to reach out, such as when a customer browses online or inquires. Then, orchestrate touches across channels and use smart frequency management to ensure their touches are coordinated and not overwhelming. The authors pointed to Cisco, whom they said is “a personalization leader. Its sales team knows whom to contact, when, and about what and comes armed with relevant content and demos. Because Cisco’s sales and marketing teams are closely linked, customers get coordinated exposure to content that supports their needs and that opens up sales dialogues.”

This is precisely how compliance professionals should think about targeted and effective training and communications. This type of coordinated approach, based on employee needs or questions, can pay off with big compliance benefits. Overreach will turn off employees if the communications are bad, useless, and overwhelming. You do not want to cause ‘compliance communication fatigue.’ Compliance professionals must monitor how AI models are recommended, ensuring they align with legal standards and ethical norms.

  • Show Me: Tailoring Content 

Pandora shows how generative AI can create personalized content, reducing production times and improving engagement. The authors noted, “The global jewelry brand Pandora thrives by sparking customer interest with inspirational content. As part of its strategy, it uses AI-generated content to tailor its messaging to each customer and cut cycle times for certain types of content creation from 12 to 14 months to a mere 10 days. The company learned that personalizing the background and model image for each individual—and coordinating how the customer sees those images across emails, websites, and other ads—substantially improved conversion rates.”

This speaks to the DOJ mandate for tailored training. However, you should also consider the business ethics message you can give customers. It can be similar to that of other companies that have gotten into FCPA or other regulatory trouble, celebrating your employees who have done the right thing or consistent messages from your CEO or senior executive about doing business ethically and in compliance.

  • Delight Me: Driving Continuous Improvement 

Personalization leaders adopt agile working methods to accelerate testing and learning, improving the intelligence behind each customer interaction. Companies like DoorDash epitomize the “delight me” promise by running hundreds of micro-experiments to refine their personalization efforts. This agile approach enables rapid innovation but requires robust oversight to ensure compliance with regulations.

Continuous improvement is directly in the wheelhouse of compliance. You should be able to take the feedback you receive from your employees and incorporate that information into your future communications. Even more exciting is the opportunity to have employees individually improve their ways of doing business ethically and in compliance. Compliance professionals should collaborate with product teams to ensure experiments respect privacy laws and customer expectations.

Key Lessons for Compliance Professionals 

  1. Embrace the Role of Enabler. Compliance should not be a roadblock to innovation. Instead, compliance professionals can enable responsible personalization by embedding themselves in cross-functional teams and offering solutions aligning with business goals and regulatory requirements.
  2. Prioritize Data Privacy. As personalization relies heavily on customer data, compliance teams must prioritize data privacy and security. This includes ensuring compliance with global regulations like GDPR, CCPA, and industry-specific standards.
  3. Establish AI Governance. AI is a cornerstone of modern personalization. Compliance professionals must develop and enforce governance frameworks to ensure AI is used ethically and transparently.
  4. Foster a Culture of Transparency. Customers are more likely to trust companies that are upfront about how their data is used. Compliance teams should advocate for clear and accessible privacy policies.
  5. Monitor Regulatory Trends. Personalization efforts are subject to evolving regulations. Compliance professionals must stay informed about changes in data privacy, AI ethics, and advertising standards to guide their organizations effectively.

The Future of Compliance is Personalization 

The rise of personalization presents compliance professionals with a unique opportunity to lead. By ensuring that personalization efforts are ethical, transparent, and compliant, they can help their organizations build trust, drive innovation, and achieve sustainable growth.

As the BCG Personalization Index shows, companies that excel in personalization delight their customers and create significant business value. The same applies to a corporate compliance function and its customers, IE., employees. Compliance professionals are essential to realizing this potential, ensuring businesses can innovate responsibly and thrive in an increasingly competitive landscape.

Compliance is not simply about preventing wrongdoing but enabling your organization to do things correctly. Personalization of compliance is no exception. Compliance professionals should embrace this opportunity and take charge of a future where personalization and compliance go hand in hand.

Categories
Blog

Driving Compliance Culture: Lessons from a Skills-Based Approach to Cultural Change

Regarding compliance, the tone from the top is crucial—but culture eats tone for breakfast. Compliance professionals know that a robust compliance program is only as effective as the culture supporting it. Building and sustaining that culture, however, is no small feat. Enter the skills-based approach to cultural transformation, as laid out in Per Hugander’s article in the MIT Sloan Management Review, Take a Skills-Based Approach to Culture Change. This method provides a roadmap for embedding compliance values deeply into an organization by focusing on practical skill development and real-world problem-solving. I have adapted her skills-based approach to revolutionize compliance culture, explain why traditional methods often fall short, and provide actionable strategies for compliance professionals to lead this transformation.

Why Traditional Compliance Culture Efforts Fall Short 

Many culture-change initiatives rely on workshops, seminars, and training sessions to instill new values or behaviors. While well-intentioned, these efforts often fail to address the deeply ingrained assumptions that drive behavior. Hugander explains this through Edgar Schein’s Organizational Culture Model, which emphasizes that culture is rooted in employees’ underlying assumptions, those unconscious beliefs that determine how they think, perceive, and act.

This highlights a critical issue for compliance professionals: simply telling employees to act ethically or follow the rules isn’t enough. If underlying assumptions about risk, accountability, or success conflict with compliance values, those assumptions will prevail.

 The Skills-Based Approach: A Paradigm Shift

The skills-based approach focuses on building specific, actionable skills that directly impact critical challenges. These skills—such as perspective-taking or fostering psychological safety—are practiced in real business problems. Organizations create a feedback loop that reinforces new assumptions and behaviors by linking skill application to tangible outcomes.

For example, a compliance team could focus on enhancing perspective-taking to improve employees’ handling of ethical dilemmas. By training employees to consider different viewpoints—such as the customer, regulator, or broader community—they better understand how their actions align with the organization’s compliance goals.

Breaking the Capability Trap 

Hugander warns of the “capability trap,” a common pitfall where organizations abandon new initiatives before they yield results. This happens when the costs—time, focus, and effort—are immediate, but the rewards are delayed. To overcome this, the skills-based approach emphasizes creating short feedback loops by applying new skills to high-priority challenges. This allows employees to see the benefits of the new approach more quickly, generating momentum for change.

The capability trap might manifest in compliance when a new whistleblower program is launched but does not initially generate reports, leading leaders to doubt its effectiveness. The organization can build trust in the system and encourage broader use by coupling the program with communication training for managers and immediate action on even minor concerns raised.

Compliance Lessons from the Skills-Based Approach 

  1. Start Small, Go Deep. Hugander advocates beginning with a small team and focusing on intensive skill-building sessions tied to real challenges. This allows the team to build confidence in the new approach and generate success stories that can inspire broader adoption. This means the Chief Compliance Officer (CCO) or other compliance professional should select a pilot group, such as a high-risk department or business unit, and train them on a specific compliance skill, such as ethical decision-making or identifying conflicts of interest. Have them apply these skills to actual compliance challenges and measure the outcomes.
  2. Create Cultural Champions. Identifying and empowering influential individuals to champion new behaviors is critical. These champions provide proof of concept by demonstrating how the new skills lead to better outcomes in the organization’s context. For the CCO, work to cultivate champions within senior leadership and middle management. A senior executive might lead by example in applying transparency during a compliance audit, while a middle manager might model open discussions about ethical or integrity concerns.
  3. Link Compliance to Business Outcomes. A key feature of the skills-based approach is tying new skills to measurable business improvements. Perspective-taking and psychological safety led to increased customer acquisitions and market share in Amy Edmonson’s SEB case study. For the compliance professional, you can demonstrate how compliance initiatives support business goals. Show how enhanced due diligence processes reduce the risk of fines and improve supplier reliability, ultimately benefiting the bottom line.
  4. Address Skepticism Through Experience. Short workshops are often insufficient to win over skeptics. Instead, intensive, hands-on sessions that produce actual results are more likely to shift mindsets. Skeptics who experience success become the strongest advocates for change. Integrate compliance into strategic problem-solving sessions instead of relying solely on compliance training. This would allow the compliance function to use a compliance framework to resolve a cross-functional challenge, demonstrating its practical value.

Building Momentum for Compliance Culture Change 

The skills-based approach does not stop with a single team or project. Once initial successes are achieved, the organization can share these stories to build momentum. Hugander emphasizes the power of storytelling, using real examples to illustrate how new skills or behaviors lead to meaningful outcomes. Some strategies might be to develop case studies from early adopters of compliance initiatives within your organization. You can then share these stories through town halls, newsletters, or internal training sessions.  Finally, these success stories can be used to recruit additional teams to adopt the new compliance practices.

All of this will take a concerted effort. A one-and-done superficial effort like one-off workshops or values posters, which fail to address the deeper assumptions driving behavior, will not work. True culture change requires sustained effort, leadership buy-in, and a willingness to experiment and iterate. You must regularly assess the effectiveness of compliance initiatives through employee surveys, performance metrics, and feedback loops. Adjust strategies based on what works in practice, not just in theory.

Building a compliance culture requires more than policies and procedures; it demands a shift in the underlying assumptions and behaviors that define an organization’s operation. The skills-based approach offers a practical roadmap for achieving this transformation. By focusing on skill development, linking compliance to business outcomes, and creating cultural champions, compliance professionals can foster a culture that doesn’t just follow the rules but embraces compliance as a core value.

The journey will not be quick or easy, but the payoff of creating a resilient, ethical, and high-performing organization is well worth the effort. For compliance professionals ready to lead this charge, the skills-based approach provides the tools to turn vision into reality.

Categories
Great Women in Compliance

Great Women in Compliance – Compliance, Consistency and Agility with Lisa Beth Lentini Walker

In our 2025 kickoff episode, Lisa speaks with Lisa Beth Lentini Walker, Deputy General Counsel, Corporate Legal, and Assistant Secretary at Marqeta, the CEO and Founder of Lumen Worldwide Endeavors. Lisa Beth is also a mentor, advocate, and friend to many in the compliance community.

While many people consider a CECO role their ultimate career goal, others look to a more GC-focused role. In the past few years, Lisa Beth’s career has evolved in that way while she remains involved in compliance. In this episode, she talks about her role, how serendipity and planning helped her get to where she is, and how it is important to be intentional while staying open to new opportunities.

In discussing 2025, Lisa Beth notes that her theme of the year is “consistency” and how this is important not only in work but also in being present with family, friends, and community. In terms of the ethics and compliance landscape, they discuss how this will likely be a year of change in regulations in the US and globally and the importance of being agile.

Lisa Beth was recently certified by Women in AI Governance as a Founding Quantum Member. She discusses the importance of learning about AI for E&C professionals and says this is a good time to start a wide learning journey in AI as the field expands.

In the earlier GWIC iteration, Ellen Hunt joined Lisa every year to discuss the state of the function before she officially joined “Team GWIC,” we hope Lisa Beth will reflect with us next year, too.

Categories
Blog

Revolutionizing Compliance with AI-Powered KPIs 

In the modern corporate landscape, traditional key performance indicators (KPIs) are struggling to meet the demands of dynamic compliance environments. These legacy metrics often fail to align operations, prioritize resources, and drive accountability toward strategic objectives. For compliance professionals, these shortcomings are particularly critical: ineffective KPIs can lead to missed risks, inefficient processes, and poor decision-making, ultimately jeopardizing organizational integrity.

In a recent article in the Sloan Management Review, entitled The Future of Strategic Measurement: Enhancing KPIs With AI, authors Michael Schrage, David Kiron, François Candelon, Shervin Khodabandeh, and Michael Chu explored these and other issues, which I have adapted for the compliance professional.  By incorporating artificial intelligence (AI), organizations are reimagining what KPIs can accomplish—not just as performance trackers but as drivers of strategic differentiation and value creation.

The Shortcomings of Legacy KPIs in Compliance

Legacy KPIs often focus narrowly on outputs, such as the number of training sessions conducted or hotline calls logged. While these metrics provide valuable data, they frequently fail to provide solid information in various ways. The first is that legacy KPIs are taken in a vacuum with no appreciation of the interconnected nature of corporate risks. Just as compliance does not (or at least should not) operate in a vacuum, risks in one area often cascade into others, yet traditional KPIs rarely reflect these interdependencies. The retrospective nature of KPIs. Metrics rooted in historical data are inherently backward-looking, limiting their utility for forecasting and proactive risk management.

Finally, corporate silos, which are a perennial challenge in compliance, and static KPIs can reinforce them rather than foster cross-functional collaboration. Legacy KPIs do not promote alignment across disparate corporate functions. These limitations hinder a compliance professional’s ability to effectively anticipate, prevent, and address misconduct.

Enter Smart KPIs: A New Era of Compliance Metrics

AI-powered KPIs offer a smarter, more dynamic approach to performance measurement. These metrics are descriptive, predictive, and prescriptive. Such metrics will allow a corporate compliance function to provide new and different insights, such as some of the following.

  • Analyze past and current compliance performance to identify gaps.
  • Anticipate future risks and compliance trends based on patterns in data.
  • Recommend actions to mitigate risks and optimize outcomes.

For example, AI can transform a traditional metric like the “number of third-party audits conducted” into a prescriptive KPI that evaluates audit results, predicts the highest risk areas, and recommends corrective actions.

Case Study: Wayfair and the Evolution of Lost-Sales KPIs

The article discussed Wayfair’s reengineering of its lost-sales KPI and offers valuable insights for compliance professionals. Initially, the retailer calculated lost sales on an item-by-item basis, but AI analysis revealed that many “lost” sales were category retentions, as customers purchased alternative items. This revelation led Wayfair to redesign its KPI to measure category-based retention. The result? Smarter metrics aligned product placement with operational constraints, improving customer satisfaction and operational efficiency.

This case study provides a clear set of lessons for corporate compliance and the compliance professional. Compliance teams can use AI to rethink KPIs that do not fully capture performance nuances. For instance, instead of merely tracking the number of training completions, a smarter KPI could evaluate behavioral changes post-training or identify employees most at risk of ethical lapses based on historical data. This, in turn, could provide greater insight into training effectiveness and how a compliance professional might think about targeted training.

KPI Governance: A Compliance Imperative 

One of the most critical aspects of AI-enhanced KPIs is governance. Organizations need robust governance mechanisms to ensure KPIs evolve with strategic objectives and maintain their relevance over time. For a compliance professional, this means several different approaches.

  1. Continuous Review of Metrics. Regularly revisiting KPIs to ensure they remain aligned with evolving regulatory landscapes and business priorities.
  2. Meta-KPIs for Quality Assurance. Developing “KPIs for KPIs” to assess their accuracy, relevance, and effectiveness.
  3. Cross-Functional Oversight. Establishing governance structures that bring together compliance, legal, and operational teams to oversee metric design and implementation.

The bottom line is that accountability for KPI performance, both the metrics themselves and the outcomes they drive, must be embedded into the compliance framework.

How AI Enhances Compliance KPIs

AI-enhanced KPIs bring new capabilities to compliance programs in three key manners. First, in risk anticipation. Predictive KPIs can identify emerging compliance risks, such as regulatory changes, third-party risk management, or shifts in employee behavior, enabling proactive mitigation. The second area is holistic insights. By analyzing data across functions, AI can uncover hidden correlations, such as how employee hotline reports, visits to the compliance department website, or even the number of requests to FAQs might signal compliance risks in supply chain operations. Finally is the area of targeted recommendations. Prescriptive KPIs can suggest specific actions, like prioritizing high-risk vendors for audits or tailoring training to address observed knowledge gaps. For example, AI could analyze whistleblower reports alongside financial data to identify patterns indicative of systemic fraud, providing actionable insights for remediation. 

 This more holistic approach also addresses one of the key risk areas around KPIs: stagnate KPIs. The 2008 financial crisis underscores the dangers of relying on outdated KPIs. Banks’ dependence on “value at risk” metrics, which failed to account for the growing influence of subprime mortgages, contributed to catastrophic losses. Compliance professionals must guard against similar pitfalls by regularly challenging assumptions underpinning legacy KPIs. AI can aid in this process by continuously analyzing data to reveal when a metric is no longer fit for purpose.

Steps to Implement Smarter Compliance KPIs

Compliance professionals can take the following steps to transition from legacy to AI-enhanced KPIs.

  1. Audit Existing KPIs. Assess whether current metrics adequately capture compliance risks and align with strategic objectives.
  2. Leverage AI for Data Analysis. Use AI tools to uncover hidden patterns in compliance data, such as correlations between employee turnover and ethics violations.
  3. Collaborate Across Functions. Work with IT, legal, and operations teams to ensure KPI redesigns reflect organizational priorities.
  4. Invest in Training and Culture. Equip compliance teams with the skills to interpret and act on AI-generated insights while fostering a culture of data-driven decision-making.
  5. Monitor and Improve KPIs. Establish processes for ongoing KPI evaluation, ensuring they evolve alongside regulatory and stakeholder input and business changes.

Challenges and Ethical Considerations 

While AI-enhanced KPIs offer immense potential, they also present challenges. These challenges include some of the following. Just as with more generative AI, algorithms can be biased. AI models are only as unbiased as the data on which they are trained. Compliance teams must ensure that their AI systems uphold principles of fairness and equity. Always remember the Human in the Loop to preclude over-reliance on AI. While AI can inform decision-making, it should not replace human judgment. Compliance professionals must strike a balance between algorithmic insights and ethical considerations. Finally, there are data privacy concerns. Collecting and analyzing large datasets for KPI development must comply with data privacy regulations.  

Conclusion: The Future of Compliance Metrics 

The rise of AI-enhanced KPIs marks a paradigm shift in measuring and managing compliance performance. By embracing smarter, more dynamic metrics, compliance professionals can gain deeper insights, anticipate risks, and drive better outcomes.  Much like Wayfair and other forward-thinking organizations, compliance teams must be willing to challenge the status quo, leverage technology, and prioritize continuous improvement. The era of static, backward-looking KPIs is over. In its place is a future where smart KPIs enable compliance functions to not only measure performance but actively enhance it—turning compliance from a cost center into a source of strategic value. The question is not whether your organization should adopt AI-powered KPIs but how soon your compliance program can reap the benefits. The time to act is now.