Tag: CCO

Categories
Blog

Top Compliance Leadership Skills for the Wild Wild West that is Coming – Part 2, Curiosity

This week, Donald Trump was inaugurated as the 47th President of the United States. I can only say with complete certainty that the world of compliance will never be the same. Trump not only promises tariffs and sanctions against America’s enemies and competitors but also promises them against America’s friends. His views on the Foreign Corrupt Practices Act (FCPA) are well known (‘a horrible law’), and so are his views on bribery.

He may well be the first President to employ the FCPA as a tactical weapon against companies from countries that are not only the US’s enemies and competitors but also our allies. This is nothing to say about how he will direct the Department of Justice to use the Foreign Extortion Prevention Act (FEPA) against our enemies, competitors, and allies. So prepare for the Wild West of corporate compliance for the next four years.

As compliance professionals face this miasma in 2025, compliance leadership skills will be more critical than ever. With these new, renewed, and mounting regulatory pressures, declining employee engagement, and intensifying demand for ethical corporate governance, the role of compliance leaders has never been more pivotal or challenging.

This week, I am looking at three leadership skills for the Chief Compliance Officer (CCO), compliance professional, or compliance practitioner to focus on for this sea change in compliance. One faces outward, one faces inward, and the third relates to your attitude. They are (1) fairness, (2) curiosity, and (3) a sense of humor. These three skills will enhance your team’s effectiveness and strengthen your organization’s overall compliance posture. Yesterday, we considered fairness. Today, we look at the curiosity of the compliance professional.

Curiosity: Your Secret Weapon for Compliance Growth 

From my experience, curiosity is a game-changer in compliance. Indeed, in the initial Radical Compliance podcast, Matt Kelly interviewed Hui Chen about the original (2017) Evaluation of Corporate Compliance Programs; she said it was designed to get compliance professionals and CCOs to ask questions about their compliance programs.

Besides the Trump Administration, in 2025, compliance programs will face emerging challenges such as AI ethics, ESG requirements, and new data privacy laws. Curiosity enables compliance leaders to stay ahead of these trends, fostering innovation and adaptability in their programs. Curious leaders break free from silos, seek new knowledge, and inspire their teams to think creatively. This mindset is critical for identifying risks and opportunities in an unpredictable regulatory environment.

Curiosity drives innovation, sharpens problem-solving skills, and helps compliance officers identify risks and opportunities others may overlook. But how can compliance professionals actively cultivate curiosity in themselves and their teams? Here’s a roadmap to help you stay informed, ask better questions, and fill critical knowledge gaps.

Stay Informed on Industry Trends 

Regulatory landscapes are shifting faster than ever, with new challenges arising in artificial intelligence (AI), environmental, social, and governance (ESG) standards, and data privacy. Compliance professionals must proactively stay informed about these trends to keep their programs agile and relevant. Indeed, every Deferred Prosecution (DPA) includes language mandating awareness of other businesses in their industry and any compliance developments.

What are some of the action steps a compliance professional or CCO can take? If you are reading this blog post, it is an excellent first step. You can listen to one or more of the 50 podcasts on the Compliance Podcast Network. Both steps will put you on the cutting edge of the nuts and bolts of compliance. For topical compliance news and analysis, you can read well-known commentators such as Matt Kelly on Radical Compliance. You can read industry publications like Compliance Week or law firm or consulting firm newsletters on topical compliance issues. Focus on emerging areas like AI ethics, ESG enforcement actions, and updates to GDPR or other privacy frameworks.

Attending webinars and conferences are excellent opportunities to hear from industry leaders, regulators, and peers. These conferences include Ethisphere and Compliance Week in the spring and SCCE and ACI in the fall. These events provide real-time insights and practical strategies for addressing emerging risks. When you attend such events, you can often garner as much information by networking with your peers. You can also join professional organizations, such as SEEC, ACFE, ECI, and others, which often have online forums to exchange knowledge and share best practices with other compliance professionals.

By staying informed, you can anticipate changes before they disrupt your organization and position yourself as a forward-thinking compliance leader.

Ask Better Questions 

Compliance professionals are often tasked with identifying risks and making decisions under uncertainty. The quality of the questions you ask determines the depth of your understanding and the effectiveness of your solutions. Traditional compliance questions like “What’s the risk here?” are essential but can be limiting. To foster curiosity, you need to dig deeper and challenge assumptions.

What are some examples of better questions you can ask? Start with such basics as “What assumptions are we making, and how can we test them?” This question helps uncover blind spots in risk assessments or compliance strategies. Follow up with questions like “How does this risk evolve?” Understanding the lifecycle of a risk can help you develop proactive mitigation strategies. Always add this query to your repertoire: “What can we learn from other industries?” Exploring how different sectors handle similar challenges can inspire innovative solutions in your company.

You should work to apply all of this in your everyday compliance work. Start by encouraging your team to approach problems from multiple angles. Take your risk assessment, where you can consider not just the likelihood and impact of a risk but also the assumptions underlying those ratings. This mindset shift leads to more robust and effective compliance strategies.

 Fill Knowledge Gaps 

In the compliance field, the more you know, the more you realize how much you still need to learn. Recognizing and addressing knowledge gaps is a critical skill for any compliance professional. Think about compliance issues in some of the following ways: Reflect on your recent projects or decisions. Consider if there were times when you felt unsure or relied heavily on external experts. Keep track of emerging topics where you only have surface-level knowledge, such as ESG reporting requirements or AI regulations. Finally, do not be afraid to ask your team for feedback. They may identify areas where additional expertise could strengthen the program.

Encourage Curiosity in Your Team

Curiosity is not simply a personal trait but a cultural value that compliance leaders can cultivate within their teams. A curious team is more likely to challenge assumptions, identify risks early, and propose creative solutions. You do not have to send your team to conferences to foster curiosity. You can do that yourself by creating opportunities for cross-functional in-house learning. Invite experts from other departments, such as cybersecurity, ESG, or finance, to share insights during compliance meetings. This not only broadens your team’s knowledge but also strengthens cross-departmental collaboration.

Encourage “What If” scenarios by asking your team to imagine hypothetical scenarios and explore how they would address them. Such as, “What if we faced a cyber breach tomorrow?” or “What if a supplier violated ESG standards?” It can be a perfect starting point for you and your entire team. Finally, celebrate curiosity by recognizing and rewarding team members who ask insightful questions, propose innovative ideas, or learn about emerging risks. By embedding curiosity into your team’s culture, you empower them to think critically and proactively, enhancing the overall effectiveness of your compliance program.

Curiosity is a powerful tool that enhances professional growth and strengthens compliance programs’ resilience and adaptability. In 2025 and beyond, compliance leaders who embrace curiosity will be best positioned to navigate uncertainty, address emerging risks, and lead their organizations confidently.

Join us tomorrow as we explain why having a sense of humor may be the most important skill for surviving the new administration’s inevitable chaos.

Categories
Blog

Top Compliance Leadership Skills for the Wild Wild West that is Coming – Part 1, Fairness

Today, Donald Trump will be inaugurated as the 47th President of the United States. I can only say with complete certainty that the world of compliance will never be the same after today. Trump promises tariffs and sanctions against America’s enemies, competitors, and friends. His views on the Foreign Corrupt Practices Act (FCPA) are well known (‘a horrible law’), and so are his views on bribery.

He may well be the first President to employ the FCPA as a weapon against companies from countries that are not only the US’s enemies and competitors but also our allies. This is nothing to say about how he will direct the Department of Justice to use the Foreign Extortion Prevention Act (FEPA) against our enemies, competitors, and allies. So get ready for the Wild West of corporate compliance for the next four years.

As compliance professionals face this miasma in 2025, compliance leadership skills will be more critical than ever. With these new, renewed, and mounting regulatory pressures, declining employee engagement, and intensifying demand for ethical corporate governance, the role of compliance leaders has never been more pivotal or challenging.

To navigate the first part of this Wild West, I propose three leadership skills for the Chief Compliance Officer (CCO), compliance professional, or compliance practitioner to focus on. One faces outward, one faces inward, and the third relates to your attitude. They are (1) fairness, (2) curiosity, and (3) a sense of humor. These three skills will enhance your team’s effectiveness and strengthen your organization’s overall compliance posture.

Fairness: The Cornerstone of Compliance Leadership

Fairness is the bedrock of a strong compliance culture. Employees who perceive their leaders as fair are likelier to adhere to policies, report concerns, and contribute to an ethical workplace. With 70% of workers dissatisfied with their pay and disengagement on the rise, fairness is no longer optional; it is essential. You only need to conference the entire controversy around Return to the Office (RTO) at JP Morgan when, as the Wall Street Journal reported, the company disabled its internal chat function because of the plethora of negative comments on the full implementation of RTO. Talk about not wanting to hear what is on your employees’ collective minds.

Fairness extends beyond legal compliance into the realm of interpersonal relationships. For compliance leaders, this means:

1. Relationship Justice-Treating employees with professionalism, dignity, and respect

Relationship justice is the foundation of trust in any organization and a critical component of compliance leadership. It involves treating employees as valued contributors, respecting them, and maintaining professionalism. Leaders who model relationship justice foster an environment where employees feel psychologically safe to raise concerns, share ideas, and report potential misconduct. For compliance professionals, this means actively listening to employee feedback, addressing grievances promptly, and avoiding behaviors that could be perceived as favoritism or bias. Consistently demonstrating respect and dignity reinforces ethical culture and strengthens employee morale and engagement, making them more likely to align with compliance initiatives.

2. Task Justice- Ensuring decisions are transparent and consistent.

Task justice focuses on the “how” of leadership—how decisions are made, communicated, and executed. Transparency is key to task justice; employees should understand the rationale behind decisions, especially when they affect their roles, responsibilities, or compensation. Consistency is equally important, as arbitrary or unpredictable decision-making undermines trust and can lead to perceptions of unfairness. Compliance leaders can implement task justice by using structured frameworks for decision-making, such as compliance risk matrices, and by documenting the process for policy updates or disciplinary actions. Clear communication of decisions and opportunities for employees to ask questions or provide feedback ensures that everyone feels included and informed, reducing resentment and fostering collaboration.

3. Distributive Justice – Aligning rewards with individual contributions

Distributive justice ensures that rewards, recognition, and outcomes are proportionate to the effort and contributions of individual employees. This dimension of fairness requires leaders to assess performance objectively and ensure that rewards—whether promotions, bonuses, or simple recognition—are distributed equitably. For compliance professionals, distributive justice can manifest in recognizing team members’ contributions to audits, investigations, or training programs. Leaders should avoid blanket recognition that overlooks individual effort and tailor rewards to highlight specific accomplishments. Employees who feel their contributions are valued and acknowledged are more likely to remain engaged, motivated, and committed to compliance goals. Ultimately, distributive justice reinforces the message that ethical behavior and hard work are consistently rewarded.

The CCO is pivotal in embedding fairness within the compliance program and the broader corporate culture. The DOJ refers to this as Institutional Justice and Fairness in the 2024 Evaluation of Corporate Compliance Programs. Whatever you (or the DOJ) might call this, the CCO must prioritize transparency, consistency, and respect across all compliance and cultural touchpoints to achieve this.

First, fairness starts with transparent processes in the compliance program. The CCO should establish clear protocols for investigations, audits, and disciplinary actions, ensuring employees understand the steps and criteria used in decision-making. The CCO can reduce bias and promote consistency by leveraging tools such as decision matrices or documented frameworks. Regular communication about compliance updates, policy changes, and enforcement actions reinforces transparency and builds trust.

Second, fairness in corporate culture is achieved through relationship-building and recognition. The CCO should foster open dialogue by creating channels for employees to voice concerns without fear of retaliation. Training programs emphasizing fairness—such as workshops on unconscious bias or ethical leadership—can cultivate a more respectful workplace. The CCO must ensure that ethical behavior and contributions to compliance efforts are consistently acknowledged and rewarded.

Ultimately, by modeling fairness in leadership and weaving it into compliance processes and cultural practices, the CCO sets the standard for ethical behavior, fostering employee trust and long-term organizational integrity.

Join us tomorrow to explore curiosity and the CCO/compliance professional.

Categories
Great Women in Compliance

Great Women in Compliance – Catherine Razzano on Leading with Passion

In this week’s episode, Hemma visits Catherine Razzano, a veteran legal and compliance expert and Head of Global Legal Compliance at social media giant TikTok.

Learn about Catherine’s transition from private practice to in-house compliance work as she shares her journey from a prestigious clerkship and partnership track in Big Law with an FCPA and white-collar practice to leading in-house compliance teams at General Dynamics, Panasonic, and TikTok. Hemma asked Catherine about the challenges and benefits of working under a monitorship, with Catherine emphasizing the importance of relationship building and trust. Catherine also shared her experiences leading teams under scrutiny and pressure, including during the pandemic and at TikTok.

Catherine discusses the source of her firm commitment to mentoring and sponsoring the next generation of ethics and compliance leaders. Tune in to hear inspiring insights on the importance of intentionality and finding your passion when navigating transitions as we enter the second quarter of the century in 2025.

Highlights include:

  • Managing compliance teams under scrutiny and pressure
  • Culture-building in global organizations
  • Navigating different industries as a compliance professional
  • Following your passion for career growth and transitions
  • The importance of mentoring and sponsorship

Biography:

Catherine Razzano is the Head of Legal Compliance at TikTok, the social media giant where she leads a global team of compliance professionals. She joined TikTok from Panasonic Avionics Corp., where she was hired in 2018 to help the company strengthen its compliance systems while under independent oversight following an investigation into violations of U.S. antibribery law. Before Panasonic, Catherine was an Associate General Counsel and Director of International Law & Compliance at General Dynamics after leaving her white-collar criminal practice at prestigious law firms, Cadwalader Wickersham and Taft and Clifford Chance, LLP, and serving as Judicial Law Clerk to the Honorable John M. Facciola in the United States District Court for the District of Columbia

Thanks, as always, to our sponsor, Corporate Compliance Insights, and our wonderful #GWIC community. You can join the Great Women in Compliance community on LinkedIn here.

Categories
Blog

The Personalization Imperative: Lessons for Compliance Professionals 

Personalization has emerged as a transformative force in modern business and modern communications. Marketing is no longer about addressing a customer by name in an email but delivering tailored experiences at scale, powered by artificial intelligence (AI) and data-driven insights. In a recent article in the Harvard Business Review, entitled Personalization Done Right, authors Mark Abraham and David Edelman wrote about how companies like SonderMind, Spotify, and Sweetgreen lead the charge, using innovative personalization strategies to create value and delight their customers. However, personalization presents some interesting opportunities for compliance professionals to balance innovation with regulatory obligations, ethical considerations, and data privacy concerns.

Today, I want to examine the lessons that compliance professionals can draw from the personalization strategies outlined in the BCG Personalization Index. I will focus on maintaining compliance while enabling businesses to leverage personalization as a competitive advantage. 

The Five Promises of Personalization 

Personalization leaders succeed by fulfilling five implicit promises to their customers:

  1. Empower Me – Make my experience seamless and intuitive.
  2. Know Me – Use my data responsibly to understand my needs.
  3. Reach Me – Engage with me at the right time, on the right channel.
  4. Show Me – Provide relevant, tailored content.
  5. Delight Me – Continuously improve my experience through innovation.

Each of these promises presents opportunities and risks that compliance professionals must navigate.

  • Empower Me: Enhancing the Customer Journey 

Businesses like SonderMind demonstrate how personalization can empower users. SonderMind’s mental wellness app analyzes individual data to suggest actionable steps, such as meditation or journaling, and arm therapists with anonymized insights to optimize treatment plans. This results in better outcomes for patients and reduced costs for insurers.

For the compliance professional empowering employees (the customers of compliance), Personalization leaders start by asking: How can I make the employee’s experience better by personalizing it? For a compliance professional, this means understanding an employee’s unique needs at every step of their journey and deciding how personalization can best help them. The Department of Justice calls this ‘targeted’ training and communications.

  • Know Me: Building Trust Through Data 

The authors point to Sweetgreen, “a newcomer to the restaurant business relative to the largest chains,” which illustrates this point well. Right from its start, in 2007, it invested in building digital customer relationships. It launched a mobile app in 2013, ahead of many large restaurant chains, and progressively added features such as mobile ordering, delivery, personalized offers and challenges, and a loyalty program to drive digital engagement.

Here, the compliance professional can not only stream compliance communications more efficiently but also use those same communications to build relationships and trust with your employees. Obviously, this is directly in the compliance wheelhouse, as data governance is paramount. Compliance teams must oversee the integration of customer data across systems, ensuring it is accurate, secure, and used in accordance with stated policies.

  • Reach Me: Engaging Responsibly 

Having the data to know the customer is not enough. Your organization must use AI to identify triggers to reach out, such as when a customer browses online or inquires. Then, orchestrate touches across channels and use smart frequency management to ensure their touches are coordinated and not overwhelming. The authors pointed to Cisco, whom they said is “a personalization leader. Its sales team knows whom to contact, when, and about what and comes armed with relevant content and demos. Because Cisco’s sales and marketing teams are closely linked, customers get coordinated exposure to content that supports their needs and that opens up sales dialogues.”

This is precisely how compliance professionals should think about targeted and effective training and communications. This type of coordinated approach, based on employee needs or questions, can pay off with big compliance benefits. Overreach will turn off employees if the communications are bad, useless, and overwhelming. You do not want to cause ‘compliance communication fatigue.’ Compliance professionals must monitor how AI models are recommended, ensuring they align with legal standards and ethical norms.

  • Show Me: Tailoring Content 

Pandora shows how generative AI can create personalized content, reducing production times and improving engagement. The authors noted, “The global jewelry brand Pandora thrives by sparking customer interest with inspirational content. As part of its strategy, it uses AI-generated content to tailor its messaging to each customer and cut cycle times for certain types of content creation from 12 to 14 months to a mere 10 days. The company learned that personalizing the background and model image for each individual—and coordinating how the customer sees those images across emails, websites, and other ads—substantially improved conversion rates.”

This speaks to the DOJ mandate for tailored training. However, you should also consider the business ethics message you can give customers. It can be similar to that of other companies that have gotten into FCPA or other regulatory trouble, celebrating your employees who have done the right thing or consistent messages from your CEO or senior executive about doing business ethically and in compliance.

  • Delight Me: Driving Continuous Improvement 

Personalization leaders adopt agile working methods to accelerate testing and learning, improving the intelligence behind each customer interaction. Companies like DoorDash epitomize the “delight me” promise by running hundreds of micro-experiments to refine their personalization efforts. This agile approach enables rapid innovation but requires robust oversight to ensure compliance with regulations.

Continuous improvement is directly in the wheelhouse of compliance. You should be able to take the feedback you receive from your employees and incorporate that information into your future communications. Even more exciting is the opportunity to have employees individually improve their ways of doing business ethically and in compliance. Compliance professionals should collaborate with product teams to ensure experiments respect privacy laws and customer expectations.

Key Lessons for Compliance Professionals 

  1. Embrace the Role of Enabler. Compliance should not be a roadblock to innovation. Instead, compliance professionals can enable responsible personalization by embedding themselves in cross-functional teams and offering solutions aligning with business goals and regulatory requirements.
  2. Prioritize Data Privacy. As personalization relies heavily on customer data, compliance teams must prioritize data privacy and security. This includes ensuring compliance with global regulations like GDPR, CCPA, and industry-specific standards.
  3. Establish AI Governance. AI is a cornerstone of modern personalization. Compliance professionals must develop and enforce governance frameworks to ensure AI is used ethically and transparently.
  4. Foster a Culture of Transparency. Customers are more likely to trust companies that are upfront about how their data is used. Compliance teams should advocate for clear and accessible privacy policies.
  5. Monitor Regulatory Trends. Personalization efforts are subject to evolving regulations. Compliance professionals must stay informed about changes in data privacy, AI ethics, and advertising standards to guide their organizations effectively.

The Future of Compliance is Personalization 

The rise of personalization presents compliance professionals with a unique opportunity to lead. By ensuring that personalization efforts are ethical, transparent, and compliant, they can help their organizations build trust, drive innovation, and achieve sustainable growth.

As the BCG Personalization Index shows, companies that excel in personalization delight their customers and create significant business value. The same applies to a corporate compliance function and its customers, IE., employees. Compliance professionals are essential to realizing this potential, ensuring businesses can innovate responsibly and thrive in an increasingly competitive landscape.

Compliance is not simply about preventing wrongdoing but enabling your organization to do things correctly. Personalization of compliance is no exception. Compliance professionals should embrace this opportunity and take charge of a future where personalization and compliance go hand in hand.

Categories
Blog

Driving Compliance Culture: Lessons from a Skills-Based Approach to Cultural Change

Regarding compliance, the tone from the top is crucial—but culture eats tone for breakfast. Compliance professionals know that a robust compliance program is only as effective as the culture supporting it. Building and sustaining that culture, however, is no small feat. Enter the skills-based approach to cultural transformation, as laid out in Per Hugander’s article in the MIT Sloan Management Review, Take a Skills-Based Approach to Culture Change. This method provides a roadmap for embedding compliance values deeply into an organization by focusing on practical skill development and real-world problem-solving. I have adapted her skills-based approach to revolutionize compliance culture, explain why traditional methods often fall short, and provide actionable strategies for compliance professionals to lead this transformation.

Why Traditional Compliance Culture Efforts Fall Short 

Many culture-change initiatives rely on workshops, seminars, and training sessions to instill new values or behaviors. While well-intentioned, these efforts often fail to address the deeply ingrained assumptions that drive behavior. Hugander explains this through Edgar Schein’s Organizational Culture Model, which emphasizes that culture is rooted in employees’ underlying assumptions, those unconscious beliefs that determine how they think, perceive, and act.

This highlights a critical issue for compliance professionals: simply telling employees to act ethically or follow the rules isn’t enough. If underlying assumptions about risk, accountability, or success conflict with compliance values, those assumptions will prevail.

 The Skills-Based Approach: A Paradigm Shift

The skills-based approach focuses on building specific, actionable skills that directly impact critical challenges. These skills—such as perspective-taking or fostering psychological safety—are practiced in real business problems. Organizations create a feedback loop that reinforces new assumptions and behaviors by linking skill application to tangible outcomes.

For example, a compliance team could focus on enhancing perspective-taking to improve employees’ handling of ethical dilemmas. By training employees to consider different viewpoints—such as the customer, regulator, or broader community—they better understand how their actions align with the organization’s compliance goals.

Breaking the Capability Trap 

Hugander warns of the “capability trap,” a common pitfall where organizations abandon new initiatives before they yield results. This happens when the costs—time, focus, and effort—are immediate, but the rewards are delayed. To overcome this, the skills-based approach emphasizes creating short feedback loops by applying new skills to high-priority challenges. This allows employees to see the benefits of the new approach more quickly, generating momentum for change.

The capability trap might manifest in compliance when a new whistleblower program is launched but does not initially generate reports, leading leaders to doubt its effectiveness. The organization can build trust in the system and encourage broader use by coupling the program with communication training for managers and immediate action on even minor concerns raised.

Compliance Lessons from the Skills-Based Approach 

  1. Start Small, Go Deep. Hugander advocates beginning with a small team and focusing on intensive skill-building sessions tied to real challenges. This allows the team to build confidence in the new approach and generate success stories that can inspire broader adoption. This means the Chief Compliance Officer (CCO) or other compliance professional should select a pilot group, such as a high-risk department or business unit, and train them on a specific compliance skill, such as ethical decision-making or identifying conflicts of interest. Have them apply these skills to actual compliance challenges and measure the outcomes.
  2. Create Cultural Champions. Identifying and empowering influential individuals to champion new behaviors is critical. These champions provide proof of concept by demonstrating how the new skills lead to better outcomes in the organization’s context. For the CCO, work to cultivate champions within senior leadership and middle management. A senior executive might lead by example in applying transparency during a compliance audit, while a middle manager might model open discussions about ethical or integrity concerns.
  3. Link Compliance to Business Outcomes. A key feature of the skills-based approach is tying new skills to measurable business improvements. Perspective-taking and psychological safety led to increased customer acquisitions and market share in Amy Edmonson’s SEB case study. For the compliance professional, you can demonstrate how compliance initiatives support business goals. Show how enhanced due diligence processes reduce the risk of fines and improve supplier reliability, ultimately benefiting the bottom line.
  4. Address Skepticism Through Experience. Short workshops are often insufficient to win over skeptics. Instead, intensive, hands-on sessions that produce actual results are more likely to shift mindsets. Skeptics who experience success become the strongest advocates for change. Integrate compliance into strategic problem-solving sessions instead of relying solely on compliance training. This would allow the compliance function to use a compliance framework to resolve a cross-functional challenge, demonstrating its practical value.

Building Momentum for Compliance Culture Change 

The skills-based approach does not stop with a single team or project. Once initial successes are achieved, the organization can share these stories to build momentum. Hugander emphasizes the power of storytelling, using real examples to illustrate how new skills or behaviors lead to meaningful outcomes. Some strategies might be to develop case studies from early adopters of compliance initiatives within your organization. You can then share these stories through town halls, newsletters, or internal training sessions.  Finally, these success stories can be used to recruit additional teams to adopt the new compliance practices.

All of this will take a concerted effort. A one-and-done superficial effort like one-off workshops or values posters, which fail to address the deeper assumptions driving behavior, will not work. True culture change requires sustained effort, leadership buy-in, and a willingness to experiment and iterate. You must regularly assess the effectiveness of compliance initiatives through employee surveys, performance metrics, and feedback loops. Adjust strategies based on what works in practice, not just in theory.

Building a compliance culture requires more than policies and procedures; it demands a shift in the underlying assumptions and behaviors that define an organization’s operation. The skills-based approach offers a practical roadmap for achieving this transformation. By focusing on skill development, linking compliance to business outcomes, and creating cultural champions, compliance professionals can foster a culture that doesn’t just follow the rules but embraces compliance as a core value.

The journey will not be quick or easy, but the payoff of creating a resilient, ethical, and high-performing organization is well worth the effort. For compliance professionals ready to lead this charge, the skills-based approach provides the tools to turn vision into reality.

Categories
Great Women in Compliance

Great Women in Compliance – Compliance, Consistency and Agility with Lisa Beth Lentini Walker

In our 2025 kickoff episode, Lisa speaks with Lisa Beth Lentini Walker, Deputy General Counsel, Corporate Legal, and Assistant Secretary at Marqeta, the CEO and Founder of Lumen Worldwide Endeavors. Lisa Beth is also a mentor, advocate, and friend to many in the compliance community.

While many people consider a CECO role their ultimate career goal, others look to a more GC-focused role. In the past few years, Lisa Beth’s career has evolved in that way while she remains involved in compliance. In this episode, she talks about her role, how serendipity and planning helped her get to where she is, and how it is important to be intentional while staying open to new opportunities.

In discussing 2025, Lisa Beth notes that her theme of the year is “consistency” and how this is important not only in work but also in being present with family, friends, and community. In terms of the ethics and compliance landscape, they discuss how this will likely be a year of change in regulations in the US and globally and the importance of being agile.

Lisa Beth was recently certified by Women in AI Governance as a Founding Quantum Member. She discusses the importance of learning about AI for E&C professionals and says this is a good time to start a wide learning journey in AI as the field expands.

In the earlier GWIC iteration, Ellen Hunt joined Lisa every year to discuss the state of the function before she officially joined “Team GWIC,” we hope Lisa Beth will reflect with us next year, too.

Categories
Blog

Revolutionizing Compliance with AI-Powered KPIs 

In the modern corporate landscape, traditional key performance indicators (KPIs) are struggling to meet the demands of dynamic compliance environments. These legacy metrics often fail to align operations, prioritize resources, and drive accountability toward strategic objectives. For compliance professionals, these shortcomings are particularly critical: ineffective KPIs can lead to missed risks, inefficient processes, and poor decision-making, ultimately jeopardizing organizational integrity.

In a recent article in the Sloan Management Review, entitled The Future of Strategic Measurement: Enhancing KPIs With AI, authors Michael Schrage, David Kiron, François Candelon, Shervin Khodabandeh, and Michael Chu explored these and other issues, which I have adapted for the compliance professional.  By incorporating artificial intelligence (AI), organizations are reimagining what KPIs can accomplish—not just as performance trackers but as drivers of strategic differentiation and value creation.

The Shortcomings of Legacy KPIs in Compliance

Legacy KPIs often focus narrowly on outputs, such as the number of training sessions conducted or hotline calls logged. While these metrics provide valuable data, they frequently fail to provide solid information in various ways. The first is that legacy KPIs are taken in a vacuum with no appreciation of the interconnected nature of corporate risks. Just as compliance does not (or at least should not) operate in a vacuum, risks in one area often cascade into others, yet traditional KPIs rarely reflect these interdependencies. The retrospective nature of KPIs. Metrics rooted in historical data are inherently backward-looking, limiting their utility for forecasting and proactive risk management.

Finally, corporate silos, which are a perennial challenge in compliance, and static KPIs can reinforce them rather than foster cross-functional collaboration. Legacy KPIs do not promote alignment across disparate corporate functions. These limitations hinder a compliance professional’s ability to effectively anticipate, prevent, and address misconduct.

Enter Smart KPIs: A New Era of Compliance Metrics

AI-powered KPIs offer a smarter, more dynamic approach to performance measurement. These metrics are descriptive, predictive, and prescriptive. Such metrics will allow a corporate compliance function to provide new and different insights, such as some of the following.

  • Analyze past and current compliance performance to identify gaps.
  • Anticipate future risks and compliance trends based on patterns in data.
  • Recommend actions to mitigate risks and optimize outcomes.

For example, AI can transform a traditional metric like the “number of third-party audits conducted” into a prescriptive KPI that evaluates audit results, predicts the highest risk areas, and recommends corrective actions.

Case Study: Wayfair and the Evolution of Lost-Sales KPIs

The article discussed Wayfair’s reengineering of its lost-sales KPI and offers valuable insights for compliance professionals. Initially, the retailer calculated lost sales on an item-by-item basis, but AI analysis revealed that many “lost” sales were category retentions, as customers purchased alternative items. This revelation led Wayfair to redesign its KPI to measure category-based retention. The result? Smarter metrics aligned product placement with operational constraints, improving customer satisfaction and operational efficiency.

This case study provides a clear set of lessons for corporate compliance and the compliance professional. Compliance teams can use AI to rethink KPIs that do not fully capture performance nuances. For instance, instead of merely tracking the number of training completions, a smarter KPI could evaluate behavioral changes post-training or identify employees most at risk of ethical lapses based on historical data. This, in turn, could provide greater insight into training effectiveness and how a compliance professional might think about targeted training.

KPI Governance: A Compliance Imperative 

One of the most critical aspects of AI-enhanced KPIs is governance. Organizations need robust governance mechanisms to ensure KPIs evolve with strategic objectives and maintain their relevance over time. For a compliance professional, this means several different approaches.

  1. Continuous Review of Metrics. Regularly revisiting KPIs to ensure they remain aligned with evolving regulatory landscapes and business priorities.
  2. Meta-KPIs for Quality Assurance. Developing “KPIs for KPIs” to assess their accuracy, relevance, and effectiveness.
  3. Cross-Functional Oversight. Establishing governance structures that bring together compliance, legal, and operational teams to oversee metric design and implementation.

The bottom line is that accountability for KPI performance, both the metrics themselves and the outcomes they drive, must be embedded into the compliance framework.

How AI Enhances Compliance KPIs

AI-enhanced KPIs bring new capabilities to compliance programs in three key manners. First, in risk anticipation. Predictive KPIs can identify emerging compliance risks, such as regulatory changes, third-party risk management, or shifts in employee behavior, enabling proactive mitigation. The second area is holistic insights. By analyzing data across functions, AI can uncover hidden correlations, such as how employee hotline reports, visits to the compliance department website, or even the number of requests to FAQs might signal compliance risks in supply chain operations. Finally is the area of targeted recommendations. Prescriptive KPIs can suggest specific actions, like prioritizing high-risk vendors for audits or tailoring training to address observed knowledge gaps. For example, AI could analyze whistleblower reports alongside financial data to identify patterns indicative of systemic fraud, providing actionable insights for remediation. 

 This more holistic approach also addresses one of the key risk areas around KPIs: stagnate KPIs. The 2008 financial crisis underscores the dangers of relying on outdated KPIs. Banks’ dependence on “value at risk” metrics, which failed to account for the growing influence of subprime mortgages, contributed to catastrophic losses. Compliance professionals must guard against similar pitfalls by regularly challenging assumptions underpinning legacy KPIs. AI can aid in this process by continuously analyzing data to reveal when a metric is no longer fit for purpose.

Steps to Implement Smarter Compliance KPIs

Compliance professionals can take the following steps to transition from legacy to AI-enhanced KPIs.

  1. Audit Existing KPIs. Assess whether current metrics adequately capture compliance risks and align with strategic objectives.
  2. Leverage AI for Data Analysis. Use AI tools to uncover hidden patterns in compliance data, such as correlations between employee turnover and ethics violations.
  3. Collaborate Across Functions. Work with IT, legal, and operations teams to ensure KPI redesigns reflect organizational priorities.
  4. Invest in Training and Culture. Equip compliance teams with the skills to interpret and act on AI-generated insights while fostering a culture of data-driven decision-making.
  5. Monitor and Improve KPIs. Establish processes for ongoing KPI evaluation, ensuring they evolve alongside regulatory and stakeholder input and business changes.

Challenges and Ethical Considerations 

While AI-enhanced KPIs offer immense potential, they also present challenges. These challenges include some of the following. Just as with more generative AI, algorithms can be biased. AI models are only as unbiased as the data on which they are trained. Compliance teams must ensure that their AI systems uphold principles of fairness and equity. Always remember the Human in the Loop to preclude over-reliance on AI. While AI can inform decision-making, it should not replace human judgment. Compliance professionals must strike a balance between algorithmic insights and ethical considerations. Finally, there are data privacy concerns. Collecting and analyzing large datasets for KPI development must comply with data privacy regulations.  

Conclusion: The Future of Compliance Metrics 

The rise of AI-enhanced KPIs marks a paradigm shift in measuring and managing compliance performance. By embracing smarter, more dynamic metrics, compliance professionals can gain deeper insights, anticipate risks, and drive better outcomes.  Much like Wayfair and other forward-thinking organizations, compliance teams must be willing to challenge the status quo, leverage technology, and prioritize continuous improvement. The era of static, backward-looking KPIs is over. In its place is a future where smart KPIs enable compliance functions to not only measure performance but actively enhance it—turning compliance from a cost center into a source of strategic value. The question is not whether your organization should adopt AI-powered KPIs but how soon your compliance program can reap the benefits. The time to act is now.

Categories
Blog

The Character Imperative in Leadership: A Lesson for Compliance Professionals

When discussing leadership transitions at troubled organizations, one recurring theme is often overlooked: character’s pivotal role in shaping culture and outcomes. In an MIT Sloan Management Review article entitled “Make Character Count in Hiring and Promoting,” Mary Crossan posited, “Most managers focus on competencies when evaluating candidates—but it’s a character that will transform the DNA of the organization.”

The recent challenges faced by Boeing serve as a cautionary tale for compliance professionals worldwide. Despite their technical prowess and storied history, Boeing’s leadership failures, rooted in compromised decision-making and a lack of character-driven judgment, led to catastrophic consequences for safety, public trust, and, ultimately, their bottom line.

The leadership debate at Boeing has focused narrowly on whether the next CEO should be an engineer or an accountant, emphasizing competencies over character. This approach underscores a persistent failure across industries to recognize that strong character-based judgment is a cornerstone of ethical leadership and compliance success.

This offers a critical lesson for compliance professionals: character matters as much as, if not more than, competence. The organizational culture we build reflects the character of the individuals we hire, promote, and retain. Compliance leaders must champion character as a vital element in talent development and how to embed this principle into their practices.

Competence vs. Character: Understanding the Difference 

Competence concerns what someone can do, their technical skills, knowledge, and experience. It varies by organization, role, and level within the hierarchy. In contrast, the character is about who someone is. It’s universal and intrinsic, shaped over a lifetime, and critical to ethical decision-making.

Research shows that character comprises 11 interconnected dimensions, each manifesting in observable behaviors. These dimensions include courage, humility, temperance, accountability, and judgment. Importantly, character isn’t static; it’s a habit that can be developed and refined over time.

When organizations equate character with a narrow set of qualities, such as drive and accountability, they risk embedding toxicity and poor judgment into their culture. For example, a leader with unrestrained courage may veer into reckless decision-making without the tempering force of humility. Such imbalances ripple through the organization, driving disengagement and turnover among those with stronger, more balanced character.

This interplay between character and culture is a leverage point for compliance professionals. We can foster ethical cultures prioritizing accountability, transparency, and trust by elevating character assessments to the same level as competence evaluations. 

Character Interviews: A Tool for Compliance Leaders

Traditional interviews focus on competencies through structured questions and rubrics. Character interviews, however, require a more nuanced approach. They are conversational and personalized, designed to explore a candidate’s life story and reveal their character dimensions.

Here are key considerations for conducting effective character interviews:

  1. Prepare by Developing Your Own Character. To assess the character of others, interviewers must first reflect on their biases and imbalances. For instance, understanding the dimension of justice requires recognizing how systemic privileges and inequities shape perceptions of fairness.
  2. Engage in Genuine Conversations. A character interview should feel less like a formal assessment and more like exploring the candidate’s experiences, motivations, and values. This approach uncovers the layers of their character organically.
  3. Probing Questions and Observational Insights. Start with broad, open-ended questions and follow the threads of the candidate’s responses. For example, if candidates emphasize their innovative drive, explore how they’ve balanced it with temperance or collaboration.
  4. Cluster Dimensions to Identify Strengths and Weaknesses .Character dimensions are interconnected and should be evaluated holistically. A candidate with strong accountability and courage but weak temperance might struggle to balance ambition with thoughtful decision-making.
  5. Assess the Interviewer’s Character. Character interviews reveal the interviewee’s strengths and weaknesses as well as the interviewer’s. Candidates often assess organizations based on the character of those conducting the interviews.

Character in Promotions and Talent Development

Promotions signal what qualities an organization values most. When those decisions prioritize competence over character, they risk elevating individuals whose imbalances could undermine ethical culture.

One effective approach is integrating character assessments into 360-degree reviews for promotion candidates. For example, an organization identified a highly competent leader whose humility and collaboration needed development. By assigning him to an unfamiliar overseas role, they created an environment where he had to rely on others and build relationships, strengthening his weaker character dimensions.

Compliance professionals can advocate for similar strategies, ensuring that promotions are about past performance and readiness for ethical leadership.

Building Character-Based Cultures in Compliance

Embedding character into hiring and promotion decisions isn’t just about individual roles; it’s about shaping organizational DNA. Here is how compliance teams can lead this transformation:

  1. Educate on the Importance of Character. Host workshops or training sessions on the 11 dimensions of character and their relevance to compliance and ethical decision-making.
  2. Develop Character Assessment Tools. Create structured yet flexible frameworks for evaluating character in interviews, performance reviews, and succession planning.
  3. Provide Feedback for Development. Constructive feedback helps individuals recognize and address character imbalances. Compliance leaders can normalize character development as an ongoing process.
  4. Model Character-Driven Leadership. Compliance teams should exemplify the values they seek in others, demonstrating integrity, transparency, and humility in their interactions and decision-making.

The Compliance Professional’s Role

Character-driven leadership is essential to navigating today’s complex ethical landscape. For compliance professionals, this means advocating for systems that value character alongside competence. It means challenging the status quo in talent management and championing leaders who embody integrity, humility, and balanced judgment.

Boeing’s leadership failures are a stark reminder of what happens when a character is sidelined. By prioritizing character in our organizations, we can mitigate risk and build cultures that inspire trust, accountability, and long-term success.

Your corporate compliance function’s future and your entire organization depend on it.

Categories
Blog

Lessons in Corporate Governance from the NRA

Corporate governance often shines brightest in times of crisis, and few organizational crises have unfolded as publicly or contentiously as the litigation involving the National Rifle Association (NRA). In a recent Order from the years of ongoing litigation in New York state, the Court mandated sweeping governance reforms, providing a treasure trove of lessons for compliance professionals seeking to strengthen Transparency, accountability, and oversight in their organizations. Regardless of your personal or political views on the NRA, this case underscores universal principles of good governance. Let’s unpack these lessons and explore how they can be applied across organizations of all types and sizes. Matt Kelly wrote about this topic in a blog post, and we explored its implications for compliance professionals in a recent episode of the Compliance into the Weeds podcast.

What Happened at the NRA?

The NRA’s troubles began with allegations of rampant mismanagement under long-time CEO Wayne LaPierre. The New York Attorney General’s lawsuit in 2020 detailed years of financial abuses, including excessive salaries and lavish spending billed to the organization, conflicts of interest, and questionable vendor relationships, held together by a structurally weak board that served as a rubber stamp for LaPierre’s decisions. The fallout included four years of litigation, a jury finding LaPierre liable for abuses, and, ultimately, a court-mandated series of governance reforms designed to ensure the NRA could never again fall victim to such mismanagement.

Key Governance Failures

The NRA’s dysfunction stemmed from several structural weaknesses common to organizations suffering from poor governance. An overpowering CEO, LaPierre, exerted an outsized influence enabled by a lack of checks and balances. There needed to be stronger board oversight, with 76 members. The board needed to be bigger and more cohesive to provide effective governance. A small faction, aligned with the CEO, controlled key decisions. There needed to be more financial controls. This absence of robust controls allowed the CEO to withhold critical information from the board. These issues, while prominent in the NRA, are not unique. Theranos, Wynn Resorts, and countless other organizations have fallen prey to similar patterns.

The Reforms: A Blueprint for Good Governance

Judge Cohen’s final ruling laid out a series of governance reforms that every compliance professional should study and consider incorporating into their organization. The Court strengthened the NRA Audit Committee in various ways. First, the entire board now elects Audit Committee members, ensuring independence. Equally importantly, former audit committee members from 2014 to 2022 are barred from future service to eliminate cronyism.

Board refreshment was given importance. The Nominating and Governance Committee must propose 20 new director candidates annually for five years, injecting fresh perspectives and reducing entrenchment. The Court created a committee on board effectiveness, recommending measures to make the large board more functional, possibly through a smaller, empowered executive committee.

There were significant areas for the compliance function and the Chief Compliance Officer (CCO). The first was a mandate that the CCO deliver an annual report detailing travel expenses, related-party transactions, and whistleblower hotline activity.  This report ensures that the board has visibility into high-risk areas. There was a section on CCO empowerment and protection. The CCO now has employment protections, including a three-year contract and two years’ severance pay if terminated without cause. These measures give the CCO the independence to address risks without fear of retaliation. Finally, there is a mandate for independent oversight, with an external consultant assisting the CCO in developing and implementing governance improvements.

Universal Lessons for Compliance Professionals

The reforms imposed on the NRA are not merely punitive; they are a masterclass in building robust governance frameworks. There are several important points for every compliance officer.

1. Empower Your Compliance Function. An independent compliance officer is a figurehead. Employment protections, direct reporting lines to the board, and clear mandates are essential to ensure the CCO can act as an effective watchdog.

2. Prioritize Transparency. Transparency must be embedded in governance structures. Mechanisms like annual compliance reports provide critical insights into organizational risks and ensure the board has the information needed to fulfill its oversight role.

3. Strengthen the Board. Boards should be diverse, independent, and active in their oversight responsibilities. Critical steps include refreshing board membership and ensuring committees are free from undue influence.

4. Focus on Financial Controls. Weak financial controls are a common thread in governance failures. Organizations should implement robust policies to monitor executive spending, conflicts of interest, and other high-risk areas.

5. Learn (and Use) from Templates The Court Order includes detailed templates for compliance reports, employment contracts, and governance policies. While tailored to the NRA’s specific issues, these documents can serve as starting points for any organization seeking to strengthen its governance practices.

Good Governance Is Universal

Good governance transcends an organization’s specific mission or values. Whether your entity is a nonprofit like the NRA, a public company, or a private enterprise, strong governance principles, an empowered board, Transparency, and accountability remain constant. Judge Cohen’s reforms highlight the importance of building durable structures that withstand the pressures of powerful personalities and shifting priorities. These reforms serve as a reminder that governance is not just about preventing crises but ensuring the organization stays true to its mission.

The NRA’s governance overhaul is a cautionary tale and an opportunity for all compliance professionals. By studying the Court’s findings and implementing similar reforms, organizations can build stronger foundations for accountability and ethical leadership.

In the words of Matt Kelly, “Good governance is a universal principle dependent on building durable structures for transparency and vigorous oversight.” Let this case inspire your efforts to create governance frameworks that protect your organization’s integrity, irrespective of its mission or values.

Categories
Compliance Into the Weeds

Compliance into the Weeds: NRA Governance Reforms: A Compliance Case Study

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode, Tom Fox and Matt Kelly dive into the intricate and unusual story of the National Rifle Association (NRA) and its recent corporate governance overhaul.

Matt and Tom explore Judge Joel Cohen’s final ruling, which mandates extensive corporate governance reforms for the NRA. These reforms address significant issues, such as a structurally weak board, poor financial controls, and an overpowering CEO in Wayne LaPierre, who misused the organization’s resources. Necessary measures discussed include revamping the board’s audit committee and introducing annual compliance reports, along with significant protections for the role of the Chief Compliance Officer.

The episode highlights the universal principles of good governance, asserting that the NRA’s reforms can serve as a valuable lesson for other organizations. Regardless of the political or ethical stance on the NRA’s activities, the implemented governance structures underscore the necessity of transparency, an empowered compliance function, and robust oversight mechanisms to prevent misuse of organizational resources. These insights are illustrated through sample agreements and templates in the court ruling, which can guide other organizations in strengthening their governance and compliance programs.

Key highlights:

  • Corporate Governance Reforms Ordered by the Court
  • Specifics of the Court-Ordered Reforms
  • Audit Committee and Board Reforms
  • Compliance and Governance Templates
  • Universal Principles of Good Governance

Resources

Matt in Radical Compliance

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn