Tag: compliance

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 10 – Leadership’s Role in Shaping Corporate Culture and Compliance

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

In today’s episode, we dive into the critical role of senior management in fostering a strong corporate culture of compliance, as highlighted by the 2022 Monaco Memo and the 2020 FCPA Resource Guide, 2nd edition. Emphasizing that corporate culture is vital to a company’s success, we discuss how the DOJ assesses ethical cultures and the importance of senior management’s active participation in compliance efforts. The episode outlines five key factors to guide senior leadership in setting, modeling, and monitoring the right tone at the top. These include clear communication of values, personal commitment to those values, supportive systems, integration into decision-making, and empowering managers to make ethically sound decisions. We conclude with three takeaways: senior management must engage in compliance, the DOJ evaluates corporate culture during investigations, and CEOs should be seen as chief compliance ambassadors.

Key highlights:

  • The Importance of Corporate Culture
  • DOJ’s Expectations for Senior Management
  • Five Factors for Effective Leadership

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 9 – Continuous Monitoring and Continuous Improvement

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

Continuous monitoring and improvement are essential in developing effective compliance programs, serving as a dynamic approach to addressing and adapting to evolving risks. This underscores the critical nature of these concepts, particularly highlighted in the 2023 update to evaluating corporate compliance programs, and emphasizes the necessity for organizations to integrate real-time data and maintain comprehensive documentation in their decision-making processes. This approach ensures compliance and fosters agility and resilience in navigating the complexities of modern business landscapes.

Key highlights:

  • Understanding Changes in Company Risks
  • Continuous Monitoring and Improvement
  • External Information Sources for Compliance

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
Business Integrity Innovations

Business Integrity Innovations: Building a Corruption – Free Zimbabwe: Doris Kumbawa’s Vision

Business Integrity Innovations is brought to you by the Center for International Private Enterprise (CIPE) and the Compliance Podcast Network (CPN). This podcast is inspired by Ethics 1st, a multi-stakeholder initiative led by CIPE that creates pathways for accountable and sustainable investment in Africa. Companies can use Ethics 1st to standardize their business practices, develop sound corporate governance systems, and demonstrate their commitment to compliance and business ethics.

In this episode of Business Integrity Innovations, hosts Tom Fox and Michele Crymes welcome Doris Kumbawa, CEO and Founder of Ethics 360, and the CIPE country representative for Zimbabwe. Doris shares her professional journey and Ethics 360’s crucial role in promoting business integrity and anti-corruption compliance training. She elaborates on the challenges faced by the informal economy in Zimbabwe and the significant impact this economy has, especially on women.

Doris discusses the collaborative efforts to formalize informal economy associations and reduce corruption through stakeholder engagement and effective policy recommendations. She also highlights the influence of Ethics 1st, a tech-based platform helping businesses transition towards ethical practices, and her work with organizations like Transparency International and the Environment Social Governance Network of Zimbabwe to promote ethical governance and compliance. This episode provides deep insights into grassroots efforts to combat corruption and foster a culture of ethics and integrity in business.

Key highlights:

  • Understanding Zimbabwe’s Informal Economy
  • Ethics 360 and Anti-Corruption Efforts
  • Impact of Ethics First on Small Businesses
  • Collaborations and Training Initiatives
  • Future Vision for Zimbabwe’s Compliance and Ethics

Resources:

Doris Kumbawa on LinkedIn

Ethics 360 on LinkedIn

CIPE

CIPE

Ethics 1st

Categories
Daily Compliance News

Daily Compliance News: January 9, 2025 – The Tribute to Jimmy Carter Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News—all from the Compliance Podcast Network. Each day, we consider four stories from the business world: compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Top stories include:

  • Tribute to Jimmy Carter in the fight against corruption. (FT)
  • Former MoviePass CEO pleads guilty to fraud. (NYT)
  • OIG issues Nursing Home compliance guidance. (National Review)
  • China will deepen the corruption fight in areas such as finance and energy. (Bloomberg)

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Check out The FCPA Survival Guide on Amazon.com.

Categories
Blog

Driving Compliance Culture: Lessons from a Skills-Based Approach to Cultural Change

Regarding compliance, the tone from the top is crucial—but culture eats tone for breakfast. Compliance professionals know that a robust compliance program is only as effective as the culture supporting it. Building and sustaining that culture, however, is no small feat. Enter the skills-based approach to cultural transformation, as laid out in Per Hugander’s article in the MIT Sloan Management Review, Take a Skills-Based Approach to Culture Change. This method provides a roadmap for embedding compliance values deeply into an organization by focusing on practical skill development and real-world problem-solving. I have adapted her skills-based approach to revolutionize compliance culture, explain why traditional methods often fall short, and provide actionable strategies for compliance professionals to lead this transformation.

Why Traditional Compliance Culture Efforts Fall Short 

Many culture-change initiatives rely on workshops, seminars, and training sessions to instill new values or behaviors. While well-intentioned, these efforts often fail to address the deeply ingrained assumptions that drive behavior. Hugander explains this through Edgar Schein’s Organizational Culture Model, which emphasizes that culture is rooted in employees’ underlying assumptions, those unconscious beliefs that determine how they think, perceive, and act.

This highlights a critical issue for compliance professionals: simply telling employees to act ethically or follow the rules isn’t enough. If underlying assumptions about risk, accountability, or success conflict with compliance values, those assumptions will prevail.

 The Skills-Based Approach: A Paradigm Shift

The skills-based approach focuses on building specific, actionable skills that directly impact critical challenges. These skills—such as perspective-taking or fostering psychological safety—are practiced in real business problems. Organizations create a feedback loop that reinforces new assumptions and behaviors by linking skill application to tangible outcomes.

For example, a compliance team could focus on enhancing perspective-taking to improve employees’ handling of ethical dilemmas. By training employees to consider different viewpoints—such as the customer, regulator, or broader community—they better understand how their actions align with the organization’s compliance goals.

Breaking the Capability Trap 

Hugander warns of the “capability trap,” a common pitfall where organizations abandon new initiatives before they yield results. This happens when the costs—time, focus, and effort—are immediate, but the rewards are delayed. To overcome this, the skills-based approach emphasizes creating short feedback loops by applying new skills to high-priority challenges. This allows employees to see the benefits of the new approach more quickly, generating momentum for change.

The capability trap might manifest in compliance when a new whistleblower program is launched but does not initially generate reports, leading leaders to doubt its effectiveness. The organization can build trust in the system and encourage broader use by coupling the program with communication training for managers and immediate action on even minor concerns raised.

Compliance Lessons from the Skills-Based Approach 

  1. Start Small, Go Deep. Hugander advocates beginning with a small team and focusing on intensive skill-building sessions tied to real challenges. This allows the team to build confidence in the new approach and generate success stories that can inspire broader adoption. This means the Chief Compliance Officer (CCO) or other compliance professional should select a pilot group, such as a high-risk department or business unit, and train them on a specific compliance skill, such as ethical decision-making or identifying conflicts of interest. Have them apply these skills to actual compliance challenges and measure the outcomes.
  2. Create Cultural Champions. Identifying and empowering influential individuals to champion new behaviors is critical. These champions provide proof of concept by demonstrating how the new skills lead to better outcomes in the organization’s context. For the CCO, work to cultivate champions within senior leadership and middle management. A senior executive might lead by example in applying transparency during a compliance audit, while a middle manager might model open discussions about ethical or integrity concerns.
  3. Link Compliance to Business Outcomes. A key feature of the skills-based approach is tying new skills to measurable business improvements. Perspective-taking and psychological safety led to increased customer acquisitions and market share in Amy Edmonson’s SEB case study. For the compliance professional, you can demonstrate how compliance initiatives support business goals. Show how enhanced due diligence processes reduce the risk of fines and improve supplier reliability, ultimately benefiting the bottom line.
  4. Address Skepticism Through Experience. Short workshops are often insufficient to win over skeptics. Instead, intensive, hands-on sessions that produce actual results are more likely to shift mindsets. Skeptics who experience success become the strongest advocates for change. Integrate compliance into strategic problem-solving sessions instead of relying solely on compliance training. This would allow the compliance function to use a compliance framework to resolve a cross-functional challenge, demonstrating its practical value.

Building Momentum for Compliance Culture Change 

The skills-based approach does not stop with a single team or project. Once initial successes are achieved, the organization can share these stories to build momentum. Hugander emphasizes the power of storytelling, using real examples to illustrate how new skills or behaviors lead to meaningful outcomes. Some strategies might be to develop case studies from early adopters of compliance initiatives within your organization. You can then share these stories through town halls, newsletters, or internal training sessions.  Finally, these success stories can be used to recruit additional teams to adopt the new compliance practices.

All of this will take a concerted effort. A one-and-done superficial effort like one-off workshops or values posters, which fail to address the deeper assumptions driving behavior, will not work. True culture change requires sustained effort, leadership buy-in, and a willingness to experiment and iterate. You must regularly assess the effectiveness of compliance initiatives through employee surveys, performance metrics, and feedback loops. Adjust strategies based on what works in practice, not just in theory.

Building a compliance culture requires more than policies and procedures; it demands a shift in the underlying assumptions and behaviors that define an organization’s operation. The skills-based approach offers a practical roadmap for achieving this transformation. By focusing on skill development, linking compliance to business outcomes, and creating cultural champions, compliance professionals can foster a culture that doesn’t just follow the rules but embraces compliance as a core value.

The journey will not be quick or easy, but the payoff of creating a resilient, ethical, and high-performing organization is well worth the effort. For compliance professionals ready to lead this charge, the skills-based approach provides the tools to turn vision into reality.

Categories
31 Days to More Effective Compliance Programs

31 days to a More Effective Compliance Program: Day 8 – Building Effective Compliance Through Payroll

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6–8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

Operationalizing a compliance program through payroll is a vital component of a company’s risk management strategy, serving as both a control mechanism and a crucial link to the broader compliance function. Payroll is instrumental in identifying potential red flags, such as offshore payments, which require meticulous documentation and enhanced internal controls to prevent compliance violations. Tom Fox, a noted expert in compliance, underscores the significant role payroll plays in fortifying compliance programs by aligning with FCPA requirements and preventing fraudulent activities. He advocates for implementing demonstrable controls like Approval Certification processes, segregation of duties, and regular review procedures to mitigate compliance risks effectively. According to Tom, by embedding robust controls within payroll operations, companies deter potential violations and ensure compliance is woven into the organizational fabric, thus operationalizing their compliance programs seamlessly.

Key highlights:

  • Payroll should be on the front lines of any attempt to prevent, detect, and remediate anti-corruption compliance.
  • Key compliance program components for payroll.
  • Watch for offshore payments.

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
Great Women in Compliance

Great Women in Compliance – Compliance, Consistency and Agility with Lisa Beth Lentini Walker

In our 2025 kickoff episode, Lisa speaks with Lisa Beth Lentini Walker, Deputy General Counsel, Corporate Legal, and Assistant Secretary at Marqeta, the CEO and Founder of Lumen Worldwide Endeavors. Lisa Beth is also a mentor, advocate, and friend to many in the compliance community.

While many people consider a CECO role their ultimate career goal, others look to a more GC-focused role. In the past few years, Lisa Beth’s career has evolved in that way while she remains involved in compliance. In this episode, she talks about her role, how serendipity and planning helped her get to where she is, and how it is important to be intentional while staying open to new opportunities.

In discussing 2025, Lisa Beth notes that her theme of the year is “consistency” and how this is important not only in work but also in being present with family, friends, and community. In terms of the ethics and compliance landscape, they discuss how this will likely be a year of change in regulations in the US and globally and the importance of being agile.

Lisa Beth was recently certified by Women in AI Governance as a Founding Quantum Member. She discusses the importance of learning about AI for E&C professionals and says this is a good time to start a wide learning journey in AI as the field expands.

In the earlier GWIC iteration, Ellen Hunt joined Lisa every year to discuss the state of the function before she officially joined “Team GWIC,” we hope Lisa Beth will reflect with us next year, too.

Categories
Blog

Caremark Claims: A Compliance Professional’s Guide to the Shifting Landscape

For decades, Delaware courts famously described Caremark claims alleging breaches of the duty of oversight as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.” Yet recent legal developments have shown that while Caremark claims remain challenging, they are no longer insurmountable. Cases like Marchand v. Barnhill) and the Boeing 737 Max shareholder derivative lawsuit have demonstrated that boards of directors are not immune from liability when they fail to fulfill their oversight responsibilities.

As we head into 2025, compliance professionals must stay attuned to the evolving dynamics of oversight duty claims. Today, we consider the current state of Caremark litigation, the implications of recent case law, and emerging areas such as cybersecurity, ESG, and AI that could generate oversight liability in the future.

A Historical Shift: From Rare Wins to Increased Viability

Historically, Caremark claims were long shots for plaintiffs. Courts typically set an extremely high bar, requiring claimants to demonstrate that directors acted in bad faith by consciously ignoring red flags or failing to implement compliance systems. However, recent decisions have opened the door for such claims, particularly in cases involving egregious governance failures.

The Boeing case was one of the most striking examples of a Caremark claim. It involved the two Boeing 737 Max plane crashes, which were catastrophic crashes tied to governance and oversight failures. The case survived a motion to dismiss and eventually settled for $237.5 million, funded entirely by D&O insurance. Next was Walmart’s Opioid case, which was also resolved in 2024. In this matter, Walmart’s Board of Directors faced a shareholder derivative claim, alleging breaches of the duty of oversight about the opioid crisis. The case settled for $123 million, showing that courts will entertain Caremark claims when systemic failures result in significant harm. These high-profile cases have emboldened plaintiffs and raised alarms in Delaware courts, leading to a noticeable backlash in recent decisions.

A Backlash Emerges: Delaware Courts Reassert a High Bar 

The Delaware Chancery Court, which has long been a guardian of corporate governance law, has recently pushed back against what it views as an overextension of Caremark claims. Since 2023, we have seen three notable cases that highlight this skepticism. The first was the Segway case from 2023. In this decision, the Court dismissed claims against the board, emphasizing that liability requires a “red line” of bad faith—an extremely high standard that most claims fail to meet.

Next was the Walgreens Boots Alliance matter from 2024. In this decision, the Court criticized the “proliferation” of oversight lawsuits, warning that every time a company experiences an adverse event, reflexive filings could do more harm than good. Finally, there was the Centene matter, also from 2024: In Bricklayers Pension Fund v. Brinkley, Vice Chancellor Morgan Zurn dismissed oversight claims, finding no evidence that the board consciously disregarded compliance risks. Zurn underscored that “a bad outcome, without more, does not equate to bad faith.” These decisions signal a clear message from Delaware courts: that Caremark claims must meet an exacting standard and that not every adverse outcome shows a breach of oversight duties.

The Federal Courts Enter the Fray  

While Delaware courts tighten their standards, federal courts applying Delaware law have shown a greater willingness to let Caremark claims proceed. Two notable cases from 2024 illustrated this trend. The first was a piece of the long-running Wells Fargo litigation for various actions. In this matter, a federal district court in California allowed claims against Wells Fargo’s board to move forward, citing allegations that directors failed to address discriminatory lending practices. Similarly, a federal court in Illinois sustained claims against Abbott Labs’ Board of Directors for failing to oversee the safety of its infant formula products.

These rulings suggest federal courts may be more receptive to Caremark claims, particularly in cases involving systemic misconduct or significant public harm. While these cases do not have precedential value in Delaware, they can be seen as a roadmap for successful Caremark claims outside the jurisdiction of these two district courts.

The Compliance Implications of Recent Trends

What do all these decisions mean for compliance professionals? In the ever-evolving landscape of oversight liability, the compliance professional has challenges and opportunities. Compliance professionals should proactively identify and address these risks at the board level. There are five areas compliance professionals should focus on.

  1. Active Oversight. The common thread in successful Caremark claims is the board’s failure to actively monitor compliance risks. Compliance officers should ensure that boards are regularly informed about key risks through detailed reports and actively engaged in oversight of high-risk areas, such as product safety, regulatory compliance, and ethical conduct.
  2. Document Document Document. Your Board’s efforts to oversee compliance systems and address red flags that rise to the Board level. Boeing shows that the absence of documented board actions can be devastating in litigation. Compliance teams should work with corporate secretaries to: a.) Ensure board minutes reflect meaningful discussions about compliance risks. b.) Record follow-ups on identified issues to demonstrate a proactive approach.
  3. Emerging Risks. There are a variety of areas that are ripe for future Caremark claims. These areas include cybersecurity, as Boards that fail to oversee cyber risk management could face liability after a data breach. ESG is still a business imperative, even if the incoming Administration is antithetical to it. Environmental and social failures, such as ignoring climate risks or fostering discriminatory practices, may trigger oversight claims. Finally, AI governance will be at the forefront of many compliance professionals’ minds. As AI adoption accelerates, Boards must ensure compliance with developing regulations and ethical standards.
  4. Federal Courts. The divergence between Delaware and federal courts applying Delaware law complicates the oversight liability landscape. Compliance teams should monitor cases in both jurisdictions and adapt their strategies accordingly.
  5. Insurance and Indemnification. Given the financial stakes in Caremark litigation, robust Directors and Officers (D&O) insurance is essential. Compliance teams should work on reviewing D&O policies to ensure they provide adequate coverage for oversight claims. You should also collaborate with legal and risk management teams to understand policy exclusions and coverage limits.

A Call to Action for Compliance Professionals  

The shifting dynamics of Caremark claims underscore the critical role compliance professionals play in supporting board oversight. To strengthen your organization’s oversight framework:

  1. Educate the Board by providing regular training on directors’ fiduciary duties, focusing on their oversight obligations.
  2. Enhance reporting by developing dashboards and reports that give the board a clear view of compliance risks and mitigation efforts.
  3. Promote a culture of accountability by working with senior leadership to embed compliance into the organization’s culture and ensure that issues are addressed at every level.

While recent Delaware decisions have reaffirmed the difficulty prevailing in Caremark cases, high-profile settlements and federal court rulings indicate that oversight liability remains a growing risk. Compliance professionals must stay vigilant, ensuring their boards are well-equipped to meet their oversight responsibilities.

By focusing on proactive risk management, thorough documentation, and emerging risks like cybersecurity and AI, compliance teams can help their organizations navigate the complex oversight landscape. The stakes are high, but so are the opportunities to build stronger, more resilient governance frameworks.

As Kevin LaCroix has noted, “The bottom line is that notwithstanding recent Delaware Chancery Court skepticism toward a breach of the duty of oversight claims, there is life for these kinds of suits, at least in some cases—including in cases filed outside of the Delaware state courts.”

Categories
Blog

Revolutionizing Compliance with AI-Powered KPIs 

In the modern corporate landscape, traditional key performance indicators (KPIs) are struggling to meet the demands of dynamic compliance environments. These legacy metrics often fail to align operations, prioritize resources, and drive accountability toward strategic objectives. For compliance professionals, these shortcomings are particularly critical: ineffective KPIs can lead to missed risks, inefficient processes, and poor decision-making, ultimately jeopardizing organizational integrity.

In a recent article in the Sloan Management Review, entitled The Future of Strategic Measurement: Enhancing KPIs With AI, authors Michael Schrage, David Kiron, François Candelon, Shervin Khodabandeh, and Michael Chu explored these and other issues, which I have adapted for the compliance professional.  By incorporating artificial intelligence (AI), organizations are reimagining what KPIs can accomplish—not just as performance trackers but as drivers of strategic differentiation and value creation.

The Shortcomings of Legacy KPIs in Compliance

Legacy KPIs often focus narrowly on outputs, such as the number of training sessions conducted or hotline calls logged. While these metrics provide valuable data, they frequently fail to provide solid information in various ways. The first is that legacy KPIs are taken in a vacuum with no appreciation of the interconnected nature of corporate risks. Just as compliance does not (or at least should not) operate in a vacuum, risks in one area often cascade into others, yet traditional KPIs rarely reflect these interdependencies. The retrospective nature of KPIs. Metrics rooted in historical data are inherently backward-looking, limiting their utility for forecasting and proactive risk management.

Finally, corporate silos, which are a perennial challenge in compliance, and static KPIs can reinforce them rather than foster cross-functional collaboration. Legacy KPIs do not promote alignment across disparate corporate functions. These limitations hinder a compliance professional’s ability to effectively anticipate, prevent, and address misconduct.

Enter Smart KPIs: A New Era of Compliance Metrics

AI-powered KPIs offer a smarter, more dynamic approach to performance measurement. These metrics are descriptive, predictive, and prescriptive. Such metrics will allow a corporate compliance function to provide new and different insights, such as some of the following.

  • Analyze past and current compliance performance to identify gaps.
  • Anticipate future risks and compliance trends based on patterns in data.
  • Recommend actions to mitigate risks and optimize outcomes.

For example, AI can transform a traditional metric like the “number of third-party audits conducted” into a prescriptive KPI that evaluates audit results, predicts the highest risk areas, and recommends corrective actions.

Case Study: Wayfair and the Evolution of Lost-Sales KPIs

The article discussed Wayfair’s reengineering of its lost-sales KPI and offers valuable insights for compliance professionals. Initially, the retailer calculated lost sales on an item-by-item basis, but AI analysis revealed that many “lost” sales were category retentions, as customers purchased alternative items. This revelation led Wayfair to redesign its KPI to measure category-based retention. The result? Smarter metrics aligned product placement with operational constraints, improving customer satisfaction and operational efficiency.

This case study provides a clear set of lessons for corporate compliance and the compliance professional. Compliance teams can use AI to rethink KPIs that do not fully capture performance nuances. For instance, instead of merely tracking the number of training completions, a smarter KPI could evaluate behavioral changes post-training or identify employees most at risk of ethical lapses based on historical data. This, in turn, could provide greater insight into training effectiveness and how a compliance professional might think about targeted training.

KPI Governance: A Compliance Imperative 

One of the most critical aspects of AI-enhanced KPIs is governance. Organizations need robust governance mechanisms to ensure KPIs evolve with strategic objectives and maintain their relevance over time. For a compliance professional, this means several different approaches.

  1. Continuous Review of Metrics. Regularly revisiting KPIs to ensure they remain aligned with evolving regulatory landscapes and business priorities.
  2. Meta-KPIs for Quality Assurance. Developing “KPIs for KPIs” to assess their accuracy, relevance, and effectiveness.
  3. Cross-Functional Oversight. Establishing governance structures that bring together compliance, legal, and operational teams to oversee metric design and implementation.

The bottom line is that accountability for KPI performance, both the metrics themselves and the outcomes they drive, must be embedded into the compliance framework.

How AI Enhances Compliance KPIs

AI-enhanced KPIs bring new capabilities to compliance programs in three key manners. First, in risk anticipation. Predictive KPIs can identify emerging compliance risks, such as regulatory changes, third-party risk management, or shifts in employee behavior, enabling proactive mitigation. The second area is holistic insights. By analyzing data across functions, AI can uncover hidden correlations, such as how employee hotline reports, visits to the compliance department website, or even the number of requests to FAQs might signal compliance risks in supply chain operations. Finally is the area of targeted recommendations. Prescriptive KPIs can suggest specific actions, like prioritizing high-risk vendors for audits or tailoring training to address observed knowledge gaps. For example, AI could analyze whistleblower reports alongside financial data to identify patterns indicative of systemic fraud, providing actionable insights for remediation. 

 This more holistic approach also addresses one of the key risk areas around KPIs: stagnate KPIs. The 2008 financial crisis underscores the dangers of relying on outdated KPIs. Banks’ dependence on “value at risk” metrics, which failed to account for the growing influence of subprime mortgages, contributed to catastrophic losses. Compliance professionals must guard against similar pitfalls by regularly challenging assumptions underpinning legacy KPIs. AI can aid in this process by continuously analyzing data to reveal when a metric is no longer fit for purpose.

Steps to Implement Smarter Compliance KPIs

Compliance professionals can take the following steps to transition from legacy to AI-enhanced KPIs.

  1. Audit Existing KPIs. Assess whether current metrics adequately capture compliance risks and align with strategic objectives.
  2. Leverage AI for Data Analysis. Use AI tools to uncover hidden patterns in compliance data, such as correlations between employee turnover and ethics violations.
  3. Collaborate Across Functions. Work with IT, legal, and operations teams to ensure KPI redesigns reflect organizational priorities.
  4. Invest in Training and Culture. Equip compliance teams with the skills to interpret and act on AI-generated insights while fostering a culture of data-driven decision-making.
  5. Monitor and Improve KPIs. Establish processes for ongoing KPI evaluation, ensuring they evolve alongside regulatory and stakeholder input and business changes.

Challenges and Ethical Considerations 

While AI-enhanced KPIs offer immense potential, they also present challenges. These challenges include some of the following. Just as with more generative AI, algorithms can be biased. AI models are only as unbiased as the data on which they are trained. Compliance teams must ensure that their AI systems uphold principles of fairness and equity. Always remember the Human in the Loop to preclude over-reliance on AI. While AI can inform decision-making, it should not replace human judgment. Compliance professionals must strike a balance between algorithmic insights and ethical considerations. Finally, there are data privacy concerns. Collecting and analyzing large datasets for KPI development must comply with data privacy regulations.  

Conclusion: The Future of Compliance Metrics 

The rise of AI-enhanced KPIs marks a paradigm shift in measuring and managing compliance performance. By embracing smarter, more dynamic metrics, compliance professionals can gain deeper insights, anticipate risks, and drive better outcomes.  Much like Wayfair and other forward-thinking organizations, compliance teams must be willing to challenge the status quo, leverage technology, and prioritize continuous improvement. The era of static, backward-looking KPIs is over. In its place is a future where smart KPIs enable compliance functions to not only measure performance but actively enhance it—turning compliance from a cost center into a source of strategic value. The question is not whether your organization should adopt AI-powered KPIs but how soon your compliance program can reap the benefits. The time to act is now.

Categories
Adventures in Compliance

The Case-Book of Sherlock Holmes – Compliance Lessons from The Adventure of the Three Gables

In this new season of Adventures in Compliance, host Tom Fox takes a deep dive into Arthur Conan Doyle’s Sherlock Holmes collection, The Case Book of Sherlock Holmes. It is the final set of twelve Sherlock Holmes short stories, first published in the Strand Magazine between October 1921 and April 1927. In this episode, we consider one of the lesser-known of all the Holmes stories, The Adventure of the Three Gables.

In this episode, we investigate the Sherlock Holmes short story ‘The Three Gables’ to uncover crucial compliance lessons. As part of ‘The Casebook of Sherlock Holmes,’ this episode examines ethical leadership, transparency, third-party risk management, whistleblower protections, reputation management, and root cause analysis through the lens of this lesser-known tale. The story of crime and manipulation serves as a reminder of the importance of integrity and accountability in business ethics. Check out the parallels between Sherlock Holmes’ investigative techniques and modern compliance practices and learn how these timeless lessons can strengthen organizational culture and mitigate risks.

Highlights include:

  • Introduction to The Three Gables
  • Unpacking Compliance Lessons
  • Ethical Leadership and Transparency
  • Third-Party Risk Management
  • Whistleblower Protections and Reputation Management
  • Root Cause Analysis and Final Thoughts

Resources

The New Annotated Sherlock Holmes

Sherlock Holmes FAQ by Dave Thompson

For more information on the Ethico Toolkit for Middle Managers, available at no charge, click here.

Connect with Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn