Tag: MIT Sloan Management Review

Categories
Blog

Driving Compliance Culture: Lessons from a Skills-Based Approach to Cultural Change

Regarding compliance, the tone from the top is crucial—but culture eats tone for breakfast. Compliance professionals know that a robust compliance program is only as effective as the culture supporting it. Building and sustaining that culture, however, is no small feat. Enter the skills-based approach to cultural transformation, as laid out in Per Hugander’s article in the MIT Sloan Management Review, Take a Skills-Based Approach to Culture Change. This method provides a roadmap for embedding compliance values deeply into an organization by focusing on practical skill development and real-world problem-solving. I have adapted her skills-based approach to revolutionize compliance culture, explain why traditional methods often fall short, and provide actionable strategies for compliance professionals to lead this transformation.

Why Traditional Compliance Culture Efforts Fall Short 

Many culture-change initiatives rely on workshops, seminars, and training sessions to instill new values or behaviors. While well-intentioned, these efforts often fail to address the deeply ingrained assumptions that drive behavior. Hugander explains this through Edgar Schein’s Organizational Culture Model, which emphasizes that culture is rooted in employees’ underlying assumptions, those unconscious beliefs that determine how they think, perceive, and act.

This highlights a critical issue for compliance professionals: simply telling employees to act ethically or follow the rules isn’t enough. If underlying assumptions about risk, accountability, or success conflict with compliance values, those assumptions will prevail.

 The Skills-Based Approach: A Paradigm Shift

The skills-based approach focuses on building specific, actionable skills that directly impact critical challenges. These skills—such as perspective-taking or fostering psychological safety—are practiced in real business problems. Organizations create a feedback loop that reinforces new assumptions and behaviors by linking skill application to tangible outcomes.

For example, a compliance team could focus on enhancing perspective-taking to improve employees’ handling of ethical dilemmas. By training employees to consider different viewpoints—such as the customer, regulator, or broader community—they better understand how their actions align with the organization’s compliance goals.

Breaking the Capability Trap 

Hugander warns of the “capability trap,” a common pitfall where organizations abandon new initiatives before they yield results. This happens when the costs—time, focus, and effort—are immediate, but the rewards are delayed. To overcome this, the skills-based approach emphasizes creating short feedback loops by applying new skills to high-priority challenges. This allows employees to see the benefits of the new approach more quickly, generating momentum for change.

The capability trap might manifest in compliance when a new whistleblower program is launched but does not initially generate reports, leading leaders to doubt its effectiveness. The organization can build trust in the system and encourage broader use by coupling the program with communication training for managers and immediate action on even minor concerns raised.

Compliance Lessons from the Skills-Based Approach 

  1. Start Small, Go Deep. Hugander advocates beginning with a small team and focusing on intensive skill-building sessions tied to real challenges. This allows the team to build confidence in the new approach and generate success stories that can inspire broader adoption. This means the Chief Compliance Officer (CCO) or other compliance professional should select a pilot group, such as a high-risk department or business unit, and train them on a specific compliance skill, such as ethical decision-making or identifying conflicts of interest. Have them apply these skills to actual compliance challenges and measure the outcomes.
  2. Create Cultural Champions. Identifying and empowering influential individuals to champion new behaviors is critical. These champions provide proof of concept by demonstrating how the new skills lead to better outcomes in the organization’s context. For the CCO, work to cultivate champions within senior leadership and middle management. A senior executive might lead by example in applying transparency during a compliance audit, while a middle manager might model open discussions about ethical or integrity concerns.
  3. Link Compliance to Business Outcomes. A key feature of the skills-based approach is tying new skills to measurable business improvements. Perspective-taking and psychological safety led to increased customer acquisitions and market share in Amy Edmonson’s SEB case study. For the compliance professional, you can demonstrate how compliance initiatives support business goals. Show how enhanced due diligence processes reduce the risk of fines and improve supplier reliability, ultimately benefiting the bottom line.
  4. Address Skepticism Through Experience. Short workshops are often insufficient to win over skeptics. Instead, intensive, hands-on sessions that produce actual results are more likely to shift mindsets. Skeptics who experience success become the strongest advocates for change. Integrate compliance into strategic problem-solving sessions instead of relying solely on compliance training. This would allow the compliance function to use a compliance framework to resolve a cross-functional challenge, demonstrating its practical value.

Building Momentum for Compliance Culture Change 

The skills-based approach does not stop with a single team or project. Once initial successes are achieved, the organization can share these stories to build momentum. Hugander emphasizes the power of storytelling, using real examples to illustrate how new skills or behaviors lead to meaningful outcomes. Some strategies might be to develop case studies from early adopters of compliance initiatives within your organization. You can then share these stories through town halls, newsletters, or internal training sessions.  Finally, these success stories can be used to recruit additional teams to adopt the new compliance practices.

All of this will take a concerted effort. A one-and-done superficial effort like one-off workshops or values posters, which fail to address the deeper assumptions driving behavior, will not work. True culture change requires sustained effort, leadership buy-in, and a willingness to experiment and iterate. You must regularly assess the effectiveness of compliance initiatives through employee surveys, performance metrics, and feedback loops. Adjust strategies based on what works in practice, not just in theory.

Building a compliance culture requires more than policies and procedures; it demands a shift in the underlying assumptions and behaviors that define an organization’s operation. The skills-based approach offers a practical roadmap for achieving this transformation. By focusing on skill development, linking compliance to business outcomes, and creating cultural champions, compliance professionals can foster a culture that doesn’t just follow the rules but embraces compliance as a core value.

The journey will not be quick or easy, but the payoff of creating a resilient, ethical, and high-performing organization is well worth the effort. For compliance professionals ready to lead this charge, the skills-based approach provides the tools to turn vision into reality.

Categories
Blog

Revolutionizing Compliance with AI-Powered KPIs 

In the modern corporate landscape, traditional key performance indicators (KPIs) are struggling to meet the demands of dynamic compliance environments. These legacy metrics often fail to align operations, prioritize resources, and drive accountability toward strategic objectives. For compliance professionals, these shortcomings are particularly critical: ineffective KPIs can lead to missed risks, inefficient processes, and poor decision-making, ultimately jeopardizing organizational integrity.

In a recent article in the Sloan Management Review, entitled The Future of Strategic Measurement: Enhancing KPIs With AI, authors Michael Schrage, David Kiron, François Candelon, Shervin Khodabandeh, and Michael Chu explored these and other issues, which I have adapted for the compliance professional.  By incorporating artificial intelligence (AI), organizations are reimagining what KPIs can accomplish—not just as performance trackers but as drivers of strategic differentiation and value creation.

The Shortcomings of Legacy KPIs in Compliance

Legacy KPIs often focus narrowly on outputs, such as the number of training sessions conducted or hotline calls logged. While these metrics provide valuable data, they frequently fail to provide solid information in various ways. The first is that legacy KPIs are taken in a vacuum with no appreciation of the interconnected nature of corporate risks. Just as compliance does not (or at least should not) operate in a vacuum, risks in one area often cascade into others, yet traditional KPIs rarely reflect these interdependencies. The retrospective nature of KPIs. Metrics rooted in historical data are inherently backward-looking, limiting their utility for forecasting and proactive risk management.

Finally, corporate silos, which are a perennial challenge in compliance, and static KPIs can reinforce them rather than foster cross-functional collaboration. Legacy KPIs do not promote alignment across disparate corporate functions. These limitations hinder a compliance professional’s ability to effectively anticipate, prevent, and address misconduct.

Enter Smart KPIs: A New Era of Compliance Metrics

AI-powered KPIs offer a smarter, more dynamic approach to performance measurement. These metrics are descriptive, predictive, and prescriptive. Such metrics will allow a corporate compliance function to provide new and different insights, such as some of the following.

  • Analyze past and current compliance performance to identify gaps.
  • Anticipate future risks and compliance trends based on patterns in data.
  • Recommend actions to mitigate risks and optimize outcomes.

For example, AI can transform a traditional metric like the “number of third-party audits conducted” into a prescriptive KPI that evaluates audit results, predicts the highest risk areas, and recommends corrective actions.

Case Study: Wayfair and the Evolution of Lost-Sales KPIs

The article discussed Wayfair’s reengineering of its lost-sales KPI and offers valuable insights for compliance professionals. Initially, the retailer calculated lost sales on an item-by-item basis, but AI analysis revealed that many “lost” sales were category retentions, as customers purchased alternative items. This revelation led Wayfair to redesign its KPI to measure category-based retention. The result? Smarter metrics aligned product placement with operational constraints, improving customer satisfaction and operational efficiency.

This case study provides a clear set of lessons for corporate compliance and the compliance professional. Compliance teams can use AI to rethink KPIs that do not fully capture performance nuances. For instance, instead of merely tracking the number of training completions, a smarter KPI could evaluate behavioral changes post-training or identify employees most at risk of ethical lapses based on historical data. This, in turn, could provide greater insight into training effectiveness and how a compliance professional might think about targeted training.

KPI Governance: A Compliance Imperative 

One of the most critical aspects of AI-enhanced KPIs is governance. Organizations need robust governance mechanisms to ensure KPIs evolve with strategic objectives and maintain their relevance over time. For a compliance professional, this means several different approaches.

  1. Continuous Review of Metrics. Regularly revisiting KPIs to ensure they remain aligned with evolving regulatory landscapes and business priorities.
  2. Meta-KPIs for Quality Assurance. Developing “KPIs for KPIs” to assess their accuracy, relevance, and effectiveness.
  3. Cross-Functional Oversight. Establishing governance structures that bring together compliance, legal, and operational teams to oversee metric design and implementation.

The bottom line is that accountability for KPI performance, both the metrics themselves and the outcomes they drive, must be embedded into the compliance framework.

How AI Enhances Compliance KPIs

AI-enhanced KPIs bring new capabilities to compliance programs in three key manners. First, in risk anticipation. Predictive KPIs can identify emerging compliance risks, such as regulatory changes, third-party risk management, or shifts in employee behavior, enabling proactive mitigation. The second area is holistic insights. By analyzing data across functions, AI can uncover hidden correlations, such as how employee hotline reports, visits to the compliance department website, or even the number of requests to FAQs might signal compliance risks in supply chain operations. Finally is the area of targeted recommendations. Prescriptive KPIs can suggest specific actions, like prioritizing high-risk vendors for audits or tailoring training to address observed knowledge gaps. For example, AI could analyze whistleblower reports alongside financial data to identify patterns indicative of systemic fraud, providing actionable insights for remediation. 

 This more holistic approach also addresses one of the key risk areas around KPIs: stagnate KPIs. The 2008 financial crisis underscores the dangers of relying on outdated KPIs. Banks’ dependence on “value at risk” metrics, which failed to account for the growing influence of subprime mortgages, contributed to catastrophic losses. Compliance professionals must guard against similar pitfalls by regularly challenging assumptions underpinning legacy KPIs. AI can aid in this process by continuously analyzing data to reveal when a metric is no longer fit for purpose.

Steps to Implement Smarter Compliance KPIs

Compliance professionals can take the following steps to transition from legacy to AI-enhanced KPIs.

  1. Audit Existing KPIs. Assess whether current metrics adequately capture compliance risks and align with strategic objectives.
  2. Leverage AI for Data Analysis. Use AI tools to uncover hidden patterns in compliance data, such as correlations between employee turnover and ethics violations.
  3. Collaborate Across Functions. Work with IT, legal, and operations teams to ensure KPI redesigns reflect organizational priorities.
  4. Invest in Training and Culture. Equip compliance teams with the skills to interpret and act on AI-generated insights while fostering a culture of data-driven decision-making.
  5. Monitor and Improve KPIs. Establish processes for ongoing KPI evaluation, ensuring they evolve alongside regulatory and stakeholder input and business changes.

Challenges and Ethical Considerations 

While AI-enhanced KPIs offer immense potential, they also present challenges. These challenges include some of the following. Just as with more generative AI, algorithms can be biased. AI models are only as unbiased as the data on which they are trained. Compliance teams must ensure that their AI systems uphold principles of fairness and equity. Always remember the Human in the Loop to preclude over-reliance on AI. While AI can inform decision-making, it should not replace human judgment. Compliance professionals must strike a balance between algorithmic insights and ethical considerations. Finally, there are data privacy concerns. Collecting and analyzing large datasets for KPI development must comply with data privacy regulations.  

Conclusion: The Future of Compliance Metrics 

The rise of AI-enhanced KPIs marks a paradigm shift in measuring and managing compliance performance. By embracing smarter, more dynamic metrics, compliance professionals can gain deeper insights, anticipate risks, and drive better outcomes.  Much like Wayfair and other forward-thinking organizations, compliance teams must be willing to challenge the status quo, leverage technology, and prioritize continuous improvement. The era of static, backward-looking KPIs is over. In its place is a future where smart KPIs enable compliance functions to not only measure performance but actively enhance it—turning compliance from a cost center into a source of strategic value. The question is not whether your organization should adopt AI-powered KPIs but how soon your compliance program can reap the benefits. The time to act is now.

Categories
Blog

Ethical Conduct Through Psychological Safety: Part 1 – Introduction

What is perhaps one of the most recognizable movie themes of all-time? One that certainly falls into that category is the James Bond theme, written by Monty Norman, who recently passed away. According to his New York Times obituary, Norman took the job only because the producer, Chubby Broccoli, offered him a trip to Jamaica to watch some of the filming, in addition to more traditional monetary compensation. Norman was “struggling to come up with the theme, he said, until he remembered a song called “Bad Sign, Good Sign,” from an unproduced musical version of the 1961 V.S. Naipaul novel, “A House for Mr. Biswas,” on which he and a frequent collaborator, Julian More, had worked.” However, the opening line had an “Asian inflection and relied heavily on a sitar, but Mr. Norman “split the notes,” as he put it, to provide a more staccato feel for what became the theme song’s famous guitar riff. Norman said, “And the moment I did ‘dum diddy dum dum dum,’ I thought, ‘My God, that’s it. His sexiness, his mystery, his ruthlessness — it’s all there in a few notes.” (Listen to the James Bond theme here.)
I was reminded of the psychological nature of this great movie theme when reading a recent article in the MIT Sloan Management Review, Summer edition, entitled “Fostering Ethical Conduct Through Psychological Safety” by Antoine Ferrère, Chris Rider, Baiba Renerte, and Amy Edmondson. In this article, the authors asked such questions as “How do organizations encourage people to speak up about ethical breaches, whether inadvertent or deliberate?” and “Why do some employees choose to remain silent when others report misconduct?” Additionally, they “analyzed the perceptions of those who report misconduct against those of “silent bystanders” to help “better understand both the drivers and derailers of speaking up — and revealed insights into how leaders and compliance officers can encourage employees to make such reports.’”
The authors believe today, “it is more essential than ever that when misconduct happens or difficult problems arise, there is a strong ethical climate for surfacing information so that leaders can respond quickly and appropriately. An environment in which employees feel comfortable reporting such issues is also vital to preventing future misconduct.” Over the next couple of posts I will be exploring this article and some of the issues it raises. In Part 1, we look at what questions you should consider to determine the amount of psychological safety in your organization.
The starting point for any analysis for psychological safety is with one of the authors, Amy Edmondson herself and her seminal work The Fearless Organization. The authors began by modifying her original 1999psychological safety scale to emphasize a specific focus on employees speaking up. Interestingly, they added “the idea of thinking before speaking up in the hope of measuring hesitation.” They did so to “capture comfort levels in speaking up, based on the intuition that in a psychologically safe climate, people tend to say something right away, and when they don’t feel psychologically safe, they are more likely to keep incidents to themselves.”
By looking at how psychologically safe an organization is, the authors posited they could then  measure variance in psychological safety across teams and regions by surveying employees. They believed that this approach would allow them to then “focus efforts on teams who need the most help and to identify teams whose psychologically safe cultures may offer examples from which other teams can learn.” To do so the authors’ developed a survey which asked the following, “on a scale from 0 (completely disagree) to 10 (completely agree), their level of agreement with the following statements:”

  • On my team, if you make a mistake, it is often held against you.
  • Members of my team are able to bring up problems and tough issues.
  • People on my team sometimes reject others for having different views.
  • It is safe to take a risk on my team.
  • It is difficult to ask other members of my team for help.
  • I tend to think about how raising a concern will reflect on me before speaking up.

Interestingly, the authors acknowledged relationship to whistleblowing, in the context of both psychological safety and an ethical business, they strove to make clear “an important distinction between external whistleblowing and those who speak up about perceived misconduct at work.” Moreover, recognizing the vital role external whistleblowers play in the detection prong of any best practices compliance program, if a whistleblower goes to the Securities and Exchange Commission (SEC) or other external actors, it is almost always because “they felt their concerns could not be expressed, heard, and addressed internally.” The authors believe that a “healthy organizational culture is one in which speaking up and listening go hand in hand and thereby reinforce ethical standards. If concerns are expressed, changes can be made in a timely way.” This is important because it moves from the detect prong to the prevent prong, which is by far the more important and effective prong in any compliance regime. Further ideas or innovations, rather than simply reporting of untoward actions, can make a company more efficient and more profitable. All of this means that if there truly is psychological safety a company can receive far more benefits than simply monetary fine or penalty avoidance.
Join us tomorrow in Part 2 where we consider the role of psychological safety and moving it through an organization.

Categories
Blog

Innovation in Compliance: Getting Culture Right

This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to head in a different direction and provide some guidance on getting your organization’s culture right.
As most readers will recall, a very large part of Deputy Attorney General Lisa Monaco’s October 2021 speech dealt with corporate culture. Regarding culture, Vin DiCianni, founder of Affiliated Monitors, Inc. (AMI), said of Monaco’s remarks, the “announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture is now paramount. Chief Compliance Officers (CCOs) need to focus on growing corporate culture to build the ethical foundation for a successful compliance program.
In the most recent MIT Sloan Management Review issue, Donald Sull and Charles Sull penned an article entitled “10 Things Your Corporate Culture Needs to Get Right”, in which they posited that “knowing what elements of culture matter most to employees can help leaders foster engagement as they transition to a new reality that will include more remote and hybrid work.” It is an excellent review of some of the key elements around corporate culture and how CCOs can move forward to lay the foundation of one.
In the piece the authors explored “What distinguishes a good corporate culture from a bad one in the eyes of employees?” Of course, culture always starts at the top but unfortunately, the authors noted that “an organization’s official core values signal top executives’ cultural aspirations, rather than reflecting the elements of corporate culture that matter most to employees.” It is only by listening to what employees want that you can begin to understand how to improve culture. The authors found 10 key elements of culture that mattered most to employees.

  1. Employees feel respected. Employees are treated with consideration, courtesy, and dignity, and their perspectives are taken seriously. This is by far and away the most important factor and “the single best predictor of a company’s culture score is whether employees feel respected at work. Respect is not only the most important factor, it stands head and shoulders above other cultural elements in terms of its importance. Respect is nearly 18 times as important as the typical feature in our model in predicting a company’s overall culture rating, and almost twice as important as the second most predictive factor.” The implications of this finding go to communications and a speak up culture and how they might be used by a compliance function.
  2. Supportive leaders. Leaders help employees do their work, respond to requests, accommodate employees’ individual needs, offer encouragement, and have their backs. Here the authors found “Employees describe supportive leaders as helping them do their work, being responsive to requests, accommodating employees’ individual needs, offering encouragement, and having their backs. Leaders, of course, influence all aspects of culture, but being a source of support for employees is especially critical and is the leadership trait most closely associated with a highly rated culture.” This ties back into the respect finding and also ties into a speak up culture and trust at an organization.
  3. Leaders live core values. Leaders’ actions are consistent with the organization’s values. While the regulators focus on this issue, employees need to see leaders not simply espousing words but actually doing deeds. Perhaps most interestingly, “Employees don’t expect leaders to live the core values, but they appreciate it when they do.”
  4. Toxic managers. Leaders create a poisonous work environment and are described in extremely negative terms. Nothing will kill culture faster than a toxic manager. From the compliance perspective, this can be a disaster for not only does a toxic manager poison the atmosphere of those around them, but also those who train under him or her will garner their toxic approach as a role model.
  5. Unethical behavior. Managers and employees lack integrity and act in an unethical manner. Once again this can portend a disaster for an organization. Integrity is the cornerstone of most organizations’ official culture and “Identifying toxic leaders, digging deeper to understand the context of their behavior, coaching them, or removing them from leadership positions are tangible actions organizations can take to root out people who are undermining corporate culture and potentially exposing the company to reputational or legal risk.”
  6. Benefits. Employees’ assessment of all employer-provided benefits. While initially this might not seem like a compliance issue, when you look at the DOJ mandate for corporate compliance to be the bearer of institutional justice and institutional fairness you begin to see the connection. Perhaps most interesting is that “benefits are more than twice as important as compensation. Benefits are important for all employees, but which benefits matter most depend on an employee’s job. Health insurance and benefits are a better predictor of culture rating for front-line workers, while retirement benefits such as 401(k) plans and pensions matter more for white-collar employees.”
  7. Perks. Employees’ assessment of workplace amenities and perks. This finding once again calls the CCO around institutional fairness and ties into the importance of talent attraction, acquisition and retention. Here the most interesting item I found for compliance was that “Among perks, company-organized social events are a particularly strong predictor of a high culture score. Even when you control for how employees talk about perks in general, social events like team-building exercises, happy hours, and picnics emerge as a reliable predictor of a high culture score. Organizing social events is a promising and relatively low-cost way executives can reinforce corporate culture as employees return to the office.” This provides insights on ongoing communications about compliance in the post-pandemic world.
  8. Learning and development. Employees’ assessment of opportunities for formal and informal learning. This finding also portends well for compliance in terms of both formal and information compliance training and messaging.
  9. Job security. Perceived job security, including fear of layoffs, offshoring, and automation. Most compliance functions do not consider job security as part of corporate culture. However, the authors note, “Job insecurity, however, weighs heavily on employees’ minds when they assess corporate culture. The larger the percentage of employees who talked about layoffs, outsourcing, or the possibility of getting fired, the lower the company ranked on culture.”
  10. Reorganizations. How employees view reorganizations, including frequency and quality. I found this not too surprising, but the authors did note, “Virtually no one has any good things to say about reorganizations.” Further, “the fewer people who mention reorganizations, the higher a company’s culture score. While you might associate the mention of reorganizations with layoffs and job instability, the data reveals that employee concerns on this issue speak to wider strategic issues for companies.”

CCOs and compliance functions face a series of challenges while navigating the post-COVID-19 return to work. Through corporate culture, companies must maintain a healthy culture as mandated by the DOJ. The authors conclude, “Understanding the elements of culture that matter most to employees can help leaders maintain employee engagement and a vibrant culture as they transition to the new normal.”
Please join us tomorrow where we will look at why you need a career coach in compliance.