Tag: MIT Sloan Management Review

Categories
Blog

Compliance Under Pressure: Why Preventing Burnout Is a Governance Imperative

In a recent article in the MIT Sloan Management Review, author Brian Elliot says that we are living in what he calls The Burnout Age. Across industries and professions, exhaustion has become the new normal, and compliance is no exception. Recent studies show that over half of full-time U.S. employees report feeling burned out. In technology and professional services, that number climbs to over 80%. Even more telling: those who use AI tools most actively, the supposed productivity saviors, report the highest burnout levels of all.

For compliance officers, the parallels are unmistakable. You are being asked to “do more with less,” often without the resources, recognition, or rest needed to sustain that effort. You carry the responsibility of protecting your organization’s integrity, culture, and reputation, yet few roles face such unrelenting scrutiny and moral load. But here is the hard truth: burnout in compliance is not a problem solved by time off or a meditation app. It is a deeper challenge of structure, self-management, and purpose.

The author cites organizational psychologist Nick Petrie’s research, and I believe it applies directly to those of us in the compliance field. Drawing on his findings, I want to highlight three key ways compliance professionals can stop burnout before it stops them.

1. Balance “Perform Mode” and “Grow Mode”

Petrie’s research divides our work lives into two operating modes:

  • Perform mode — when we execute the skills we already know.
  • Grow mode — when we develop new capabilities and stretch into new territory.

Across thousands of professionals, he found the average split was 61% perform, 39% grow. But for high performers, including compliance officers, that ratio often becomes dangerously unbalanced. We overperform and undergrow. Compliance leaders tend to live in constant perform mode: reviewing investigations, updating policies, answering board queries, responding to regulators, or managing crises. Each task reinforces mastery, but rarely renewal. It is efficient, even satisfying, until it becomes a trap.

Here’s the danger: when you live too long in perform mode, you do not simply stagnate, you regress. Doctors, teachers, and yes, compliance professionals actually risk getting worse at their jobs over time because they stop learning, questioning, and refreshing their mental models.

To combat that, compliance professionals must build “grow mode” into their daily and strategic rhythm. That might mean:

  • Taking on projects that stretch your knowledge, such as AI governance, behavioral ethics, or cross-cultural compliance training.
  • Seeking rotation into a business unit to see risk and culture from the inside.
  • Joining a cross-functional ethics task force to collaborate differently.

Growth does not require leaving your role; it requires reframing it. Ask yourself regularly: What am I learning right now that will make me a better compliance leader a year from today?

Organizations that succeed in retaining compliance talent deliberately carve out “grow time” offering rotational opportunities, innovation labs, or even temporary secondments. If your company doesn’t provide them, advocate for them. Growth is not simply indulgence; it should be seen as sustainability.

2. Recognize Your Early Warning Signs

Compliance officers are masters of risk assessment, except, too often, when it comes to themselves. In Petrie’s work, high performers who experienced full burnout later said the signs had been “obvious in hindsight.” They just ignored them until it was too late. Compliance professionals are particularly vulnerable because of the role’s constant vigilance. You are expected to monitor everything from employee misconduct to third-party risk, but you cannot monitor your own well-being if you have normalized exhaustion.

Start with awareness. What are your personal leading indicators of burnout? For some, it is emotional: irritability, cynicism, or detachment. For others, it is behavioral: working weekends “just to catch up” or skipping lunch to squeeze in one more due diligence review. And for many, it is physical: poor sleep, headaches, fatigue that coffee cannot fix.

As Petrie put it, “I didn’t know what mine were, so I asked people close to me.” That’s a brilliant exercise for compliance leaders. Ask your peers, your partner, or even your team: What do you notice about me when I’m running on fumes?

Once you know your signs, the next step is to develop your recovery playbook. Call them your “if-thens”:

  • If I start working weekends, then I will block off an afternoon for reflection.
  • If I catch myself being short with colleagues, then I will step away from email for an hour.
  • If I’m consistently skipping exercise or hobbies, then I will schedule one small activity that re-energizes me.

For compliance officers, reflection is not a luxury. It is part of governance. You cannot sustain integrity in the organization if you are losing integrity with yourself. Recognizing and acting on those signals early is not selfish; rather, it is leadership.

3. Build Habits That Sustain, Not Deplete

Burnout does not happen overnight. It is the accumulation of small compromises: skipped meals, unchecked emails, endless meetings, and the belief that “just a little more effort” will fix everything. Compliance leaders know this pattern intimately because many of us built our reputations on it. We were the ones who said yes to every request, answered every hotline report, and took pride in responsiveness. That dedication made us successful, many of us in our 20s. But as Petrie notes, the habits that make you successful early in your career can burn you out later in it. To stop burnout, compliance professionals must build boundaries and rituals that protect their energy.

Here are three powerful habits to practice:

1. Reclaim Your Deep Work

Carve out time for deep focus; drafting a major policy overhaul, analyzing trends in internal reporting, or preparing a thoughtful presentation for the audit committee without interruptions. Turn off notifications. Close the compliance portal for a set block of time. Protecting your focus is protecting your value.

2. Create Transition Rituals

Between work and home, you need a deliberate “reattachment” moment, something that signals your brain that compliance mode is over. For some, it’s a walk, a podcast, or cooking dinner. For others, it’s journaling or a quiet drive. Do not dismiss it as small; transitions are the psychological bridge between productivity and peace.

3. Embrace Your “Opposite World”

Petrie calls this finding your “opposite world,” an activity that engages completely different parts of your mind and body. One tech executive told him, Argentinian tango saved my career.” For compliance officers, that could be cycling, painting, gardening, or volunteering. The goal is not distraction but rather renewal. When you activate different dimensions of your identity, you restore the emotional elasticity that burnout erodes. Finally, permit yourself to do less. That is not weakness, it is wisdom. As your career grows, the work will always outsize the hours. The key is to redefine success: it is not about getting everything done, but about doing what matters well.

Burnout Is a Governance Issue

It is tempting to see burnout as a personal issue, but for compliance leaders, it is also a governance risk. A burned-out compliance officer makes slower decisions, misses subtle patterns, and loses moral clarity. Fatigue is a threat to judgment, and in our field, judgment is everything. The Department of Justice’s 2024 Evaluation of Corporate Compliance Programs emphasizes continuous improvement and culture, but both rely on a compliance function that is psychologically and physically sustainable. The same applies to the board. When compliance fatigue spreads across leadership, the organization loses not just energy, but ethics.

That is why compliance leaders should view burnout prevention as part of their risk mitigation strategy. Incorporate it into team norms. Encourage “grow mode” through professional development. Recognize warning signs openly. And most importantly, lead by example, demonstrating that resilience and integrity are inseparable.

The Final Word: Bouncing Forward, Not Back

Nick Petrie calls the result of overcoming burnout “post-traumatic growth.” People who recover don’t return to where they were; they move beyond it. For compliance professionals, that’s the real opportunity of The Burnout Age. To emerge not as exhausted enforcers, but as energized leaders. To model balance, humanity, and perspective in a profession that often forgets to pause.

And always remember, the healthiest compliance programs begin with the healthiest compliance officers.

Categories
Blog

The Compliance Guide to Designed Intelligence: Part 1 – Rethinking Governance for the Age of AI

If there is one constant in the world of compliance, it is the reality of change. However, in 2025, change takes on a new vector: artificial intelligence, not just as a tool, but as a force reshaping how organizations think, decide, and act. In their article “What Is a Designed Intelligence Environment?” authors Michael Schrage and David Kiron examined how enterprises must rethink their intelligence and compliance strategies to survive and thrive in the new world of AI-rich operations. I found their insights for compliance professionals both practical and transformative. Today, I begin a short two-part blog post series on Designed Intelligence. Today, in Part 1, we consider what is meant by Designed Intelligence. Tomorrow, we take a deeper dive into what it means for compliance.

From Managing Compliance to Orchestrating Intelligence

Traditional compliance frameworks have always focused on managing risk, enforcing controls, and responding to regulatory shifts. But what happens when decision-making itself is no longer exclusively human? In a designed intelligence environment, humans and machines learn, reason, adapt, and improve together. This is not simply the automation of existing workflows; it’s the emergence of a new kind of enterprise, where “epistemic engineering”—the design of how knowledge is generated, shared, and executed—becomes the bedrock of effective compliance.

The first insight for compliance professionals is that we can no longer assume governance is solely about drawing lines around human behavior. Our job is to architect environments in which both human and machine intelligences operate responsibly and transparently, ensuring that knowledge, decisions, and accountability flow where they are needed most.

Computational Irreducibility: The End of Predictive Planning

Stephen Wolfram’s principle of computational irreducibility may sound academic, but its implications are anything but theoretical for compliance leaders. In a nutshell, this principle holds that in highly complex systems, such as those created when humans and AI interact, the future cannot be predicted without running the system in real-time. In other words, the classic compliance cycle of “predict, plan, execute, and measure” is mathematically impossible in many AI-rich contexts.

For compliance professionals, this means shifting from static policy planning to dynamic, real-time oversight. Consider an example from pharmaceutical R&D. A global company faced paralysis in prioritizing compounds for its oncology pipeline. Instead of relying on fixed rankings or endless meetings, leadership created a computational observatory: multiple agentic models simultaneously analyzed each compound from different perspectives (biological plausibility, market readiness, synthetic feasibility)—cross-model consensus and visualization, rather than managerial heuristics, guided decisions, surfacing previously hidden breakthroughs.

Compliance Lesson: Build for Observability, Not Just Control

In today’s world, compliance cannot rely solely on auditing after the fact. The future lies in building observability into the core of decision environments: real-time monitoring, feedback loops, and experimental frameworks that enable compliance to identify emergent risks as they arise, not just when it’s too late. This is the heart of “runtime intelligence.”

Semantic Formalization: Making Compliance Computable

Most compliance programs are based on documentation, training, and knowledge management. But semantic formalization, another key concept, goes much further. It requires organizations to define core business concepts (like “customer value,” “operational risk,” or “conflict of interest”) so precisely that both humans and AI agents can “compute” with them. This is not a matter of semantics for its own sake; it is about ensuring that rules, policies, and standards are unambiguously actionable by both people and machines.

For example, a multinational retailer’s use of large language models (LLMs) for customer support faced breakdowns because definitions of customer experience (CX) varied by region and role. By creating a semantic kernel, which is an enterprise ontology that maps complaints, resolution pathways, sentiment clusters, and CX metrics, the company trained its models (and its people) to reason with consistent, computable definitions. This enabled root-cause analysis and adaptive, system-wide learning that wasn’t possible in the old script-driven model.

Compliance Lesson: Define, Don’t Just Describe

Compliance teams must become architects of semantic infrastructure. That means working cross-functionally to formally define compliance concepts, risks, and obligations so that every AI, dashboard, and human team member speaks the same language, in the same way, everywhere. This is how you build “reasoning standardization” and reduce the friction, ambiguity, and risk that come with AI-driven scale.

Rulial Space: Translating Between Multiple Realities

Perhaps the most disruptive insight for compliance comes from the concept of rule-based space: the recognition that different “intelligences”—whether human teams, AI systems, or even other departments—operate under distinct rule sets, generating unique realities. Finance assesses risk through Monte Carlo simulations, operations analyze it through failure mode analysis, and AI identifies it through statistical correlations. Traditional efforts to force alignment through training or incentives may be fundamentally flawed. What is needed is translation, not assimilation.

In aerospace manufacturing, for example, friction between design engineers and LLMs led to productivity-killing standoffs. Instead of forcing one side to conform to the other, leadership installed an honest mediator: an explicit layer for mapping, negotiating, and reconciling the assumptions, rules, and heuristics of both human and AI systems. This moved the organization from “compliance by enforcement” to “compliance by comprehension,” a far more powerful and sustainable model for managing both risk and innovation.

Compliance Lesson: Become a Translator, Not Just an Enforcer

The future of compliance is not just about enforcing standards but about building systems and processes that can explicitly map and translate between different rule sets: human, machine, and hybrid. This requires cognitive compilers: protocols and infrastructure for negotiating meaning, resolving conflicts, and arbitrating outputs across diverse intelligences. The result is intelligent orchestration of more innovative, safer, and more adaptive enterprises.

Why Smarter Tools Aren’t Enough: Compliance by Design, Not Just Technology

It’s tempting to think that more innovative tools or more sophisticated AI models will solve all compliance challenges. But as the article warns, deploying intelligence as automation—without rethinking the architecture of decision environments—will leave most enterprises stuck with mediocre results. Intelligence, whether human or machine, must be designed into the very infrastructure of the organization: how decisions are made, how meaning is generated, and how value and risk are understood.

For compliance professionals, this means a dramatic expansion of your remit. You must help design the runtime environment for intelligence where learning, adaptation, and ethical execution are embedded, not bolted on. This requires technical fluency, cross-disciplinary collaboration, and a willingness to challenge the old boundaries of policy, training, and audit.

Conclusion: The Compliance Opportunity in Designed Intelligence

The transition to designed intelligence environments represents both a challenge and a once-in-a-generation opportunity for compliance leaders. Those who lean in, who help architect real-time observability, semantic formalization, and rule-based mediation, will become essential strategic partners in their organizations’ transformation. Those who don’t risk being left behind by systems they can neither see, steer, nor secure.

The era of “predict and control” is coming to an end. The age of “orchestrate and observe” is here. As compliance professionals, our calling is clear: to lead the design, governance, and stewardship of intelligence environments that are fit for the complexity and promise of AI. Only then can we ensure that innovation and integrity go hand in hand in the enterprises of tomorrow.

Join us tomorrow for Part 2, where we delve deeper into the compliance considerations.

Categories
Blog

Driving Compliance Culture: Lessons from a Skills-Based Approach to Cultural Change

Regarding compliance, the tone from the top is crucial—but culture eats tone for breakfast. Compliance professionals know that a robust compliance program is only as effective as the culture supporting it. Building and sustaining that culture, however, is no small feat. Enter the skills-based approach to cultural transformation, as laid out in Per Hugander’s article in the MIT Sloan Management Review, Take a Skills-Based Approach to Culture Change. This method provides a roadmap for embedding compliance values deeply into an organization by focusing on practical skill development and real-world problem-solving. I have adapted her skills-based approach to revolutionize compliance culture, explain why traditional methods often fall short, and provide actionable strategies for compliance professionals to lead this transformation.

Why Traditional Compliance Culture Efforts Fall Short 

Many culture-change initiatives rely on workshops, seminars, and training sessions to instill new values or behaviors. While well-intentioned, these efforts often fail to address the deeply ingrained assumptions that drive behavior. Hugander explains this through Edgar Schein’s Organizational Culture Model, which emphasizes that culture is rooted in employees’ underlying assumptions, those unconscious beliefs that determine how they think, perceive, and act.

This highlights a critical issue for compliance professionals: simply telling employees to act ethically or follow the rules isn’t enough. If underlying assumptions about risk, accountability, or success conflict with compliance values, those assumptions will prevail.

 The Skills-Based Approach: A Paradigm Shift

The skills-based approach focuses on building specific, actionable skills that directly impact critical challenges. These skills—such as perspective-taking or fostering psychological safety—are practiced in real business problems. Organizations create a feedback loop that reinforces new assumptions and behaviors by linking skill application to tangible outcomes.

For example, a compliance team could focus on enhancing perspective-taking to improve employees’ handling of ethical dilemmas. By training employees to consider different viewpoints—such as the customer, regulator, or broader community—they better understand how their actions align with the organization’s compliance goals.

Breaking the Capability Trap 

Hugander warns of the “capability trap,” a common pitfall where organizations abandon new initiatives before they yield results. This happens when the costs—time, focus, and effort—are immediate, but the rewards are delayed. To overcome this, the skills-based approach emphasizes creating short feedback loops by applying new skills to high-priority challenges. This allows employees to see the benefits of the new approach more quickly, generating momentum for change.

The capability trap might manifest in compliance when a new whistleblower program is launched but does not initially generate reports, leading leaders to doubt its effectiveness. The organization can build trust in the system and encourage broader use by coupling the program with communication training for managers and immediate action on even minor concerns raised.

Compliance Lessons from the Skills-Based Approach 

  1. Start Small, Go Deep. Hugander advocates beginning with a small team and focusing on intensive skill-building sessions tied to real challenges. This allows the team to build confidence in the new approach and generate success stories that can inspire broader adoption. This means the Chief Compliance Officer (CCO) or other compliance professional should select a pilot group, such as a high-risk department or business unit, and train them on a specific compliance skill, such as ethical decision-making or identifying conflicts of interest. Have them apply these skills to actual compliance challenges and measure the outcomes.
  2. Create Cultural Champions. Identifying and empowering influential individuals to champion new behaviors is critical. These champions provide proof of concept by demonstrating how the new skills lead to better outcomes in the organization’s context. For the CCO, work to cultivate champions within senior leadership and middle management. A senior executive might lead by example in applying transparency during a compliance audit, while a middle manager might model open discussions about ethical or integrity concerns.
  3. Link Compliance to Business Outcomes. A key feature of the skills-based approach is tying new skills to measurable business improvements. Perspective-taking and psychological safety led to increased customer acquisitions and market share in Amy Edmonson’s SEB case study. For the compliance professional, you can demonstrate how compliance initiatives support business goals. Show how enhanced due diligence processes reduce the risk of fines and improve supplier reliability, ultimately benefiting the bottom line.
  4. Address Skepticism Through Experience. Short workshops are often insufficient to win over skeptics. Instead, intensive, hands-on sessions that produce actual results are more likely to shift mindsets. Skeptics who experience success become the strongest advocates for change. Integrate compliance into strategic problem-solving sessions instead of relying solely on compliance training. This would allow the compliance function to use a compliance framework to resolve a cross-functional challenge, demonstrating its practical value.

Building Momentum for Compliance Culture Change 

The skills-based approach does not stop with a single team or project. Once initial successes are achieved, the organization can share these stories to build momentum. Hugander emphasizes the power of storytelling, using real examples to illustrate how new skills or behaviors lead to meaningful outcomes. Some strategies might be to develop case studies from early adopters of compliance initiatives within your organization. You can then share these stories through town halls, newsletters, or internal training sessions.  Finally, these success stories can be used to recruit additional teams to adopt the new compliance practices.

All of this will take a concerted effort. A one-and-done superficial effort like one-off workshops or values posters, which fail to address the deeper assumptions driving behavior, will not work. True culture change requires sustained effort, leadership buy-in, and a willingness to experiment and iterate. You must regularly assess the effectiveness of compliance initiatives through employee surveys, performance metrics, and feedback loops. Adjust strategies based on what works in practice, not just in theory.

Building a compliance culture requires more than policies and procedures; it demands a shift in the underlying assumptions and behaviors that define an organization’s operation. The skills-based approach offers a practical roadmap for achieving this transformation. By focusing on skill development, linking compliance to business outcomes, and creating cultural champions, compliance professionals can foster a culture that doesn’t just follow the rules but embraces compliance as a core value.

The journey will not be quick or easy, but the payoff of creating a resilient, ethical, and high-performing organization is well worth the effort. For compliance professionals ready to lead this charge, the skills-based approach provides the tools to turn vision into reality.

Categories
Blog

Revolutionizing Compliance with AI-Powered KPIs 

In the modern corporate landscape, traditional key performance indicators (KPIs) are struggling to meet the demands of dynamic compliance environments. These legacy metrics often fail to align operations, prioritize resources, and drive accountability toward strategic objectives. For compliance professionals, these shortcomings are particularly critical: ineffective KPIs can lead to missed risks, inefficient processes, and poor decision-making, ultimately jeopardizing organizational integrity.

In a recent article in the Sloan Management Review, entitled The Future of Strategic Measurement: Enhancing KPIs With AI, authors Michael Schrage, David Kiron, François Candelon, Shervin Khodabandeh, and Michael Chu explored these and other issues, which I have adapted for the compliance professional.  By incorporating artificial intelligence (AI), organizations are reimagining what KPIs can accomplish—not just as performance trackers but as drivers of strategic differentiation and value creation.

The Shortcomings of Legacy KPIs in Compliance

Legacy KPIs often focus narrowly on outputs, such as the number of training sessions conducted or hotline calls logged. While these metrics provide valuable data, they frequently fail to provide solid information in various ways. The first is that legacy KPIs are taken in a vacuum with no appreciation of the interconnected nature of corporate risks. Just as compliance does not (or at least should not) operate in a vacuum, risks in one area often cascade into others, yet traditional KPIs rarely reflect these interdependencies. The retrospective nature of KPIs. Metrics rooted in historical data are inherently backward-looking, limiting their utility for forecasting and proactive risk management.

Finally, corporate silos, which are a perennial challenge in compliance, and static KPIs can reinforce them rather than foster cross-functional collaboration. Legacy KPIs do not promote alignment across disparate corporate functions. These limitations hinder a compliance professional’s ability to effectively anticipate, prevent, and address misconduct.

Enter Smart KPIs: A New Era of Compliance Metrics

AI-powered KPIs offer a smarter, more dynamic approach to performance measurement. These metrics are descriptive, predictive, and prescriptive. Such metrics will allow a corporate compliance function to provide new and different insights, such as some of the following.

  • Analyze past and current compliance performance to identify gaps.
  • Anticipate future risks and compliance trends based on patterns in data.
  • Recommend actions to mitigate risks and optimize outcomes.

For example, AI can transform a traditional metric like the “number of third-party audits conducted” into a prescriptive KPI that evaluates audit results, predicts the highest risk areas, and recommends corrective actions.

Case Study: Wayfair and the Evolution of Lost-Sales KPIs

The article discussed Wayfair’s reengineering of its lost-sales KPI and offers valuable insights for compliance professionals. Initially, the retailer calculated lost sales on an item-by-item basis, but AI analysis revealed that many “lost” sales were category retentions, as customers purchased alternative items. This revelation led Wayfair to redesign its KPI to measure category-based retention. The result? Smarter metrics aligned product placement with operational constraints, improving customer satisfaction and operational efficiency.

This case study provides a clear set of lessons for corporate compliance and the compliance professional. Compliance teams can use AI to rethink KPIs that do not fully capture performance nuances. For instance, instead of merely tracking the number of training completions, a smarter KPI could evaluate behavioral changes post-training or identify employees most at risk of ethical lapses based on historical data. This, in turn, could provide greater insight into training effectiveness and how a compliance professional might think about targeted training.

KPI Governance: A Compliance Imperative 

One of the most critical aspects of AI-enhanced KPIs is governance. Organizations need robust governance mechanisms to ensure KPIs evolve with strategic objectives and maintain their relevance over time. For a compliance professional, this means several different approaches.

  1. Continuous Review of Metrics. Regularly revisiting KPIs to ensure they remain aligned with evolving regulatory landscapes and business priorities.
  2. Meta-KPIs for Quality Assurance. Developing “KPIs for KPIs” to assess their accuracy, relevance, and effectiveness.
  3. Cross-Functional Oversight. Establishing governance structures that bring together compliance, legal, and operational teams to oversee metric design and implementation.

The bottom line is that accountability for KPI performance, both the metrics themselves and the outcomes they drive, must be embedded into the compliance framework.

How AI Enhances Compliance KPIs

AI-enhanced KPIs bring new capabilities to compliance programs in three key manners. First, in risk anticipation. Predictive KPIs can identify emerging compliance risks, such as regulatory changes, third-party risk management, or shifts in employee behavior, enabling proactive mitigation. The second area is holistic insights. By analyzing data across functions, AI can uncover hidden correlations, such as how employee hotline reports, visits to the compliance department website, or even the number of requests to FAQs might signal compliance risks in supply chain operations. Finally is the area of targeted recommendations. Prescriptive KPIs can suggest specific actions, like prioritizing high-risk vendors for audits or tailoring training to address observed knowledge gaps. For example, AI could analyze whistleblower reports alongside financial data to identify patterns indicative of systemic fraud, providing actionable insights for remediation. 

 This more holistic approach also addresses one of the key risk areas around KPIs: stagnate KPIs. The 2008 financial crisis underscores the dangers of relying on outdated KPIs. Banks’ dependence on “value at risk” metrics, which failed to account for the growing influence of subprime mortgages, contributed to catastrophic losses. Compliance professionals must guard against similar pitfalls by regularly challenging assumptions underpinning legacy KPIs. AI can aid in this process by continuously analyzing data to reveal when a metric is no longer fit for purpose.

Steps to Implement Smarter Compliance KPIs

Compliance professionals can take the following steps to transition from legacy to AI-enhanced KPIs.

  1. Audit Existing KPIs. Assess whether current metrics adequately capture compliance risks and align with strategic objectives.
  2. Leverage AI for Data Analysis. Use AI tools to uncover hidden patterns in compliance data, such as correlations between employee turnover and ethics violations.
  3. Collaborate Across Functions. Work with IT, legal, and operations teams to ensure KPI redesigns reflect organizational priorities.
  4. Invest in Training and Culture. Equip compliance teams with the skills to interpret and act on AI-generated insights while fostering a culture of data-driven decision-making.
  5. Monitor and Improve KPIs. Establish processes for ongoing KPI evaluation, ensuring they evolve alongside regulatory and stakeholder input and business changes.

Challenges and Ethical Considerations 

While AI-enhanced KPIs offer immense potential, they also present challenges. These challenges include some of the following. Just as with more generative AI, algorithms can be biased. AI models are only as unbiased as the data on which they are trained. Compliance teams must ensure that their AI systems uphold principles of fairness and equity. Always remember the Human in the Loop to preclude over-reliance on AI. While AI can inform decision-making, it should not replace human judgment. Compliance professionals must strike a balance between algorithmic insights and ethical considerations. Finally, there are data privacy concerns. Collecting and analyzing large datasets for KPI development must comply with data privacy regulations.  

Conclusion: The Future of Compliance Metrics 

The rise of AI-enhanced KPIs marks a paradigm shift in measuring and managing compliance performance. By embracing smarter, more dynamic metrics, compliance professionals can gain deeper insights, anticipate risks, and drive better outcomes.  Much like Wayfair and other forward-thinking organizations, compliance teams must be willing to challenge the status quo, leverage technology, and prioritize continuous improvement. The era of static, backward-looking KPIs is over. In its place is a future where smart KPIs enable compliance functions to not only measure performance but actively enhance it—turning compliance from a cost center into a source of strategic value. The question is not whether your organization should adopt AI-powered KPIs but how soon your compliance program can reap the benefits. The time to act is now.

Categories
Blog

Ethical Conduct Through Psychological Safety: Part 1 – Introduction

What is perhaps one of the most recognizable movie themes of all-time? One that certainly falls into that category is the James Bond theme, written by Monty Norman, who recently passed away. According to his New York Times obituary, Norman took the job only because the producer, Chubby Broccoli, offered him a trip to Jamaica to watch some of the filming, in addition to more traditional monetary compensation. Norman was “struggling to come up with the theme, he said, until he remembered a song called “Bad Sign, Good Sign,” from an unproduced musical version of the 1961 V.S. Naipaul novel, “A House for Mr. Biswas,” on which he and a frequent collaborator, Julian More, had worked.” However, the opening line had an “Asian inflection and relied heavily on a sitar, but Mr. Norman “split the notes,” as he put it, to provide a more staccato feel for what became the theme song’s famous guitar riff. Norman said, “And the moment I did ‘dum diddy dum dum dum,’ I thought, ‘My God, that’s it. His sexiness, his mystery, his ruthlessness — it’s all there in a few notes.” (Listen to the James Bond theme here.)
I was reminded of the psychological nature of this great movie theme when reading a recent article in the MIT Sloan Management Review, Summer edition, entitled “Fostering Ethical Conduct Through Psychological Safety” by Antoine Ferrère, Chris Rider, Baiba Renerte, and Amy Edmondson. In this article, the authors asked such questions as “How do organizations encourage people to speak up about ethical breaches, whether inadvertent or deliberate?” and “Why do some employees choose to remain silent when others report misconduct?” Additionally, they “analyzed the perceptions of those who report misconduct against those of “silent bystanders” to help “better understand both the drivers and derailers of speaking up — and revealed insights into how leaders and compliance officers can encourage employees to make such reports.’”
The authors believe today, “it is more essential than ever that when misconduct happens or difficult problems arise, there is a strong ethical climate for surfacing information so that leaders can respond quickly and appropriately. An environment in which employees feel comfortable reporting such issues is also vital to preventing future misconduct.” Over the next couple of posts I will be exploring this article and some of the issues it raises. In Part 1, we look at what questions you should consider to determine the amount of psychological safety in your organization.
The starting point for any analysis for psychological safety is with one of the authors, Amy Edmondson herself and her seminal work The Fearless Organization. The authors began by modifying her original 1999psychological safety scale to emphasize a specific focus on employees speaking up. Interestingly, they added “the idea of thinking before speaking up in the hope of measuring hesitation.” They did so to “capture comfort levels in speaking up, based on the intuition that in a psychologically safe climate, people tend to say something right away, and when they don’t feel psychologically safe, they are more likely to keep incidents to themselves.”
By looking at how psychologically safe an organization is, the authors posited they could then  measure variance in psychological safety across teams and regions by surveying employees. They believed that this approach would allow them to then “focus efforts on teams who need the most help and to identify teams whose psychologically safe cultures may offer examples from which other teams can learn.” To do so the authors’ developed a survey which asked the following, “on a scale from 0 (completely disagree) to 10 (completely agree), their level of agreement with the following statements:”

  • On my team, if you make a mistake, it is often held against you.
  • Members of my team are able to bring up problems and tough issues.
  • People on my team sometimes reject others for having different views.
  • It is safe to take a risk on my team.
  • It is difficult to ask other members of my team for help.
  • I tend to think about how raising a concern will reflect on me before speaking up.

Interestingly, the authors acknowledged relationship to whistleblowing, in the context of both psychological safety and an ethical business, they strove to make clear “an important distinction between external whistleblowing and those who speak up about perceived misconduct at work.” Moreover, recognizing the vital role external whistleblowers play in the detection prong of any best practices compliance program, if a whistleblower goes to the Securities and Exchange Commission (SEC) or other external actors, it is almost always because “they felt their concerns could not be expressed, heard, and addressed internally.” The authors believe that a “healthy organizational culture is one in which speaking up and listening go hand in hand and thereby reinforce ethical standards. If concerns are expressed, changes can be made in a timely way.” This is important because it moves from the detect prong to the prevent prong, which is by far the more important and effective prong in any compliance regime. Further ideas or innovations, rather than simply reporting of untoward actions, can make a company more efficient and more profitable. All of this means that if there truly is psychological safety a company can receive far more benefits than simply monetary fine or penalty avoidance.
Join us tomorrow in Part 2 where we consider the role of psychological safety and moving it through an organization.

Categories
Blog

Innovation in Compliance: Getting Culture Right

This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to head in a different direction and provide some guidance on getting your organization’s culture right.
As most readers will recall, a very large part of Deputy Attorney General Lisa Monaco’s October 2021 speech dealt with corporate culture. Regarding culture, Vin DiCianni, founder of Affiliated Monitors, Inc. (AMI), said of Monaco’s remarks, the “announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture is now paramount. Chief Compliance Officers (CCOs) need to focus on growing corporate culture to build the ethical foundation for a successful compliance program.
In the most recent MIT Sloan Management Review issue, Donald Sull and Charles Sull penned an article entitled “10 Things Your Corporate Culture Needs to Get Right”, in which they posited that “knowing what elements of culture matter most to employees can help leaders foster engagement as they transition to a new reality that will include more remote and hybrid work.” It is an excellent review of some of the key elements around corporate culture and how CCOs can move forward to lay the foundation of one.
In the piece the authors explored “What distinguishes a good corporate culture from a bad one in the eyes of employees?” Of course, culture always starts at the top but unfortunately, the authors noted that “an organization’s official core values signal top executives’ cultural aspirations, rather than reflecting the elements of corporate culture that matter most to employees.” It is only by listening to what employees want that you can begin to understand how to improve culture. The authors found 10 key elements of culture that mattered most to employees.

  1. Employees feel respected. Employees are treated with consideration, courtesy, and dignity, and their perspectives are taken seriously. This is by far and away the most important factor and “the single best predictor of a company’s culture score is whether employees feel respected at work. Respect is not only the most important factor, it stands head and shoulders above other cultural elements in terms of its importance. Respect is nearly 18 times as important as the typical feature in our model in predicting a company’s overall culture rating, and almost twice as important as the second most predictive factor.” The implications of this finding go to communications and a speak up culture and how they might be used by a compliance function.
  2. Supportive leaders. Leaders help employees do their work, respond to requests, accommodate employees’ individual needs, offer encouragement, and have their backs. Here the authors found “Employees describe supportive leaders as helping them do their work, being responsive to requests, accommodating employees’ individual needs, offering encouragement, and having their backs. Leaders, of course, influence all aspects of culture, but being a source of support for employees is especially critical and is the leadership trait most closely associated with a highly rated culture.” This ties back into the respect finding and also ties into a speak up culture and trust at an organization.
  3. Leaders live core values. Leaders’ actions are consistent with the organization’s values. While the regulators focus on this issue, employees need to see leaders not simply espousing words but actually doing deeds. Perhaps most interestingly, “Employees don’t expect leaders to live the core values, but they appreciate it when they do.”
  4. Toxic managers. Leaders create a poisonous work environment and are described in extremely negative terms. Nothing will kill culture faster than a toxic manager. From the compliance perspective, this can be a disaster for not only does a toxic manager poison the atmosphere of those around them, but also those who train under him or her will garner their toxic approach as a role model.
  5. Unethical behavior. Managers and employees lack integrity and act in an unethical manner. Once again this can portend a disaster for an organization. Integrity is the cornerstone of most organizations’ official culture and “Identifying toxic leaders, digging deeper to understand the context of their behavior, coaching them, or removing them from leadership positions are tangible actions organizations can take to root out people who are undermining corporate culture and potentially exposing the company to reputational or legal risk.”
  6. Benefits. Employees’ assessment of all employer-provided benefits. While initially this might not seem like a compliance issue, when you look at the DOJ mandate for corporate compliance to be the bearer of institutional justice and institutional fairness you begin to see the connection. Perhaps most interesting is that “benefits are more than twice as important as compensation. Benefits are important for all employees, but which benefits matter most depend on an employee’s job. Health insurance and benefits are a better predictor of culture rating for front-line workers, while retirement benefits such as 401(k) plans and pensions matter more for white-collar employees.”
  7. Perks. Employees’ assessment of workplace amenities and perks. This finding once again calls the CCO around institutional fairness and ties into the importance of talent attraction, acquisition and retention. Here the most interesting item I found for compliance was that “Among perks, company-organized social events are a particularly strong predictor of a high culture score. Even when you control for how employees talk about perks in general, social events like team-building exercises, happy hours, and picnics emerge as a reliable predictor of a high culture score. Organizing social events is a promising and relatively low-cost way executives can reinforce corporate culture as employees return to the office.” This provides insights on ongoing communications about compliance in the post-pandemic world.
  8. Learning and development. Employees’ assessment of opportunities for formal and informal learning. This finding also portends well for compliance in terms of both formal and information compliance training and messaging.
  9. Job security. Perceived job security, including fear of layoffs, offshoring, and automation. Most compliance functions do not consider job security as part of corporate culture. However, the authors note, “Job insecurity, however, weighs heavily on employees’ minds when they assess corporate culture. The larger the percentage of employees who talked about layoffs, outsourcing, or the possibility of getting fired, the lower the company ranked on culture.”
  10. Reorganizations. How employees view reorganizations, including frequency and quality. I found this not too surprising, but the authors did note, “Virtually no one has any good things to say about reorganizations.” Further, “the fewer people who mention reorganizations, the higher a company’s culture score. While you might associate the mention of reorganizations with layoffs and job instability, the data reveals that employee concerns on this issue speak to wider strategic issues for companies.”

CCOs and compliance functions face a series of challenges while navigating the post-COVID-19 return to work. Through corporate culture, companies must maintain a healthy culture as mandated by the DOJ. The authors conclude, “Understanding the elements of culture that matter most to employees can help leaders maintain employee engagement and a vibrant culture as they transition to the new normal.”
Please join us tomorrow where we will look at why you need a career coach in compliance.