Using the power of organizational change in compliance efforts

The burden placed on companies in the compliance space is growing exponentially. In the past year, as companies have ramped up artificial intelligence policy efforts, they have been met with mind-bending legal developments and changes. There seem to be daily reminders that traditional — slow — approaches to compliance development will not work. 

Take, for example, rote training about what not to put in AI tools. Stories and experience abound with personnel who ignore the training and then create a product that is not protectable, infringes on others' rights, or is inaccurate or inappropriate. 

What about aspirational policies like "do not use AI tools in your work?" As a result of these aspirational — and impractical — policies, some personnel engage in workarounds. A favorite is the employee who was told not to use AI on their work computer, so their personal device runs alongside their work computer all day. And on the personal computer, they conduct all their AI tasks. A lotof AI tasks.  

The problem and a solution 

These techniques can be worse than ineffective. They can increase risk. This is especially true in litigious regions like the United States, where plaintiffs' attorneys use deceptive trade practice and other laws to bring cases in the absence of clear legal guidance. 

Regulators may take this approach as well. When they do, they often point to the ineffectiveness of a company's compliance program to try to hold the company liable — for example, arguing a company should be held accountable for inappropriate AI output because of ineffective training. Or, that a company had participated in the "bad acts" of its employees because its policies were unworkable.  

This environment creates a volatile, uncertain, complex and ambiguous — often referred to as VUCA — business case. The discipline of organizational change can be of great help with VUCA problems. Professionals in the field of organizational change, a field of behavioral science that focuses on how companies change, have developed many tools perfectly designed to help compliance professionals. 

Companies can develop workable, practical programs using five steps that can be remembered as the APPLY method: align the why to the business; pause, don't rush to solutions; pick allies early and often; look for alternative approaches; and yield to learning, be prepared to fail. 

Each of the five steps is based on behavioral science research and incorporates organizational change tools. Programs that are developed in this way are more likely to stand up to scrutiny from regulators and during litigation. And even better, they are more likely to actually work.

The power of legal privilege

In implementing this process, multinationals with U.S. operations should be cautious about developing programs that are not done under attorney-client privilege. If they do, they may create "smoking gun" documents in litigation — in particular if, for whatever reason, the program is not adopted as initially planned. 

With this in mind, the following five APPLY steps could lead to a world of compliance without tears. 

Step one: Align the why to the business

The first step in the APPLY approach is to align compliance goals and vision with that of the company. It will be easier to persuade leaders, enlist an army of support and get funding if others in the company can see how compliance will help with their needs. Tie compliance vision to the way the company is trying to make money. 

A company with an underlying mission to make the world's data accessible, will have a very different approach than one whose mission is to be the place of trust. Both companies can achieve compliance, but their approach to decisions will be different. 

What not to do? Bring the same policies and procedures used in previous roles to a current role. 

Step two: Pause, don't rush to a solution

Compliance professionals are called on to solve problems on a daily basis. Teams rely on their quick responsiveness. This is an admirable trait, and the best compliance professionals are those who can swiftly resolve problems. 

But when designing an overall compliance approach, speed can backfire. Organizational change teaches us to stay in the problem a lot longer than may feel comfortable. Think about it as discovery in a legal case, rather than a trial. During a trial, we only ask questions with known answers. In discovery, on the other hand, our goal is learning. Asking open-ended questions with an open mind is most likely to uncover potential solutions. 

Just beware of overwhelming stakeholders. Balance what can be learned from sources otherthan business teams at this stage. 

Step three: Pick allies, early and often

Stakeholder support will be needed throughout the compliance process. In discovery, people who have their hands on the facts will be needed. When developing potential solutions, the support of people who understand how the company works is beneficial. Will the solutions proposed really solve the problems? 

And when launching new compliance initiatives, engaging a "volunteer army" to support and advocate the change is needed. It's one thing to know who stakeholders are and to seek their support. But it takes a different skill set to actually get that support. Organizational change tools — including stakeholder mapping, culture analysis, communications plans, journeys and more — can help. 

Step four: Look for alternative approaches

Selecting a solution to a problem can mean using political capital. And as compliance professionals, it's hard to use that capital and realize the approach is not working. Organizational change research shows, though, that planning failure can be a powerful solution. 

Begin with the presumption that failure will happen, and consider the potential solution a "test." Or, select three different approaches, launch them all for a short time frame, and ask stakeholders to select their favorite. 

Even if it is anticipated the solution will work, build into the roadmap a check-in to make sure it did. Regulators will often test and examine compliance programs to see if they actually work to address the legal issue or risk. What better way to show it is working than to demonstrate that part of the program is this kind of effectiveness test?

Step five: Yield to learning, be prepared to fail

Finally, and relatedly, be ready to fail. Not all programs will go smoothly. Compliance requires organizations to change: it is the quintessential organizational change. And organizational change research shows that the majority of change efforts fail. 

Design with this in mind and rely on tools that have been developed by organizational change researchers and professionals to get programs back on track. These include conducting "pre-mortems" to look for where things might go wrong beforea launch. It also includes celebrating small wins to maintain momentum and interest in the change effort, and means creating the psychological safety to let people feel comfortable identifying and learning from failure. 

Lastly, circle back to the beginning. Is the connection between the vision of the compliance effort and that of the company sufficiently strong? If not, examine ways to emphasize the link to keep people motivated.

Conclusion

The APPLY method can help companies focus on creating practical, privileged and actionable compliance programs. Using this method, keep in mind several key practices, including celebrating small wins, creating psychological safety, and using the protection of attorney-client privilege. 

Finally, remember laws are going to change rapidly. A principles-based approach will make efforts much easier than attempting to design a program that integrates and memorializes every legal requirement.