Anti-Best Practices: What Compliance Gets Wrong

Compliance Programs Can Make Things Worse — And That's Worth Acknowledging

• Most compliance professionals are conditioned to focus exclusively on improvement, which creates a blind spot: the possibility that existing interventions are actively generating negative outcomes.
• Approaching program design with the question "how would I make this worse?" is a powerful diagnostic exercise that surfaces unintended consequences that forward-only thinking misses.
• Honest self-assessment is not a sign of program weakness — it is the foundation of continuous improvement and the starting point for meaningful behavior change.

Information Overload Is a Design Failure, Not a Feature

• Compliance training that leads with regulatory history, exhaustive policy detail, and comprehensive legal context prioritizes the practitioner's knowledge base over what employees actually need to retain and act on.
• The BLUF (Bottom Line Up Front) principle offers a practical corrective: distill every communication to its most essential message first, then provide additional context only for those who need it.
• When all training feels equally dense, employees lose the ability to distinguish what truly matters — and the signal-to-noise ratio of your entire program collapses as a result.

Training Is Not a Universal Solution to Non-Compliance

• Training is an effective intervention when the root problem is a genuine knowledge gap — but deploying it in response to incentive-driven non-compliance signals that compliance doesn't understand the pressures employees are actually operating under.
• When employees are structurally incentivized to behave in ways that conflict with policy, additional training not only fails to close the gap but can erode program credibility by appearing out of touch.
• Before deploying any intervention, compliance professionals should ask what specific problem they are trying to solve and whether training is the right tool to solve it.

Zero-Tolerance Language Undermines the Programs It's Meant to Strengthen

• When organizations declare zero tolerance for behaviors that employees know — from direct observation — are sometimes overlooked or selectively enforced, those declarations read as dishonest and damage the credibility of the entire compliance function.
• Zero-tolerance messaging can have a chilling effect on speak-up culture by signaling that any involvement in a reported situation, even as a reporter, carries existential career risk.
• A more effective framing acknowledges organizational reality: "we take these matters very seriously, we investigate them thoroughly, and we act on what we find" is both credible and actionable in a way that absolutist language is not.

Negative Social Proof Is One of the Most Destructive Forces in Compliance Communications

• When compliance communications highlight what employees are not doing — through broadly distributed reminder emails, highlighted completion gaps, or visible lists of non-completers — they inadvertently communicate that non-compliance is common and socially acceptable.
• The behavioral science principle of social proof means that people take behavioral cues from perceived majorities; showing employees a list of forty non-completers when nine hundred and sixty have already complied skews their mental model of what's normal.
• Compliance professionals should default to communicating what the majority is already doing correctly, reserving problem-focused messaging for targeted individual outreach that does not reveal the broader pattern of non-compliance.

Consistency in Compliance Branding Can Homogenize What Should Be Differentiated

• Applying marketing-style brand consistency to all compliance communications — uniform aesthetics, identical formats, standardized training length — flattens the distinctions between obligations that are critical and those that are merely procedural.
• When every communication looks and feels the same, employees lose the ability to calibrate their attention, and the compliance function loses its most important tool: the ability to signal which things truly matter.
• Strategic variation in format, tone, length, and presenter can serve as a form of prioritization — reserving heightened production and visible senior sponsorship for the issues that genuinely require it.

The Curse of Knowledge Distorts How Compliance Professionals Communicate

• Once a compliance professional has internalized the regulatory landscape, it becomes nearly impossible to remember what it feels like not to know it — a cognitive bias known as the curse of knowledge that systematically distorts the content and tone of communications.
• Employees who have never filed a whistleblower report, reviewed a SAR, or navigated a conflict-of-interest disclosure need communications designed around their actual experience, not the practitioner's familiarity with how those processes work on the back end.
• Designing compliance interventions requires deliberate effort to inhabit the perspective of the target audience — including their level of familiarity, their competing priorities, and the degree to which compliance feels relevant to their day-to-day role.

Attendance and Completion Metrics Are Necessary but Not Sufficient Measures of Program Effectiveness

• Training attendance is a prerequisite for learning, but it is not evidence of it — and the compliance industry's reliance on completion rates as a proxy for program impact creates a false sense of assurance.
• Effective measurement requires asking what behavioral change the intervention was designed to produce and identifying leading indicators that give some signal of whether that change is occurring in practice.
• The invisibility of ethical decisions — employees will rarely report the violations they chose not to commit — makes compliance outcomes inherently difficult to measure, which is all the more reason to be honest about the limitations of the metrics currently in use.

Compliance Program Design Should Embrace Experimentation, Not Defend the Status Quo

• Treating compliance interventions as experiments rather than solved problems creates the psychological and organizational conditions needed to identify what isn't working before it causes harm.
• A program that acknowledges it is iterating — rather than claiming to have definitively solved human behavior — is more credible to business stakeholders and more likely to earn the trust needed to drive real cultural change.
• Every compliance intervention carries positive intended effects and negative unintended side effects; naming those trade-offs honestly, at least internally, allows practitioners to monitor for failure and course-correct before problems compound.

The EAST Framework Offers a Practical Behavioral Design Lens for Compliance Professionals

• The EAST framework — developed by the UK's Behavioral Insights Team — provides a four-part diagnostic for evaluating whether compliance interventions are designed around how people actually behave: Easy, Attractive, Social, and Timely.
• Making desired behaviors easy reduces friction; making them attractive increases engagement; leveraging positive social proof normalizes compliance; and timing communications to moments of relevance dramatically increases the likelihood they will land.
• As AI reshapes organizational workforces and the remaining human roles become more judgment-intensive and ethically complex, the behavioral science skills encapsulated in frameworks like EAST will become more — not less — central to the compliance function's value.

Conclusion