Purpose-Driven Compliance

In recent decades, corporate compliance programs have become ubiquitous across large organizations. Firms now invest significant resources in compliance infrastructure, often spurred by enforcement actions, regulatory expectations, and the prospect of mitigation credit in the event of misconduct. Yet despite these investments, high-profile corporate compliance failures continue to occur with troubling regularity. These failures raise a fundamental question: whether the prevailing enforcement-driven model of compliance is actually well suited to preventing misconduct and promoting ethical organizational behavior.

In Purpose-Driven Compliance (forthcoming, Texas A&M Law Review), I argue that today’s dominant approach to compliance—one that is largely reactive to enforcement priorities and premised on the acceptance of imperfect compliance—may be inherently limited. Modern compliance programs are frequently designed around the priorities of regulators and prosecutors, rather than the firm’s own mission, risk profile, and ethical commitments. As a result, compliance efforts may be misaligned with the most significant risks organizations actually face, while simultaneously normalizing small amounts of misconduct that can later escalate into more serious violations.

The Article traces the origins of enforcement-driven compliance to developments in the 1990s, including Caremark, law-and-economics scholarship on self-policing, and the emergence of corporate enforcement policies that reward firms for adopting formal compliance programs. These interventions succeeded in motivating firms to build compliance infrastructures, but they also embedded two core assumptions: that enforcement incentives are the primary drivers of effective compliance, and that perfect compliance is unattainable and therefore unnecessary. Over time, these assumptions have shaped compliance programs that prioritize external expectations over internal norms and tolerate certain levels of misconduct as inevitable.

Drawing on behavioral ethics, organizational behavior, and corporate governance theory, the Article challenges these assumptions and proposes an alternative framework: purpose-driven compliance. Under this approach, compliance programs are oriented around three central features: (1) the firm’s purpose, (2) the inherent risks associated with pursuing that purpose, and (3) the ethical standards the firm seeks to uphold. Enforcement expectations remain relevant, but they no longer define the ceiling of a firm’s compliance ambitions. Instead, organizations are encouraged to adopt more aspirational, proactive compliance strategies that reflect their own values and long-term objectives.

Purpose-driven compliance builds on, rather than replaces, existing compliance infrastructures. It calls on firms to use the sophistication they have already developed to create systems that meaningfully discourage misconduct (even when that misconduct is outside current enforcement priorities), strengthen ethical culture, and better align compliance priorities with business realities. In doing so, the approach aims to reduce repeat offenses, mitigate long-term risk, and foster more sustainable and credible governance practices.

The full paper, Purpose-Driven Compliance, is available here.