In recent decades, corporate compliance programs have become ubiquitous across large organizations. Firms now invest significant resources in compliance infrastructure, often spurred by enforcement actions, regulatory expectations, and the prospect of mitigation credit in the event of misconduct. Yet despite these investments, high-profile corporate compliance failures continue to occur with troubling regularity. These failures raise a fundamental question: whether the prevailing enforcement-driven model of compliance is actually well suited to preventing misconduct and promoting ethical organizational behavior.

In Purpose-Driven Compliance (forthcoming, Texas A&M Law Review), I argue that today’s dominant approach to compliance—one that is largely reactive to enforcement priorities and premised on the acceptance of imperfect compliance—may be inherently limited. Modern compliance programs are frequently designed around the priorities of regulators and prosecutors, rather than the firm’s own mission, risk profile, and ethical commitments. As a result, compliance efforts may be misaligned with the most significant risks organizations actually face, while simultaneously normalizing small amounts of misconduct that can later escalate into more serious violations.

The Article traces the origins of enforcement-driven compliance to developments in the 1990s, including Caremark, law-and-economics scholarship on self-policing, and the emergence of corporate enforcement policies that reward firms for adopting formal compliance programs. These interventions succeeded in motivating firms to build compliance infrastructures, but they also embedded two core assumptions: that enforcement incentives are the primary drivers of effective compliance, and that perfect compliance is unattainable and therefore unnecessary. Over time, these assumptions have shaped compliance programs that prioritize external expectations over internal norms and tolerate certain levels of misconduct as inevitable. (more…)