Lean Compliance: A Founder's Reflection

I often think about the future of Lean Compliance, especially lately as I feel compliance is approaching a turning point, where we’ve always been heading but now faster due to AI.

In this article, I consider the future of Lean Compliance in the context of where regulators are heading, where industry is at, what industry now needs, and what Lean Compliance offers.

Navigating this space has not only shaped our company's direction but also highlighted the fundamental challenge facing compliance professionals today:

The Vision Behind Lean Compliance

I founded Lean Compliance (2017) because I saw an industry trapped in an outdated paradigm. Too many organizations treat compliance as a documentation exercise—paper-based, procedural, reactive. They've built systems around checking boxes rather than meeting obligations and managing actual risk.

Now, this was not necessarily their fault. Regulations, a significant source of obligations, were for the most part rules-based and prescriptive enforced by adherence audits. However, obligations were changing and organizations needed a different approach to how compliance and risk should be managed.

Our goal was to support the inevitable transition toward performance and outcome-based obligations, helping companies move beyond mere documentation toward demonstrating real progress in advancing obligation outcomes.

We recognized that compliance should be integrated into business operations right from the start, rather than treated as a separate function in need of future integration.

In addition, we saw how effective compliance could enable organizations operate with greater confidence when they genuinely understood and managed their risks, which is primarily a proactive and integrative behaviour.

Where Regulators Are Leading

Regulators have been signalling a clear direction for several decades, particularly in high-risk sectors. They're moving away from prescriptive, one-size-fits-all requirements toward performance and outcome-based obligations that focus on effectiveness over process, assurance over documentation, and managed risk over compliance theatre.

This paradigm shift presents opportunities for organizations that can adapt to these changing expectations. Those that can demonstrate real effectiveness in realizing obligation outcomes—rather than just following procedures—will find themselves better positioned as regulations continue to evolve.

Where the Market Remains

Yet most organizations (along with external auditors) are still entrenched in paper-based and procedural compliance even when performance and outcome-based obligations are specified.

While there is comfort in the known, viewing everything through a prescriptive lens prevents organizations from realizing the benefits of being in compliance. This contributes to why many who pass audits and achieve certifications seldom improve the object under regulation: safety, security, sustainability, quality, legal, and now responsible AI obligations.

The market reflects this reality in what it's asking for: technology-first solutions that promise productivity improvements without fundamental change. Companies want tools that take away reactive pain—the scramble to respond to audit findings, the stress of regulatory examinations, the endless documentation requirements. They're looking for ways to do what they've always done, just faster and with less manual effort.

This creates both opportunity and challenge. While there's clear appetite for improvement, there's resistance to the deeper transformation that truly effective compliance requires.

The Territory We Inhabit

Lean Compliance operates in the space between regulatory direction and market reality. Rather than being another consulting company promising incremental improvements, we focus on bridging this gap through awareness, education, transformation, and community building.

We've found that many organizations simply aren't aware of how significant the gap has become between their current practices and regulatory and stakeholder expectations. Our work often begins with helping them understand where they stand and what opportunities exist.

The educational component has proven essential because many don't know what being proactive, integrative or operational looks like in practice. Sustainable change requires obligation owners who understand both the rationale behind obligations along with how to operationalize it. We're not just implementing disconnected controls—we're building systems that deliver on compliance.

The transformation programs we created provide structured approaches for moving from procedural to operational compliance. This involves more than new tools—it requires rethinking governance, programs, systems, and processes, and often rebuilding organizational culture around continuously meeting obligations and keeping promises.

We're also working to build a community of practice among compliance professionals who are navigating similar challenges. This community serves as a source of continued learning and peer support as the profession evolves.

Looking Ahead

The gap between regulatory expectations and current market practices continues to widen. Organizations that remain focused on paper-based, procedural approaches will continue to struggle as regulators increasingly demand evidence of effectiveness rather than just documentation.

This challenge becomes particularly evident when considering emerging obligations from AI regulations and stakeholder expectations. Meeting these obligations using paper-based, procedural compliance simply won't be enough. Compliance will require demonstrating actual performance and outcomes—how AI systems behave in practice, not just what policies exist on paper. This reality further highlights the need for operational compliance approaches.

There seems to be increasing recognition that compliance needs to evolve toward operational approaches—where organizations invest in building systems that deliver on promises to meet obligations rather than on documentation alone. Increasingly more are beginning to view compliance as increasing the probability of meeting business objectives rather than simply constraining them.

The question is not whether, but rather how long will industry continue in its reactive, siloed, and procedural ways before it embraces the shift toward operational compliance? And will this now be shortened due to AI?

The organizations that embrace operational compliance now will be better positioned to turn meeting obligations into business advantages while preserving value creation. This shift offers an opportunity to move from reactive to proactive approaches, where compliance supports rather than hinders business objectives.

This transformation needs informed leadership and new approaches to compliance, which we’ve been preparing for over the past decade. This is why Lean Compliance is uniquely positioned to guide organizations through this critical transition.

At Lean Compliance, we're always looking to connect with organizations and professionals grappling with these same tensions. If you're interested in exploring what operational compliance means for your specific context, let's start the conversation.