Compliance Frameworks Miss Invisible Forces, but They Matter the Most

Every compliance framework rests on an assumption so fundamental it rarely gets examined: If you design the right rules, people will follow them.

The assumption is understandable. Rules are visible, auditable and enforceable. They give compliance professionals something concrete to point to. And for straightforward, predictable behaviors in stable environments, they work reasonably well.

But organizations are not straightforward or stable. They are complex, dynamic systems in which behavior emerges from the interaction of forces most compliance frameworks are not designed to see. Rules address the visible surface. The forces that actually drive behavior operate beneath it, largely invisible, largely unexamined and far more powerful than any policy document.

This is not a criticism of compliance professionals. It is an observation about the limits of the tool most commonly used and a case for adding something to it.

What frameworks typically examine

A well-designed compliance framework will cover regulatory requirements, internal policies, audit procedures, risk controls and escalation mechanisms. These are necessary. The problem is what they structurally cannot reach.

Peter Senge, whose work on organizational learning has influenced management thinking for 35 years, identified the concept of mental models, the deeply ingrained assumptions and beliefs that shape how people act, often invisibly and often in direct contradiction to stated policies. Organizational mental models, the collective assumptions embedded in how decisions actually get made, who genuinely gets heard and what behavior is tacitly rewarded regardless of what the policy says, are particularly powerful and particularly difficult to surface.

A compliance framework addresses the espoused rules. The mental models determine the actual behavior. When they conflict, the mental models win every time.

Compliance

Future-Proofing Global Compliance Policies

by Steph Holmes

April 28, 2026

Why compliance leaders must shift from a “document-first” to a “data-first” philosophy in the AI era

Read moreDetails

The invisible forces

Consider a fast-growing engineering company that expanded from several hundred to several thousand employees in under five years. Over the same period, it developed a troubling record of serious safety incidents. The compliance frameworks were in place. Safety protocols existed. Audit procedures ran. And yet the system produced outcomes nobody designed.

I found myself wondering about the relationship between the growth and the incidents. Not as an accusation but as a genuine systems question. What happens to a culture when the pressure for growth becomes the dominant force shaping every decision? How does that hunger for expansion show up in how safety protocols are actually followed on the ground? How does it affect whether newer employees feel confident raising concerns? How does it shape what a middle manager does when speed and safety come into tension at 4 p.m. on a Friday?

Nobody designed the safety failures, but the system produced them. And I would be surprised if the invisible force driving the system, the impatience for growth at pace embedded in leadership behavior, culture and reward structures, had ever appeared as a named, examined factor in any compliance review.

This is what compliance frameworks tend to miss: the system of unexpressed forces that shapes behavior far more reliably than any policy. The unspoken beliefs of the leadership team. The gap between stated values and actual reward structures. The things everyone knows but nobody says. These are not weaknesses to be managed through better rules; they are system forces that need to be understood.

Why rules alone are insufficient

The research on this is consistent and sobering. There is a well-documented gap between espoused theory, what organizations say they believe and require, and theory-in-use, what their actual behavior reveals. Executives claim they want honest escalation of concerns while subtly punishing those who raise them. Policies mandate transparency while meeting dynamics suppress dissent. Compliance training emphasizes integrity, but reward structures incentivize the opposite.

When these forces are in tension, the invisible ones win. This isn’t because people are malicious, but because the system they inhabit sends clearer signals through incentives, norms and leadership behavior than any compliance document can overcome.

This creates a specific problem for risk and audit professionals. You can design a control environment of great sophistication and still miss the most significant risks, because those risks are not in the processes you are auditing. They are in the invisible system operating beneath the processes.

Making the invisible visible

The compliance function has a genuine opportunity here, one that extends its value well beyond traditional audit and control work. The question is how to surface the invisible forces that no framework currently reaches.

Systems thinking, applied practically, offers a methodology for doing precisely this. Not systems thinking as abstract theory, which has been intellectually compelling but operationally elusive for decades but systems thinking made tangible: where leadership teams can build physical representations of the forces actually shaping their organization, including the ones that never appear in a compliance document.

An approach I have developed integrates three methodologies specifically for this purpose. Teams use popular building blocks to make three-dimensional physical representations of the forces operating in their system. Impatience as a named agent in the model. A belief about what leadership really rewards. A fear of honest escalation. These stop being unspoken and become discussable, because they are no longer attached to any individual. They sit on the table, open to collective inquiry.

Senge’s “Fifth Discipline” provides the conceptual framework for understanding what you are looking at. And dialogue, in the tradition of David Bohm, creates the conditions for genuinely honest conversation about what the model reveals, the kind of conversation that defensive routines normally prevent.

The result is not a replacement for compliance frameworks. It is a complement to them: a way of examining the system of forces that operates beneath those frameworks and that determines whether they work in practice or only on paper.