For decades, compliance programs have relied on metrics such as training completion rates, policy attestations, and hotline reports to demonstrate effectiveness. While these measures remain important, they often tell organizations what has already happened rather than helping them understand what risks may emerge next.
That challenge was the focus of LRN's recent webinar, Compliance Powered by Data: Driving Smarter Risk Decisions with Real-Time Insights, featuring Manal Elmoutamassik, Global Lead Ethics & Business Integrity – Learning and Principles at Sanofi, and Guillem Casilova, Senior Ethics & Compliance Advisor, EMEA at LRN.
The discussion explored how organizations can move beyond measuring compliance activities and begin using data as a strategic tool to identify risk patterns, strengthen decision-making, and improve program effectiveness.
From measuring activity to measuring impact
One of the central themes of the discussion was the distinction between activity metrics and outcome metrics.
Many organizations continue to report on training completion rates, policy acknowledgements, and case volumes because these data points are readily available. However, they provide limited insight into whether employees understand compliance expectations or apply them when faced with real-world pressures.
As Casilova explained:
"The goal is no longer for compliance professionals to identify misconduct. The goal is to identify the conditions that make misconduct and ethical behavior more or less likely."
This shift reflects broader regulatory expectations. Increasingly, regulators want evidence that compliance programs influence behavior and reduce risk, not simply proof that activities took place.
Sanofi's journey toward data-driven compliance
For Sanofi, this realization prompted a fundamental reassessment of how compliance learning was measured.
Operating across more than 100 countries and serving approximately 90,000 employees, the company had extensive reporting capabilities. Yet traditional dashboards still left an important question unanswered: was compliance learning actually reducing risk?
According to Elmoutamassik, the turning point came when the team recognized that completion rates alone could not provide meaningful insight into risk exposure.
"High completion rates do not equal low risk."
Instead of focusing solely on completions, Sanofi began collecting and analyzing a broader set of learning data, including pre-assessment results, knowledge checks, question-level performance, learner sentiment, and engagement patterns.
This allowed the team to identify knowledge gaps, detect emerging risk trends, and provide risk owners with actionable intelligence rather than retrospective reports.
Turning learning analytics into risk intelligence
Perhaps the most compelling aspect of Sanofi's approach is how learning data is connected directly to risk management.
Rather than treating analytics as a reporting exercise, the organization uses insights to inform conversations with risk owners, shape future learning strategies, and prioritize interventions.
Examples shared during the webinar included identifying cybersecurity vulnerabilities through knowledge assessments, uncovering data privacy misconceptions, and improving learning effectiveness by redesigning poorly performing assessment questions.
In each case, the objective was not simply to improve training metrics but to strengthen risk mitigation efforts.
As Elmoutamassik noted:
"We're not just reporting on training, we're informing risk management."
The growing importance of leading indicators
The discussion also highlighted the need for organizations to expand their use of leading indicators.
Traditional metrics such as investigations or hotline reports are often lagging indicators that only become visible after problems have emerged. By contrast, measures such as knowledge retention, psychological safety, trust, leadership credibility, and speaking-up confidence can provide earlier signals of risk.
When combined with learning analytics, these indicators help organizations understand not only where risks exist but why they may be developing.
Key takeaways for compliance leaders
The webinar highlighted four important lessons for modern compliance programs:
- Completion rates should be viewed as a starting point, not a measure of effectiveness.
- Learning analytics can reveal knowledge gaps and behavioral risks that traditional reporting misses.
- Leading indicators provide greater visibility into emerging risks before misconduct occurs.
- Data creates value only when it drives action and informs decision-making.
As Elmoutamassik summarized:
"Data is only valuable if it drives decisions."
Moving from compliance reporting to risk intelligence
The future of compliance lies not in collecting more data, but in using data more effectively. Organizations that can connect learning analytics, behavioral indicators, and culture insights to risk management decisions will be better positioned to identify vulnerabilities, allocate resources, and demonstrate program effectiveness.
About LRN
LRN helps organizations build ethical cultures and more effective ethics and compliance programs through innovative education, behavioral science, culture measurement, and advanced analytics. Solutions such as LRN Reveal enable organizations to move beyond completion reporting to gain deeper insight into employee knowledge, behavioral trends, cultural indicators, and program effectiveness. By transforming compliance data into actionable intelligence, LRN helps organizations make smarter risk decisions and strengthen their culture of integrity.
