As compliance leaders look ahead to 2026, one challenge stands out: how to design an annual compliance roadmap that keeps pace with regulatory change, emerging risks, and rising expectations for program impact. More than ever, compliance planning must move beyond checklists and calendars to focus on what truly matters from a risk, culture, and business perspective.
In our recent webinar, Designing Your 2026 Compliance Roadmap with Risk in Mind, Paul Howe, Senior Director of Advisory Services at LRN, moderated a discussion with Vicky Palmer, Chief Ethics & Compliance Officer, and Genefer Douglass, Vice President and Chief Compliance Officer. Together, they shared practical insights on how compliance leaders are approaching risk-based planning, cross-functional collaboration, and training strategy.
Key takeaways at a glance
- Risk-aligned roadmaps start with current risk data and external signals, not last year’s plan.
- Cross-functional collaboration is essential to effective planning and execution.
- Training cadence and topic selection should reflect risk exposure, workforce behavior, and operational realities.
- Reinforcement and manager involvement are critical to driving real behavior change.
- Data and analytics are most powerful when used to inform decisions, not just track activity.
Start with risk and build alignment across the business
The panelists agreed that a risk-aligned roadmap begins with a clear understanding of the organization’s risk universe. Rather than defaulting to prior-year plans, compliance leaders should ground decisions in risk assessments, regulatory developments, incident trends, and changes in the business.
As Genefer Douglass shared:
“We focus on training for nine core compliance risk areas, and then we develop an annual training plan that reflects both our internal risk assessment and what’s happening in the external environment.”
Just as important is how that risk assessment is informed. Both panelists emphasized the importance of collaborating with partners across HR, Legal, Operations, IT, and Risk to surface emerging risks early and create shared ownership of priorities.
As Vicky Palmer noted:
“We go through a full risk assessment with subject matter experts from across the business to identify where we should be focusing.”
Key insight: Effective compliance roadmaps are built collaboratively and stay flexible as risks evolve.
Design training with discipline and reinforcement in mind
When it comes to training, the panelists encouraged moving away from one-size-fits-all approaches. Annual training alone is rarely sufficient to address complex and evolving risks.
Instead, both described layered training models that combine foundational learning with targeted refreshers and reinforcement throughout the year. Training cadence and topic selection should reflect risk exposure, workforce behavior, and operational timing, not tradition.
As Douglass explained:
“Our training plan isn’t static. It’s designed to adapt as risks evolve, rather than locking us into a single annual moment.”
The panel also stressed the importance of prioritization. Trying to cover every risk every year can overwhelm employees and dilute impact. Strategic rotation of topics, consistent reinforcement of core risks, and flexibility to address emerging issues help maintain engagement and effectiveness.
Key insight: Focus and reinforcement matter more than volume.
Use data to drive decisions and accountability
Finally, the panel addressed the role of data and analytics in compliance planning. While completion rates remain important, the real value of data lies in identifying trends, uncovering gaps, and informing smarter decisions.
Dashboards and metrics are most effective when they tell a clear story for leadership, highlighting where risks are emerging and where additional focus is needed.
As Paul Howe summarized:
“The goal isn’t just to measure activity—it’s to understand what the data is telling you about risk, behavior, and where to focus next.”
Key insight: Data should guide action, not simply report activity.
Looking ahead to 2026
As the discussion made clear, designing a compliance roadmap for 2026 is about more than planning activities. It requires aligning priorities with risk, strengthening collaboration across the business, and using insight to drive meaningful impact.
For compliance leaders, the opportunity ahead is to turn annual planning into a strategic capability—one that supports resilience, accountability, and trust across the organization.
