Originally published: 06 April 2026 | This analysis is based on Nimble Global's proprietary research and 30+ years of practical experience across over 90 countries. | © 2019 - 2026 Nimble Global. All rights reserved.

Later in my career, when I relocated from the United States to the United Kingdom as part of a promotion, I was given access to a coach through a structured development programme. It was the kind of investment organisations make when they expect you to operate differently, not just perform better, particularly in cross-border roles where judgment carries consequence.

At the time, it felt like an unusual suggestion. The book is often associated with competition, strategy in its most overt form, and yet the lesson he was pointing toward was far more personal. It was not about winning in any conventional sense, nor was it about the war itself. It was about recognising that a career, and in many respects life, is a series of battles.

That advice came at a time when I was dealing with a particularly challenging internal dynamic, one that could easily have consumed far more time and energy than it warranted. The point was not to avoid conflict, but to be deliberate about where it was worth engaging. Some battles you choose, some you do not, but in either case, how you approach them matters. You decide which battles are worth engaging in, how you position yourself within them, and what strategy you apply before they even begin. The outcome is rarely determined in the moment. It is shaped in advance, through the choices you make about where to focus, what to prioritise, and how deliberately you engage.

That idea has stayed with me, not because it is widely quoted, but because it is consistently misunderstood.

Most organisations still approach compliance as if it were a moment. A decision point. A policy is being applied. A line between acceptable and unacceptable that can be drawn quickly and enforced cleanly. In reality, it does not work that way.

I was recently reminded of a concept from the game of poker. In poker, there is a strategy sometimes referred to as 'Walk the Dog'. It is not about forcing an outcome through a single decisive move. It is about pacing, controlling how information is introduced and how the other party responds to it. Each step feels independent, even though the progression is anything but accidental, and by the time the outcome becomes clear, it feels less like a sudden result and more like the only logical conclusion.

At first glance, it has nothing to do with compliance or governance. In practice, it has everything to do with how decisions are made inside organisations.

Because meaningful decisions are rarely taken in isolation. They are formed through a series of conversations, interpretations, and incremental commitments. The difficulty is that many organisations attempt to insert compliance at the wrong point in that sequence. They introduce conclusions too early or too abruptly, often presenting risk in its most complete form at a moment when the business has neither the context nor, in most cases, the appetite or the planned budget to address it.

The reaction is predictable. Resistance, delay, and in many cases, attempts to creatively work around the constraint altogether. Not because the conclusion is wrong, but because the path to it has been poorly constructed.

When the same issue is introduced through a progression that begins with how a model actually operates, then aligns that reality with how regulators are likely to interpret it, and only then addresses where exposure sits, the conversation changes. Stakeholders are not being told what to think. They are being guided through a process that allows them to understand how the conclusion is reached. By the time the formal position is articulated, it no longer feels imposed. It feels inevitable.

One frames it as shaping the environment before engagement. The other reflects it in the pacing of decisions within that environment. In workforce governance, both ideas converge in a practical reality:

This is also where the distinction between influence and manipulation needs to be understood clearly. The mechanics may appear similar, but the intent is fundamentally different. In poker, the objective is to win.

The same awareness of timing, information, and progression is applied, but it is anchored in accountability rather than advantage.

That distinction matters because regulators do not assess policies in isolation. They assess decisions. They look at what was known at the time, who was involved, how conclusions were reached, and whether the organisation can demonstrate a coherent and defensible path from one step to the next. In that context, sequencing is not a soft skill. It is evidence.

This is also where many organisations place too much confidence in their contractual frameworks. Limitation of liability clauses, indemnities, and carefully structured risk-transfer mechanisms may create a false sense of protection, but they do not replace the need for defensible decision-making. Contracts describe how risk is intended to be allocated. Regulators and courts focus on how risk was actually created, understood, and managed in practice. Where those two diverge, the operational reality prevails… every time.

And yet, many organisations and systems continue to prioritise speed over structure. They compress decisions into moments that should have been developed over time, removing the context needed to defend them later. What appears efficient in the moment often creates exposure in hindsight, not because the organisation intended to take on risk, but because it failed to control how that risk was introduced, understood, and acted upon.

The organisations that navigate this successfully are not necessarily slower, nor are they more conservative. What distinguishes them is that they recognise that compliance is about shaping the path to an outcome, not about forcing an answer. They treat governance as a structure that allows activity to scale without creating unintended consequences, not as an interruption to commercial progress or an expense to be minimised.

In HR, the question is rarely whether a model is compliant. The question is whether the way talent is sourced, assessed, and engaged would still make sense if examined outside the organisation. Increasingly, that process begins before the organisation is directly involved.

Candidates are introduced through platforms. They input personal data, respond to structured questions, and, in many cases, are assessed, ranked, or filtered by technology before any human decision is made. By the time HR engages, the path has already been shaped.

This is where a significant governance gap emerges. Many organisations rely on assurances from third-party technology providers that their platforms are compliant, particularly in areas such as data protection.

In practice, however, the platform may determine how data is collected, influence how candidates are assessed, and ultimately shape the very inputs on which hiring decisions are made.

The question is not what the policy says. It is whether the operational reality of that platform aligns with it. Whether the organisation understands how the worker’s data moves, how decisions are influenced before they are visible, and whether that sequence could be explained and defended if examined in full.

It is at this point that the most common responses emerge.

• The issue has not arisen before.

• The platform provider has confirmed compliance.

• Legal has reviewed the documentation.

• The market operates this way.

None of these answers the underlying question.

They do not explain, and in many cases cannot explain, who determines how data is collected, how candidates are assessed, or how decisions are made before they are visible, nor how that process would be interpreted if examined in full, across jurisdictions, and against the actual flow of data and decision-making, particularly where platforms built in one jurisdiction are deployed globally without adjustment for local regulatory expectations.

By the time HR makes a decision, the path has already been established. The risk sits not only in the outcome, but in everything that led to it, the path.

Organisations often believe they are assessing candidates. In reality, they are assessing the output of a process they did not fully control.

In Procurement, the focus often sits on contractual protection. The more relevant question is whether the structure of the engagement reflects how services are actually being delivered. Whether the allocation of responsibility in the contract aligns with operational reality, or simply creates the appearance of risk transfer.

In Legal, the emphasis is understandably on drafting, precision, and coverage. The more difficult question is whether the organisation’s behaviour will align with what has been written when tested. Whether the contract describes a model that exists in practice, or one that exists only on paper.

Can you demonstrate, step by step, how a candidate's data moves through your system, who or what acts on it at each stage, and how that process would be interpreted by a regulator in every jurisdiction where it operates? If the answer is a policy document, that is not an answer. If the answer is uncertainty, that is your finding, and it is worth acting on before someone else makes it for you.

And across leadership, the question is not whether risk exists. It always does. The question is whether the organisation can demonstrate how that risk was understood, introduced, and managed over time.

Most organisations do not fail because they made a single poor decision. They fail because the sequence that led to that decision cannot be explained, supported, or defended when it matters.

Compliance was never about the answer alone. It has always been about the path.

Stay Nimble. Stay Compliant.

About the Author: With extensive experience in workforce compliance and global workforce solutions, David Ballew has consistently driven innovation and operational excellence. As the Founder and CEO of Nimble Global, David combines deep industry expertise with a unique perspective shaped by his neurodiverse AuDHD profile, enabling creative problem-solving and multidimensional insight. A pioneer in MSP models and workforce technologies, he is dedicated to bridging global compliance gaps and helping organisations build resilient, future-ready workforces.

Disclaimer: This content is intended for informational purposes only and does not constitute legal, tax, or employment advice. Readers should consult qualified professionals in relevant jurisdictions before acting on the guidance provided. Nimble Global disclaims any liability for actions taken based on this publication.