Have you ever wondered why lawyers obsess over the tiniest word choices? They have good reason.

As a Senior Content Manager at Rethink, I write courses on various risk areas for our growing library and clients worldwide. Not a single one gets published without a thorough review by a member of our Advisory Services team, which includes lawyers and compliance experts with years of experience in the field.

Over the years, they've taught me that some words and phrases, while seemingly commonplace, can be misleading, problematic, or legally tricky.

Here's my field guide to some of the vocabulary that makes legal experts reach for their red pens:

"Ensure" — The Impossible Promise

"Ensure" is a four-letter word at Rethink. We avoid it at all costs because it implies an absolute guarantee, and in the compliance world, absolutes are dangerous territory.

No organization can truly ensure anything with 100% certainty. Instead, organizations can "take steps to," "strive to," or "work toward" compliance goals. These phrases acknowledge the ongoing effort without making promises that might come back to haunt you. 

"Implement a Regulation" — A Conceptual Impossibility

This phrase creates a fundamental misunderstanding of how regulations work. You don't implement a regulation — governments do that. What organizations implement are the processes, controls, and policies required to comply with that regulation.  

This distinction matters because it correctly positions the organization's responsibility.

"Should" — The Stealth Mandate

"Employees should report concerns immediately" sounds helpful, but it creates an implied obligation. If your policy states employees "should" do something and they don't, have they violated policy? If that’s your intention, then sticking with “should” works. If not, replace it with "consider" or "we encourage employees to" when you want to suggest actions without creating mandates. 

"Red Flags" — Cultural Quicksand

While ubiquitous in compliance speak, the phrase "red flags" can be problematic. In many Asian cultures, red symbolizes luck or prosperity — not warning signs. Using this term can undermine cross-cultural trust-building efforts. 

Try "warning indicators," "concerning signs," or simply "indicators" instead. 

"Benchmarking Data" — The Depth Deception

Everyone wants to compare themselves to industry standards, but true benchmarking requires comprehensive, representative data — not just a handful of examples. These comparisons can be misleading without sufficient depth (data from 200+ organizations, for instance).

Be specific about your comparative analysis and transparent about your data limitations. 

"Best Practices" —The Indefensible Standard

The term "best practices" appears in countless compliance documents, but it could create a problematic standard. By labeling something as "best," organizations implicitly claim that no better approach exists anywhere — a difficult position to defend.

If your organization fails to follow its own identified "best practices," this could be used against the organization in legal proceedings or an investigation. Additionally, what's"best" varies widely by industry, size, risk profile, and regulatory environment.

Instead, use "leading practices," which acknowledges these approaches are currently considered effective by industry leaders, subject to evolution, and may require adaptation to specific organizational contexts. 

"Constructive Criticism" vs. "Constructive Feedback"

Words trigger emotions, and "criticism" — even when it’s "constructive" — puts people on the defensive. "Feedback," meanwhile, feels collaborative and supportive.

In training materials that strive to encourage growth, "feedback" naturally aligns with learning objectives. 

"Confidentiality" Without Qualifiers — The Broken Promise

A lot of compliance content promises that reports will be "kept fully confidential." But accidental disclosures happen, legal proceedings may require disclosure, and investigations may make full confidentiality impossible.

Always qualify confidentiality statements with "to the extent possible" or "in accordance with legal requirements." 

"Anonymous Reporting" — The Geographic Blind Spot

Similarly, while employees in the U.S. benefit from legal protections for anonymous reporting, these protections are not universal. Different countries have varying laws that govern whistleblower anonymity.

Always specify that this is "subject to local law" when discussing anonymous reporting options. 

Employee Monitoring Claims —The Privacy Pitfall

U.S.-based compliance professionals may assume employers can monitor employee communications freely.However, employee privacy regulations in Europe and other regions create significant limitations.

Include phrases like "where permitted" or "as applicable under local law" when discussing monitoring practices. 

"Zero-Tolerance Policies" — The Enforcement Nightmare

While it sounds appropriately serious, "zero-tolerance" creates unrealistic expectations. Few policies are truly enforced with zero exceptions.

Instead, be specific about prohibited behaviors and the range of potential consequences. 

"We Promise" — The Liability Creator

When organizations "promise" to take every complaint seriously, that language could come back to haunt them if resource constraints or other factors prevent perfect execution.

Replace promises with commitments: "We are committed to addressing concerns thoroughly and promptly." 

Jargon and Colloquialisms —The Inclusion Barriers

In trying to make compliance engaging, we sometimes use industry shorthand or culturally specific expressions. But these can alienate international audiences or those new to the field.

Simple, clear language means everyone will receive — and, equally important, understand — the same message. 

The Language Balancing Act

Creating effective compliance content requires balance — being engaging without creating potential exposure or pitfalls, being clear without being boring, and being precise without drowning in qualifiers.

By carefully considering language choices, compliance professionals can educate effectively and protect their organizations in the process. The result is training that both builds trust and meaningfully reduces organizational risk.