Compliance training is often dismissed as a “check-box” exercise that satisfies regulatory or contractual requirements but does not provide any real value. Regulators, professional bodies and other key stakeholder groups may see the benefits of promoting enterprise-wide awareness about the legal risks arising from a range of key issues such as cybersecurity and data protection, modern slavery, or health and safety. However, many companies still opt to do the bare minimum because they see compliance as a cost rather than a benefit.
Such attitudes often lead companies to opt for generic, off-the-shelf programs because they cost less and because employers have not given the upsides of training any serious thought. This sets compliance training up to fail from the start. “Training is basic because basic is cheap,” said Graham Glass, CEO at AI-powered training software firm CYPHER Learning. “Just 35% of companies say they customize training to individual competencies and job roles, though it is proven to improve information retention.”
Experts generally agree that a lot of compliance training is not fit for purpose, largely because it does not resonate with employees’ actual experiences or challenges. Because the training is meant to fulfill a compliance requirement and is not attached to any professional development or job performance, employees do not consider it as critical as other kinds of training. As a result, they become dismissive and tune out. This typically leads to quickly forgetting what they have been taught and failing to apply the lessons in the workplace. To ensure compliance training is actually effective, companies must focus on understanding employee needs and crafting meaningful learning experiences.
Creating Meaningful Learning Experiences
“Learning needs to stick,” said Susan Binnersley, founder and managing director of HR consultancy h2h. She said training must have a clear purpose; have meaningful opportunities to put the lessons into practice; and allow for ongoing feedback and evaluation. It also needs to be engaging and designed to address the spectrum of learning preferences. Tailoring compliance training to specific job roles and competencies will make lessons more relevant and engaging from the start, while using interactive elements such as simulations, role-playing and real-life scenarios will make sessions more engaging and memorable. Providing the training in bite-size chunks with regular summaries is also important in helping staff remember the key takeaways.
Both the content and the delivery should also be regularly reviewed and updated. “Organizations rarely stay still, so the training should be refreshed and validated frequently, adjusting to the changing needs of both the work and the learners,” she added.
According to Neil Robson, partner at law firm Katten Muchin Rosenman, it is important that training materials are in plain language and understandable, while the training itself incorporates an element of fun to maintain interest. “Legal or compliance jargon is pointless if it confuses people or they do not feel engaged with the session,” he said. “Making the training relevant, interesting and—dare I say it, fun—sometimes means that staff usually remember the content, or they at least remember the session and then go back and re-read through all the materials we provide so they do not quickly forget what they have been taught.”
Another problem that often cripples compliance training is that organizations fail to establish specific, measurable goals for what the training should achieve from the outset. Funke Sadare, HR director at training provider Global University Systems, said it is important for employers to implement evaluation models to assess reactions, learning, behavior change and business impact, and regularly gather feedback from employees through surveys, focus groups and interviews to identify areas for improvement. Organizations should track key performance indicators (KPIs) such as productivity, compliance incidents and employee engagement to measure the impact of training. Then, they should use this data to continuously refine and improve training programs so that they remain relevant and effective.
A key reason for the poor outcomes associated with compliance training stems from the isolating nature of e-learning. While virtual training is a cost-effective and convenient option, it can limit employees’ ability to ask scenario-based questions, learn from peer-to-peer discussions or benefit from a variety of teaching techniques to suit different learning styles, said Ruby Kite, talent and inclusion lead at the PHA Group.
Instead, businesses should offer tailored compliance training that can be incorporated into employees’ job descriptions and performance management processes. “Duties such as ‘demonstrate a theoretical understanding of ESG laws’ or ‘exhibit a practical knowledge of the organization’s cybersecurity policy’ should be adapted to job roles depending on department and level, listed in job descriptions, and assessed during appraisals to encourage both employee and employer buy-in,” Kite said. This will help employees recognize the importance the organization puts on compliance training, how compliance impacts their day-to-day work, and more easily identify “grey areas” or potential examples of non-compliance that might need to be flagged with line or senior managers.
Understanding Employee Needs
According to Kite, the best way to assess employees’ compliance training needs is to determine their level of compliance understanding beforehand. Too many organizations simply force training on workers without checking what they do and do not know. Such assessments can be carried out via surveys and scenario testing. From there, organizations can focus specifically on the “gaps” in their knowledge rather than waste time teaching them what they already know.
While most businesses almost exclusively fixate on completion or pass/fail rates as a measurement of success for compliance training, their focus should instead shift to employee behavioral changes. For example, how many data breaches, discrimination-related grievances, or health and safety violations have been reported since the training took place? What percentage of employees note a markable change in how their colleagues, line managers and leaders discuss and deal with these topics? “By taking this approach, organizations will be better placed to improve workplace conduct, proactively mitigate against risk, and enhance their reputation both internally and externally,” Kite said.
Companies should also make the distinction as to whether the training is simply to inform employees of risks around a topic or whether they cannot perform some duties without passing an examination, as well as whether such assessments need to be performed periodically. It also needs to be made clear what the consequences might be if employees underperform or need to retake the training and how many attempts are permissible.
Ultimately, the success or failure of compliance training depends on how aligned it is with the organization’s ethical values and goals, according to Robert Bird, professor of business law and Eversource Energy Chair in Business Ethics at the University of Connecticut. “Compliance training should be about more than compliance,” he said. “It should also be a vehicle to communicate the living values of the organization. Compliance training should be connected to higher principles that employees can aspire to and that managers and executives genuinely believe in.”