Most compliance professionals are accustomed to evaluating—and reevaluating—emerging and existing risks to their organizations and implementing effective compliance programs to safeguard against them. But as compliance professionals well know, all compliance programs aren’t created equally—not even close.
A significant shift in how we think about compliance was initiated mainly thanks to the Department of Justice Evaluation of Corporate Compliance Programs in 2017, signaling the end of what many consider “traditional” compliance training.
Those check-the-box training that organizations would roll out yearly were deemed ineffective. And those one-size-fits-all training? They’re not specific to the organization’s or the employees’ needs.
The global pandemic brought another significant shift in our thinking about what constitutes practical training. For many people, their personal and professional lives collided in unprecedented ways. It has become more apparent that organizations are made up of people who want—and deserve—to be respected inside and outside work. How we deliver training offers a way to demonstrate that respect.
To support employees and align with external guidance, you must consider what you’re training on, how you’re delivering your message, and how you’re making training available—all while keeping your employees’ heads from spinning. The future of compliance training requires you to translate laws and regulations into actionable, meaningful guidance that shows employees how to do their jobs correctly. It’s your job—not your employees’—to connect the dots from compliance requirements to training and their day-to-day responsibilities.
The Pitfalls of Past Training Strategies
Many organizations don’t realize their training strategies and compliance programs aren’t resonating with employees. Do any of these ill-fated approaches sound familiar?
- The training bot approach: Your program has forgotten that human capital is made up of humans who value their time. You may be stuck in this trap if you’re always sending out training or communications without considering if it’s impactful for or relevant to your employees.
- The set-it-and-forget-it approach: This year’s plan is the same as last year’s plan, the year before … and the year before. Being on autopilot fails to consider whether employees need to take the same training or hear the same message again and ignores your company’s emerging or evolving risks.
- The kitchen sink approach: Everyone gets every training—whether it applies to them or not. Sometimes this strategy is intentional, but sometimes, it’s simply not working with the business, including risk area stakeholders, subject-matter experts, and even HR, to map out employees’ responsibilities and the training they need.
- The defensibility approach: Training is used mainly for a “gotcha” defense if a noncompliance issue arises. The mindset of this approach is to protect the company instead of empowering the employee.
- The set-in-stone approach: Your program or organization is unwilling to change or even evaluate what compliance training should look like in the here and now. Unlike setting it and forgetting it, this approach is often a conscious choice and could signify that leadership views a compliance program as a nice-to-have initiative, not a necessity.
All these “traditional” approaches to training miss the mark, don’t consider employees’ needs, and lack efficacy. We can do better, and we have a responsibility to our employees to do better.
Creating the Training Program of the Future
Although compliance training strategy has been evolving for years, the pandemic fast-tracked the need for dynamic, intelligent programs that don’t merely check a box. These strategies can move your training from old school to the present day—and beyond:
Never stop reevaluating ethics and compliance risks.
The workplace is constantly changing. Just a few years ago, remote work was the exception. Now it’s the norm, and our processes have evolved to meet our new reality. Compliance risks and exposures have changed too, and the related policies, training, and guidance must be constantly reevaluated because the risk is never static.
Provide opportunities outside of legal and regulatory requirements.
DEI and strong workplace culture are some of the biggest trends of 2022, and companies shouldn’t lose sight of the learning that takes place outside of legal and regulatory risk areas. Show your employees that you respect their roles and time by offering reskilling, upskilling, and wellness opportunities. Go beyond the legal risks that training typically addresses by giving employees access to topics traditionally seen as “soft skills.”
Invest in human capital.
Step outside of traditional training by leveraging managers—the people your employees know and respect—to deliver messaging and provide tools to empower them to have two-way dialogues with their teams.
Operationalize training into existing workflows.
Incorporate training and guidance into automation, workflows, and other processes your employees are comfortable with. By meeting workers on their playing field, they’ll feel more at ease understanding and accepting what you’re teaching. Operationalized guidance also connects the dots more effectively; employees receive advice when they do a task that carries risk as determined by your team’s assessment.
Use data—not only from training but also from helpline calls, incident reports, audits, and anything else that gives your team a more comprehensive organizational view of your company’s compliance culture. How are your policies and controls faring in pressurized situations? Do the wheels fall off the bus at quarter-end or when there’s a prime business opportunity? And are exceptions, or are they the norm? By looking through a broader lens, you can measure compliance effectiveness more accurately—and ensure your training reflects the needs of your employees.
Align with the DOJ Guidance
When it comes to aligning with DOJ guidance, ask yourself the three fundamental questions found within it: Is my organization’s compliance program well designed, applied in good faith, and does it work in practice? Achieving these things requires a thoughtful and humanized approach.
These tips will help transform a “traditional” program into one that aligns with DOJ guidance and resonates with your employees:
- Establish personas (e.g., new hires, managers, high-risk roles) and craft unique training road maps for each.
- Create targeted training for people who act as gatekeepers for your company and those who have approval authority—likely your managers.
- Keep it simple. eLearning has revolutionized compliance training, but not everything has to be eLearning. Some in-person or live web-based training can be a valuable complement. Tailor your program to the unique qualities of your employees, and don’t throw the kitchen sink at them.
- Give employees opportunities to ask questions, and ensure they know where to go with those questions and whom to ask.
- Create and nurture a culture that ensures psychological safety and makes people feel like they can speak up without fear of retaliation.
- Tie everything to real life. Use training events to share previous issues, lessons learned (even within your industry vertical if it’s relevant), and the steps the organization has taken to prevent a similar incident from happening in the future.
- Use business and training data to shape your program and determine efficacy continually.
Compliance training needs to benefit your employees as much as it helps your company—and when people learn effectively, your company ultimately will enjoy an even more significant benefit. We need to leave “traditional” eLearning in the past where it belongs. As more organizations take steps to humanize compliance, we can feel hopeful that this learner-centric approach to training will become the new “traditional.”