In the red with compliance - A few years ago, I was new to the role of a project manager. Still a bit ‘green’ and intimidated when reporting to a very senior steering group on a large content project. One stream of activity had fallen badly behind and, according to the criteria we had agreed to describe risk, this activity was now “Red”. We used the common RAG system (Red is a problem, Amber needs monitoring, Green is fine).
Compliance training: what is it for?
I was worried about how this would land but also secretly hopeful. This aspect of the project had been in trouble for some time but not so badly as to gain executive intervention. Now, in “Red”, I was certain that we could do something about it.
The project sponsor asked me directly “how do we get this out of Red?”. I was prepared for this and started to explain my strategy to rescue the situation. The sponsor stopped me abruptly; “no, I mean literally, I want you to change the colour of the cell in this document so it does not show red”.
I changed it to green without challenging him. Like I said, I was a bit ‘green’ too.
The SteerCo was happy. We kicked the can down the road and the problem slowly festered and later re-appeared as a real crisis.
I was asked why I hadn’t seen this coming...
Sometimes this is how training feels. The substance - the “learning” - does not seem to matter. What matters is that the box is ticked, the appearance of correct behaviour is maintained and the immediate risk is averted. Sometimes that is sufficient; sometimes it covers up a disaster waiting to happen.
Corporate compliance training is training delivered to an organisation to educate employees at all levels on the laws and regulations that govern their job and their industry. Typically an online module distributed through a Learning Management System.
That’s what compliance training is. But what is it for?
Compliance - it’s a risk business
Compliance training exists to manage risk, and governance risk and compliance management is important.
The risk, in relation to compliance, is that a regulation will be breached by an employee and the company will be open to a consequence (typically a fine). In a situation where an external party investigates a company, training courses allows the company to open a training record, identify that the employee was correctly trained to be compliant with that regulation and thus reduce the company’s own accountability.
How seriously should this training be taken? How much resource should be used? Like managing risk as a project manager, it’s about Probability and Impact. How likely is a problem to occur and how serious are the consequences if it does?
Different organisations in different industries have varying degrees of risk. Ergonomics training might be served by a short presentation as part of an induction process in a small company that has never seen a issue. However, cybersecurity will be taken very seriously in a Pharma company holding sensitive patient data and financial crime prevention will be viewed as fundamental in the Financial Services industry. The training programs will reflect the level of risk involved.
So, compliance training is about producing sufficient evidence to mitigate risk to the organisation.
That level of Risk is weighed against cost.
The cost of compliance
It is often deployed to an entire organisation; so every single person steps away from billable work to complete a course. That’s expensive.
For example, let’s look at an online course on anti-money laundering (AML) of 30 minutes duration deployed to an organisation of 5000 people. In terms of hours of work per year, that course is equivalent to over one and a 1/5 person full-time doing nothing but taking that course all year, every year. How much is the average salary in your organisation? That’s what a 30-minute module costs you each and every year.
When L&D managers and compliance officers feel resistance to training from local operational leads, they should understand why. It costs a lot of money and, if the local managers do not understand its importance, they are likely to push back.
It is important to have honest conversations about this.
The learning manager or compliance function needs to weigh this up and decide what action to take. It’s about balance. How likely and serious is the Risk? How expensive is a strategy to mitigate against that Risk in advance? Having these conversations helps you understand the importance of training in your organisation. Read our our blog about corporate fraud training.
At Logicearth, we keep our Compliance modules succinct and relevant. We give the context for compliance. Your staff will understand the ‘why’ and understand the consequences. See the preview of our GDPR course featuring bite sized online training, and get some handy GDPR checklists.
We see this training being about more than risk; we believe it’s about learning. The wider conversation about compliance is changing and we, as a learning services provider, see two key influences driving this change.
training is for deeper learning
Regulators are looking for more credible evidence of compliance than boxes on a training spreadsheet. Auditors judging a company’s capability for an ISO accreditation, for example, will look into the content of training modules for a quality learning experience and also look for wider more holistic learning/communication activities across the organisation.
They are looking for substance - real demonstrations that workers are living the intent of the regulation or legislation and are not merely familiar with the wording.
When judging the merit of online modules, auditors may look for more compelling data to evidence employee learning than traditional LMS completion tracking. Here, at Logicearth, we use Verify to ensure learning really takes place and demonstrate this with rich live learning dashboards.This adaptive learning application targets specific to each business function and each individual.
A changing landscape - ethics first
We also see a very positive response to a broad societal change.
People have grown used to scandals in today’s news. Social media has given voice to ordinary people and gathered their stories to create movements. When a company’s misdeeds are caught up in this, it can damage reputation with partners, customers and the public.
The Deloitte Global Millennial Survey 2019 states clearly that modern consumers "will not hesitate to end a consumer relationship when they disagree with a company’s business practices, values or political leanings". Companies, and the training they deliver on ethical practices, are now operating in a very different landscape.
This furore has driven real change in ethics and training today. Our clients are keen to promote not only compliance in training records but real commitment to good, moral and ethical behaviour in their staff.
This matters in today’s world more than ever before when companies battle to attract new talent.
Values attract top talent
Ethical companies are attractive to top talent.
The 2016 Cone Communications study, Millennial Employee Engagement, reveals that 76% of millennials consider a company’s social and environmental commitments before deciding where to work.
A set of core values well-articulated and practised with integrity will attract talent who share those values. Corporate Social Responsibility programmes are the main face of this for a company. Yet, word-of-mouth from workers inside will quickly reveal if a company does not live those values in their daily business.
A holistic approach to effective compliance training that focuses on the 'why' of ethical behaviour helps to instil those values in the day-to-day practice and working environment of each employee. We created a free Inclusion & Diversity course that any company can add to their LMS or website.
So, what is compliance training for?
Don’t let it just be a tick box exercise. It’s about weighing up the risk and having honest conversations with your stakeholders and deciding deliberately and consciously what compliance training is for in your organisation.
Compliance training can articulate and promote your values. This training can draw in fresh talent attracted to a company with values aligned to their own. It is an opportunity to embed good ethical practice into the behaviours of each and every member of your organisation.
So, what are simple next steps?
- Make your content engaging, succinct and relevant. Target specific groups in your organisation with content tailored to their roles to make it clear this makes a difference to them specifically.
- Use Compliance training to enhance your organisation holistically. Where else might core programmes be valuable? Think about how ethics training might support client-facing conversations or how a clear adherence to GDPR might be positively viewed by candidates in the work of talent acquisition.
- Think about doing something different. Like a learning campaign starting with short, succinct compliance online primers then followed and reinforced by a micro-learning strategy running throughout the year.
Just make sure you stay out of the red!
Logicearth’s Compliance Services Product is Comply
Our ready-made and fully-responsive compliance courses are validated by experts, can be tailored to your learners needs and corporate branding, and are managed by a simple site license.