2 minute read

Compliance training isn’t fit for purpose: here’s why (and what to do about it)

checking-checklist-contemporary-1893486

One disappointing consequence of increased regulation has been the overstated emphasis on evidencing that people have been trained in x or that y process has been followed, relative to whether that training actually leads to an overall reduced risk to the business. People see through this so it’s no wonder people describe the process as a ‘box ticking’ exercise. Three things can help reset the balance.

1. Stop calling it compliance training

The very name itself sets the wrong goal. Compliance with regulations should be a by-product of training employees on the risks that the regulations are in place to help mitigate. It should not be an end in itself. The goal should be to provide training in context so that people fully understand the associated risks and how to act in a way that mitigates that risk. Start calling learning pathways ‘understanding business risk,’ and courses things like ‘understanding and reducing data risk.’

2. Put things in context

Nobody learns and retains things well if training is an annual one-off e-learning course with a quiz at the end. People need context and an understanding of why it’s important to them, and what the impact of mistakes from lack of understanding will be: for them and for the business.

Take the example of the EU General Data Protection Regulation (GDPR), introduced in 2018 to ensure that companies protected the personal data of individuals and managed it in a secure and ethical way. The GDPR was without doubt a significant burden for many businesses to shoulder when it came into being. Yet the risk of not managing individual data properly can also be expensive and burdensome, and sometimes catastrophically so. Just think of the brand damage data breaches have cost to companies like British Airways, who had the personal and financial details of hundreds of thousands of customers stolen in one major attack, with headline splashes to match.

3. Make the process more enjoyable

If you ask most people how they feel about compliance training they groan. The material is dull and boring and the LMS it’s delivered through is probably the worst software application they use anywhere. In short, they loath the whole thing and inevitably retain little of what they learn.

Replacing the environment with consumer grade software with an engaging interface, great user experience, and inspiring content will make a world of a difference.

Business regulation is expanding due to a range of technical, financial and social demands. That’s unlikely to change. But businesses that can meet these demands in a more engaging way, and show stakeholders that they take their responsibilities seriously, have an amazing opportunity to show outstanding integrity as well as reducing business risk. They’ll also boost both their brand and their desirability as an employer.