Most compliance training is awful, and we usually misdiagnose why.
Far too often you’ll hear people criticize compliance training because it’s boring or amateurish in its production values. And both of those things are often true, but they’re not the problem.
The problem isn’t that compliance training is boring or bland, but that the way we think about it is totally wrong.
We've historically thought of compliance training as a top-down, academic exercise in learning—which makes it difficult for employees to understand, difficult for employees to remember, and impossible for the compliance team to measure business results.
Effective compliance training, on the other hand, solves these problems by recognizing that the fundamental issue is behavior. And that means it looks different in three major ways.
#1: Effective compliance training is framed around what people do.
Effective compliance training tries to get people to do specific, defined things, not impart abstract knowledge; basically, it tries to be "training" and not "education."
As a result, it doesn’t stay at the level of “privacy” or “anti-corruption,” because those are abstract concepts. Instead, it breaks down those concepts into the specific, real-world things that people do: “run through this checklist when designing a new feature” and “check this T&E report for red flags" and so on.
This matters because putting things in the real-world context is what makes it possible for employees to actually comply. It recognizes that applying abstract frameworks to fact patterns is a lawyer’s job, and trying to force employees to think like this is a waste of time.
That's not because employees are lazy or unsophisticated or don't care about company values; it's because they are already busy enough thinking like engineers and marketers and salespeople—the things they were hired to do—all of which are different specialized ways of thinking.
For example, your marketers are not going to be good at lawyering any sooner than your lawyers are going to be good at marketing. It doesn't mean your marketers are bad people for not understanding GDPR any more than it means your lawyers are bad people for wanting to put footnotes in everything.
And so effective training doesn't try to force everyone at the company to add "compliance lawyer" to their job duties; it just tries to meet them where they are by framing the guidance around what they need to do.
#2: Effective compliance training is delivered as close to real-time as possible.
Second, effective compliance training tries to be delivered as close to real-time as possible.
Instead of taking training on a scheduled basis and hoping you remember it, effective training builds itself into the business process where the behavior takes place.
For example, instead of getting modules on anti-corruption and fraud in Year 2 of your Gold Standard Three-Year Training Plan, you get a message in your T&E approval workflow that reminds you to check all T&E reports for red flags, and a link to the training if you need a reminder on how to do it.
This matters because memorization is hard, and issue-spotting is even harder. Delivering training on a schedule makes administration easier for compliance managers, but it makes actually complying incredibly difficult for employees. It requires them to memorize and issue-spot potential problems that occur months or years after getting trained.
Bad training tries to solve this problem by adding more multimedia or quizzes or clickable junk to promote engagement and retention; effective training just sidesteps the problem by building a reminder (and a link to the training) right into the relevant job duty.
And so effective training doesn't gamble on employees' memorization or issue-spotting skills; it helps them out by flagging decision points for them and offering them guidance in that moment.
#3: Effective compliance training is measured according to business process outcomes.
Finally, effective compliance training is measured by using compliance monitoring. Instead of giving employees quizzes or pulse surveys or some other nonsense, you just check if your monitoring shows that employees are getting better at targeted behaviors over time.
You can do this because you have already framed the training around a behavior and delivered it as close to real-time as possible. And that means your training is rationally connected, both in time and in concept, to what people are actually doing, so your monitoring can do its job and see if your program is working.
This matters because the point of doing training is to change behavior, so you need to see if behavior is changing. And because employee behavior and time is reducible to dollars—that's how business plans work—you can actually show meaningful ROI when you get down to the behavior level.
Effective compliance training solves the right problem.
Put simply, effective compliance training defines the problem as "employees need to behave compliantly." That's a difficult problem, but it is the fundamental problem that training can address.
Bad training, on the other hand, tries to turn everyone into a compliance lawyer. And then, because that is impossible, it retreats to attacking surface-level problems like making administration easier or making employees complain less about it, which is why there is so much "innovation" focused on slightly-less-horrible learning management systems and jazzy new media formats. But the nicest software and most expensive e-learning cannot fix getting the core problem totally wrong.
And so if you're struggling with compliance training, take heart that the biggest roadblock to effective compliance training isn't your budget or team or technical capabilities. Those things can make it easier, but they can also function as distractions.
The roadblock is much simpler: how you think about it. And when you think about the right problem and focus on solving it the right way, you can make training that gets the right result.