September 27, 2022

Every year, compliance training costs organisations hundreds of hours in lost productivity. As regulations and fines for breaches continue to grow, so does the volume of training that staff are required to undergo. If anything, the scope creep in organisations’ compliance training curricula reflects the creeping expansion of regulatory reforms and breaches worldwide.

In 2019, Thomson Reuters calculated that changes to financial services regulations occur on average every seven minutes or up to 220 times a day. In 2020, Compliance Weekly observed, “Financial institutions have been hit with $10.4 billion in global fines and penalties related to anti-money laundering, know your customer, data privacy, and MiFID regulations in 2020, bringing the total to $46.4 billion for those types of breaches since 2008.”

For all that we may talk about mandatory training as being a burden on organisations, compliance training remains a crucial bulwark against the spread of unethical and illegal behaviours. More than that, it is a risk mitigant, protecting organisations from potential liability. In 2012, a Morgan Stanley executive in Shanghai was found guilty of evading internal controls that the company was required to maintain by the US Foreign Corrupt Practices Act (the FCPA), an anti-bribery law. The executive was found to have enriched himself and a government official by circumventing the bank’s accounting controls. But while the executive was fined and sent to prison, Morgan Stanley was exonerated after successfully demonstrating that it had a robust compliance program in place. This included having documented evidence that it had communicated with employees about compliance through protocols such as training.

What constitutes an effective compliance training course? What features make compliance training useful? Compliance training can of course come in all shapes and sizes, with learning and development professionals employing a remarkably wide range of tools and strategies to make training memorable and engaging. Whatever clever visual design is used to make compliance training compelling for its intended audience, the content itself needs to clearly state the demands of the law. Compliance training needs to be practical, relevant and appropriate for the regions and jurisdictions in which organisations operate.

This was a key finding in the 2013 case Richard vs Oracle Corporation Australia Pty Ltd, in which a court ruled that a company’s sexual harassment training had failed to convey that sexual harassment was prohibited not just by company policy but by law. The judge noted that “advice in clear terms that sexual harassment is against the law, and identification of the source of the relevant legal standard, is a significant additional element to bring to the attention of employees in addition to a statement that sexual harassment is against company policy, no matter how firmly the consequences for breach of company policy might be stated.”

In other words, compliance training needs to take the laws it trains people on seriously, and organisations need to take their compliance training seriously as a means of communicating to their employees their legal obligations.

It has become increasingly difficult for companies to pass off compliance training as a mere tick-and-flick exercise. In June this year, the US Securities & Exchange Commission fined Ernst & Young US$100 million after 50 employees were found to have shared answers to their Certified Public Accountant (CPA) exams – for the ethics component, no less – and hundreds more had cheated on their continuing professional development courses required to maintain their CPA licences.

At GRC Solutions we have worked with hundreds of organisations from a wide range of industries, helping them to navigate the complex network of regulatory compliance obligations through compliance training. Launched in 2013 by a group of industry veterans, GRC Solutions develops online training and provides the technology to deliver training so that our clients can access it securely anytime, anywhere, knowing that the content is accurate, up to date and fit for purpose. We offer a large library of online training courses that are fully customisable to the policies and requirements of individual organisations. Our courses aim to distil the law for non-legal audiences, breaking down the key concepts and making content relevant where possible to specific jurisdictions, industries and job roles.

Our Salt Adaptive technology personalises the training experience to the profile of the individual learner. Learners answer a series of pre-test questions, enabling them to bypass corresponding lesson content in which they can demonstrate proficiency. The training course then directs them to lesson content that relates to gaps in their knowledge. This adaptive learning feature can reduce staff pushback against the sheer volume of training they typically undergo, by giving individuals the opportunity to minimise their actual training times. But it also reinforces the importance of the training, focusing on key concepts for which learners have yet to demonstrate practical comprehension.

One bank client in the US with 58,000 employees had an average of one-hour anti-money laundering compliance training per employee, repeated annually with a pass rate of 80%. Using adaptive learning, they were able to cut this down to 27 minutes and improve their pass rate to 100%. In terms of an opportunity cost in training hours alone this saved the bank a minimum of $3.19 million per annum.

 Compliance training may be mandatory, but it does not need to be an endless ‘burden’ on organisations and their employees’ time. In fact, to be truly effective it can start by respecting people’s time and knowledge.