While opening an account at a global financial institution, I asked my broker to verify something I had heard from his colleagues: New employees at the bank have to take 93 different mandatory trainings. “Oh, at least!” He exclaimed. “It was weeks of clicking through things and not absorbing anything.”
Back-to-school season seems a good time to revisit how we train. The following are some questions I pose to compliance professionals about their training.
1. What Is Your Purpose and Desired Outcome?
Many trainings articulate objectives: “By the end of this session you will learn [certain laws/policies/procedures].” Few articulate the purpose: “Why do people need to learn [certain laws/policies/procedures]?”
The answer to “Why?” often stops at “Because of a regulatory requirement.” But trainings undertaken to satisfy regulators tend to resemble mini law classes, and success is measured solely by completion. Most companies, however, don’t need their employees to be part-time lawyers.
The purpose of compliance trainings should be teaching job-related skills and behaviors. Think of the behavioral outcome you would like your training to achieve: What would people do differently? Once you identify such expected outcomes, you can measure the related behaviors pre- and post-training, and then show regulators—and internal stakeholders—not just the completion but the effectiveness of the training.
2. Are You Overwhelming Your Employees?
The 90-plus trainings endured by my broker come from multiple stakeholders each requiring its own curriculum: cybersecurity, data privacy, anti-money laundering, harassment, antitrust, etc. The result is an overwhelming assault on the employees’ time and mind, with little impact on their behavior.
Employees receive business training on how to open accounts, then separate compliance trainings on different topics that may or may not impact account opening. It would seem more sensible—and efficient—to integrate various compliance topics into the business training and processes. New brokers should learn compliance requirements relevant to account opening as part of account opening training, and timely reminders would pop up when they are in the process of opening accounts.
Integration of compliance topics into business processes, as well as just-in-time reminders, help training to impact on the day-to-day business operations where it matters.
3. Are you Teaching Skills, or Listing Prohibitions?
Teaching people only what they cannot do is paralyzing, whereas teaching people how to do something is empowering. People need realistic skills to help them confront difficult situations: when customers suggest a kickback; when managers make inappropriate suggestions; when colleagues disclose something confidential.
In these situations, saying “compliance says we can’t do it” may not help, and the skills to probe, deflect, or intervene may be far more useful. Those are the skills we need to teach.
4. Are you Entertaining, or Changing Behavior?
Compliance trainers are racing to provide more engaging—and frequently gamified—content. Rather than measuring behavior outcome, compliance trainings now compete to be entertaining. I always prefer an entertaining video over a boring one, yet whether I learn anything from—or change my behavior because of—a particular video is a separate question.
Moving from legalistic slides to entertaining cartoons and games is certainly an improvement, but it is not enough. I doubt my broker would absorb 90-plus fun videos and games any better than the content he had to click through, even if he might be less resentful of the exercise.
The question to ask is whether videos or games are the right vehicles for the behavior outcomes you have defined for the training, and whether they help in achieving a more integrated approach.
5. Are You Differentiating Your Audience?
Very few compliance topics are relevant to everyone in the company in the same way. While at the U.S. Department of Justice, I often saw companies training employees whose job had little to do with the compliance topics in question. This indiscriminate approach showed a lack of thoughtfulness, and took away rather than added to the company’s credibility.
Running a standard set of training for “all employees” is easier for compliance, but it wastes the time and attention of your colleagues, and thus diminishes the compliance function’s credibility and social capital. A risk-based and audience-specific approach demonstrates understanding of the business and respect for your colleagues.
That approach would also earn you credibility with your internal stakeholders as well as with government enforcement and regulators.
6. Are You Assuming Learning Only Happens During Training?
In her insightful article on “How Not to Teach Ethics”, MIT professor Susan Silbey reminds us that people learn behavior “by mimicking what they observe as conventional, accepted and rewarded demeanors, conversational practices, and career expectations.”
When we design and deliver compliance training without considering the social and cultural contexts of our organizations and communities, we pretend fiddling with the dials of the space heater in one cubical could change the temperature of the entire building.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
Hui Chen is an independent ethics and compliance consultant and was the Justice Department’s first-ever compliance counsel expert. She has served in global senior compliance lead positions at Microsoft, Pfizer, and Standard Chartered Bank.