Compliance 101: It’s about communication, not box ticking

Enron and other corporate scandals of the 1990s and 2000s triggered a number of unexpected events. One of the less obvious was the emergence of an entire industry built around “compliance training”.

As organisations scrambled to find easy, quick and auditable defences, compliance took on a whole new dimension.

In the rush, compliance-based and directive interventions took hold, all too often becoming a pretense for linking and aligning ethical attitudes and behaviours to corporate culture.

The legacy, which is both false and potentially dangerous, is an assumption that risks can be managed by mandating employees to follow rules, standards and regulations, often solely through compulsory e-learning.

Regardless of the compliance issue, so-called ‘learning technology’ is too often the tail that wags the dog and compliance-based, rather than engagement-based interventions, are the norm.

Much of the current organisational effort around compliance appears to be concentrated on defending against the regulator and legal liabilities rather than addressing the real issues behind the regulation. And they tend to focus on the narrow rules and regulations of the issue at stake, paying little attention to the wider cultural context of the organisation.

Learning or engagement with employees in a relevant and memorable way, or building ethical corporate cultures, is simply a bonus.

The reality is that such approaches reduce room for critical discussion and debate about compliance and make a breach more likely. Furthermore, where compliance-based and directive interventions take hold, breaking out of that mindset and moving beyond the e-learning tick-box mentality is difficult.

As a result, compliance has been reduced to a game of beating the system with the least possible effort.  What should and could be a highly engaging exploration of issues that has a very tangible impact, becomes a frustrating chore to be finished as quickly as possible.

Organisations trying to mandate compliance will continue to risk it all.

Not only will they be more open to breaches of compliance, but they will be subject to greater financial penalties and reputational damage than those that can demonstrate they have made efforts to truly engage with employees.

There are plenty of studies that show that organisations that communicate effectively with employees are more likely to be successful, but it shouldn’t take a research report to understand the benefits – it just takes common sense.

At the very least, organisations should recognise that high quality communication and engagement is important mitigation should something go wrong.

What’s surprising is that HR and learning professionals, and their vendors, haven’t done more to make compliance training and interventions more engaging – particularly to shift them away from so-called e-learning.

Ultimately compliance training has done much to damage the credibility of e-learning, and in turn damage the reputation of many organisations.

So what are the key hallmarks of effective compliance communications?

The starting point for improving compliance communication is that it has got to go beyond simply telling employees to follow rules, standards and guidelines.

Ideally this means combining employee communication, learning and engagement to create comprehensive integrated campaigns focused on behaviour change.

There is often little differentiation between what most organisations say in their compliance communications, whether the topic is their code of conduct, health and safety or information security.

Therefore, effective compliance communications rests on how they communicate around those issues, something that varies significantly.

The diagram below illustrates some of the characteristics of compliance communication at either ends of a compliance/engagement continuum:

Organisations stuck at the wrong end of the continuum will contribute to a culture that is actually more likely to result in non-compliance and breaches. They will miss the opportunity to drive competitive advantage through risk management and they are quite likely to get the breach they deserve.