At what point did we enter the big box warehouse store model of compliance training?
It’s a Saturday morning and you’re off to run your errands. On your list? A marinated tri-tip from that warehouse discount store up the road. It’s a crowd pleaser. Except you don’t leave said big box store with just the tri-tip. Rather, your cart is filled to the brim with a thirty pound bag of Twizzlers, a 6-pack of folding chairs in case you have an influx of relatives with nowhere to sit, and a 96-count of paper towels. As the fog wears off and the dust settles, you only realize the extent of your “one item trip” when you get home and have a “what just happened” moment.
My PSA: I am a compliance practitioner who now happens to be on the vendor “dark side”. My compliance strategy role is actually at a compliance training company and my job is to help compliance practitioners build better compliance programs.
When it comes to compliance, you can secure an extensive “compliance library” of 500+ titles. And that sounds appealing, because the warehouse store (or even the all-you-can-eat buffet) effect creeps in. It speaks to us like...
“Well you don’t really need it…but it’s like…right there…and there’s a lot of it…so that must be a better value!”
It’s as if an uncontrollable deeply rooted psychological phenomenon occurs that causes a visceral fight or flight reaction.
No matter what training vendor you go with, the DOJ isn’t going to be impressed with the fact that you have endless compliance titles you may decide to deploy on a rainy day. What they actually care about is that you trained your identified high-risk folks on the compliance risks they’ll face in the course of their jobs and that you did it in an effective manner per the Updated Guidelines.
*Before you head down this road, ask yourself these four questions*
1) What specific risk areas do i need to train employees on, and why?
I say "specific" because this will be specific to your industry and the risks that come along with the way your company does business. Aside from the training you are required to deploy per regulatory requirements, identify training risk areas by looking at your compliance risk assessment, along with other types of information like helpline, legal, audit data, and even what’s happening in your industry vertical.
This step alone may take some time depending on what you know and the information you have – and because it requires you to get out from behind your desk (shameless plug of my last blog) and talk with people across your organization to understand what’s risky and why. You may hear this commonly referred to as the “what’s keeping you up at night?” discussion.
Focus on your objectives: What do you want people to learn or understand? What behaviors do you want your employees to demonstrate? Work backwards from there. You may find that not every “risk” requires e-learning, but rather in person events, general communications and guidance, or other modalities of delivering information.
2) Who do i need to train?
Who you train is directly correlated with the risk areas you identify in Step 1. To use the words of a wise former boss, we’re not out to “peanut butter spread” training on everyone. It would purely be a check-the-box program if we did. Target training audiences to the risky tasks your employees are doing.
Per the Guidelines, you’ll also need to evaluate whether supplemental training is required for supervisors, gatekeepers in the control process, those with approval authority or certification responsibilities. The more you can target the employees who need to know specific concepts based on their roles, the more relevant your training is. Did I mention it’s important to target (target, target)?
3) Will training data help me identify areas that need more guidance?
While you might have outstanding completion rates, that doesn’t tell you whether employees understand the behaviors expected of them. Your training should generate predictive data that gives you a window into what your employees know and where they need additional coaching and feedback in simulation— so that you can provide targeted (there’s that word again) guidance to those who need it. Not getting this type of information is like deploying training and just hoping that people get it.
Compliance guidance is a cyclical exercise – we need to consider it part of our ecosystem of human behavior reinforcement. This is where we can bring in “lessons learned” and other important messaging throughout the year to keep the compliance drip pertinent.
4) can i demonstrate the efficacy of my training?
It’s one thing to have predictive training data as I described above. It’s another thing altogether to leverage the data and put it to use to improve and evolve your program in a quantitative way. This part takes work, and it’s frankly also where the “we’re short staffed” or “we have no budget” arguments creep in. I’ve seen this done immensely well with a small but mighty compliance group of two, and just average with a group of ten. The point is, (i) you need data to even think about demonstrating efficacy and (ii) be prepared to put in the work to have an impactful program.
Only after you and your team have reaffirmed your true priorities – aka the lone tri-tip on the list and not the 96-count paper towels – should you take the next step. Proceed judiciously.