Compliance – a game of beating the system
December 2016 | EXPERT BRIEFING | RISK MANAGEMENT
There is a false and potentially dangerous assumption in the corporate sector, that risks can be managed by mandating employees to follow rules, standards and regulations – often, solely through compulsory e-learning.
Regardless of the sector or compliance issue, so-called ‘learning technology’ has become the tail that wags the dog, and compliance-based, rather than engagement-based interventions, are the norm.
In some sectors it is a problem that has not had much serious attention for over a decade.
Take financial services. Since the Enron scandal back in 2000, right through to recent years, much of the organisational effort around compliance has been focused on defending against the regulator and legal liability rather than addressing the real issues behind the regulation. Organisations wanted easy, quick and auditable defences and a whole industry built around ‘compliance training’ took shape.
But the compliance-based and directive interventions on offer are rarely an effective answer to the challenge of compliance. The concern of those delivering them was to meet a regulatory requirement or reduce legal liability. Real learning or engagement with employees in a relevant and ‘do-able’ way was merely a bonus.
The reality is that such approaches reduce room for critical discussion and debate about compliance and make a breach much more likely. Furthermore, where compliance-based and directive interventions take hold, breaking out of that mindset and moving beyond the e-learning tick-box mentality is difficult.
As a consequence, compliance has become a game of beating the system – passing the ‘test’ with the least possible effort. And, of course, employees often forget everything they have ‘learned’ within a few days, if not immediately. What should and could be a highly engaging exploration of issues that has a very tangible impact, becomes a frustrating chore to be finished as quickly as possible.
Organisations trying to mandate compliance will continue to risk it all. Not only will they be more open to breaches of compliance, they will be subject to greater financial penalties and reputational damage than those that can demonstrate they have made efforts to truly engage with employees.
There are plenty of studies that show that organisations that communicate effectively with employees are more likely to be successful, but it should not take a research report to understand the benefits – it just takes common sense. At the very least, organisations should recognise that high quality communication and engagement is an important mitigation technique should something go wrong.
There is a real opportunity for HR and learning professionals and their vendors to make compliance training and interventions more engaging – particularly to shift them away from so-called e-learning.
As it stands, compliance training is damaging the credibility of e-learning, and in turn eroding the reputation of many organisations. So what are the key hallmarks of effective compliance communications?
The starting point for improving compliance communication is that it has got to go beyond simply telling employees to follow rules, standards and guidelines. Ideally, this means combining employee communication, learning and engagement to create comprehensive integrated campaigns focused on behaviour change.
There is often little differentiation between what most organisations say in their compliance communications, whether the topic is their code of conduct, health and safety or information security. Therefore, effective compliance communication rests on how they communicate around those issues, something that varies significantly.
Viewing the characteristics of compliance communication at either ends of a compliance/engagement continuum gives some indication as to where organisations need to be focusing.
At the compliance end of the continuum, compliance is too often presented in isolation, unconnected to the wider company strategy and culture. As such, it relies on the language of compliance and is by necessity prescriptive – ‘do this but don’t do that’. Such an approach casts employees as a problem to be solved by adherence to rules and regulations.
Organisations operating at the opposite end put their trust in their employees as the solution, aligning the principles and outcomes of compliance to the values and culture the organisation aspires to. They focus on the promotion of being compliant, bringing rules and regulations to life through stories of real people in real and resonant situations.
Organisations stuck at the wrong end of the continuum, the compliance-centric end, will contribute to a culture that is actually more likely to result in non-compliance and breaches. They will miss the opportunity to drive competitive advantage through risk management and they are quite likely to get the breach they deserve.
Chris Barrington is the managing director at blue goose. He can be contacted on +44 (0) 20 7299 1670 or by email: email@example.com.
© Financier Worldwide