“Not everything that can be counted counts,
and not everything that counts can be
counted.”
—Albert Einstein
Compliance training, as popular and attractive as it is, can be dangerous—for the enterprise and for L&D.
In many organizations, compliance training abounds. Programs on diversity, sexual harassment, insider trading, ethics, and similar topics are often required for all employees. In government-regulated industries like banks, pharmaceuticals, and energy, large groups of employees must complete numerous additional training programs. Even less regulated companies often mandate some training for everyone.
The allure
Assuring that everyone is trained is important, especially in areas with severe legal, public health, safety, or other consequences. For L&D, compliance training brings entry into a variety of business activities and certainly generates lots of activity for trainers.
The allure only grows when eLearning is thrown into the mix, and it’s not just about cost savings. Learning management systems make it easy to track who has taken training, and who hasn’t, and can generate documentation precisely tuned to the client’s compliance reporting requirements. An entire industry has grown up around providing turnkey, easily reportable online compliance training programs, including content.
Being able to deliver training to lots of people and track their progress can be very helpful in building confidence that those who have been trained know what they are doing. This is always good, right? Not so fast.
The danger
While some compliance training programs work well, many expose four significant shortcomings:
- Compliance vs. certification
One big false assumption is that compliance is the same as certification. Certification is based (hopefully) on a solid assessment of performance, resulting in a high likelihood that the individuals can actually do the job in ways that meet definable standards (competencies). This requires a long-term development program that transcends the classroom and moves to the workplace, coupled with a performance measurement scheme that is well thought out and well executed.
Compliance training frequently focuses just on measuring attendance rather than performance. “Who showed up” and “who completed the course” are examples of compliance requirements that say little about what people can do, let alone what they learned. Even with an assessment, if it isn’t well designed, measuring actual performance can be problematical, to say the least.
- Legal risk
The assumption that if employees complete compliance training the organization is shielded from legal risk, is risky itself. Is a company protected from damages brought by other employees, regulators, or customers simply by saying its people received the appropriate and required training? When it can be shown that even if employees had the required training, if they ultimately didn’t learn much, or couldn’t do the job, the shield develops holes and all bets are off.
In the fictional HBO TV series The Newsroom (S3/E2, “Run,” 08:00 mark), a broadcast newsroom staffer is accused of stealing government documents. At a meeting, the corporate lawyer asks, “I know these guys get legal training, how did this happen? Isn’t this the very first thing they’re taught not to do?” To which the senior anchorman responds, “Once a year for an hour. It’s not like they take a semester in criminal law.” The network was in training compliance, but it didn’t matter; they weren’t in performance compliance. The damage was done.
- LMS limitations
Many compliance training programs are driven by the capabilities of the LMS. Like the tail wagging the dog, some managers see what types of reports the LMS can generate and then design the compliance programs to take advantage of those reports. To be fair, LMSs are great at managing and tracking training delivery, among other things. Without them, we’d have no clue who was taking what training, and that could make things even worse. But remember, they track good training and bad training equally well. Many LMSs (and especially LCMSs) provide test-development capabilities, but they can’t discern good tests from bad or verify the expertise of those observing performance or evaluating work outputs (assuming that’s even done). Interestingly, the advent of the xAPI, if used well, may help rectify this.
- Refresher training
Many compliance training programs get repeated every year or so. Often referred to as “recertification” or “refresher” programs, they aim to assure that people maintain their skill and knowledge over time. But if this is just repeating the original compliance program, which wasn’t of much value in the first place, what’s the point? Sure, some workers will benefit from the refresher training, but how will you know who they are, and what will you do about those who don’t? This may be good business for L&D, but is it really good business?
Are you concerned?
If you are concerned about your compliance programs, there are things you can do. Here are three suggestions:
- Keep in mind that compliance training does not equal certification. Build up your certification capabilities. In many cases, being able to certify performance is much more a function of the assessment than the course. For more on this, check out this article.
- Get some testing and measurement experts in your organization and listen to them. Ensure that your assessment strategy is valid (it measures what it’s supposed to measure) and reliable (it does so consistently). A few multiple-choice questions at the end of a course will likely not cut it.
- Work to change the culture. The embrace of current compliance training practices will not end overnight; it will take years to move this paradigm that has become so convenient and accepted into our practice, and even codified into law. This may be the toughest hill to climb. So remember: little victories now mean bigger victories later. Start small—but start.