By Chris Barrington, managing director at employee communications agency, blue goose – www.bluegoose.co.uk
There is a false and potentially dangerous assumption, particularly in the financial services sector, that risks can be managed by mandating employees to follow rules, standards and regulations, often solely through compulsory e-learning.
Whilst building robust risk-related processes and oversight structures to better manage risks is key, it is only part of the story. Developing a risk culture, in which the attitudes and behaviours of employees are a first line of defence against Conduct Risk, is just as important.
Yet the compliance-based and directive interventions currently on offer are rarely an effective answer to the challenge of compliance.
In fact, regardless of the compliance issue, so-called ‘learning technology’ is too often the tail that wags the dog and compliance-based, rather than engagement-based interventions, are the norm.
Most of the current organisational effort around compliance appears to be directive, and focused on defending against the regulator and legal liabilities rather than addressing what are in effect the real issues behind the regulation.
Since the Enron scandal in 2000, organisations have been focusing on easy, quick and auditable defences that have spawned an entire industry built around “compliance training”.
However, their style of compliance training mostly focuses on meeting a regulatory requirement or reducing legal liability and real learning or engagement with employees in a relevant and memorable way has become a bonus.
When compliance initiatives are directive they tend to focus on the narrow rules and regulations of the issue at stake and pay little attention to the wider cultural context of the organisation. As such, they tend to reduce the room for discussion and debate about compliance and make a breach more likely.
Furthermore, where compliance-based and directive interventions take hold, breaking out of that mindset and moving beyond the e-learning tick-box mentality is difficult.
As a result compliance has been reduced to a game of beating the system with the least possible effort. What should and could be a highly engaging exploration of issues that has a very tangible impact, becomes a frustrating chore to be finished as quickly as possible.
Organisations trying to mandate compliance will continue to risk it all. Not only will they be more open to breaches of compliance, but they will be subject to greater financial penalties and reputational damage than those that can demonstrate they have made efforts to truly engage with employees.
There are plenty of studies that show that organisations that communicate effectively with employees are more likely to be successful, but it shouldn’t take a research report to understand the benefits – it just takes common sense. At the very least, organisations should recognise that high quality communication and engagement is important mitigation should something go wrong.
What’s surprising is that HR and learning professionals and their vendors, haven’t done more to make compliance training and interventions more engaging – particularly to shift them away from so-called e-learning.
Ultimately compliance training has done much to damage the credibility of e-learning, and in turn damage the reputation of many organisations.
So what are the key hallmarks of effective compliance communications?
There is often little differentiation between what most organisations say in their compliance communications, whether the topic is their code of conduct, health and safety or information security.
Therefore, effective compliance communications rests on how they communicate around those issues, something that varies significantly.
Combining employee communication, learning and engagement to create a comprehensive integrated campaign focused on behaviour change is key to going beyond simply telling employees to follow rules, standards and guidelines.
The graph below illustrates some of the characteristics of compliance communication at either ends of a compliance/engagement continuum:
Organisations stuck at the wrong end of the continuum will contribute to a culture that is actually more likely to result in non-compliance and breaches. They will miss the opportunity to drive competitive advantage through risk management and they are quite likely to get the breach they deserve.