Compliance training is usually a part of every employee’s initial training process. Compliance training resources and modules generally consist of a long list of code of conduct which includes topics such as anti-harassment, bribery, FCPA (Foreign Corrupt Practice Act), protection of company data, client interactions, usage of company property and data security, etc.
Are your Compliance Training Resources Effective?
Earlier, in-house training specialists or Human resources team used to undertake the task of delivering training or companies would hire a professional trainer to deliver compliance training. But now you would find a list of compliance training resources and modules on the company’s intranet site, where the employee has to log in and read through the training resources. And let’s admit it, these courses are pretty boring with the long list of dos and don’ts and the complex tone of the legal language in some cases. Employees quickly glance through them and go for the start test button. Did they really understand the repercussions of accepting an unofficial gift from the client, or sending out an unsolicited mail to a company in Britain? You can’t be sure. Because these training modules, once completed, are not discussed again.
How to Deliver Compliance Training?
Training all the employees on laws and regulations, and internal policies of the organization is a must. So, try not to make it boring, preachy and depressing. That’s what drives the employees away from taking these courses seriously. Use mobile devices instead of office desktops to deliver these courses. This will allow employees to take the courses at their own convenience. It also has an added advantage of being engaging and interactive. Include images, videos and animation wherever applicable to make it look more interesting.
Certain events in the past such as GDPR violation, money laundering scams, etc., have indicated the need for an effective compliance training program, hence, companies started developing more engaging training modules which the employees would actually want to read and not just skim through. These new training modules also aim to ensure that employees understand the implications of non-compliance.
What happens in case of Non-Compliance?
Penalties could range from monetary fines to jail time. In 2017, Google was charged with $2.7 billion in fine for manipulation of search results. Google was also required to change its practices within 90 days or face more monetary penalties. In 2010, Goldman Sachs was levied a penalty of $550 million for misleading information in a subprime mortgage product. So basically, non-compliance can subject an organization to a great deal of legal, operational, and financial difficulties. In order to avoid this, you need to put together an effective compliance training program.
Now let us take a look at what topics or modules to include in your compliance training resources:
1. GDPR – General Data Protection Regulation Module:
GDPR has changed the way modern day workplace operations function. It has mandated strict rules to be adhered to, failing which, a company could face up to €20 million as compensation. No organization would want to pay this exorbitant sum for a silly error on someone’s part. And that is why every company is hiring professionals to create and deliver GDPR training to comply with its regulations. So before inundating someone’s inbox with emails, you first need to think whether they fall into the GDPR category. The aim of this act is to protect customers’ personal information. The training module that you create should also give out clear instructions about what to do if a data breach occurs.
Now GDPR training would include a lot of rules and regulations, acts and laws. Make the compliance training program engaging so that the employees fully understand what to do and what not to do while dealing with EU clients, or any client for that matter, as protection of customer’s information has to be taken seriously.
2. Cyber Security Module:
GDPR was introduced to protect the personal data of customers in the EU region. While this law is location specific, cybercrime can occur anywhere from any part of the world. With hacking, phishing, ransom-ware attacks on the rise, every bit of data stored on your organization’s server needs to be protected. According to IDC, worldwide spending on security solutions is expected to hit $120.7 billion by 2021. Inform your employees about what constitutes cybercrime and how to secure their systems against such practices. A lot of the times, such attacks take place through a simple email, which when clicked, throws out a virus in the system. Unaware employees might intentionally do you harm by falling for a phishing scam. Inform the employees not to open attachments from unknown emails. Cybersecurity courses must include compliance training topics like password complexity, securing company data on mobile devices and emails, email procedures, etc.
3. Workplace Safety Module:
Every employee has a right to a safe working space. As an employer, it is your duty to ensure that all workplace safety norms are being followed. Workplace safety training must include fire safety training, evacuation drills, handling of certain equipment and tools, etc. Accidents that seem minor like slipping on a wet floor has led to a number of serious injuries at workplaces. Desk jobs can have long term effects on the back and eyes. A workplace safety training module should cover information on how to deal with emergency situations in the workplace. Health-related training can also be included in this category. You can create short modules on stress management, diabetes control, mental well-being, etc.
4. Anti-harassment / POSH Module:
The #metoo campaign put anti-harassment policies into the limelight. Organizations must have an effective anti-harassment policy in place to ensure a safe working place for women. POSH training has become mandatory in every organization. It necessitates employers to define the types of workplace harassment and state the kinds of acceptable and non-acceptable behavior at the workplace. The POSH law also demands the creation of the redressal forum for employees to address their grievances. By giving examples of real-world scenarios, you can make them understand the implications of violating the law, and thus prevent unwanted incidents.
Also read: How to Deliver POSH Training Effectively
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established rules protecting the privacy and security of individually identifiable health information. The New York Presbyterian Hospital and Columbia University was fined $4.8 million in 2014 for leaked health records of 6,800 patients’ status, vital signs, medications, and laboratory results. Again, data security plays an important role here. Ensure your employees understand the severity of a data breach. According to the HIPAA Act, the civil monetary penalties start from $100 depending upon the severity of the data breach and can go up to a maximum of $1.5 million for identical provisions during a calendar year. And the criminal penalties could lead to a potential jail sentence for up to ten years. Some workplaces collect employee’s medical information before onboarding, so one must ensure that these details are stored securely and avoid any data leak.
6. Workplace Bullying Module:
If you thought bullying happens only at school and college levels, you’re wrong. According to a survey, 60.3 million US workers are affected by workplace bullying. And the bullies comprise of coworkers as well as bosses. Workplace bullying includes hurtful remarks or attacks, psychological harassment, intimidation, threats, etc., making your work life difficult. Define the various forms of bullying in the eLearning module. You can create a scenario-based training module to help the employees understand better by letting them determine further action to be taken. Encourage employees to report bullying to their manager or HR personnel. For a healthy work environment, you must have strict rules against discriminating people regardless of their age, sexuality, disability, nationality, etc.
7. Anti-bribery & Anti-corruption (FCPA) Training Modules:
Inform your employees of the consequences of unethical work practices. Selling out or divulging company information to outsiders or competitors are often considered a serious offence. Similarly, there are certain clauses for acceptance of gifts that are higher than a certain value, from clients and co-workers according to the FCPA guidelines. These kinds of rules are put in place to promote ethical work practices. Be sure to include all the rules and clauses in the training module.
Compliance training courses help your employees to be aware of the do’s and don’ts of a workplace and adhere to rules prescribed by the organization as well as the law. By providing training on various compliance training topics, you can ensure that the employees will create a healthy work environment for everyone. And delivering these courses on a mobile learning platform will allow the employees to go through the compliance training resources anytime and anywhere.