4 Reasons why your organization isn’t (always) compliant

Blog / News | 09-07-20

“Everyone has passed the compliance test with flying colors, and yet we keep having mishaps.” It’s something we hear all too often. No doubt you do everything you can to prevent violations. But why is it then that employees still make the wrong decisions sometimes? In the following, we will go into four reasons why your organization may be compliant, but why you can always do more. We give tips as to what you can do to use your awareness program more effectively and be truly compliant 24/7.

1. The temporary knowledge peak

Can you still remember everything you learned a year ago? Neither can your colleagues. Sure, this is not a conscious thing, but it does undermine your compliance efforts… Commonly used compliance program options include annual awareness training, a quick e-learning module, and/or a test. These are all fine ways of making sure you are compliant on paper, as they will get you those coveted green check marks in all the boxes. But they seldom have the intended effect on actual retention of and compliance with policy. Annual training or regular testing will only ever produce a brief peak in knowledge levels. But all that freshly learned knowledge and competencies will soon evaporate like snow in the sun. Research has shown that, if you fail to maintain your skills, about 80% of new information will have disappeared within one week. There has to be a more efficient way, because you don’t just want to be compliant when the test comes around, you want to be compliant all the time. Important information needs to be repeated more often to embed competencies.

Did you know that positive exam results are false positives?
Read more in our article about ‘the exam syndrome

2. It doesn’t concern me

To maximize awareness, it is advisable to use engaging examples in awareness programs, as that will help employees not only to learn the rules, but also to apply them every single day. One common mistake is, however, to use the same generic scenarios for the whole organization. After all, every department has its own specific situations to deal with in the workplace. New data protection legislation affects the marketing team or the board differently than it does reception staff or people on the operational side of the business. Scenarios that do not resonate with employees may actually do more harm than good, leading employees to feel that the issues presented do not concern them. So, be sure to use realistic practice-based examples and cater the case stories to the various target groups in the organization to maximize awareness. Also, be mindful of the tone of voice for each level and job. Complex legal jargon is not appropriate for everyone. The more the case story ties in with employees’ reality, the more effective your efforts will be.

3. The rules keep changing

Legislation and regulations are always changing. The question is how to keep everyone across your organization up to date with the latest changes. Change the entire learning module? Send out an internal email? Post a notice on the intranet? You may even decide to wait until the next annual training session. These are all quick ways of making employees aware of changes, but not a proper way to maintain awareness and competencies at all times. An effective compliance program is dynamic and always up to date.

4. Conscious incompetence

Imagine that colleagues are aware of the latest protocols the whole year round. Does that guarantee that they will always abide by the rules? No, it doesn’t. Unfortunately, you can never prevent anyone from inadvertently making a mistake. After all, to err is human. Neither can you prevent someone from consciously acting incompetently and flouting the rules, if that makes the work quicker, easier, or cheaper for instance. If this is a structural problem, what is needed is behavioral change or even scrutiny of the corporate culture. If it is not a structural thing, you can curtail such behavior by continuously raising awareness of the rules. Needless to say, you cannot look over everyone’s shoulder all the time, but you can make sure you have the best possible awareness program.

From knowledge peak to embedded knowledge

Do not rely solely on sporadic training, bulky documents, static e-learning modules, tests, and an endless stream of internal emails, but go for a compliance program that packs a punch. Choose an efficient and effective program that fosters continuous awareness and supports case stories and knowledge embedding, while also providing insight into your employees’ proficiency levels. This way, you can rest assured that everyone is up to date at all times. Keep knowledge and competencies up continuously and efficiently. 365 days a year, 24 hours a day.

 


Interested in reading more about compliance? Click here to download our Dutch whitepaper about the changing role of the Compliance Officer.