Making the Business Case for Web-based Compliance Training

By Net Dimensions

For some, compliance is merely an overused term meant to impress associates and inspire obedience. For others, compliance is key especially in the highly regulated industries.

Compliance ... what a bore. That’s the view of many financial institution professionals and support staff. And it’s hard to blame them. Most organizations issue employees with a large ring binder jammed with indecipherable lawyer written don’ts, instruct people to “Read this!” and consider the matter closed.

Unread compliance materials represent a gigantic risk to financial institutions if employees do not manage to get through the required compliance reading, they are not aware of compliance procedures and requirements.

This can result in enormous liability when things go wrong, not only in terms of immediate exposure, but also in terms of subsequent liability if the organization is found to have not made every effort to ensure that employees were compliance aware in the first place.

The case for web-based compliance programs cannot be made just on the numbers, as the ultimate cost of a non-compliant employee cannot be known until after the event. However, the case for web-based compliance programs can be made on a risk/benefit basis.

What is being done now?
In trying to gauge whether or not to implement web-based compliance training, first determine what compliance training measures are being done at present and have been done historically.

1. Are new hires being given compliance training? If so, are all new hires being given this training? Or only those based at the regional headquarters?
2. Following the training program, is testing done? What is done with the results of the tests? Does the organization record the results of these tests and does it save the results?
3. Is a certain level of knowledge required? What follow-up training is being done?
4. Are employees issued with compliance manuals? Is it easy for them to determine a course of action in the event they encounter possible noncompliance?
5. Is follow-up training given at any point across the entire organization?
6. Are compliance updates issued when local and or organizational compliance regulations change? If yes, are employees tested on their knowledge of these? Are they required to demonstrate a certain level of awareness?

What is being spent now?
Another factor to consider in deciding whether or not to implement web-based compliance training is obviously cost.

Questions to consider include:

1. What is the dollar figure now being spent on compliance programs?
2. Does this number correspond to the relative importance of compliance to the organizations reputation and well-being? If not, why not?
3. Has an evaluation been made recently of the return being realized by the organization on its compliance training spending?
4. Is what is being done now seen as effective (e.g., in meeting the organization’s goals)?
5. Does management feel compliance regulations are well understood within the organization?
6. Does management feel the various work groups are getting the relevant levels of compliance training?
7. Is management itself aware of the importance of compliance training to the organization globally?
8. How often are managers briefed on the compliance awareness of their subordinates?
9. Do employees feel that they have access to adequate compliance training/resources?
10. Can the majority of employees pass a simple five question compliance quiz?

Benefits of web-based training
What are the advantages of web-based training versus face-to-face or self-study options?

Good question. Web-based training does not spell the end of all other types of training. But it does have some outstanding benefits.

First of all, it can provide real-time, universal tracking. Managers can know exactly who’s studying what, how diligently and how successfully. Records can be maintained centrally and easily exported to remote locations. Reports can be customized to local regulatory authority standards.

Nearly every knowledge worker today has web access. As a result, web-based training provides easy access for staff to learning programs and knowledge resources. Online testing can provide immediate global reference points, and can be customized to suit the needs of local markets.

Changes to course material can be made quickly and easily, and implemented immediately on a local or global basis.

Last but definitely not least, web-based training programs can be delivered more quickly than live seminars, and are less costly.

Ignoring the importance of compliance training is risky business.

“We’ve never had a problem,” is a common response to questions about the effectiveness of compliance programs. But just because an organization has never had a problem (and what financial institution can claim that?) doesn’t mean it won’t.

The day before the last five major insider trading or rogue trader scandals broke, the compliance officers and CEOs of each of the affected organizations probably felt pretty good about the compliance procedures and training they had in place. Two days later, their feelings were probably a bit different.

The finance business is inherently a risk business. Assess your risk, and then prepare for the worst.

If you decide to go web
Implementing web-based compliance systems takes more than desire and ideas.

Jay Shaw of NetDimensions lists the most important considerations for companies to make before they employ or redirect a digital compliance system.

If you decide to use web-based services as a key management, delivery and reporting channel for regulatory related compliance training, and licensing and certification programs, keep in mind that you will encounter deployment challenges in three broad areas:

1. Technology infrastructure (with all the complexities and politics new system projects engender);
2. Content packaging (what works in a book will not work on the web); and
3. Communications and marketing (even compliance needs to be sold).

Technology infrastructure
The first mistake corporate counsels sometimes make is to reinvent the wheel. Often your human resources, corporate communications or information technology groups already have some or all of the technology you need to get started.

One multinational bank we worked with had a compliance department that had never spoken to the information technology initiative leaders in the human resources information systems (HRIS) group. When the compliance executives finally sat down with their HRIS colleagues, it became clear that the compliance group had just spent US$1.4 million on supplier fees and 10 months of management time creating a compliance management system with less than a third of the functionality in the new learning management system (LMS) that the bank’s learning and development group had set up in cooperation with HRIS. The compliance management system project was eventually and quietly shelved.

The flip side of the internal silo problem is even more depressing. Another bank we worked with lost funding for its LMS project, as a result of massive cost overruns in its PeopleSoft human resources management system (mostly payroll and career tracking) implementation. While the executives dallied, the United Kingdom’s Financial Services Authority (FSA) fined the bank US$1 million for not taking proper remedial measures to ensure proper training and training-related supervision of one of its equity trading groups. It is not a lot of money if you say it fast but the LMS plus compliance content development plus internal roll-out program would have cost less than US$300,000 in total.

The cost saving of moving forward with the LMS project, although obvious from an enterprise perspective, was not at all obvious from the more limited perspectives of the various departmental budget holders.

The problem in this bank was that the LMS project fees would have come directly from the already stretched HRIS budget, while the FSA fine came out of nobody’s budget in particular.

In short, nobody ‘owned’ responsibility for the fine, while some very career-minded executives fully owned the HRIS budget. The bank, which has now been broken up and sold, struggled for years with nine different departmental LMS deployments that never got traction and no central mandate for constraining regulator fines and penalties on staff non-compliance issues.

What is needed is simple: A system that reliably manages, delivers, tracks and reports on compliance-related training and testing. In most cases, a system that will do what the compliance group needs will also do what the sales, marketing, customer service, operations and human resources groups need.

You can piggyback on an HRIS enterprise initiative, start your own project on a scale that works for your needs, or work together with one or more of the other stakeholder groups and scale up as required.

There are many solutions to choose from in terms of cost, complexity and IT flavor. The good news for buyers is that the LMS market is mature enough to allow comparisons in terms of functionality and benefits. You can even rent a solution; safe software as a service offering is increasingly common.

However, the one caveat for all choices is security. Make sure that the system itself meets best-practice security guidelines. If you do use a hosted service, ensure that the provider is ISO-27001 security certified.

Content packaging
With the obvious exception of trial lawyers, many (arguably most) attorneys long ago lost the ability to communicate simply to the non-initiated. What you think is clear and only mildly complicated text often reads like Greek and Martian to the rest of us. It is hard enough to wade through legal language in print. It is a nearly impossible task on the web.

Do not try to change. Hire people who know how to do this. Companies like Knowledge Platform in Singapore and Tactics Consulting in Australia are acknowledged experts in this field. They know how to turn your dense, tortuous prose into comprehensible narratives. They have the technical and instructional design skills to storyboard, meta-tag and codify regulatory content in ways that work for general staff, compliance and the best interests of the organization.

At the same time, they can provide you with copy that can survive regulator audits. You might never want to become an expert on Darwin Information Typing Architecture
(DITA), an XML-based architecture for authoring and searching technical information according to principles of specialization and inheritance, topic and content semantics and ‘tree-format’ extension capabilities; but you will want to employ people who do.
Pay special attention to assessment. If your company is threatened by a regulatory action or class-action suit, the first thing you will want to be able to prove is that due care has been taken to ensure that staff have demonstrated proper understanding.

Communications and marketing
Last, but by no means least, put your marketing folks to work. They will know how to snag C-level sponsorship and get people’s attention. They will design the integrated campaigns and handle the branding. It is much easier to let them do what they do than it would be for you to try to lecture, threaten or nag your way to success.