We outline why typical compliance tactics don’t work, and how you can go from static policies and training sessions to on-demand, embedded digital guidance.
It’s no secret: Employees don’t remember their company’s policies on essential compliance issues, even if they were specifically trained and attested to understanding them.
42% of employees don’t recall their company’s gift and hospitality policy. Another 27% don’t even remember completing finance compliance training (Gartner). Yikes. That leaves a lot of room for risk and begs for a better way to enable organizational compliance.
These numbers likely don’t come as a shock to experienced compliance managers, but still, when companies become aware of a new or heightened organizational risk, the knee-jerk response is often more training. And paradoxically, the more training you conduct with employees, the less information they are likely to retain, worsening the problem and widening the opportunity for risk.
So, what can compliance teams do to mitigate risk beyond more of the same: training sessions, written policies, and reminder emails? Embrace compliance automation.
In this article, we’ll examine exactly why today’s approach to organizational compliance is falling short. Then, we’ll look at the alternative — the proactive, digital approach to compliance — and show you how you can adopt it. By the end, you’ll have an idea of how you can start minimizing risk at scale, in a feasible, sustainable, and integrated way.
Table of contents
- Why training sessions, policy manuals, and attestations don’t prevent risk
- Top blind spots, challenges, and risks of a training-based approach to compliance
- Making compliance a shared responsibility — the right way
- The smarter, automated approach to compliance
- What compliance automation looks like in practice
- Why you compliance automation needs to be owned by Compliance — not IT
- Stop relying on training sessions and embrace compliance automation
Why training sessions, policy manuals, and attestations don’t prevent risk
Typically, employees will participate in compliance training as part of their onboarding process, and perhaps at regular intervals afterward. At the end of each session, they’ll take some sort of digital assessment, attest to understanding policy, and return their focus to their functional work as quickly as possible.
All too often, these training sessions are something employees just want to get out of the way so they can focus on work that matters more to them. But of course, compliance matters. Non-compliance fines to financial institutions alone average about $8 billion per year. When employees don’t have a clear understanding of policies and how to apply them in their day-to-day work, organizations are left exposed to massive financial and reputational risk.
The current mainstays of enforcing organizational compliance — training, written policies, and attestations — simply don’t work, especially when the regulatory landscape is evolving more quickly than ever. These tactics don’t help employees understand policies effectively, nor do they help much to enforce those policies.
Imagine it from the employees’ perspective. Say they’re offered a spreadsheet of new leads from an event, with names, email addresses, and other personal information for each lead that they want to start contacting to reach their marketing or sales goals. First, they need to remember what they learned in a data compliance training they might have taken a year ago: that some information is subject to regulations like GDPR and CCPA and needs to be handled sensitively. Then, to determine if they can use these new leads, they need to navigate to a policy document buried in a shared folder, or an email they received during their busy onboarding period.
You’re counting on the employees to remember, interpret, and enforce policies against their own actions. Sure, they might reach out to the corporate compliance team for clarification, but if they are moving really quickly and need to make a fast decision, they might prefer the self-guided approach rather than waiting on an official answer from a team they might regard as overly-cautious.
Top blind spots, challenges, and risks of a training-based approach to compliance
It’s just not realistic to expect employees to retain what they learn in their compliance training. Ebbinghaus’ famous Forgetting Curve suggests that 50% of new information is forgotten just 24 hours after it’s learned, and information retention continues to drop from there. In a workplace setting, this number can be even higher. In one survey, 70% of employees admitted to forgetting the contents of a company training in less than 24 hours.
42% of employees don’t recall their company’s gift and hospitality policy.Gartner, 5 Legal Technology Predictions Through 2025
The shortcomings of today’s compliance tactics go beyond just information retention. The velocity of regulatory change also necessitates a new approach. Even in a perfect world where employees retained everything they learned in a training session, you’d still have to re-train them as policies evolve — or rely on them to check for policy updates every time a relevant situation arises.
In the hoped-for scenario, where an employee knows where to revisit policy on a company intranet as needed, the employee still must be confident enough in the nuances of the policy to apply broad guidance to their specific situation. If you’re lucky, the employee might reach out to a compliance manager, but that adds to the time-consuming backlog of similar, repetitive questions the compliance team has to field.
To truly mitigate risk, compliance teams need to make compliance easy — easy for employees to consider policies, and easy for them to get clear and transparent answers. These answers need to also be made available quickly, so employees don’t see compliance as a bottleneck to essential business activities.
Making compliance a shared responsibility — the right way
It’s true that compliance is a responsibility shared by everyone at the company. There needs to be a culture of compliance, where employees take ownership of understanding and applying policies, and actively participate in mitigating risk. It must become an essential part of the way the business operates — across every business unit and process. But for that to happen, compliance teams first need to empower employees with the resources to effectively share the ownership of policy compliance.
It’s not reasonable to expect shared ownership of compliance after simply providing policies and training employees on them. And even when employees are willing to engage with the compliance department, answering repetitive requests is painful and time-consuming.
That’s why compliance automation must be proactively embedded into employees’ day-to-day tools and workflows, with tailored guidance available on-demand, or even without demand, when and where it’s needed. When policies are embedded digitally, they become a natural (and mandatory) part of employees’ workflows — there’s no need to switch systems, search an intranet, or interpret policy themselves.
The smarter, automated approach to compliance
In defense of compliance teams, they have thus far lacked specialized software that fits their unique roles. They’ve had to make do with training sessions, PDFs, and attestations as the only real tools to make policy and compliance education available to their organizations. Previously, the only way to modernize was with expensive, time-consuming collaboration with IT or software development firms.
Luckily, software has finally caught up to the needs of compliance professionals, so they can set up and manage their own embedded solutions.
And the practice is taking off. Gartner predicts that compliance departments will reduce annual training by 50% in favor of embedded digital guidance for employees.
Benefits of embedded digital compliance automation
The bottom line is that embedded tools are simply more effective at delivering guidance, maintaining compliance, and mitigating risk. Here’s why:
- They don’t rely on employees remembering training, or knowing when and how to navigate to a policy document.
- They make it much easier and faster to adapt to regulatory or company policy changes.
- They make specific, tailored guidance available on-demand, rather than relying on employees to correctly interpret policy.
- The anonymity possible with these tools means that no opportunity is lost to an employee’s fear that their question is silly. Employees won’t hesitate to engage with compliance for fear of wasting a compliance manager’s time, or thinking their issue is insignificant.
What compliance automation looks like in practice
So, what does an embedded compliance automation solution look like then? For employees, it’s intuitive, user-friendly, and integrated into the environments they already spend their digital workdays in. For the compliance team, it’s a simple, clear case database and service dashboard. Let’s take a closer look at both views.
Effective embedded compliance tools, like those built with BRYTER no-code platform, can be embedded directly into a website, company intranet, SharePoint, Salesforce, or any digital environment.
These tools walk employees step-by-step through company policies as they relate to the specific case at hand. Because many policy-relevant interactions happen during business travel, it’s essential that these tools function just as well on a mobile device as they do on a desktop or laptop computer.
For compliance teams
Embedded solutions make it much easier for compliance teams to get an overview of potentially risky cases in a single, sortable, actionable hub.
Cases that have been automatically handled are documented clearly, and cases that need an individual’s attention are surfaced, with all the contextual information needed to take action. This eliminates the need for back-and-forth communication and chasing of essential information.
In the case of gift and hospitality, for example, compliance teams can set their own conditional logic to generate guidance automatically — or to escalate unique cases to a compliance manager. In both situations, a summary document for each case is sent to the requestor and stored in a database where it can be viewed at any time.
So, to summarize, with embedded compliance automation, employees know where to go for guidance, compliance managers get a bird’s eye view of the must-see cases, and every relevant interaction is documented so it can be referenced or addressed when needed. Having this singular, clear view of all cases and interactions in one dashboard allows compliance teams to see trends, so they can further improve how they prevent risk. Data-driven insights help them refine their embedded solutions continuously and deploy updates quickly, so organizational compliance continuously improves and learnings from individual interactions are applied at scale.
Why you compliance automation needs to be owned by Compliance — not IT
No offense to IT. They are, of course, essential to your business. But they aren’t compliance experts.
IT might have expert knowledge of software and digital solutions, but they don’t know how compliance managers think, where the biggest risks lie, or how to accurately interpret policy. That’s the job of the compliance team, and that doesn’t change when compliance automation is implemented.
And regulatory change happens quickly, and increasingly often. An effective digital compliance solution needs to help companies adapt quickly to these changes, without waiting on IT or help from a vendor.
This means that compliance teams need to own and administer their software themselves. BRYTER’s no-code app builder is built to enable compliance professionals to do just that. It’s designed for the way you think, so all you need to do is visually map out your processes, and BRYTER turns that into an interactive web-based app, available in any digital environment.
The simplicity of the platform doesn’t just make it easy to use. It also makes it predictable, reliable, and feasible. Your team knows exactly how it works because they customized it themselves. If something changes or you receive feedback that could improve your application, you can make that change yourself and deploy the update instantly, everywhere the application is used, with a single click.
What is no-code and how can legal and compliance benefit?
Find out how legal and compliance teams use no-code to save time, increase capacity and reduce risk.
Download your guide now
You can start by turning your existing policy documents into apps to provide tailored guidance to employees. Then, automate essential actions, like collecting information, creating documents, generating and distributing reports, risk scoring cases, and more.
When software is owned and customized directly by compliance experts, it’s more effective at actually maintaining organizational compliance. As your team learns more about what works and what doesn’t, learnings can be applied to your digital tools and best practices are scaled automatically, without the bottleneck of IT or development support.
Turning company policies into interactive applications
Global IT distributor TD SYNNEX automates entire decisioning workflows and document automation, end-to-end, saving 95% of time previously spent on manual work.
Stop relying on training sessions and embrace compliance automation
It’s a hard truth, but one you already know — no one likes taking time out of their day to attend policy training. You’ve worked hard on your policies, and compliance is as important as it ever was, but training sessions and attestations alone aren’t an effective way to put those policies into action.
So take compliance a leap further, and make it inevitable. After employees complete attestation, you can continuously help them to operate within policy — without having to think twice about it — with digital embedded tools.
The digital approach isn’t just a better compliance practice — it makes everyone happier. When was the last time you got to give your company some good news? It’s rare in the compliance profession. You’re in charge of bad news, risk, and how to manage it. This is a chance to give the company what it wants (more time, less risk, an easier way to comply with policy) without sacrificing the core priorities of the Compliance team.
So, when you’re ready to evolve your compliance practice, reach out to book a demo and ideation session with us. We’d love to show you how you can put your expertise to better use with a digital-first approach. Or if you’d like to know how you can streamline your services, check out our guides to Data Privacy Compliance and Corporate Compliance.