Creating compliance training for the relevant audience

In this blog post, Justin Muscolino, GRC Solutions’ Head of Compliance Training in North America, gives tips on how to create a successful compliance training program. 

Did you know that prosecutors of the DOJ really do look at whether compliance training programs are geared towards the relevant audience? No joke, I am serious. Last week I read the US Department of Justice “Evaluation of Corporate Compliance Programs” and it’s specifically called out. To say that I was proud is a vast understatement.

During my career leading compliance departments and in my current role heading up GRC Solutions’ Compliance Training in North America, I constantly tell others why it’s so important. Think of it this way, if compliance training is always a “tick-the-box” exercise, what does it say about the compliance culture as a whole in the organization? In my experience, it’s not just training, but in other areas as well.

Whenever I create a compliance training program or single initiative, the biggest key is the level of retention as well as aligning with the target audience. If retention increases for learners, shouldn’t risk decrease? I think it’s an inverse relationship. Basically what I mean is that if staff retain knowledge during a classroom or eLearning training module, they should be better equipped to understand the associated risks, identification of red flags and points of escalation. Right?

Remember, retention decreases over time so any information learned today must be refreshed from time to time. That’s why I always think short-term and long-term. For the short-term, I want to create a training and/ or communication that’s memorable and impactful. To do this effectively, you must know the target audience. Something I preach all the time. Is it so hard to do some due diligence in order to understand the target audiences? No, not if you care about doing the right thing. The ultimate goal is to get the retention level so high, that at least theoretically, the risk in the organization reduces.

As for long-term, you need to think of a strategy that makes sense over a given time period. Information acquired diminishes over time, so it needs to be refreshed periodically.

For example, a client of mine wanted to conduct privacy training since it’s a hot topic these days. We conducted the initial launch, but afterwards we came up with a strategy over the next 12 months. This included the creation of a short micro-learning module issued 90 days after the initial launch of the training. Then we scheduled communications every other month thereafter. Finally, since this client conducts annual training to all staff, we included a small section on privacy.

This is an example of what it might look like, but one size does not fit all. Find the proper way to continuously refresh the information so the retention level doesn’t fall to levels where an entire new training on the same subject is needed all too soon.

Do you agree with my sentiments? Regardless of whether you do or not, it would be great to hear from you.

GRC Solutions is an award-winning provider of compliance training. To find out more about our Compliance Officer Training Program, contact us today.


An article written by Justin Muscolino
Head of Compliance Training
North America