6 min read

What Should Be Included in a Compliance Training Program?

By Ryan Eudy on Jan 7, 2021 2:00:00 PM

Topics: Compliance

Most businesses are familiar with the concept of a compliance training program. Compliance training is training that is mandated by law, or required as part of a regulation or policy. For that reason, many businesses think of compliance training programs as a schedule for those required training sessions, “checking the box” as employees complete them.

For the most successful companies, compliance training is much more than that. I see compliance training as a way of protecting the business that I run, as well as the employees we hire and the clients we serve. For example, while doing a recent research project on the cost of not providing adequate training, my team and I discovered that improper or non-existent compliance training can cost a company $750,000 to $150,000,000 over the course of a year. Those numbers reflect the harm done to employees and clients when a company does not have strong policies and practices in place for things like harassment, bullying, privacy, and anti-discrimination.

Exactly which topics need to be covered in a compliance training program, and how best to do that, is going to vary from industry to industry and company to company. What I’m offering here is a guide so that L&D professionals can think through all the different possible needs for their programs.

 

Compliance Training for Internal Regulations and Policies

Every company has its own internal policies, and these can be very different from company to company, or even different from year to year. Many of these policies will be encoded in some sort of employee handbook. But do your employees really know the contents of that handbook? It might help to have a short training that reviews some of those policies.

Here are a few policies that have received a lot of attention over the past year and that vary widely from company to company:

Marijuana Use: Marijuana use, both medicinal and recreational, is becoming legal in more and more states. As this happens, most companies are crafting their own internal policies for its use both on-duty and off-duty. Employees need to be made aware of what expectations are, how those expectations will be monitored, and what are the repercussions for violating those expectations.

Drug Testing: Speaking of drug use—different companies do drug testing differently. If your workplace does drug testing, you should inform employees of your authority to do so, as well as which drug tests you require. Employees with medical exemptions, or who are using legal medications that might skew the results of a drug test, should have the opportunity to make this known.

LGBTQ Discrimination: This is very much a matter of internal policies, as prior to June 2020, companies could legally discriminate against LGBTQ employees...but many companies went ahead and crafted their own internal policies with regard to protecting this class of people. If that is the case at your company, employees will need to know the specifics.

 

Industry-Specific Compliance Training

While some policies are pretty much left to individual companies, some are industry-wide. For example, finance, healthcare, and some manufacturing segments are well-known to be heavily regulated, but all industries have some laws of which employees need to be made aware.

Sarbanes–Oxley: Also charmingly known as the "Public Company Accounting Reform and Investor Protection Act,” Sarbanes-Oxley was passed in 2002 after the highly publicized frauds at Enron and WorldCom. The law covers several responsibilities of a (publicly traded) corporation's board of directors (as well as auditors) and outlines penalties for certain misconduct.

HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) has had a major influence on a healthcare consumer’s right to privacy, and so has had a ripple effect on how healthcare companies collect and store data, communicate with patients, report research findings, and even how they run their IT departments. Even though the act was passed in 1996, the #1 source of HIPAA violations, to this day, is uninformed or misinformed employees.

SEC Regulations: Banks and financial institutions need to adhere to a dizzying number of laws and regulations (here are just those implemented since 2010 by various government branches).There is no way that any given employee could keep up with such regulations without a regular training program.

Safety/OSHA Requirements: Safety requirements vary somewhat by industry, but they are there whenever employees have to move something heavy, operate machinery, or work with potentially hazardous materials. That makes safety training programs wide-ranging and multi-faceted. For example, a warehouse might have a safety compliance training program that includes courses on proper materials labelling, forklift safety procedures, back strain and proper lifting techniques, and lockout tagout for machine maintenance, just for starters.

 

State-Specific Compliance Laws and Compliance Training

Company policy and federal law are not the only constraints on employee behavior. Many compliance topics also vary from state to state, which means that compliance training must look different depending on which state your company is located.

Anti-harassment compliance training is a good example of this. The specific laws covering anti-harassment policies in the workplace look a little different in, say, California than they do in Maine. We here at ej4 have had to help many companies with state-specific content for anti-harassment training in order to comply with those laws. Discrimination training is another good example.

These areas are especially ones where companies have had the “checkbox” mentality—perhaps precisely because there is currently no federal standard. But, as my VP of Operations says, “We’ve all seen the news.” Harassment and discrimination are widespread problems. The issue with the checkbox mentality is that it doesn’t stop those problems. Doing just the bare minimum has not prevented the bad behavior—if anything, it has allowed it to fly under the radar and spread. That’s all the more reason to put good, quality anti-harassment and anti-discrimination training in place that goes beyond a few cringeworthy videos from the last decade.

 

Company Culture Is a Part of Compliance Training, Too

Some companies already do training around company mission, vision, and values, especially when onboarding new employees or promoting them to management. Going beyond a mere statement of company values can do so much more for a company!

Yes, having a workforce that complies with internal policies as well as state and federal laws requires giving them explicit training on those policies and laws. That is the absolute bedrock. But how likely is it that all that training will stick if you have not also built a culture of compliance? If your company does not value ethical and respectful behavior in its day-to-day operations, simply knowing the law and its penalties is not enough.

For example, we’ve found that companies benefit when they receive training on the following topics in addition to the required training for compliance:

I have provided links to videos on some of these topics, just so people can get an idea of how easy it is to build these topics into your current compliance training programs simply through the use of video.

Again, these topics are not legally required by themselves, but they do contribute greatly to a more harmonious workplace. Use them to begin shifting your compliance training from “We have to do this” to “This is the right thing to do.” When you do, you are taking steps to protect your company, your employees, and your clients.

Think about it: If you have to do compliance training anyway, why not provide a training program that actually has a positive impact on your workplace? Why not encourage people to do the right thing, always? That, ultimately, should be your guide for what to include in your compliance training.

 

Additional Resources

 

Ryan Eudy

Written by Ryan Eudy

Chief Executive Officer Since joining ej4 in 2005, Ryan has operated in every facet of the business. It is this experience that Ryan utilizes to manage ej4’s daily operations. Ryan offers innovative solutions and has a unique understanding of matching client needs with the right performance improvement tools to change targeted behaviors.