Many compliance programs fail to inform, engage, and instruct the intended audience. A traditional compliance program is built around legal risks. But it still needs to bridge the gap with its audience.
Bridging that gap is simple, but it’s not necessarily easy.
It’s simple because we know how to approach audiences thanks to compliance professionals, marketing colleagues, and behavioral science experts. The tools and knowledge are in front of our noses.
But it’s not easy to stitch it all together in a way that works best for our audience, so let’s explore the front-end design of a compliance program.
The audience-driven future of compliance
The claim that compliance should be audience-driven isn’t pulled from thin air. It’s what most expect to happen in the next few years. Compliance professionals stated that 75% of their core competencies are risk-focused skills:
-
Technical regulatory understanding (38%)
-
Risk management ability (28%)
-
Business/product knowledge (9%)
The focus on audience-driven skills is as low as 25%:
-
Stakeholder management (15%)
-
Communication skills (6%)
-
Influencing skills (4%)[1]
But according to the surveyed professionals, the importance of audience-driven skills will rise to a whopping 63% (coming from 25%). That is impressive. It indicates a strong awareness among compliance professionals that the focus will shift. But where does this come from?
Over the last decades, the focus has been placed on the structure and the “why” of compliance. But as compliance matures, the effect becomes more important.[2] Not to say the least, because of the Evaluation of Corporate Compliance Programs from the United States Department of Justice.[3] To quote some questions in this guidance:
-
“Has the training been offered in a form and language appropriate for the intended audience?”
-
“What resources have been available to employees to provide guidance relating to compliance policies?”
-
“What communications have there been generally when an employee is terminated or otherwise disciplined for failure to comply with the company’s policies, procedures, and controls (e.g., anonymized descriptions of the type of misconduct that leads to discipline)?”
In a more general sense: Has every compliance aspect of your business been offered in a form and language appropriate for the intended and relevant audience and made accessible to this audience?
So how do we achieve this? Do we improve our training materials? Take a behavioral approach? Rewrite our policies and code of conduct? Nurture conversations between employees and stakeholders?
We must do all these things together.
Change compliance’s front end
It’s time to make compliance audience-driven in a way that’s not an afterthought or one of a compliance program’s many elements. The entire so-called front end of the compliance program needs our attention.
Web development makes a distinction between the front end and back end. The back end is the part of the website users don’t interact with and cannot see, like the source code. It stores and arranges data and ensures user actions work as intended. The front end is the part of a website that users interact with, like a company’s homepage.
This perspective of back end versus front end is unknown in the compliance world. Some of the seven elements of the United States Sentencing Commission’s “Effective Compliance and Ethics Program” refers to the front end of a compliance program:
The European Union Commission has also published recommendations specific to compliance with dual-use trade controls under Council Regulation (EC) No 428/2009 Regulation:
-
A written statement about the top-level management commitment to compliance (element one); and
-
Training and awareness raising (element three).[6]
These front-end aspects of a compliance program are what employees see and interact with: training sessions, the code of conduct, policies, etc. You can create a compliance program that checks all the boxes to satisfy the government’s requirements, but it is not enough.[7] If an online store looks great but is hard to navigate to make purchases, the web developer has made the tool more important than the result.
The many faces of the front end
It’s time for some reflection on your front-end elements. What should the front end of a compliance program look like? Are these elements created to please the government, or are they audience-driven?
Although the front-end compliance elements can take many forms, let’s focus on training and communication. It works like a spectrum with different wavelengths, from general to specific. You can break the spectrum into three different blocks:[8]
-
Outbound training and communication: The content is rather general and risk-focused; it is intended for a broad audience. The compliance team actively distributes this type of content.
-
Inbound training and communication: This content answers a specific question with detailed guidance. It targets a specific audience. The content is not distributed, but the audience is looking for a resource that can help them.
-
Embedded training and communication: This is where the compliance task is embedded in a workflow, an actual job task, or team communication.
The spectrum starts from information and evolves into instructions and guidelines that trigger specific actions or decisions.
Outbound
Compliance needs to reach out to people. Typical examples are statements by the senior leadership, a new policy, an awareness campaign, or a training session. It can take the form of newsletters, announcements, plenary team sessions, or meetings. The goal is the distribution of information and awareness. Effectiveness, not convenience of organization, should determine the best format.
But it goes beyond information. A function of outbound communication is the framing of a topic around company values and audience motivation.
Values are essential to your content in this phase because your downstream communication will be more specific and task-oriented. Downstream communication can never cover every scenario, but by focusing on values, you empower the employees to make decisions based on those values.
Additionally, information will motivate your audience. People need to know why an idea matters to them: Why is privacy important? Why is it part of someone’s job to take care of the personal data of their customers or website visitors? It is not enough to only mention the consequences of noncompliance.
The more you focus on intrinsic motivation, the more audience-driven this part of the front end will be.
Inbound
Inbound training and communication cover situations where someone has a specific question. It starts from the assumption that employees know a job task has a compliance element to it.
Unlike outbound training and communication, there is no distribution, so you need to offer help when someone is looking for an answer. Done right, this content is more specific than outbound training and communication. It focuses on a particular scenario, job task, or business process (e.g., how-tos, flowcharts, checklists), and you store it somewhere accessible, like your intranet.
This is not the same as simply archiving your outbound training and communication. People will be frustrated if they will only find general risk-focused content.
Inbound resources have two built-in flaws:
-
It assumes a level of compliance awareness on the part of employees. However, sometimes they don’t know, so they will not be looking for an answer.
-
The opposite situation also exists: People believe they know the answer, so they will do the compliance task incorrectly because they didn’t check.
If you have data that tells you that one of these situations is happening at your company, you can fix it in two ways:
-
Reinforce your message in outbound training and communication to increase awareness.
-
Embed compliance content in materials and processes people use in their job so crucial information will not escape their attention.
Embedded
Embedded training and communication refer to the right content at the right time for the right audience. You embed compliance guidance into a business process or communication. Unlike inbound resources, it requires decentralized distribution. There isn’t a place where you can find all the resources. This means you should be creative in how and where to place the content.
For instance, you want your human resources (HR) team to screen job candidates on specific red flags, like sanctions. You have already trained the HR team to create awareness (outbound). They can access resources that tell them how to screen job candidates (inbound). But effectiveness would improve if you could remind the HR team to screen for red flags each time, they create a job candidate’s profile (embedded). This can take the form of a pop-up screen in their recruitment software. But screening can also be one of the core discussion points when HR has a meeting to review all job candidates. Embedded compliance doesn’t necessarily have to be online.
Embedded training and communication take a lot of time and cooperation with the relevant audiences, but it will make your front end more audience-driven.
Conclusion
We only discussed the tip of the iceberg about audience-driven compliance. The most important message is that you make it audience-driven via the front-end design of your compliance program. These are the parts your audience interacts with, finds information, and receives instructions. The spectrum of training and communication that contains outbound, inbound, and embedded elements is a good starting point to develop your front-end design and increase the effectiveness of your compliance program.
Takeaways
-
The employees of a company are the main audience of a compliance program.
-
Compliance programs can’t exist only to check the boxes of government regulations. They must work for the intended audience.
-
The more audience-driven the compliance program is, the better it informs, engages, and instructs, and the more effective the compliance program gets.
-
The tools to achieve this are all the front-end elements of a compliance program, like training, communications, incentives, and discipline.
-
Depending on the goal and method, break training and communication into three layers: outbound, inbound, and embedded.