How to successfully train for regulatory compliance

Regulatory compliance is critical to the existence of many businesses. Non-compliance and even honest mistakes can carry hefty fines that could rise to the level of an existential threat for some companies.  

In late 2020, Google was fined by the French regulator a staggering €50 Million for not making its data processing statements easy for users to access. But Google isn’t the only one to be hit with an eyewateringly large fine. In 2020, Marriott hotels were fined £18.4 Million in relation to a historical hack that occurred back in 2014. 

GDPR, however, isn’t the only regulation that companies need to worry about. Regulatory compliance is particularly important in the banking sector. In 2019, Capital One was fined $80million for a data breach that saw 100 million customers affected. Names, addresses, and other financial data were exposed in their databases. 

Whilst monoliths like Amazon can absorb huge fines like this. This isn’t the case for many businesses. It’s important to ensure that all staff are strictly following necessary regulations to avoid serious financial losses. 

close up image of a face looking at a screen, reflected in their glasses

Human error

Whilst it can be tempting to assume that cyber-attacks are to blame for data breaches, this just isn’t the case. Compliance mistakes are often made in-house due to human error. In fact, according to data from the ICO, around 88% of data breaches are a result of human error. 

Research conducted by Gallagher found that up to 60% of data breaches were a result of human error

This doesn’t just happen in large corporations, though. In 2016, the NHS saw one of its most notable data breaches. The 56 Dean Street Clinic is London’s largest sexual health clinic. A member of staff sent a routine mass email to 780 patients. Full names and email addresses of the other recipients were visible to all the patients that received the email. The clinic was fined £180,000 for the privacy breach and is expected to pay more in compensation. 

These errors go to show why good training is so important but cannot always prevent basic mistakes. The best training needs to address the behaviours that lead to regulatory breaches and provide the right models and systems to address these problem behaviours.

Let us help!

Request a free consultation to learn how behavioural science inspired bespoke training can help drive compliance and reduce risk.

The problem

Typically, companies in the most regulated sectors, like banking, spend huge amounts on regulatory training. Quality of training is a major problem because many companies rely on one size fits all approaches for regulatory compliance training. 

This ‘cookie cutter’ approach is a problem because not all businesses have the same exposure to risk. The best training should be a mix of generic training and bespoke learning experiences based on the client’s unique situation. 

However, training must also address human behaviour and mistakes. Retaining large amounts of information is challenging. Poor compliance training involves expecting people to retain large amounts of information in a short period of time. This simply doesn’t work. 

The best compliance training focuses on the actions people need to take with information not just the rules and fear of mistakes. Instead, focusing on what people can do to effect positive change is more valuable than bombarding them with information and hoping they remember it and change their behaviour. Cognitive overload and cultural incentives might be factors in why people don’t respond to training, and these factors need to be addressed. 

The most up to date thinking on how we learn can help here. The Chunking Technique takes smaller bits of information and groups them into larger units. By doing this, it helps us remember something larger. For example, instead of saying ‘zero, seven, seven, seven, three, nine, six, zero, six, three, three’, we would say zero, triple seven, three, ninety-six, zero, six, triple three’. By chunking information together, it makes it easier to remember. 

Bad habits can form in the workplace. As staff members get comfortable in their role and familiar with the workplace, it is easy for standards to slip. Employees may begin rushing regular tasks or paying less attention. Often, this is due to time pressures and not due to poor performance by the employee. However, in industries with strict regulations, this needs to be addressed where it poses a compliance risk. 

The best training should be focussed on the behaviours that lead to non-compliance. It should take into account individual risks and circumstances and be produced in a way that leads to the right actions rather than focusing on rationale for change. Focusing on how people actually behave, and how you can effect change in that behaviour with well-designed training is crucial to delivering better outcomes for your business.


There are methods to provide the optimum levels of success in your training programmes. Of course, even if they are trained, we will always make some mistakes. But by using the best training methods and putting in place the right checks and balances, you can mitigate risk. 

At the same time, your training programmes should provide a safe place to make mistakes, learn from them, and remove their impact on your organisation.

Regular updates

Training should be undertaken regularly for two reasons. The first is that laws and regulations change over time. Your workforce needs to be up to date with new regulations to avoid mistakes. This is a simple way to eliminate human error that is often missed. Consider a regular training schedule for your entire organisation to update staff on new legal requirements.

Regular touchpoints and follow up can also provide a resolution to The Spacing Effect. Employees should be able to revisit topics, especially those with large quantities of information. Online learning is a great way to provide constant access to learning materials. 

The traditional one-off session in a classroom no longer serves your employees retention abilities. Online learning portals and databases provide constant support and information. 

Digital experiences

Digital experiences can take the form of gamification, scenarios, stories and more. These approaches can facilitate huge improvements to your workforce training approach. 

Engagement is crucial to ensure high uptake of any training, that’s before you even consider whether the training delivers on the outcomes you’re looking to achieve. Practical scenarios, social reinforcement, and gamification are far more successful at delivering changes in behaviour than sheets of information and lectures in a conventional classroom. 

Digital experiences can also help you establish new better habits within your workforce. This is especially true when you combine digital experiences with up to date thinking around learning. Like BJ Fogg’s Tiny Habit’s approach. In short, Fogg argues that small changes and ‘tiny’ new positive habits can impact bigger changes in our behaviour or that of our organisations. 

Practical scenarios allow staff to put their skills to the test in a simulated environment. This should help to instil positive behaviours and best practices. Carrying out practical tasks is much more effective than simply writing down the process or trying to recall it out of context.

Tailored experiences

All learners absorb information differently. This is especially true for modern learners, who are used to accessing variations of media online. Therefore, your training needs to be tailored to suit all learners. 

Training topics will naturally vary depending on your industry and your individual teams. For example, banking regulations will vary from healthcare regulations. The methods used to meet regulatory requirements within these industries are different. As are the organisational contexts from which they emerge.

Training that is tailored to the individual and to your organisational context, values, social norms etc will provide a more relevant outcome. This will improve employee engagement. Ultimately, staff members will lose focus if they perceive the training as inauthentic or designed for needs different to their own. 

Consider a training partner that provides custom learning experiences to suit your workplace. 

At BAD, we develop custom digital experiences tailored to a variety of workplaces and industries. Our digital learning experiences are currently used by some of the largest global banks to help their team be compliant. Contact us today to discuss how we can help you to meet your regulatory training requirements.

Get the BAD bits

Download our behavioural science insights to help you design better digital experiences.