How Much Compliance Training Is Enough?

We know a lot about what the federal government expects from compliance training. For example, from the Evaluation of Corporate Compliance Programs and the FCPA Resource Guide, we know that training is a punch a well-designed compliance program. We know that directors, officers, employees and maybe even third parties should receive periodic training, with a special accent on the guards. And we know that training must be suitably adapted to suit the company’s operations and workforce. What we don’t know, however, is how much training is sufficient.

I have struggled over the years to figure this one out. Maybe you too. The ultimate goal of compliance training is to prevent corruption and, if corruption does occur, for the business to be ready and able to demonstrate that it is suitably adapted its compliance training to prevent and detect corruption. It sounds pretty straightforward.

But how much training is enough? Made suitably adapted equals five hours of training per year? Or ten o’clock? And who says it? By what authority can a compliance officer say, “Our compliance training is sufficient”?

In his 2007 bestseller, Outliers, Malcolm Gladwell articulated the 10,000 hour rule. Taking the example of violinists, he said those who practiced 10,000 hours became soloists, while those who practiced less were either support players or teachers. Gladwell said he found the same results with chess players, writers, composers and others.

Few people can devote themselves full time for five years to learning something new. And it’s clear that not everyone in a business needs to be a top-level compliance expert. The OCC does, and maybe a few assistants. But does anyone expect the chief human resources officer, chief financial officer, or chairman of the board’s audit committee to know that much about compliance?

After Gladwell freaked people out with the 10,000-hour rule, another writer, Josh Kaufman, calmed things down. He proposed the thesis that it only takes 20 hours to acquire a new skill. His idea was to achieve a skill level, not full mastery, and then develop the skill further by using it, eventually reaching the highest desired level.

Kaufman tested his ideas in the field. He has found that the key to learning something new in 20 hours (in his case, coding) involves a few common steps. First, commit to practicing for at least 20 hours without quitting smoking. Second, learn the basic concepts and put them into practice by immediately doing actual work instead of “pre-designed tutorials”. Third, divide the novelty into small parts, so that the 20 hours of practice focuses on specific tasks, where small mistakes can be self-corrected.

Would Kaufman’s 20 hour approach work for compliance training? I think if it was suitably adapted, that could work. An immediate advantage is that it would make decisions about training durations less arbitrary and more concrete.

Beyond that, it could bring real change. If companies were to require directors, officers and employees (and especially custodians) to devote one hour per day to learning and practicing ethics and compliance for 20 consecutive work days each year, all of these small sessions would add up. They would bring a new and more permanent consciousness. This is the opposite of the fire hose approach. Lots of small sips instead of a gushing torrent.

I’m not sure if a company uses the 20 hour approach or something like that for compliance training. Conventional training – one, two or three longer sessions per year, depending on the role of the target trainees – seems to be the usual practice. It also works. And there is always something to be said to stick with conventional wisdom if it works.

But maybe the 8pm approach works better. Who knows? Hope someone who uses it now or wants to try it out will let us know how it goes.