Minimize Compliance Risk by Eliminating Silos

As safety and compliance mandates proliferate across industries worldwide, organizations are struggling to keep up. In Deloitte's 2021 State of Compliance Survey, 61 percent of senior compliance professionals said the increased volume of regulatory changes in the past year had made it harder for them to do their jobs.

Failure to adhere to government regulations can carry a hefty price tag in terms of fines, lawsuits, and lost business. According to one estimate, the average total cost of noncompliance for a company is $14.82 million. But monetary loss is not the only consequence of noncompliance. Employee well-being and safety are at stake, too:

• OSHA reports that 15 people die every day from workplace injuries in the U.S.
• According to a 2018 study from Hiscox, 35 percent of workers have experienced harassment on the job

Compliance training is ultimately about protecting your employees and your company — but compliance risk mitigation is difficult, and not just because of the multiplying regulations. In the modern interconnected, international, and highly agile business landscape, risks aren't neatly siloed. They have a ripple effect. Risks to one company or department can have consequences for other businesses and teams. For example, back in 2014, hackers were able to steal millions of customers' payment details from Target by first breaching the computer systems of one of Target's suppliers.

Despite this, many organizations still take a siloed approach to compliance training. IT handles cybersecurity and data privacy, HR handles harassment and workplace policies, and compliance officers oversee environment, health, and safety (EHS). This fragmented strategy leaves many organizations unprepared for the fluid nature of risk today.

Organizations need a more collaborative, holistic compliance training culture — and that starts with an end-to-end compliance risk mitigation solution.

There is a logic to compliance training silos. The IT team handles cybersecurity because they have the requisite expertise. By the same token, your average IT person likely doesn't know much about bloodborne pathogen safety — that's a job for the EHS experts.

The problem is that silos often prevent collaboration, leaving an organization unable to see all of its risks from a high level. Consider how matters of cybersecurity increasingly intersect with other compliance risk mitigation areas. Traditionally, it has been HR's job to manage and protect employees' personal information. If that information is stored digitally — as it often is today — then cybersecurity best practices will apply. Depending on where it operates, the company may even be subject to tech-focused data privacy regulations, like the European Union's General Data Protection Regulation (GDPR).

But if HR and cybersecurity are siloed, the HR team may not be aware of all the precautions it needs to take to safeguard employee data in a digital world. That can have serious consequences for the organization: In the past, employers have been found legally liable for the theft of employees' personal data from their systems.

Under a more collaborative approach to compliance, disparate teams could more easily share information and insights, ensuring that every segment of the organization takes the necessary precautions to protect employees and the company. In turn, that can help the organization identify and mitigate compliance risks faster — before they snowball out of control.

For example, the IT team often manages employees' permissions on the company's network. Sound access control policies can be integral to many compliance training efforts, from protecting company intellectual property to thwarting financial misconduct. If cybersecurity is treated separately from these other ethical and legal matters, employees may end up with inappropriately high levels of permission. This exposes the organization to potential risks. Hackers could break into employees' accounts and wreak havoc, or disgruntled workers could use their privileges to harm the company.

Conversely, if IT regularly collaborates with HR and compliance officers, they can all work together to ensure that employees don't have access to systems or information they don't need, thereby limiting the damage that malicious actors could do.

When we talk about breaking down compliance training silos, we're talking about more than just bringing together the leaders of formerly separate compliance training functions. That's an essential part of the process, of course. But, in order to create and implement compliance risk mitigation policies and procedures that holistically address risk across the organization, HR, IT, and compliance leaders must collaborate closely. But the most effective way to break down silos is to make compliance training everyone's job — from front-line employees to top executives.

An organization's employees can be its first and best line of defense against risk. The choices they make every day — choices about how to do their jobs, how to interact with one another, and how to handle company assets — directly contribute to the organization's safety and compliance status. By cultivating a culture of compliance in which every employee plays a role in mitigating risk, companies can drastically reduce employees' risky behaviors. Similarly, because employees are in the trenches, they often see risks before company leaders do. If employees feel responsible for compliance training, they'll flag those risks before they become major problems.

Building a company-wide culture of compliance starts with an end-to-end compliance training solution. After all, employees can only pitch in if they have the tools, knowledge, and experience they need to understand and responsibly mitigate compliance risks. Plus, training is one of the most powerful tools in the compliance function's toolbelt. In Deloitte's 2021 State of Compliance Survey, 76 percent of respondents named training a core compliance function.

A siloed approach to compliance training — with different departments using different programs — will only reinforce the same silos the organization wants to break down. That's why it's most effective to unify all aspects of compliance training — legal, ethical, cybersecurity, and EHS — in one platform. That way, every employee has access to every aspect of compliance education, and an authentic culture of compliance can bloom.

So you're ready to knock down those silo walls with an end-to-end compliance training solution, but where to start? You'll make progress faster by focusing first on the most impactful compliance issues for your organization — those legal, safety, and ethical obligations that affect how every employee does their job. Most likely, these high-impact compliance issues will already be outlined in your organization's Global Code of Conduct.

The Global Code of Conduct sets the tone for your organization's expectations of employees, vendors, partners, managers, and customers. That means the issues it prioritizes are the issues that touch every member of the organization, giving you an organic path to building that collaborative culture of compliance through universally relevant compliance training.

Skillsoft's Compliance portfolio, for example, contains a wealth of courses that cover key compliance priorities commonly found in Global Codes of Conduct. Examples include:

• Anti-bribery
• Antitrust
• Data Privacy and Information Security
• Insider Dealing
• Avoiding Conflicts of Interest
• Preventing Harassment and Promoting Respect
• Protection of Company Information/Intellectual Property
• Business Ethics
• Promoting Reports of Misconduct
• Gifts, Gratuities, and Entertainment
• Avoiding Discrimination and Promoting Diversity
• Cybersecurity

Different companies will have different priorities depending on factors like industry, location, company mission, and more. But by starting with the compliance training issues that matter most, whatever they might be for your company, you can demonstrate to employees how critical compliance matters touch every member of the organization. In turn, compliance training empowers employees to step up and play an active role in responsibly managing risk wherever they find it — regardless of whether their department is formally responsible.

At its best, a compliance training program should protect employees, boost revenue, and reduce risk to your company. Organizations that replace the old siloed approach to compliance with a more integrated, collaborative culture of compliance are best positioned to reap those benefits.