You've probably been there. An email lands on a Monday morning. Subject line: "ACTION REQUIRED — Annual Compliance Training Due by Friday." A few sighs, a bit of clicking, some slides, a quiz. By Thursday the completion numbers look great. By the following Monday, nothing has really changed.
That is the compliance training problem in a nutshell. The completion data looks fine. The behaviour does not follow. And yet organisations keep building the same kind of programmes and wondering why nothing shifts.
Who compliance training is actually built for
Here is something most people in L&D know but rarely say out loud: most compliance training is not really built for the person doing it. It is built for the legal or risk team. The goal is not to change how people behave — it is to create a paper trail. If something goes wrong, the organisation needs to show that employees were told. The training exists to protect the business, not to help the employee.
That difference matters a lot, because it drives every design decision downstream. When the goal is a documented completion rather than an actual behaviour change, you get what we all know: slides full of information, multiple-choice questions with one obviously correct answer, a pass mark low enough that almost anyone clears it, and a certificate that proves someone clicked through — not that they learned anything.
"A learner who clicks through fifteen slides and picks the obviously correct answer has learned one thing — how to finish the module. That is not the same as learning how to behave differently."
Why it goes in one ear and out the other
There is a fairly solid body of research on how memory works that compliance training has been ignoring for years. One key idea is that learning that feels too easy is learning that does not stick. When you actually have to work to retrieve something — when you apply it, wrestle with it, or defend it — it goes in more deeply. Clicking through slides and reading policy summaries does not do that. It creates the feeling of having learned without the reality of it.
The other big factor is relevance. We remember what actually connects to us. Information presented in the abstract — no consequence, no story, nothing that feels personal — passes through working memory and leaves very little trace. But the moment you give someone a scenario they recognise, a consequence they can feel, or a situation that mirrors something from their own working life, something shifts. It lands differently. It stays.
Most compliance training does none of this. It presents policy. It explains rules. It asks if you understood. And then it moves on, having left very little behind.
What actually works
The compliance programmes I have seen actually work have one thing in common: they do not feel like compliance programmes. They feel like problems worth solving, or situations worth thinking about.
Think about the difference between telling someone that insider trading is illegal and carries serious penalties versus putting them inside a scenario where a colleague leans over and whispers something they probably should not be sharing. What do you do? The first approach tells. The second one pulls the learner into the decision. And the learner who went through that moment will think about it the next time something similar happens — because they have already been there, at least in their head.
That works in every compliance area — safety, data privacy, anti-bribery, conduct, regulation. The specific rules matter less than the judgment to apply them correctly when it counts. And judgment does not come from reading slides. It comes from making decisions, seeing what happens, and understanding why.
Three things worth changing
The first is to design for behaviour, not knowledge. Instead of asking "what do people need to know?", ask "what do people need to do differently — and when?" Everything in the programme should connect to that.
The second is to make wrong answers useful. Most compliance assessments just flash a red screen and say try again. But the moment someone gets something wrong is the moment they are most open to understanding why. Good feedback on a wrong answer is often the most valuable thing in the entire module.
The third is to make it feel real. Not invented scenarios with fictional companies and generic characters — situations that look like the learner's actual job, their actual environment, the actual pressures they work under. The moment someone thinks "this has happened to me," the training has crossed a line that passive content never does.
Compliance training that works does not look like compliance training.
It puts people inside decisions rather than alongside them. It creates enough of a stake that wrong choices feel like something. And it makes the content feel like it is about the learner's world, not an imaginary one. That is not a luxury — it is the difference between a box ticked and a behaviour changed. In compliance, behaviour change is the only thing that actually matters.