Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

How much compliance training is enough?

We know a lot about what the feds expect from compliance training. For example, from the Evaluation of Corporate Compliance Programs and the FCPA Resource Guide, we know training is a hallmark of a well-designed compliance program. We know directors, officers, employees, and maybe even third parties should receive periodic training, with a special focus on gatekeepers. And we know training needs to be appropriately tailored to fit the company’s operations and workforce. What we don’t know, however, is how much training is enough.

I’ve struggled over the years to figure this one out. Maybe you have, too. The end game of compliance training is to prevent bribery and, if bribery happens, for the company to be ready and able to demonstrate that it appropriately tailored its compliance training to prevent and detect bribery. That sounds fairly simple.

But how much training is enough? Does appropriately tailored equate to five hours of training a year? Or ten hours? And who says so? On what authority can a chief compliance officer say, “Our compliance training is enough”?

In his 2007 bestseller, Outliers, Malcolm Gladwell famously articulated the 10,000-hour rule. Using the example of violinists, he said those who practiced 10,000 hours rose to be soloists, while those who practiced less were either supporting players or teachers. Gladwell said he found the same outcomes with chess players, writers, composers, and others.

Few people can devote themselves full time for five years to learn something new. And clearly, not everyone in a company needs to be a top-level compliance expert. The CCO does, and maybe a few deputies. But does anyone expect the HR manager, CFO, or chair of the board’s audit committee to know that much about compliance?

After Gladwell freaked people out with the 10,000-hour rule, another writer, Josh Kaufman, calmed things down. He came up with the thesis that it takes only 20 hours to learn a new skill. His idea was to reach a level of competency, not total mastery, and then develop the skill further by using it, eventually hitting the highest level desired.

Kaufman field-tested his ideas. He found the key to learning anything new in 20 hours (in his case, coding) involves a few common steps. First, committing to practice at least 20 hours without quitting. Second, learning core concepts and practicing them by immediately doing actual work instead of “canned tutorials.” Third, breaking the new thing into small parts, so the 20 hours of practice are focused on specific tasks, where small mistakes can be self-corrected.

Would Kaufman’s 20-hour approach work for compliance training? I think if it was appropriately tailored, it could work. One immediate benefit is that it would make decisions about training durations less arbitrary and more concrete.

Beyond that, it could bring real change. If companies asked directors, officers, and employees (and especially gatekeepers) to commit an hour a day to learning and practicing ethics and compliance for 20 consecutive workdays each year, all those little sessions would add up. They’d bring new and more permanent awareness. It’s the opposite of the firehose approach. Lots of small sips instead of a gushing torrent.

I don’t know if any company uses the 20-hour approach or something like it for compliance training. Conventional training — one, two, or three longer sessions a year, depending on the role of the target trainees — seems to be the usual practice. That works too. And there’s always something to be said for sticking with the conventional wisdom if it works.

But maybe the 20-hour approach works better. Who knows? I hope someone using it now or willing to give it a try will let the rest of us know how it’s going.

Share this post


Comments are closed for this article!