Fixing Compliance Training: From Checkbox to Culture
Part 1: The Compliance Training Crisis
An analyst completes her annual compliance training and even scores 100% on the gifts and entertainment quiz. Two weeks later, she attends an NBA playoff game sponsored by a no-show broker. No pre-clearance. No approval. She simply didn't think it counted. Why does this continue to happen?
For many investment professionals, compliance training remains a mandatory annual exercise, like an unpleasant mandatory task with PowerPoint slides. Check the box, pass the quiz, move on.
But for a Chief Compliance Officer (CCO), that training session is an opportunity to shape the firm's compliance culture and mindset. Yet too often, employees are not engaged and no impact is made.
So what's going wrong and what can we do about it?
I. The Problem with Compliance Training
Despite considerable time and resources devoted to training, compliance violations persist, and may be increasing.
In fiscal year 2024, the SEC brought 583 enforcement actions, obtaining $8.2 billion in financial remedies, the highest in SEC history. Recurring issues include personal trading violations, books and records failures, and marketing rule breaches.
These firms, almost without exception, provided compliance training, often extensively.
In his 2023 speech at the New York City Bar Association Compliance Institute, SEC Division of Enforcement Director Gurbir Grewal emphasized the need to build a "culture of proactive compliance" grounded in three pillars: education, engagement, and execution.
He stressed that compliance training must go beyond merely conveying information. Instead, it should actively engage employees, be relevant to their roles, and be ongoing to effectively prevent misconduct before it occurs. This reflects the SEC's expectation that firms design training programs that truly influence behavior and embed compliance within their organizational culture.
The marketing rule enforcement, in particular, is telling. Firms updated materials and held special sessions, yet the SEC has already penalized advisers who clearly missed the mark. See our prior discussion here, here and here.
Unfortunately, many investment professionals still view compliance as an obstacle rather than an integral part of the business.
II. The Failures of Traditional Training
Before we explore solutions, it's crucial to understand what isn't working.
Failure #1: The Ghost Training Program
JZAI Investment Advisers was sanctioned in early 2024 for a compliance failure that should have been avoidable: their manual committed to providing training, yet for nearly four years, no sessions were conducted.
Firms often promise training in official documents, but execution falls short. When the SEC requests training records, intentions are insufficient.
In an administrative proceeding involving another firm, Two Point Capital Management, the SEC wrote bluntly:
"Furthermore, Two Point failed to conduct any compliance training." Gurbir Grewal noted in the above-referenced speech that this failure lasted over ten years.
Failure #2: Ignored Policies, Ignored Training?
Guggenheim had a written Code of Ethics requiring disclosure and pre-clearance of gifts and entertainment, including flights on private planes. Yet seven employees took at least 44 such flights over two years, and only one was reported to the CCO, after the fact.
Despite these clear requirements, the firm failed to monitor or enforce its own gifts and entertainment (G&E) procedures, recording only a single flight in its compliance logs. The SEC cited this as a breakdown in supervision and internal controls.
Although the order doesn’t specify whether employees actually received training, it’s fair to expect that a firm as large and sophisticated as Guggenheim provided some form of it. That makes the failure even more concerning, either the training wasn’t properly understood, or simply wasn’t reinforced. Whatever the reason, it clearly didn’t have the desired effect.
What's Broken?
Most compliance training shares common weaknesses:
It reads like legalese instead of offering practical, actionable guidance
It overlooks the realities of how investment management professionals actually make decisions
It doesn't reflect the workflows and tools used in day-to-day portfolio management or compliance
Common Training Pitfalls:
The Annual Data Dump: compressing every policy into a marathon session rather than ongoing education
Forced Attendance: mandatory sessions where participants disengage
The Compliance Monologue: training delivered solely by compliance staff, without involving portfolio managers or traders to provide real-world context
III. Red Flags Your Training Isn't Working
Don't learn your training is ineffective from an SEC deficiency letter. Watch for these warning signs:
Operational Indicators:
Recurring violations in personal trading, marketing, or cybersecurity despite recent training
Employees asking basic questions on policies they should already know
New hires struggling with compliance decisions post-onboarding
Cultural Indicators:
People zoning out or answering emails during training
Compliance perceived as an obstacle rather than a partner
Managers who bypass training or communicate that it's unimportant
Structural Indicators:
Unchanged training materials year after year with no updates for regulatory developments
Success measured only by completion rates rather than behavioral change
No reinforcement or follow-up beyond the initial session
IV. Why This Matters
The SEC is paying close attention to firm culture these days. If compliance training is weak, it’s not just a missed chance to do better, it’s a real red flag. When employees aren’t truly engaged with training, mistakes happen more often. That can lead to tougher regulatory scrutiny, bigger fines, and damage to your firm’s reputation.
As behavioral law scholar Donald Langevoort explains, this risk is often embedded in firm culture itself:
"The 'dark side' that enables non-compliance in organizations is powerful and often hidden from view, working via scripts that rationalize or normalize, denigrations of regulation, and celebrations of beliefs and attitudes that bring with them compliance dangers."
— Donald C. Langevoort, Cultures of Compliance, 54 Am. Crim. L. Rev. 933 (2017)
Here's the uncomfortable question every CCO must answer: If the SEC walked in tomorrow and asked employees to explain your key policies without referring to written materials, how many would pass? If that thought makes you nervous, your training isn't working optimally.
V. What Effective Training Looks Like
The goal is to make compliance decisions intuitive—not a checklist to pause and decode. Training must address real scenarios faced by employees, tie compliance to business success, and foster accountability beyond mere box-checking.
Coming Up Next
· Part 2A: Building Effective Compliance Training - Foundation
· Part 2B: Building Effective Compliance Training - Advanced Implementation
· Part 3: Compliance Training Effectiveness Toolkit - Diagnose, Score, and Improve Your Program
Learn how to design training that changes behavior and meets SEC expectations
PS: Forward this to a colleague who handles compliance. They’ll thank you.