CLOSE

close

CLOSE

EN

Only 9% of organisations offer fully personalised compliance training, a VinciWorks poll reveals

eLearning
Recommended
Only 9% of organisations offer fully personalised compliance training, a VinciWorks poll reveals

Only 9% of organisations offer fully personalised compliance training, a VinciWorks poll reveals
The Prince Group case: Dirty money, criminal ecosystems and the future of money laundering enforcement

The Prince Group case: Dirty money, criminal ecosystems and the future of money laundering enforcement
What to expect in 2026 for crypto law and policy

What to expect in 2026 for crypto law and policy

Generic training continues to fail to change behaviour, and the urgent reality is that most firms remain unprepared for 2026.

 

Despite expectations for employers to take action on cyber risk, harassment, and sanctions, most organisations still use one-size-fits-all compliance training that fails to change behaviour. A new VinciWorks poll shows only 9% of organisations offer fully personalised learning paths, leaving gaps for various roles and risk areas.

 

The poll, which gathered responses from 131 HR, L&D and compliance professionals, shows that:

 

  • 32% of organisations provide the same general training to most employees

 

  • 40% offer some tailoring by department or role

 

  • The remaining organisations are unsure or planning to introduce personalisation in future

 

“If a junior warehouse operative and a senior finance officer are receiving the same cyber training, that organisation is not managing its risk effectively,” said Nick Henderson-Mayo, Head of Compliance at VinciWorks. “Training needs to reflect the real-world decisions people make in their roles. Personalisation helps employees understand how compliance applies to them, and that’s what changes behaviour.”

 

Cyber security: training gaps remain ahead of new law

 

Many organisations continue to take a minimal approach to cyber training, putting them at serious risk as new regulations draw closer.

 

  • Only 16.8% of respondents train staff quarterly or more often

 

  • 57.3% train annually

 

  • 8.4% do not provide any cyber security training at all

 

This comes ahead of the Cyber Security and Resilience Bill, which will introduce mandatory 24-hour incident reporting for certain industries, expand the scope of regulated companies, and give the Information Commissioner’s Office (ICO) new enforcement powers. Without immediate and frequent training, organisations risk being unprepared and failing to comply with the new obligations expected to become law in 2026.

 

Sexual harassment training: still not in place at many firms

 

Workplace culture is under increasing scrutiny, yet many organisations lack adequate training:

 

  • 1 in 5 organisations (20.9%) do not offer any training on sexual harassment

 

  • Only 20.2% of respondents said their training is very effective

 

  • 58.9% rated their training as only moderately effective, not effective, or were unsure of its impact

 

Employers face significant risk if a complaint arises. The EHRC has required remedial action of high street names such as McDonalds and Lidl for compliance failures. Moreover, new requirements under the Employment Rights Bill will demand urgent, proactive, and well-documented steps to prevent harassment, including robust training for staff and managers.

 

Sanctions compliance: over half of organisations are unprepared

 

Despite an increasingly complex sanctions landscape and strict liability enforcement in the UK:

 

  • 34.3% of organisations do not offer any training on sanctions compliance

 

  • An additional 16.7% are unsure whether such training is provided

 

  • Only 21.6% provide dedicated training to all relevant teams

 

This lack of clarity means that over half (51%) lack a coherent defence if a sanctions breach occurs, even where no wrongdoing is intended.

 

“With strict liability rules in place, businesses must be able to show they have done everything they can to train staff and and protect the business,” said Henderson-Mayo. “If you’re not training the right people in the right areas, you risk even an accidental breach.”

 

What L&D teams should prioritise in 2026

 

To strengthen compliance culture in 2026, L&D teams should focus on three key priorities:

 

  • Align training with actual risks by department, role and function

 

  • Integrate compliance into onboarding, leadership and professional development

 

  • Use data and feedback to improve behavioural outcomes, not just completion rates

 

For many organisations, the main barrier to aligning compliance training with actual departmental or role risks is that it effectively requires adapting and personalising that training. L&D teams should consider using tools for real-time editing, duplicating versions for departmental use, and assigning materials for internal review. Agile management helps reflect role-specific risks and ensures alignment with updated policies without the slow pace of external customisations.

 

“Too many firms are spending their training budget on content no one remembers and dashboards no one trusts,” added Henderson-Mayo. “Training must be flexible, dynamic and relevant if it’s going to change behaviour.”

 

“Robust training is not a ‘nice to have’,” said Ruth Mittelmann Cohen, Head of Legal and Compliance at VinciWorks. “Regulators expect evidence that your training reduces risk and supports a strong compliance culture. That means programmes must be tailored, updated and relevant to staff across the organisation. Paper policies and completion rates are not enough.”

 

A changing year for compliance learning

 

The findings come at a time when L&D teams face significant pressure to prove the effectiveness of their programmes. With new legal duties and intensifying scrutiny of culture and conduct, organisations still relying on generic learning risk being seriously unprepared.

 

Access VinciWorks’ in-depth guidance and the full 2026 compliance learning agenda webinar now to ensure your team is ready to build effective, risk-based compliance programmes for the year ahead.

 

Watch the webinar on demand: www.vinciworks.com/webinars/compliance-agenda-2026