CLOSE

close

CLOSE

EN

Your compliance learning agenda for 2026: What every organisation needs to know

A webinar review
Recommended
Your compliance learning agenda for 2026: What every organisation needs to know

Your compliance learning agenda for 2026: What every organisation needs to know
Cyber security in 2026: the legislative shifts your compliance team should prepare for

Cyber security in 2026: the legislative shifts your compliance team should prepare for
One in six Britons was asked to pay a bribe last year. Is your business at risk?

One in six Britons was asked to pay a bribe last year. Is your business at risk?

In 2026, compliance officers, HR and learning leaders face a complex risk landscape. Between sweeping cyber reforms, cultural accountability in financial services, legally protected beliefs and sanctions volatility, organisations need to consider how they train, engage, and protect their workforce.

 

In a recent webinar hosted by Vinciworks in partnership with HowNow, compliance experts Naomi Grossman, Nick Henderson-Mayo and Ruth Mittelmann-Cohen discussed the most critical developments on next year’s horizon. They were joined by Nelson Sivalingam, CEO and co-founder of HowNow, who shared his vision for what learning will look like in 2026 and beyond.

 

Here’s what our webinar revealed about the priorities that will shape your compliance learning agenda in 2026.

 

Cybersecurity becomes a board-level compliance duty

 

The UK’s Cyber Security and Resilience Bill, introduced in late 2025, is set to radically reshape organisational duties. The Bill expands the scope of the existing NIS regime and sweeps thousands of additional organisations into the definition of “critical” digital infrastructure.

 

Who will now fall under the rules?

  • Data centre operators
  • Managed service providers (MSPs)
  • Critical suppliers to essential sectors
  • Additional digital service providers

 

The Bill also grants government powers to issue binding cybersecurity directions during high-risk incidents.

 

Why does this matter for training? Teams, especially in IT, security, operations and compliance, will need to understand:

  • The systems that fall in scope
  • New 24-hour incident reporting duties
  • What constitutes a notifiable cyber incident
  • Required organisational and technical security measures

 

Even businesses not directly in scope may be caught as critical suppliers, meaning 2026 must be the year cyber training evolves from best practice to legal necessity.

 

Culture, conduct, and new behavioural standards in financial services

 

A major change arrives on September 1, 2026, when the FCA formally expands its Conduct Rules to cover non-financial misconduct, meaning harassment, bullying and discrimination will now be regulatory breaches.

 

What  does this mean?

 

  • Misconduct is no longer “just an HR issue.”
  • Regulators will assess how firms prepare, train and respond.
  • Managers will be held accountable for culture failures.

Financial services firms must overhaul training on:

 

  • Bullying and harassment
  • Diversity, equity and inclusion
  • Speaking up and reporting concerns
  • Fitness and propriety expectations

 

In 2026, culture will be treated as a compliance risk that firms must evidence, not simply declare.

 

Sexual harassment prevention: A new legal standard for all employers

 

Beyond financial services, the Employment Rights Bill will likely require employers to take all reasonable steps to prevent sexual harassment.

 

Recent enforcement cases have shown the cost of complacency. McDonald’s and Lidl both entered legally binding agreements with the Equality and Human Rights Commission after failures to train staff, assess risk, and operate effective reporting systems.

 

The takeaway is that policies are not enough. Training must be regular, meaningful and demonstrably effective. This becomes a board-level duty where organisations must show they are actively preventing harassment, not just reacting once it occurs.

 

Protected beliefs, Higgs and managing expression at work

 

One of the most sensitive and fast-moving areas for 2026 is the legal treatment of protected beliefs and freedom of expression at work. This year’s landmark Higgs v Farmor’s School ruling set out a strict proportionality test employers must follow before disciplining staff for expressing controversial beliefs.

 

Courts are now asking:

  • Is the harm real and evidenced,not speculative?
  • Was the response necessary and proportionate?
  • Were alternative, less intrusive steps available?

 

Employers can no longer rely on broad “reputational risk” arguments, and managers must navigate these issues carefully.

 

Why does training matter here? Mismanaging belief-based disputes is now one of the fastest routes to a tribunal. Training should help staff and managers:

  • Understand protected beliefs
  • Know the line between debate and harassment
  • Apply respectful expression standards
  • Conduct fair and proportionate investigations

This topic will be high on 2026 learning agendas.

 

Sanctions compliance: High stakes, strict liability, zero excuses

 

Sanctions rules are quickly evolving, with weekly updates across major jurisdictions. In 2025, the Office of Financial Sanctions Implementation (OFSI) overhauled its enforcement model, adding new criteria for assessing breaches, including company culture, due diligence efforts and whether staff were properly trained.

 

Combine that with the UK’s strict liability regime for civil breaches, and it’s increasingly likely that a sanctions violation can occur even without intent.

 

Penalties have been issued for:

  • Payments routed through sanctioned banks
  • Failing to update screening systems
  • Weak due diligence on distributors
  • Slow responses to OFSI information requests

Training will be critical to:

  • Identify and screen sanctioned counterparties
  • Understand red flags
  • Keep pace with rapidly updated lists
  • Document checks and due diligence

Every organisation, not just banks, must build sanctions competence into its learning strategy.

 

How compliance training will change

 

It’s clear that compliance training needs to shift from completion-focused to impact-focused.

For organisations this means:

  • Prioritising relevance over volume
  • Integrating compliance into leadership and development programmes
  • Measuring outcomes using broader data (incident reports, speaking-up trends, culture metrics)
  • Embedding training into everyday workflows
  • Breaking down silos between compliance and L&D teams

Training is no longer just about avoiding penalties but also about reducing risk and building resilient, ethical cultures.

 

HowNow: The future of learning in 2026

 

A fascinating element of the webinar was provided by Nelson Sivalingam, CEO and co-founder of HowNow, who shared an interesting and energising vision for the future of learning.

 

The most significant shift, noted Nelson, is toward personalised, data-driven learning at scale. One-size-fits-all annual training is fading, replaced by a tailored approach that reflects each employee’s skills, performance needs and career goals.

 

L&D will need to become more proactive, anticipating skills gaps in areas like AI, cybersecurity, leadership and compliance before they become business risks. This requires aligning learning strategy with wider workforce planning.

 

AI will play a big role in enabling this shift. It will speed up content creation, personalise learning journeys, provide real-time insights and automate routine admin, freeing L&D to focus on strategic capability-building.

 

But innovation must be matched with impact. Nelson emphasised that measuring success through completion rates alone is no longer enough. Leaders want evidence of behavioural change, risk reduction and improved performance, which means integrating learning data with operational outcomes. Nelson also highlighted the importance of navigating sensitive or polarising topics with care. With legal developments around protected beliefs, L&D must create spaces that support open dialogue while managing organisational risk.

 

Nelson also focused on formats that will scale in 2026, from micro-learning to peer-to-peer learning to AI-driven coaching and immersive scenario-based experiences. These are the approaches that he believes are most likely to drive real behavioural change.

 

Regarding compliance learning Nelson highlighted the need to pair legal rigour with relevance, grounding training in practical, real-world tasks rather than abstract rules. It’s clear that organisations that treat learning as a risk-mitigation engine and a core part of culture will be the ones that succeed. 2026, he said, will reward those who treat learning as a strategic asset.

The role of compliance and learning redefined

 

Organisations cannot simply update their policies on cyber, sanctions, conduct, workplace culture and protected beliefs, and hope for the best. The risk landscape is moving too quickly, and regulators want to see more evidence of proactive governance. Training is no longer just about what employees know. It’s about what they do. And next year could be the year that that distinction matters most.

 

Missed the webinar? Get it here.