Compliance trainngs – only “nice to have”?
In many medium-sized companies, compliance is still primarily perceived as a collection of rules, guidelines, and control mechanisms. Training is often considered optional or is only addressed when a certification, audit, or critical incident is imminent.
But this view is too narrow.
From a legal, organizational, and cultural perspective, compliance training is an indispensable component of responsible corporate governance – regardless of industry or company size.
Especially for limited liability companies (GmbHs) with their specific liability risks and management structures, training is an essential building block to minimize risks, empower employees and protect management.
This article explains in an understandable and practical way why this is the case and what modern, effective compliance training must achieve today.
What many underestimate: Training courses are not optional extras.
While there is no single law that explicitly states “compliance training is mandatory”, a clear picture emerges from a multitude of standards, rulings, and statutory due diligence requirements:
The regulatory guidelines (in Germany):
- Section 43 of the German Limited Liability Companies Act (GmbHG) obligates managing directors to exercise the due diligence of a prudent business manager.
- This includes addressing risks proactively – and prevention only works if employees know how to comply with regulations.
- For years, the German Federal Court of Justice (BGH) has explicitly required appropriate and effective compliance measures, including training, awareness campaigns, and clear processes.
- Individual laws such as the GDPR, the German Act on Protection against Whistleblowing (HinSchG), the German Act on the Protection of Local Authorities (LkSG), the German Money Laundering Act (GwG), export controls, and occupational health and safety regulations contain direct or indirect training obligations.
- ISO 37301 and IDW PS 980, the two leading standards for compliance management systems, require the systematic qualification of all relevant personnel.
The result is clear:
A limited liability company (GmbH) without training does not meet its minimum legal and liability requirements.
Why training is particularly important in medium-sized businesses
Many medium-sized companies have a culture of short communication channels and established structures. This is valuable – but it also carries risks:
- Behavior is often guided by “this is how we do things here,” not by legal requirements.
- Knowledge is often dependent on individuals rather than systematically embedded.
- Managers are technically excellent, but rarely trained in communication, integrity, and decision-making dilemmas.
- New employees receive a brief introduction, but no structured onboarding regarding compliance topics.
In this reality, training is not a “mandatory program,” but a stabilizing factor.
It creates clarity, reduces errors, strengthens trust, and relieves the burden on both managers and executives.
What an effective training concept should at least contain
A modern training program is more than just mandatory eLearning or a PowerPoint presentation.
It comprises several levels:
- Basic training for all employees – core content:
- Values, Integrity, and Corporate Culture
- Code of Conduct
- Conflicts of Interest
- Anti-Corruption Policy
- Data Protection & Information Security
- Whistleblower System
- Target group-specific in-depth studies – especially for:
- Purchasing
- Sales
- HR
- Finance
- Supply Chain / Sustainability
- Production / Commercial Areas
- This is where it’s decided whether employees can truly act in compliance – or have only heard something.
- Leaders play a key role
- Leaders shape culture, decisions, and behavior. Therefore, a dedicated format is essential:
- Decision Dilemmas
- Understanding Roles
- Communication
- Role Model Function
- Handling Reports
- Onboarding & Refreshers
- New employees need quick orientation.
- Existing employees need regular updates – ideally every 12–24 months.
- Clean documentation – important for audits, authorities, insurance companies and in case of emergency:
- Certificates of participation
- Content
- Updates
- Tests or confirmations
- Archiving
„The most dangerous phrase in companies is:
Grace hopper (1906-1992), American computer scientist and computer pioneer
‚That’s how we’ve always done it.‘“
The underestimated perspective: Compliance training as human skills training
In practice, it is repeatedly shown that even the best guidelines remain ineffective if people do not understand why something is important and how they can apply it in everyday life.
That’s why I combine classic compliance topics with “human skills” in my formats:
- Communication psychology
- Values work
- Decision-making mechanisms
- Managing social tensions
- A culture of learning from mistakes
- Integrity competence.
These skills are just as important today as technical expertise and, according to studies, are even crucial for whether a compliance management system is truly implemented.
What this means for management
Those who organize compliance training well achieve:
- Liability relief for managing directors
- Reduction of operational risks
- Improved decision-making across the entire company
- Increased security, especially in sensitive areas
- Stronger culture and trust
- Enhanced appeal to customers, auditors, and partners.
And above all:
Training is one of the most cost-effective measures to proactively reduce risks in the company.
Conclusion: Compliance begins in the mind – and requires dialogue, understanding and practice
The turn of the year is a good time for a sober assessment:
- Does everyone know what they need to know?
- Are roles clearly defined?
- Are risks understood—truly understood?
- Are there formats that engage people instead of exhausting them?
Compliance is not just about complying with the law.
Compliance is about building relationships, shaping culture, and taking responsibility.
And that is precisely why people need training that takes them seriously, empowers them, and enables them to take action.
© Your Julia Bach
P.S.: If you enjoyed this post, please share it on LinkedIn or via email… or leave a comment right here.
You might also be interested in the following posts:
Establishing a Compliance Management System
- What exactly is this thing called compliance…?
- Compliance culture: More than just a “must”
- Speak up – What do I do if my gut feeling tells me that something is wrong?
Developing Compliance Officers and Responsibles
- Role Clarity: Caught between two stools? Why role clarity is more than just a feeling
- Clear Language: Clear and understandable instead of convoluted – The Feynman technique in communication
- Storytelling: Storytelling in compliance communication
- Unconscious Biases: More Pippi Longstocking in my head
0 Comments