Completion is not change: the 360 method behind compliance training that moves behaviour and performance | Auren Institute
Auren Institute
The 360 method · Compliance training · UK & Malta
Completion is not change.
Most compliance training proves attendance. Ours is built to change behaviour and performance, and to prove it.
Compliance, Done Right. · aureninstitute.com

Compliance training · United Kingdom & Malta

Completion is not change: the 360 method behind compliance training that moves behaviour and performance

Most compliance training is built to be finished. A learner clicks through a module, a certificate lands in the system, and the training record looks defensible. Our training is built to do something harder and more valuable: change how people behave on the job, lift performance, and produce the evidence that it did.

That is not a slogan. It is a method, and the method is the difference. We call it the 360 approach, because compliance capability is not a single event you deliver and tick off. It is a loop you run: diagnose where the real exposure sits, design training that survives contact with the job, secure the conditions that let new behaviour stick, then measure whether behaviour and performance actually moved. Get the loop right and a workforce changes what it does. Skip a stage and you are back to selling certificates.

This piece sets out what the 360 method is, what makes it different from most of the compliance training market, and what an employer in the UK or Malta actually gets for the difference.

The test most compliance training quietly fails

Here is the uncomfortable part. A completion certificate tells you someone opened a course. It does not tell you they will handle the customer, the file, or the inspection correctly next Tuesday. That gap, between what was completed and what is done at the desk, is where real compliance risk lives, and it is the gap most training ignores.

The research on this is old, settled, and routinely ignored. Baldwin and Ford (1988) showed that whether training transfers into performance depends far less on the quality of the course than on the work environment around it: whether managers reinforce the new behaviour, whether people have protected time, whether the system rewards the change. Salas and colleagues (2012) found that a proper training needs analysis, done before any content is chosen, is among the strongest predictors of whether training works at all. The 70-20-10 logic that grew out of McCall, Lombardo and Morrison (1988) holds that people learn most from challenging real tasks, least from passive content. And Kirkpatrick and Kirkpatrick (2006) gave the whole field its evaluation ladder, reaction, learning, behaviour, results, while noting the near-universal failure to climb past the first rung. Most providers measure whether learners liked the course. Almost nobody measures whether behaviour changed.

In compliance this matters more than in any other kind of training, because a certificate that changed no behaviour is not just wasted budget. It is a thin answer when a regulator, an auditor, an insurer, or a tribunal asks what you actually did. The obligations already point this way. The Money Laundering Regulations 2017 require relevant employees to be trained and the firm to be able to evidence it (regulation 24). ISO 37301:2021 treats competence, awareness and a culture of compliance as clause requirements, not optional extras. The Financial Conduct Authority expects firms to employ people with the skills and knowledge to do the job. None of these are satisfied by a download of completion records. They are satisfied by people who behave correctly under pressure, and by proof that they do.

Completion proves attendance. Change proves competence. Only one of them holds up when it is tested.

What 360 actually means: four moves, not one course

The 360 method turns the settled research into four moves we run on every serious engagement. They are deliberately plain.

The Auren 360 method · behaviour and performance, not completion
Move 1
Diagnose
Map the real regulatory exposure and the behaviour gaps, by role, before recommending any content. A diagnosis, not a catalogue.
Move 2
Design for transfer
Laddered, jurisdiction-specific, built around the decisions people actually make. Lean on content, heavy on applied judgement.
Move 3
Secure the conditions
Equip the line manager to reinforce the behaviour on the job, not just the learner. Transfer fails when the line does not own it.
Move 4
Measure
Move past completion to behaviour at three and six months, linked to the compliance indicators the business already tracks.

One honest caveat, because it protects the method from overclaiming. The thinking behind the four moves comes from the wider science of how adults change behaviour at work, including the leadership development literature. Compliance is not leadership. Much of it is statutory and proceduralised, where reliability matters more than inspiration. So what we borrow is the method, not any one model. The behaviour we are changing is not "lead more boldly", it is "do the right thing consistently, especially under pressure, and exercise sound judgement in the grey areas the procedure does not cover". The four moves work for anti-money-laundering conduct, data handling, building safety duties or lettings compliance precisely because they are about how people change, not about any single theory.

What makes this different from the rest of the market

Walk the compliance training market and most of it competes on the same two axes: the size of the course catalogue and the price per seat. Both accept the same definition of the product, which is completion at volume. We refuse that definition, because a workforce that completed a cheaper course and changed nothing did not get the cheaper option. It got the more expensive one, payable later, to a regulator.

Four things separate how we build training from how most of the market builds it.

Most of the marketAuren Institute
Sells courses and certificates, measured by completion rate.Sells changed behaviour and performance, measured at the desk and proven.
Generic, "global" content with a jurisdiction tag bolted on.Written against named UK and Maltese law, with variants where the two diverge.
Built by instructional designers to a brief.Built and reviewed by practitioners who have to comply with the same rules they teach.
Evergreen content that quietly ages.Refreshed within 30 days of a change in the law or standard, version-dated.

Underneath those four is the structural one. Our content is laddered, Foundation for the new joiner, Intermediate for the manager, Advanced for the compliance officer, so a single procurement decision serves the whole workforce rather than buying eleven disconnected courses. And the 360 method sits on top of all of it. A competitor can copy a course library overnight. They cannot copy a delivery model built around diagnosis, manager reinforcement and behaviour measurement without rebuilding how they work. That is the point: the difference is not the content, it is the method that makes the content land.

How an employer actually benefits

Stripped of the language, here is what the difference buys an HR, L&D or compliance lead.

Lower regulatory exposure, where the risk really is

An obligations register does not stop a bribe being paid, a data breach being mishandled, or a conflict of interest being waved through. A trained, alert employee does. Because the 360 method targets behaviour at the point of decision, it reduces exposure where exposure actually sits, in what people do, not in what the policy says.

A defensible position when you are tested

When a regulator, auditor, insurer or tender panel asks whether your compliance is managed, "everyone completed the training" is a weak answer. "Here is the behaviour change we measured at three and six months, against the risk we set out to move" is a strong one. The method produces the evidence that turns a training record into a defensible one.

Managers who reinforce, so it sticks

We equip the line manager, not just the learner, because that is where behaviour survives or fails. The benefit is durability. The change does not evaporate the week after the course closes.

Demonstrable competence, in one decision

Boards, clients, insurers and accreditation bodies increasingly want evidence of competence, not assertions of it. The laddered library gives you that across the whole workforce, from new joiner to compliance officer, in a single buying decision rather than a scramble of point purchases.

The honest limit, because credibility depends on it

We do not claim certainty, and you should be wary of anyone who does. Compliance outcomes move for many reasons beyond training: the enforcement climate, leadership, systems, staffing. We frame our contribution as a return on expectation over two to three years, report the early behaviour indicators that show the direction of travel, and treat any comparison against untrained teams as indicative rather than conclusive. Saying that plainly is what a practitioner does, rather than a vendor. It is also why, when we say our training changes behaviour and performance, we mean it as something we design for and measure, not a guarantee we could not honestly keep.

The 360 method in brief: common questions

Does compliance training actually change behaviour, or just tick a box?

Most of it ticks a box. Decades of training research show that knowledge delivered in a room, or a fifteen-minute click-through, rarely survives contact with the job unless the conditions around the learner support it (Baldwin and Ford, 1988). The 360 method is built specifically to close that gap, by diagnosing the real need, designing for transfer, securing manager reinforcement, and measuring behaviour rather than completion.

How is the 360 method different from normal compliance e-learning?

Normal e-learning is one move: deliver a course and record completion. The 360 method is four: diagnose, design for transfer, secure the conditions, measure behaviour and results. The course is one part of move two. The other moves are what make the course land, and they are the part most providers skip.

How can you prove the training changed behaviour?

We measure behaviour through a short manager and self review at three and six months, and link it where possible to the compliance indicators you already track, such as audit findings, incidents, near misses or breach rates. We report it honestly, including the limits of attribution. That is more than completion and quiz scores, which is what most of the market offers as proof.

Does this work for a small or mid-sized employer?

Yes. The method scales to the business. A smaller employer does not need an enterprise compliance department, it needs the exposure diagnosed, the training sized to the real risk, managers briefed to reinforce it, and a light measure of whether behaviour moved. The laddered library means one decision covers the whole team.

Is the training specific to UK and Maltese law?

Yes. Every UK course is written against named UK legislation, every Maltese course against the Maltese transposition of EU law, with variants where the two diverge. We do not sell "global" compliance content, because compliance is jurisdictional or it is wrong.

Sources

  • Baldwin, T. T., and Ford, J. K. (1988). Transfer of training: a review and directions for future research. Personnel Psychology, 41(1), 63 to 105.
  • Salas, E., Tannenbaum, S. I., Kraiger, K., and Smith-Jentsch, K. A. (2012). The science of training and development in organizations: what matters in practice. Psychological Science in the Public Interest, 13(2), 74 to 101.
  • McCall, M. W., Lombardo, M. M., and Morrison, A. M. (1988). The Lessons of Experience. Lexington Books. (Origin of the 70-20-10 logic.)
  • Kirkpatrick, D. L., and Kirkpatrick, J. D. (2006). Evaluating Training Programs: The Four Levels (3rd ed.). Berrett-Koehler.
  • Day, D. V. (2000). Leadership development: a review in context. The Leadership Quarterly, 11(4), 581 to 613.
  • The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, regulation 24 (training of relevant employees).
  • ISO 37301:2021, Compliance management systems, requirements with guidance for use (competence, awareness and culture clauses).
  • Financial Conduct Authority, SYSC, expectations on the competence of staff.

Related reading

Train the behaviour, not just the certificate

Auren's compliance programmes are built around the practitioner and the desk, not the download: Foundation, Intermediate and Advanced levels that take a team from what compliance is to how to run it, with the 360 method behind the delivery. Where you need the behaviour diagnosed and the change measured, our advisory service runs the loop with you. Self-paced, CPD-registered, refreshed within 30 days of regulatory change.

Start the free compliance mini-course
SG
Stefan Gauci Scicluna Founder of Auren Institute. MA, DBA candidate at Signum Magnum College, lecturer at IDEA Academy and Signum Magnum College. Writes as a practitioner who has to comply with the standards he teaches.

Last reviewed: 30 June 2026 · Next scheduled review: 30 July 2026 · Updated within 30 days of regulatory or standards change.

Compliance, Done Right.
aureninstitute.com