How do you address security concerns with employees who failed to pass social engineering tests?

Security is of the utmost importance for credit unions, and one of the best ways to train your staff is to perform social engineering testing. But in the event that some staff don’t pass the test, what do you do? What actions does your credit union take to address security concerns with those employees so that they don’t fall victim in a real situation?