While tools have been implemented to properly secure Secrets Management, our scans still come up with user ids and passwords stored out in various chats and collaboration tools. We have definitely noted an insider threat risk/issue, and see the way forward as: a) first violation - assign mandatory training/CBT and discussion with manager b) second violation - dismissal?
Our logic on leniency may be: if the stores are 2+years ago, there may be an argument that our organization lacked a fully fledged secrets management tool, or it wasn't effectively communicated. However, if a scan pulls it up from 2 days or 2 weeks ago, we'd have a hard time understanding why two enterprise solutions could not have been utilized.
What are other companies/organizations doing? Any recommendations on training, awareness and enforcement?
MFA often makes the problem of credential sharing go away.
When you review the policy draft with your HR lawyer (which you ought to do prior to implementation), you will likely find that they are not big fans of requiring termination because it causes big problems enforcing the second case if you didn't follow policy in the first case. Much better is language along the lines of "failure to comply with policy may result in discipline up to and including termination". The lawyer likely has boilerplate that is applied to all corporate policies and includes such language.
Also, you might consider how to address coercion, such as when your boss orders you to violate policy.