As Houston, TX, is the epicenter of Foreign Corrupt Practices Act (FCPA) enforcement, most energy companies in my hometown have mature compliance programs or at least more mature than in other industries, which have not gone through a full FCPA sweep. This has brought much knowledge about the doing of compliance into these organizations. But just as compliance programs can become more mature and compliance practitioners more sophisticated in their approaches to FCPA compliance, the FCPA regulators can be more sophisticated in their knowledge and understanding of what constitutes a best practices FCPA compliance program.
Most interestingly, one of those areas is training on a FCPA compliance program as there has recently been renewed discussion by Department of Justice (DOJ) and Securities and Exchange Commission (SEC) representatives on the issue of training and testing the effectiveness of a best practices FCPA compliance program. Chief Compliance Officers (CCOs), compliance practitioners and corporate compliance functions need to understand that the DOJ and SEC are clearly signally that simply testing and having employees sign a certification they took the training is no longer sufficient. The regulators want companies to demonstrate the effectiveness of their FCPA anti-corruption training.
I was therefore interested to see a recent article on training in the MIT Sloan Management Review, entitled, “Aligning Corporate Learning with Strategy”, by Shlomo Ben-Hur, Bernard Jaworski and David Gray. While noting that there has been an explosion of training options available in the corporate world and advances around the science of learning relating to the emotional centers of our brains; it is the emphasis on the “strategic alignment of learning rather on how learning is delivered” which is the key differentiator for effective employee development.
The authors believe there should be a more strategic business view of training and a more proactive stance on the delivered value of training and development. For the CCO or compliance practitioner they present some solid suggestions for ways to make FCPA compliance training more effective. Since we know the regulators are watching and may well look at the effectiveness of your FCPA training, now may be a good time for you to consider it. The authors present four learning practices that they believe can serve as a model for implementing a corporate learning strategy. I have adapted them for a FCPA compliance program.
Mapping the [CEO] agenda
Here the authors believe that it all starts with a strong emphasis from the very top of the organization that training is “mission-critical”. Something as simple and straightforward as “We will do business ethically and in compliance with the FCPA” stated by the Chief Executive Officer (CEO) can be used to cultivate the desired behavior. If leaders know they will be graded, evaluated and assessed on how they do business within the constraints of the company’s compliance program, they will be more apt to embrace learning it going forward. As the CCO you need to have such principles clearly articulated and even an opening line or opening video to your training.
But the CCO and compliance practitioner have a role in delivering the right type of training. You need to understand that to bridge what might be a compliance skills gaps in your training group your compliance training needs to go through an assessment. You could think of something along the lines of a risk assessment but in the compliance training assessments you determine what issues employees want and need addressed. By using these tools you can map the compliance training agenda and then move to “operationalize the [compliance] learning agenda through the portfolio of [compliance] learning and development activities.”
Aligning learning and development resources
Your next step is to take stock of your training resources by taking a “learning inventory”. What tools do you have in place for compliance training? From here the next step is to review your learning infrastructure; how do you deliver the training? Do you use live training? If so who puts on the training? Is it internally outsourced to your Human Resources (HR) function or does the compliance department perform compliance training? Do you outsource to a third-party provider? If the training is not live, in what media do you employ? Has the training been translated into local languages? If so has that translation been vetted to ensure accurateness?
Another set of inquiries should be made into the efficacy of your current compliance training. Is it aligned with your current compliance initiatives? Have there been changes to your program or updated/new risks since your last compliance training was developed and deployed? How have you tested the effectiveness of your compliance training in the past, if at all? What have you done to validate your training under the COSO 2013 Framework Update?
Gaining buy-in for the learning agenda
The days of FCPA training being a slow recitation of the law, written by lawyers for lawyers, have long since passed. Here the authors advocate buy-in on the training from a wide variety of sources but specifically including the CEO. The reason is so that vision will be shared during the training. Making the training business specific is obviously an important factor. The authors provided a quote from Eivind Slaaen, Senior Vice President (VP) for HR at Hilti AG, which I thought summarized this approach quite well. She said, “We’ve stopped treating learning as stand-alone and see this more as a journey,” says Slaaen. “Rather than thinking you can teach people what they’re supposed to know in a couple weeks of training, we’re pulling the line [management] in as a partner — so you need to convince others to be a part of that journey.”
The authors also suggested some clear goals for the agenda. They suggested (1) does the learning agenda support the compliance goals going forward as they apply to the business unit?; (2) is the training clear on how doing compliance will affect the business unit going forward?; (3) did compliance involve the key influencers and key stakeholders in championing the agenda?; and (4) is the learning linked to and does it respond to changing compliance and business needs?
Activating the learning agenda
Continuous improvement is not simply a by-word in compliance but is now mandatory. The same should be true for your compliance learning portfolio. This means that as your compliance program matures or your organization develops new risks, your training needs to reflect this as well. The authors said, “Programs and learning initiatives that do not advance the ball toward business goals should be eliminated or brought into line with business needs. Sometimes this requires bringing in different learning personnel with the relevant expertise and instructional design skills to meet the new objectives. The company’s learning agenda should be the “North Star” for all corporate learning and development — the set of orienting principles against which program design choices are tested.”
I found this article very interesting and provided a different manner in which the compliance professional could think about training and learning. Even if such bespoke training is not rolled out on a company wide basis, it could certainly be used for management or high-risk employees to provide more focused and useful FCPA compliance training. Moreover, it is developing a mind set from the very top levels of the company on down about the expected behaviors. I certainly see such learning as something the DOJ and SEC will see as innovative in the compliance space.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2015