The communication of your anti-corruption compliance program is something that must be done on a regular basis to ensure its effectiveness. The FCPA Guidance explains, “Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”
“Conducting effective training programs” is listed in the 2011 US Sentencing Guidelines as one of the factors the DOJ will take into account when a company accused of a FCPA violation is being evaluated for a sentence reduction. The US Sentencing Guidelines mandate, “(4) (A) The organization shall take reasonable steps to communicate periodically and in a practical manner its standards and procedures, and other aspects of the compliance and ethics program, to the individuals referred to in subdivision (B) by conducting effective training programs and otherwise disseminating information appropriate to such individuals’ respective roles and responsibilities.”
While most people tend to overlook the issue of attendance at training, it is an issue that should also be considered. You should determine that all senior management and company Board members have attended FCPA compliance training. You should review the documentation of attendance and confirm this attendance. Make your department, or group leaders, accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.
One of the key goals of any FCPA compliance program is to train company employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. Up until recently, we had not heard anything from the DOJ around the testing the effectiveness of compliance training, however, beginning in the fall of 2015 through the announcement of the FCPA enforcement Pilot Program, they to talk about whether you have determined the effectiveness of your training.
You can begin with a baseline measurement of employees who participated in your compliance training through a general assessment of those trained on the FCPA and your company’s compliance program is a starting point. Some questions to use for the assessment of the effectiveness of your FCPA compliance training could include the following:
- What does the FCPA prevent?
- Does your company allow facilitation payments?
- How do you report compliance violations at your company?
- What types of improper compliance conduct should you report?
- What is the name of your company’s Chief Compliance Officer?
For high-risk employees, you can have a more focused evaluation. You can give some circumstances an employee might face when traveling or doing business abroad. As always, you need to document the training, attendance at the training and then the post-training testing.
Ethical leadership is absolutely mandatory to have a successful compliance program, whether it is based upon the FCPA or the UK Bribery Act. Senior management must not only be committed to doing business in compliance with these laws but they must communicate these commitments down to the organization. But leadership is not limited only to senior management within an organization. Tone at the Top begets Tone in the Middle; which begets Tone at the Bottom. At each rung there is the need for compliance leadership. Yet these communications can come in many forms. Consider the Morgan Stanley declination that specifically mentioned the ongoing compliance reminders as one of the reasons the company received a declination.
All of this leads me to consider the message of compliance inside of a corporation and how it is distributed. In a compliance program, a large portion of your consumers/customers are your employees. Social media presents some excellent mechanisms to communicate the message of compliance going forward. Many of the applications that we use in our personal communication are free or available at very low cost. So why not take advantage of them and use those same communication tools in your internal compliance marketing efforts going forward.
Another key issue seems to be that problem that companies do not write the way they speak, and do not speak the language of their employee base. In many ways, compliance is a brand and that compliance brand needs to make sure that the message of compliance will resonate with your audience, whether that be your employee base, third parties working for your company, even senior management or the Board. This is where social media can help you and the compliance function to hone your message through social media. Part of this is based on experimenting on what message to send and how to send it throughout your organization.
This means that you will need to work to groom your message but also continue to plug away to send that message out. I think the Morgan Stanley declination will always be instructional as one of the stated reasons the DOJ did not prosecute the company as they sent out 35 compliance reminders to its workforce, over 7 years. Social media can be used in the same cost effective way, to not only get the message of compliance out but also to receive information and communications back from your customer base, the company employees.
The key to training and communication is that they be done effectively. Whether you utilize one of the myriad of compliance training professionals, online training companies or another mechanism, the bottom line is that you need to risk rank your training attendees and follow up by measuring training effectiveness. If you can neither think of anything else nor have the budget for professional consultants, you can always start with the FCPA Guidance and use the hypotheticals as your training materials. I still maintain that in communications you are only limited by your own imagination. By keeping the communications fun, fresh and relevant, you can help keep the eye on compliance in your organization.
For more information on this Hallmark, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available through Compliance Week by clicking here.
To listen to my podcast on this Hallmark, click here.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2016