The communication of your anti-corruption compliance program, both through training and message, is something that must be done on a regular basis to ensure its effectiveness. The FCPA Guidance explains, “Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”

One of the key goals of any Foreign Corrupt Practices Act (FCPA) compliance program is to train employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. Beginning in the fall of 2016 through the announcement of the FCPA enforcement Pilot Program, the DOJ began to talk about whether you have determined the effectiveness of your training. This continued with the 2017 Evaluation of Corporate Compliance Programs where they asked, “How has the company measured the effectiveness of the training?” This point has bedeviled many compliance professionals yet is now a key metric for the government in evaluating compliance training.

Also raised in the Evaluation was the focus of your training programs, where the DOJ inquired into whether your training was “tailored” for the audience. The Evaluation, In Prong 6, Training and Communication, asked, in part: Risk-Based Training What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?

This adds two requirements. The first is that you must assess your employees for risk to determine the type of training you might need to deliver. This means that you should risk rank your employees. Obviously, the sales force would be the highest risk but there may be others which are deserving of high risk training as well. From your risk ranking, you need to then develop training tailored for the risks those employees will face.

The key going forward is that you have thoughtfully created your compliance training program. Not only in the design but who receives it, all coupled with backend determination of effectiveness. Finally, all of this must be documented. In Prong 6, Training and Communication, of the Evaluation it read, in part: 

Form/Content/Effectiveness of Training – Has the training been offered in the form and language appropriate for the intended audience? How has the company measured the effectiveness of the training?

Most companies have not considered this issue, the effectiveness of their compliance program. I would suggest that you start at the beginning of an evaluation and move outward. This means starting with attendance, which many companies tend to overlook. You should determine that all senior management and company Board members have attended compliance training. You should review the documentation of attendance and confirm this attendance. Make your department or group leaders accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program. 

Joel Smith, the founder of Inhouse Owl, a training services provider, considered an analysis of return on investment (ROI) for compliance training. He advocated performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (i.e. effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. I have adapted his concepts on ROI to focus on compliance training effectiveness.

Smith’s model uses four factors to help determine ROI for your ethics and compliance training, which are: (1) Engagement, (2) Learning, (3) Application and Implementation, and (4) Business Impact. These same four factors can be used to determine compliance training effectiveness.

  1. Figure out what you want to measure. Before you ever train an employee, you should have a goal in mind. What actions do you want employees to take? What risks do you want them to avoid? In compliance training, you want them to avoid non-ethical and non-compliant actions that would lead to potential violations. Your goal is to train employees to follow your Code of Conduct and your compliance program policies and procedures so you avoid liability related to actions.
  2. Were employees satisfied with the training? What is their engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job. If it’s not targeted, employees will likely not be committed to changing risky behavior. One way to obtain such data is through a post-training survey. This should give you insight into determining if employees thought the training was beneficial and effective in answering their questions and concerns.
  3. Did employees actually learn anything? A critical part of any employee training is the assessment. You must know whether they actually learned anything during training. You can collect this data in a number of ways, but for compliance training, the best way is to measure pre- and post-training understanding over time. Basically, each time you train an employee, measure comprehension both before and after training.
  4. Are employees applying your training? A survey should be used to determine employee application and their implementation of the training topics. To do so, you must conduct surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations. These surveys can provide a good sense of whether the training has been effective.

The beauty of using surveys is that it provides feedback on not simply the compliance training to determine effectiveness but a much wider variety of areas for your compliance program. These surveys can provide critical information on the state of your compliance program and provide substantive feedback for further inclusion back into your compliance program. Testing your program and using that information in a feedback loop is another key component of a best practices compliance program.

The importance of determining effectiveness of your compliance program is now enshrined by the DOJ in its Evaluation. The Evaluation demonstrates the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many Chief Compliance Officers and compliance professionals struggle to determine. Both the simple guidelines suggested and the more robust assessment and calculation provide you with a start to fulfill the Evaluation but you will eventually need to demonstrate the effectiveness of your compliance training going forward.

Three Key Takeaways

  1. You must demonstrate you have measured the effectiveness of your compliance training?
  2. The DOJ is clearly moving into requiring a demonstration of effectiveness of compliance training.
  3. You should be moving towards a model of demonstrating compliance training ROI to validate full operationalization of your compliance training.


This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to