In this five-part podcast series, sponsored by K2 Intelligence FIN, we consider defining and building effective compliance programs. I am joined in this series by Michelle Goodsir, a Managing Director at K2 Intelligence, and Gail Fuller, Financial Integrity Network (FIN) Vice President. Michelle has 25 years of financial crime compliance experience which includes fraud risk management, anti-bribery and corruption, corporate security and investigations, sanctions, and Anti-Money Laundering (AML) program experience working within the financial services industry and the US government. Gail focuses on developing, refining, and implementing FIN’s quantitative and qualitative risk rating tools. She leads engagements focused on helping FIN’s jurisdictional and private sector clients understand their exposure to financial crime risk and develop and implement strategies to mitigate their risks.
Over this series we are considering key challenges in compliance, why compliance needs a seat at the table, how to do compliance on a budget; training and culture and what is on the horizon. In Part 4, I visit with Gail Fuller on how to facilitate ongoing compliance training, communications and re-emphasizing culture in an organization.
We begin by considering what is tailored and effective compliance training? Fuller noted that training should “raise awareness of the content of those compliance policies and procedures.” Further, it should “operationally embed compliance at all levels of an organization to reinforce a culture of compliance again, throughout the organization.” To do so, trainings needs to be comprehensive in a couple of different ways.
Training needs to be “comprehensive in terms of the subject matter that it covers and training needs to be comprehensive in terms of the employees it reaches.” That second component is the tailored requirement. Training needs to start at the very top of an organization “so that we can build that culture of compliance at the Board of Directors level and in the C Suite with the executives and it needs to thoroughly cover all three lines of defense. It needs to cover the lines of business, the compliance department and the audit function. Really every single employee in a bank needs to have at least a basic level of awareness of relevant compliance issues, AML, CFT, ABC or export issues.”
Fuller expounded on the tailored requirement, stating “We have to tailor it to the audience and their roles within the company. A Board member is going to have a lot of different needs when it comes to training, than an auditor is going to have.” This means you must think about tailoring your compliance training specifically to the audience. It also portends having a multilevel training program that specifically thinks about the roles of the people who are participating. Fuller noted, stepping back and from a more strategic perspective, “training also needs to be tailored in another sense. It should be tailored to the financial institution itself and its risk profile. If you have a major global bank that’s doing dollar clearing and providing correspondence services, that’s a hugely different risk profile than if you have a community bank focused on mortgage lending to clients within their community.” All of this means there is no such thing as a one size fits all compliance training program. It really does need to be tailored.
Following tailored training comes effectiveness and how an organization determines effectiveness. Fuller believes the key to demonstrating effectiveness really comes down to areas like testing and certification. You have to check and make sure that people are getting out of it what you need them to. This means testing your employee base, certifying them, creating accountability mechanisms and corresponding corrective actions. It also means that training needs to be continuous because your risk profile in the world is always changing. The current coronavirus pandemic has reminded us all that threats and risks are always constantly evolving. Training needs to be continuous and it needs to be up to date. Fuller concluded, “those are some of the key things that we really look for in a training program to be effective.”
One of the ongoing discussions, debates, and questions within the compliance community is what is the best way to deliver training? You may have a multinational organization of literally thousands of employees across the globe, different languages, different cultures, different skillsets, some who may have access to a computer and some who may not. How do you help organizations begin to think through the right blend of online training classes and live in-person training classes? Fuller noted that is it is a “hugely challenging time that we’re in right now, truly unprecedented. While this is a question which has been kicking around for a while, it has really been brought to the forefront even more right now.”
Regulators are pretty much neutral on how training is delivered as they are most concerned “about the content and the results of the training. They don’t really care about how it’s delivered.” Both online and in-person training have strengths and weaknesses which should be considered to help organizations build a successful and effective training program. Fuller believes “a blend of the two methods is probably the best.” This means you should draw on the positive attributes of both to create the most effective, tailored training for your organization.
Obviously, right now we are in an incredibly challenging time for in-person training; both from the health crisis and the economic downturn. Fuller cautioned, “We need to make sure we are not letting the ideal of a perfect Socratic training program get in the way of tailored, effective training. Training still needs to happen and even if meeting in person is not possible, it is clear that the regulators are expecting business as usual in that regard to be continuing.”
Fuller talked through the pros and cons of the two different training methods. Online training can be quite positive, as it can be “provided quickly and sometimes less expensively, especially across, as you were talking about, a globally dispersed organization. It can also be developed to kind of quickly react to changes in a regulatory policy or to the risk environment.” This means you can develop an online training that is responsive for example, to the current situation and the current threats from Covid-19. Fuller sees some of the downsides though with online training as engagement with material and engagement with the audience. Yet she believes these concerns can be mitigated in a large part through course design. Moreover, a “key to keeping people engaged in the online area is things like a mix of different learning modalities and finding ways to make sure that participants can still interact both with each other and with the faculty and to collaborate and work through real world examples.” In-person training “obviously is more interactive, but it can be expensive, especially in those global entities that are required to people fly in from around the world. It can be logistically complicated and it can take employees away from their desks and their roles for really days at a time.”
Fuller concluded that optimally you would aim to leverage the right mix but that is “not in the world we are living in right now, as in-person training is really a difficult thing to achieve. In the reality that we’re living in right now, making it work with online training is something that we’re thinking about a lot and how to make that interactive, how to make it effective.”
Join us tomorrow with our concluding episode where we consider what is up next for compliance.
K2 Intelligence financial crimes risk & compliance page: https://www.k2intelligence.com/en/services/our-practices/financial-crimes-risk-and-compliance
K2 Intelligence Anti-corruption page: https://www.k2intelligence.com/en/services/our-practices/financial-crimes-risk-and-compliance/anti-corruption
K2 Intelligence DOLFIN: https://www.finintegrity.com/dolfin.html