How can you begin to think through a best practices compliance training program? I put that question to Shawn Rogers. Rogers advised that you ‘envision’ what your training would like as a first step. He stated, “A common mistake is jumping right to the question of which courses you want and how to deploy them. However, there are several things you need to think about before you start building the program.”
You should develop some principles on what your compliance training should look like. A key way to start is by reference to the Training and Communications section of the 2020 Update, which stated, “Prosecutors should assess the steps taken by the company to ensure that policies and procedures have been integrated into the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners. Prosecutors should also assess whether the company has relayed information in a manner tailored to the audience’s size, sophistication, or subject matter expertise. Some companies, for instance, give employees practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise.”
What are the Guiding Principles of your compliance training? What are you trying to communicate? Is it a broad set of values you want to communicate to every employee about what your organization stands for? As noted in the 2020 Update, a company “should examine whether the compliance program is being disseminated to, and understood by, employees in practice in order to decide whether the compliance program is “truly effective”.”
You need to work to establish program design objectives. Are there different types of training such as for gatekeepers, high-risk employees or others? In the 2020 Update, it stated under the section entitled Risk-Based Training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees, including training that addresses risks in the area where the misconduct occurred? Have supervisory employees received different or supplementary training? What analysis has the company undertaken to determine who should be trained and on what subjects?
You should consider developing a style guide or training course standards. What will be the look and feel of your training? What non-English languages will the training be made available in? How will the training be deployed? Will it be aimed at baby boomers or GenZer’s (and everyone in between)? Here the 2020 Update stated under the topic of form of training, Has the training been offered in the form and language appropriate for the audience? Is the training provided online or in- person (or both), and what is the company’s rationale for its choice?
You will need to determine the exact risks that will be addressed by the training program. Here the 2020 Update suggests, under the section “content”, Has the training addressed lessons learned from prior compliance incidents? It also noted, “Some companies, for instance, give employees practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise.”
Set up a governance process to ensure stakeholder alignment, approve the program design, approve the budget and monitor effectiveness. Obviously, management buy-in for compliance training is critical but have you thought about how your training will impact the business unit folks? What about the generational issue? Will your compliance training look like it was designed by “old guys” and not be appealing or even relevant to your current work force? Finally, how will you monitor your training program effectiveness as this is a critical element from the Department of Justice (DOJ) perspective. In the 2020 Update it said, How has the company measured the effectiveness of the training? Have employees been tested on what they have learned? How has the company addressed employees who fail all or a portion of the testing? Has the company evaluated the extent to which the training has an impact on employee behavior or operations?
Rogers developed his “Three Principles of Highly Effective Training Programs”; the first principle was Trust. The Compliance Department should trust employees to take their compliance training seriously. The compliance function trusted that once they have received proper training, the employees will conduct business and make decisions with integrity and in strict compliance with applicable laws, regulations, and company policies. I would also add that here you should channel your inner Ronald Reagan, to trust but verify.
Interestingly, Rogers cautioned that a compliance training program can inadvertently send a message that “we don’t trust you to do the right thing” as the opposite of trust is obviously distrust. Some compliance training can become punitive by having so many courses or repeating courses over and over again. Rogers characterized this approach with the apocryphal saying “The beatings will continue until morale improves”; which he rephrased to “the long and boring trainings will continue until the company culture improves.” This led him to conclude that if you do not implement your training program strategically, your learners will view ethics and compliance training as a miserable task that they have to do just to satisfy the lawyers.
The second guiding principle is Respect. (Think of Aretha Franklin here) By this Rogers means that your organization’s “compliance training program will respect the employees’ time and the company’s time.” There are several components which Rogers outlined as following:
- We will not require employees to take courses that are not relevant to their role.
- We will respect their intelligence by assuming that they understand the principles without needing to take the exact same courses repeatedly.
- We will respect their time by keeping the courses short and to the point.
- We will set standards for the courses so employees don’t have to learn a new method for navigating the different courses.
- We will respect our company by following the company’s branding guidelines and by using images that reflect company standards and reflect the company’s business activities.
The third and final principle is Accountability as Rogers believes that no compliance training program will be effective without accountability. Accountability applies to employee/learners, leaders and vendors. Accountability mandates that your organization’s employees will be held accountable for taking their training seriously and within the established time frame. Employees will be held accountable for internalizing the training content, acting with integrity and in compliance with the principles taught in the training program. Middle management also has a role in accountability as they will be held accountable for ensuring that their staff complete the courses within the established deadlines. Finally, accountability extends to other stakeholders such as compliance training vendors, which will be held accountable to delivering quality content and according to the development deadlines established by the program.
These three principles should become the measuring stick for your compliance training program as you should reference back to them in all your program-level decisions in the design of your compliance training.
For more, check out my podcast with Shawn Rogers here.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2020