This week I am running a special five-part podcasts, which considers the evolving landscape around risk, compliance and ethics. In this podcast series, I will visit with Paul Johns, Chief Marketing Officer, and Rebecca Turco, Vice President of Learning, both from SAI Global Pty Limited, the sponsor of this podcast series. Today, I wanted to discuss some of Turco’s observations on the trends in ethics and compliance learning.

The first is adaptive learning, which is more of a personalization way to learn. Turco believes it is key for the compliance ethics discipline because it “really looks at how do we differentiate the content for the learners.” Moreover, adaptive learning is designed to focus on “making sure the learners are getting the content and relevant information that they need within any piece of content. It begins with asking questions about where they work and whether they interact with government officials. From there, it moves to serve up content to the employee which is meaningful, that helps them start to see what risks are in their area. It also allows content designers to be able to give them a personalization to the training experience that is more meaningful than just kind of a one size fits all.”

This trend is useful as it does not reinvent training for employees who do not need it. This comes from “giving people credit for understanding risks, giving them the ability to kind of test out, by asking them a series of questions and if they know the answers, they may know what their risks are and they can move to a level at which they do not know the answers. You do not need to train employees in areas where they have demonstrated competency. This gives companies the opportunities to really think about their program and differentiate the ethics and compliance training of their compliance program.” Turco concluded, “in the world today, people are looking for compliance training that is as short and sweet as possible, getting to the relevant pieces of information.”

Another trend is the concept of branching, which is building out different training scenarios. Turco provided an example of training about “a security breach. Things happen on a video and the learner is watching them unfold. By using adaptive technology you can require the learner to pick out the hotspot where they would see a risk or something being violated. From there the video would branch off into different scenarios based on what you decide because that’s real life. It is not the first decision that causes an ethical breach or a security breach. It’s for decisions down the road. That’s the hard part in training to get right because it is not always just as black and white as is the conflict of interest might lie.”

An important trend in ethics and compliance learning is the effectiveness of compliance training. Interestingly, Turco said the first question asked is about the content of the training, not the data around this issue. She explained, “you can collect as much data as you want for any, any reason but if the content you are writing and designing for the training is not meaningful, then the data you’re getting isn’t meaningful.” (as fine a definition of GIGO as I have ever heard.)  She said that a company must really think about data and how to use it to make your program smarter and to make you understand where the risks are in your organization.

Effectiveness then starts with building content with thought provoking questions in the presentation. This leads to scenarios which ask the learner, “what do you think?” From there you can begin collecting the data from their responses and start to analyze it on the back end. This can give you trends about whether there is a disconnect in your written Code of Conduct, policies and procedures and how business is operationalized in the field.  With this data, an organization can start to target campaigns to that team around that risk area identified. Turco pointed to one example where a company was able to demonstrate through this approach a training competency and effectiveness increase from 20% to 80% in one year.

Your goal should be that the needle is moving and your organization is providing employees the tools in order to make sure they have the knowledge and the competency to not only pass that assessment but also understand those risks in the business. This is far beyond the “check the box” method of training. With the speed of current day corporate decision making in the field and the pressure your sales teams are under to meet goals, timelines and deadlines; you need to provide training to meet these business realities. Once you understand that, then you can start to understand how to provide your employees effective training.

Turco concluded by noting that your training should aid in the decision-making process when the teams are under pressure; whether that be sales pressure, pressure due to a high-risk region or other. Turco said, “How do you make sure that when they’re under that pressure, they will know exactly what to do?” The data collected from the training process can help identify risks, provide the opportunity to help employees understand more and drive training or campaigning around risks.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

In this episode, I visit with podcast favorite Matt Ellis, a member at Miller & Chevalier on the firm’s always excellent FCPA Summer Review 2018. The first half of 2018 has brought some very interesting FCPA enforcement actions, packed with lots of information for the compliance practitioner. We unpack the key enforcement actions, international developments and some key statistics. Some of the discussion highlights include: 

  • D&B-how to garner a full declination;
  • Panasonic Avionics-need for robust ongoing monitoring of third parties. Not simply a one-time look.
  • Society General-as bad as this case was, yet the company still got a discount.
  • Legg Mason-parent liable for the actions of its agent.
  • Credit Suisse-check out your hiring policies.

To download a copy of Miller & Chevalier’s FCPA Summer Review 2018, click here.

This week I am running a special five-part podcasts, which considers the evolving landscape around risk, compliance and ethics. In this podcast series, I will visit with Paul Johns, Chief Marketing Officer, and Rebecca Turco, Vice President of Learning, both from SAI Global Pty Limited, the sponsor of this podcast series. One of the more interesting discussion was on evolving nature of the ethics and compliance (E&C) marketplace and what that means for compliance programs.

Boards of Directors are moving from a lofty position, away from the limelight, to a more values based, customer-centric approach. This is playing out in a couple of key ways for the E&C marketplace. The first is that the Board sets the organization’s appetite for risk. To do this the Board must articulate what is the acceptable level of risk the company is prepared to work towards as it considers operating a particular enterprise. Next is the direct line of sight  between that appetite for risk at the Board level and the performance and the behavior of everybody across the company.

To accomplish this continuum, the Board or Audit Committee would garner a sense of the markets they are in and the products that serve the market together with the associated risks. From there, the company would put together a strategy to move forward and push that strategy out to operationalize it across the company or applicable business unit. But the Board could never be assured that each employee, business unit  or geographic region understands the articulated risk appetite. This is in contrast to corporate culture.

In the values-based economy of today, what is it that you expect from your employees? If the behavior of one employee is antithetical to your values, what is the damage to  your corporate reputation? Consider the Starbucks store manager who called police for two patrons who were waiting for a third colleague. The two patrons were African-American and the store manager was white. The store manager had them arrested. Starbucks took a pounding the court of public opinion even though the store manager’s actions were against the stated culture and values of the organization.

Johns said this means you must “make sure that everybody is living and breathing the values and the behavior that you’ve laid out”. If  you do not do so, the reputational cost could be quite high; far beyond the cost of non-compliance with a law or regulation. The reality of today’s marketplace is that “millennials and centennials vote with their wallet.” This is true for where they purchase an espresso, where they buy running shoes or where they might order their pizzas from on a Friday night.

This values-based approach has changed the dynamic at the Board level and indeed all the way down through an organization. A company can have a Code of Conduct, policies and procedures and internal controls in place but today those regulatory requirements or those suggested by such government publications as the 2012 FCPA Guidance are not enough, even if they meet the baseline requirements under a law or regulation. Johns believes a much more holistic approach is called for and from the educational perspective, it is a continual learning practice. Johns stated, “it is more than simply a company saying some aspirational ideas in your Code of Conduct. Do they really live those values as an organization?”

You should ask such questions as “Are there key performance indicators (KPIs) in place to measure such a proactive approach to risk management and your company’s brand reputation?” It might be something along the lines of “what are you doing around how you identify the types of employees that you let into the business, the types of business partners or third parties that you do business with? What is the scrutiny? What is the high bar that you set to make sure that you have actually got the right people working with you and working for you?”

One of the most interesting things about the E&C marketplace is that all parties involved contribute to this evolution. From the regulators or prosecutors to companies and their compliance personnel and programs, to product and service providers in the marketplace. Everyone has contributed to this evolution and will continue to do so going forward. Turco noted that it has evolved far beyond “providing compliance content and checking the box”. It is significant that compliance is now part of the culture of a company. “The trends that we’re seeing really around how our company’s embed compliance and culture in their organization.”

Turco said that compliance training now is around changing employee behavior. This has led to consideration of the effectiveness of training and analytics around it. Turco has seen a “shift from 30 to 40 minutes of training to targeted training and targeted pieces of content. Companies want to be able to make sure their employees are valued in terms of the time they are spending on compliance training.” They not only want to measure compliance training effectiveness to show that the program is working but also to show risk areas that could present an issue(s) for companies going forward and warrant greater attention.

The targeted nature of training means tying training to the overall business process. So how does your compliance training help an employee do business more efficiently and, at the end of the day, more profitably? Are both goals appended onto and embedded into compliance training? This is one of the goals the Department of Justice (DOJ) included in its requirements for effective compliance training. It is about getting away from death by a PowerPoint slide deck or Xerox copy to have compliance training which is much more engaging. Indeed, companies want more focused and targeted training for the risk that people are engaging in and the risks people have out in the real world.

It is interesting to observe the spectrum of the players in the compliance space and how each player has a specific role in driving compliance forward. The DOJ began the dialogue about effectiveness of compliance training in the General Cable Technologies Corporation Foreign Corrupt Practices Act (FCPA) enforcement action. The DOJ then added the mandate for targeted training in its Evaluation of Corporate Compliance Programs (Evaluation) in 2017. That was really the first time they had said in a policy statement that they wanted to see not only that you have effective training but targeted training as well.

A company can begin to measure its compliance training effectiveness. Turco said, “the key to any learning objective is being able to understand its concepts and understand how it applies to you and then it’s daily, weekly or monthly repetition. It’s not a one and done.” This means that when thinking about compliance training effectiveness you should “begin with a high-level offering that talks about kind of risks in the business. The next step is to have the learner understand what it means to them.” Effectiveness most probably will not occur the first time they take the course. Turco was emphatic that it is not “a one and done.”

The role of compliance training continues to evolve. The regulators, in the form of the DOJ, have articulated a requirement for both effective and targeted training. Companies have responded by seeking ways to help their employees more effectively identify and then manage risks. But it is not a one-time event or one-way street. Effective compliance training is a continuing dialogue which allows organizations build their reputational brands.

The evolving role of risk, compliance and ethics will only continue. As the marketplace changes with new workers entering the workforce, becoming the new consumers and burgeoning social media led movements such as #MeToo, the risks will only become more dynamic. Are you ready?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

As Hurricane Florence has made landfall onto the Carolinas and beyond, Hurricane Issac is hurtling towards the Gulf of Mexico and Storm X is taking aim at Texas, Tom and Jay are back with a look at some of the week’s top compliance and ethics stories.

  1. United Technologies settles a FCPA enforcement action with the SEC. Harry Cassin reports in the FCPA Blog. Tom explains its significance in the context of Brighton Rock on the FCPA Compliance and Ethics Blog.
  2. A Goldman partner uses the company hotline. What happened next and would any Goldman employee ever use it again? See article by Emily Flitter, Kate Kelly and David Enrich in the NYT.
  3. Les Moonves proves once again that it’s the cover up that gets you, not the original crime as the CBS CEO goes down for lying to the CBS Board. James Stewart reports in the NYT.
  4. What does GDPR mean for blockchain? Conversely what does Blockchain mean for GDPR? Vera Cherepanova explores in a two piece blog post on the FCPA Blog. Part Iand Part II. For a more positive outlook on blockchain, on this week’s Innovation in Compliance, Tom interviews EY’s Paul Brody and Alex Perry on the power of blockchain.
  5. SFO wins huge document production matter against KBR. Christine Braamskamp and Kelly Hagedorn write about the case in NYU’s Compliance and Enforcement Blog.
  6. Unarmed black man shot and killed in his own home by white Dallas police officer. What was PwC’s response? Matt Kelly considers in Radical Compliance.
  7. Matthew Stephenson asks if Hoskins was correctly decided and conclude it probably was not. In the Global Anti-Corruption Blog.
  8. Leila Szwarc on why organizations need a global compliance framework. In Corporate Compliance Insights.
  9. Want the top compliance training from the guy who wrote the book on compliance? Tom will put on a Compliance Master Class in Boston, September 25 & 26, hosted by Affiliated Monitors. Registration and information, click here.
  10. Want a 50% discount to one of the top compliance conferences around? Join Tom and AMI’s Eric Feldman at CONVERGE18 in Denver on October 9-11. I hope you can join me at the event. For information on the event, click here. As an extra benefit to fans of This Week in FCPA, CONVERGE18 is offering a 50% discount off the registration Enter discount code TOMFOXVIP.
  11. In this week’s podcast series I internview Don Stern, Eric Feldman and Rod Grandon on the role if an independent monitor in assessing ethics and compliance in the M&A context. Part 1-the whys, whats and hows; Part 2-the impact of M&A on both parties; Part 3-what’s the plan; Part 4-oversight of merged entities; and Part 5-how the M&A process benefits from an independent monitor.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at www.affiliatedmonitors.com.

In this episode, I visit with podcast fan favorite Laura Perkins, a partner at Hughes, Hubbard and Reed. We discuss the recent 2ndCircuit Court of Appeals decision in the Hoskins matter. With Laura’s background as a former Justice Department prosecutor in the FCPA Unit, she brings a wealth of knowledge to what the decision may portend for the prosecution of FCPA cases going forward and how may impact corporate compliance programs as well. Some of the discussion highlights include: 

  1. Background to Hoskins case;
  2. Summary of facts of the case;
  3. Court holding;
  4. Implications for DOJ in prosecutions under the FCPA and other US laws; and
  5. Implications corporations doing business outside the US.

For a copy of the Hoskins opinion, click here.

In this episode of the FCPA Compliance report, former FCPA prosecutor Laura Perkins breaks down the Hoskins decision.