In this episode of Excellence in Training, Shawn Rogers and I consider how you should envision your training.

Shawn begins his journey with the famous book, The Seven Habits of Highly Effective People, where Stephen R. Covey said, “All things are created twice. There’s a mental or first creation, and a physical or second creation to all things. Take the construction of a home, for example. You create it in every detail before you ever hammer the first nail into place. . . Then you reduce it to blueprint and develop construction plans. . . Begin with the end in mind. ” 

This principle applies to creating a compliance training program. A common mistake is jumping right to the question if which courses you want and how to deploy them. However, there are several things you need to think about before you start building the program.

Here are the steps we followed at GM as we envisioned what our compliance training should look like:

  1. Decide on the program’s guiding principles
  2. Establish program design objectives
  3. Develop a style guide or set of course standards
  4. Determine the exact risks that will be addressed by the training program
  5. Set up a governance process to ensure stakeholder alignment, approve the program design, approve the budget, and monitor effectiveness.

In Covey’s terms, these activities resulted in the blueprint — or the  “first creation” —  of our compliance training program. We did all of these before we selected our vendor and started building our training courses.

Three Principles of Highly Effective Training Program

Like Cover’s “Seven Habits” book, I’ve come up with “Three Principles of Highly Effective Training Programs.”

As we put together our compliance training program at GM, we came up with three foundational principles that guided our efforts for our compliance training program: Trust, Respect, and Accountability. These principles guided many of the decisions we had to make as we developed the program. We relied on these principles when we select our vendors, when we decide how many courses should be required each year, when we pick the languages for translations, when we set training completion deadlines, when we send out reminders, when we could grant exceptions, and so on.

Trust:We trust our employees to take their compliance training seriously. We trust that they already have a fundamental commitment to “Winning with Integrity” (which is the name of our Code of Conduct). We trust that once they have received proper training, they will conduct business and make decisions with integrity and in strict compliance with applicable laws, regulations, and company policies. The opposite of trust is obviously distrust. A compliance training program can inadvertently send a message that “we don’t trust you to do the right thing.” In fact, it can almost become punitive by having so many courses or repeating courses over and over again. There’s that old t-shirt slogan that says, “The beatings will continue until morale improves.” You can almost rephrase that to say “the long and boring trainings will continue until the company culture improves.” If you don’t implement your training program strategically, your learners will view ethics and compliance training as a miserable task that they have to do just to satisfy the lawyers. Trust goes hand-in-hand with the second guiding principle, Respect.

Respect:The compliance training program will respect the employees’ time and the company’s time. We will not require employees to take courses that are not relevant to their role. We will respect their intelligence by assuming that they understand the principles without needing to take the exact same courses repeatedly. We will respect their time by keeping the courses short and to the point. We will set standards for the courses so employees don’t have to learn a new method for navigating the different courses. We will respect our company by following the company’s branding guidelines and by using images that reflect company standards and reflect the company’s business activities.

Accountability: And finally, the training program will not be effective without accountability. Accountability applies to our employee/learners, our people leaders, and our vendors. Employees will be held accountable for taking their training seriously and within the established time frame. They will also be held accountable for internalizing the training content, and then acting with integrity and in compliance with the principles taught in the training program. Managers will be held accountable for ensuring that their staff complete the courses within the established deadlines. Our vendors will be held accountable to delivering quality content and according to the development deadlines established by the program. These three principles become the measuring stick for our compliance training program. We always think about whether our program-level decisions reflected our core design principles of trust, respect, and accountability. With these principles in place, we were ready to take the next step: Developing a set of design objectives for the program. [The topic of the next podcast.]

Having honored two deceased titans from the world of rock and roll, today we honor and artist who is still very much with us and one of his most seminal albums. That artist is Sir Paul McCartney and the album is Band on the Run, which began a stellar eight-week run at Number 1 on the charts 50 years ago this week. The album was recorded in Lagos Nigeria of all place with only Sir Paul, his wife Linda and former Moody Blues founder Denny Laine in the sessions. According to This Day in Music, “By the spring of 1974, bolstered by the hits “Helen Wheels”, (named after the McCartney’s Land Rover, which they nicknamed “Hell on Wheels”), “Jet” and the title track “Band on the Run”, it reached #1”. The album revitalized McCartney’s critical standing and even today, it remains McCartney’s most successful album and the most celebrated of his post-Beatles works.

McCartney’s ability to write was tested when, in Jamaica, he was challenged by Dustin Hoffman to write a song based upon a topic of Hoffman’s choosing. McCartney agreed, “so Hoffman pulled out a magazine where they saw the story of the death of Pablo Picasso and his famous last words, “Drink to me, drink to my health. You know I can’t drink anymore.” Paul rose to the challenge and wrote the song on the spot.”

I thought about that story and McCartney’s ability to create something like a new song in that manner when I recently visited with Jonathan Hughes, Director, Strategic Relationships at Assent Compliance regarding how market impacts are driving the need for more technology-based solutions for supply chain management.  We began with a discussion about the use of third-party compliance platforms in supply chain risk management. Hughes noted this is something that he and his team at Assent are seeing more in the marketplace growing at what he termed an “exponential pace”. Interestingly, he believes it “keeps on snowballing, becoming more each and each year as more companies are adopting this technology. Moreover, I think it plays into each other as the more companies that adopt it, they pushed down through to their suppliers and so forth. But I think at its heart it has to do with the regulations themselves. As any compliance officer would tell you within the first few minutes of meeting them, regulations are becoming more prevalent and more complex.” A technological solution is now almost mandated from this complexity.

Hughes expounded more on this increase in complexity. He said, “if you look at the number of regulations on the book that a compliance officer had to deal with 10 years ago compared to five years ago, even compared to two years ago, then look at the number of new regulations that are being promulgated and planned over the next two, three, four, five years. It really is quite staggering.” Equally challenging for the supply chain professional is the dynamic nature of these regulations. This means is that a lot of these regulations now have room in them to change over time. Hughes related, “just with the depth, complexity and the volume of that information, the regulatory knowledge that you need to be a supply chain compliance officer is literally doubled in the last five years.”

All of this leads to a number of questions which the supply chain professional must ask when it comes to the management of their supply chain around data, evidence and documentation. Such as: How do we capture this data? How do we measure this data? How do we verify this data? How do we access this data quickly and efficiently to respond to regulators? Corporate stakeholders? Customers? Hughes believes all of this “leads to more complexity and burden on your internal programs. This leads to the need for more processes and governance. So, when you add these things up, many companies are looking for a service provider who can deliver a platform which can handle this myriad of issues.”

A challenge which I see, now almost daily, is the change in trade regulations from the current administration. When you overlay these changes on an already challenging environment, I wondered how a product and services provider such as Assent can create solutions which can keep pace. Hughes said the answer centers on the ability of the Assent platform to rapidly scale up. “Talk to most any success entrepreneurs and they will tell you one of their greatest challenges is what do you put in place that allows you to scale up, not painlessly, as it will never be painless but with is as little friction as possible.”

Hughes said this “moving yardstick” in the rules, requirements and regulations around supply chain compliance forced Assent to find a solution. A key insight Assent has found to be effective is to build “configurability and scalability into our software. This means is once you have a set of configurable rules, processes and workflow that can be applied to any type of restriction and change, you can just tweak your system as needed.”

This has allowed compliance changes, seen in almost real time, to be met with a product which meets these challenges. This comes through having a solution which is scalable, easily re-configured when a change comes out. Assent originally made these changes to its platform due to rapid changes in sourcing regulations. Hughes related, “it’s very fortuitous to us that we prepared to do this in one space and now this happening in another space like trade compliance. We can take those set of features and configurability and scalability and apply it to another solution. That is one of the overall benefits of being on a platform like Assent. We have these wide range of sets and features; we can often apply them to different  supply chain and compliance issues.”

Just as most songwriters rarely accept a challenge to write a song on the spot, especially one for an album; most compliance professionals do not think of scalability as a key component for a compliance solution. However with the rapid and ongoing change in trade and economic sanctions, literally on a daily basis; the ability for a compliance professional and a compliance program to nimbly and agilely respond is becoming much more critical. Do your compliance production solutions have the ability to scale up?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2019

As the enjoy the Astros continue their decimation of their AL West opponents and the lads celebrate finally getting their own iTunes show, they return to discuss both events some of this week’s top compliance and ethics stories which caught their collective eyes.

  1. Complexity and compliance, how do you deal with this in your compliance program. Tom and Matt Kelly explore in separate blog posts on the FCPA Compliance Reportand Radical Compliance, both relating to the Boeing 737 Max disaster. They debate it into the week’s on Compliance into the Weeds. Tom has a solution to siloes with horizontal communications.
  2. The SEC gives two whistleblowers a premium for reporting internally before disclosing to regulators. Harry Cassin reports in the FCPA Blog. Matt Kelly weighs in on Radical Compliance.
  3. Wither CITGO? Tom predicts things will go downhill quickly in a FCPA kind of way in the FCPA Blog. The next day the government announces a subpoena to CITGO for potential FCPA violations. Sam Rubenfeld (yes that Sam Rubenfeld) and Daniel Harris report in the Kharon Brief.
  4. The Malaysian Anti-Corruption Commission on extending the commitment of management to do business in compliance and ethically. Jerrod Baker in the FCPA Blog.
  5. Managing Anticorruption Compliance Under the EU’s General Data Protection Regulation. An article by Ruta Mrazauskaite in the Global AntiCorruption Blog.
  6. Is Exxon evil? Jaclyn Jaeger thinks so and explains why in an Op-Ed piece in Compliance Week.
  7. Mike Volvok follows his 3-part series on auditing your investigative protocol with a 4-part series on a sanctions compliance program; all on his blog site Corruption, Crime and Compliance. (Part 1, Part 2, Part 3 and Part 4) If. You prefer the audio format of a podcast, click here.
  8. Why is compliance is critical in the daily changing Trump trade wars against everyone. Paul Ziobro reports on FedEx in theWSJ.
  9. Why a ‘necessary evil’ does not constitute effective compliance. Mary Bennett explains on Navex Global’s Ethics and Compliance Matters
  10. ESG Screening Underscores Challenges in Third-Party Risk Management. Brian Alster considers in Corporate Compliance Insights.
  11. This week Tom had a special 5-part podcast series sponsored by AMI on the new Justice 2019 Guidance featuring Eric Feldman. Check out the following: Part 1-Introduction;Part 2-Well-designed;Part 3– Effectively Implemented; Part 4-Working in Practice; Part 5-Final Thoughts. The podcast is available on multiple sites: the FCPA Compliance Report, iTunes, JDSupra, Megaphone ,YouTube,  Spotifyand Corporate Compliance Insights. The Compliance Podcast Networkjoins C-Suite Radio.
  12. Join Tom in Boston for his industry leading Compliance Master Class on June 11 & 12. Listeners who attend will receive a complimentary copy of The Compliance Handbook. Registration and Information is here. Join Tom, Eric Feldman, Vin DiCianni and Jay at the AMI Roundtable in Boston on June 13 for a deep dive into the DOJ’s new Evaluation of Corporate Compliance Programs-2019 Guidance. Information and registration is here.
  13. Looking to use the 2019 DOJ Compliance Guidance to help create a best practices compliance program. Check my new eBook published by CCI. Best of all it’s free.

Tom Fox is the Compliance Evangelist and can be reached at Jay Rosen is Mr. Monitor and can be reached at

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit our sponsor Affiliated Monitors at

Today we conclude a five-part podcast series sponsored by Hanzo, where we have considered how to leverage Artificial Intelligence (AI) in compliance investigations. I have been joined by several members of the Hanzo team as we explored the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency.

Our explorations include considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. In Part 5, I am once again joined by Keith Laska, Chief Commercial Officer, to consider how the company’s specific approach to finding and managing data across the entire lifecycle of an investigation improves the efficiency of a compliance investigation in a cost-effective manner.

In the prior episode, Laska provided his thoughts and observations from a macro level on the tools and techniques for capturing information from the public web  and internally, archiving it and using it in litigation as a much more proactive approach to help companies streamline and reduce their costs to a very proactive risk mitigation strategy. We used this as a starting point to discuss how this approach is helping not only litigation and legal professionals, but the compliance professional to use the information that is publicly available to help not only measure your risk, but actually manage that risk going forward.

Laska related that the mission of Hanzo is to help companies be proactive about reducing active risks, whether those be in the litigation, reputational, compliance arena or elsewhere. He stated, “according to Dr. Michael Palmer who wrote a fantastic paper on litigation risk management, where he found organizations spend up to 33% of their operating profits on litigation. It’s about $23 billion per annum among large US corporations. So obviously companies spend a lot of money in litigation. The second data point that’s interesting is general harassment and of course sexual harassment charges filed with the EEOC are rising by 12% in just one year largely because of the #MeToomovement. These are areas that corporations are trying to grasp and grapple with the time it takes to investigate these and other claims are falling way outside of the recommended compliance guidelines.”

While these costs certainly are financial considerations which need to be managed, Laska’s third factor may, in the end, be the most significant for the longer term. He said, “86% of US citizens use social media every day. There’s a wide adoption of social media and it’s blurred the lines between private company communication like Slack and SharePoint, Zoom, etc., and then public social media sites like Facebook, Twitter, Instagram and Snapchat. You have this interesting dynamic where employees are commonly connecting with each other outside of company networks. They are connecting with each other on Facebook, Instagram and Snapchat. This is increasing compliance risk and areas that many compliance professionals find hard to understand if not impossible to analyze.”

These connections outside the business world are an increased risk. Conversely, these connections employees have are opportunities for companies to see if they need to engage in a more robust risk management strategy. It allows companies to see if employees are thinking about or even doing things, that if not illegal are perhaps unethical, which a company wants to stop before it moves to a true legal violation or something that could be the subject of a civil litigation and monetary damages.

Through such monitoring there is an opportunity for companies to find continuing abusive behavior on public channels. Laska noted, “people who do not have regard for ethical behavior and appropriate behavior towards other individuals, the chances are that individual is going to replicate that behavior in other places as well. So, while it might not serve to be a smoking gun, it will serve to kind of be influential in the process of what you consider to be the right type of individuals to bring into your culture.” This provide significant value to corporations to get ahead of these issues.

We discussed the increased need for monitoring of social media channels as they amplify the messaging across their platforms. Moreover, if an employee engages in abusive behavior on social media platform and then does so at the workplace, it could provide the actual notice to an employer which could result in higher liability. We concluded with a few words on archiving or in Compliance Evangelist parlance, Document, Document, and Document. This is not only a key for the litigation process but discussions with regulators/prosecutors in an enforcement action. Chain of custody is critical for litigation and the preservation is critical for regulatory enforcement. The Hanzo Investigator allows you to archive and preserve documents, data and information.

The Hanzo Dynamic Investigator is a tool which can significantly benefit the compliance professional. The information which is communicated through non-company channels is significant. As a compliance professional, you need to be aware of what your employees are not only doing but also their communications to prevent, detect and remediate any issues before they become legal violations going forward.

I am on a five-part podcast series sponsored by Hanzo. In this series we consider how to leverage artificial intelligence (AI) in compliance investigations. In this series I am joined by several members of the Hanzo team as we explore the current best practices around investigations and how your compliance function can take investigations to a level of cost efficiency and operational proficiency.

Our explorations includes considering the current Department of Justice (DOJ) guidance on investigations, the use of AI in the Hanzo Investigator, how Hanzo technology can help a company overcome common investigative challenges and Hanzo’s specific approach to finding and managing data across the entire lifecycle of an investigation. In this Part 4 I am joined by Keith Laska, Chief Commercial Officer at Hanzo to consider how the use of AI in investigations improves the workflow and processes around solving complex problems that compliance professionals experience when work around data.

Having previously spoken with Sean Freidlin and Jim Murphy on the state of internal compliance investigations and how Hanzo technology works in addressing some of the challenges people in this industry experience, I asked Lasko to take a view from the macro level. I wanted to know what are some of the consistent themes that he has observed across differing problems? More importantly, how does Hanzo help these organizations overcome such challenges?

Laska related that it is one of the things “that I have a lot of time to think about in planes, trains, and automobiles.” He noted, “it comes down to this one prevailing challenge that has a ripple effect throughout an organization, as humans, we create and produce new data faster than we can process and understand it.”

He further explained, “right now, literally in any office across America, millions of new pieces of unstructured web data are being created with every keystroke by every employee. This is from their website traffic, to their social media activity to their chats and exchanges in team collaboration tools and via email. There is an essentially an endless river of data which is flowing with information.” The difficulty within corporate compliance and legal functions is managing and understanding data across its lifecycle, understanding the risks and in using the insights from the data. There are opportunities that exist within that data which have not been fully embraced and operationalized. He concluded, “progress is being made on solving these problems and addressing these challenges head on”.

We then turned to some of the specific challenges and opportunities that technology creates for compliance teams. When you talk about embracing and operationalizing data within the corporate compliance function Laska said, “I think it comes down to building technology that solves problems as they organically appear and evolve within an organization.” Moreover, using AI and machine learning as a part of the solution to processing and controlling that data with the scale and speed what is needed. He cautioned that it is not “a magic bullet that automatically fixes everything nor is all, but it’s not AI and tech created equally”.

Yet even the DOJ is elevating their expectations around how compliance teams use and leverage data. The recently released Evaluation of Corporate Compliance Programs (2019 Guidance) suggested that compliance teams should leverage the wealth of data they collect to identify any patterns of misconduct and compliance weakness, and also that they should be receiving funding and budget to improve mechanisms around the processes of conducting and reporting on investigations.

Join us in our final episode where we will conclude our five-part podcast series by continuing the conversation with Laska to consider the company’s specific approach to finding and managing data across the entire lifecycle of an investigation or enforcement action.