Compliance Training IVI conclude my four-part series on ethics and compliance training today by looking where effective training is going. One of the criticisms leveled by L. V. Anderson, in her Slate article, entitled “Ethics Trainings Are Even Dumber Than You Think”, was the stalid nature of the experience for the student. I think the answer to this conundrum is to look to the world of gaming for insight into how to make the listener experience more enjoyable and effective training in communicating the concepts.

Kyle Turco, in a Technological Advice article, entitled “How Gamification Can Improve Employee Training”, wrote “Gamification, or the use of game dynamics in a non-game context, will yield powerful results for employee training. One of the most beneficial aspects of gamified training is that it adds fun and excitement to a previously boring procedure. While arduous training programs can discourage incoming employees, game dynamics can increase engagement and morale.” Moreover, “By increasing interest and engagement during training, trainees are able to better understand the nature of the company.”

Turco went on to explain that it is the dynamics of gaming, which brings increased effectiveness to such employee training. These dynamics not only increase the communication component to training but also add to its effectiveness through a more complete user experience. Turco said one way to do this is “to add points and badges as prizes for completed courses. Adding incentives is a simple way to encourage participation. In addition to rewarding completion, there is an advantage to taking it further and rewarding mastery and knowledge. If the training program requires, assigning performance based status or rewards will encourage trainees to perform at a higher level.”

Even a concept as simple as competition can improve the experience by adding a “social dynamic to training.” Turco wrote, “By publicly rewarding completion or mastery, trainees will feel driven to compete. This is specifically powerful in the training process because incoming employees may feel especially driven to show their capabilities. Furthermore, it can foster positive social interactions among new employees. Instead of losing productivity because new workers are alone or intimidated, a gamified training process can get them accustomed to the company culture and feeling comfortable right out of the gate. Additionally, it can put them directly in-touch with existing employees and tasks.”

He pointed to the example of SAP, which “added gamification to their college recruitment process. SAP implemented a MindTickle platform that included badges, points and leaderboards. When the newly-gamified hires were compared to their predecessors, SAP noticed a 75% increase in awareness about the company and related products. The MindTickle platform helped remove four classroom training sessions and created 70% savings in senior management coaching time and a 60% reduction in administration costs.”

Tying these concepts directly to ethics and compliance training, OCEG President Carole Switzer, in an article entitled “Playing the Game of Risk in Workplace Education”, noted, “Well-designed games encourage engagement, and more engagement means more reinforcement, and that leads to better recollection and application of the information. Situational decision-making drives the player to think, not just act. Making wrong choices and seeing the consequences leads to desire to act the right way and gain rewards, be it advancing to the next level of the game, earning a prize for success, or understanding that in the real workplace world the reward may be achievement of personal and organizational objectives.”

I recently had the chance to chat with Sam Claxton, Product Manager over Training and Education Products for the Red Flag Group (RFG, who sponsor this blog). Claxton came from the world of gaming before he joined RFG and continues to actively participate in that sport. He explained that through this gaming concept of dynamics you are bringing to your ethics and compliance training the concept of scoring. Employees will consider how their “scores compete with other people’s score in a leaderboard or if you do a certain number of clicks or wrong answers, right answers you get a reward or a score or a star. I think that’s actually not as effective as other gaming mechanic because are 2 people going to sit down and really look at, “Oh I completed my compliance training at this time and with this score. What was your score? What was your time?””

Another concept from gaming is that of viewer engagement, which means engaging the ethics and compliance training so that users want to do compliance training and spend their time engaged with the content. He provided two examples on how such engagement can be accomplished. The first is through story telling. Any engaging training should have a large amount of focus on creating characters and creating a world to fit the compliance training so that people are engaged. This is because people care about the characters. Engaging ethics and compliance training will provide each character with a back-story so you pick up those nuances as you go through the training. This entices the employee in training to want to go “to the next bit to see how these characters interact with each other. When one character finds out a secret about another character, you want to know how the other character will react but at the same time, not dramatizing it because content must always be king.”

The second major lesson from gaming is the quality of the visual experience or the animation. Claxton said, “by using 3d Pixar animation, which is a high quality visual, “the user can be a lot more immersed in the world because it’s not just text on a slide. They’re not just surrounded by text. We live in a colorful, vibrant world, that should be reflected in the training so that they’re immersed and see the content in a real life example.”

The next step past these lessons learned from the world of gaming is to create a platform that will provide adaptive training to clients. This means that each user will have their own individual course so, based on the risk profile of that user, they will get a course tailored to their risk areas. Indeed it can be specific to a potential situation that might have a higher risk for bribery and corruption. This can be accomplished through short and impactful mini-trainings. For instance, if a high-risk employee is going to a location, such as one with a high propensity for corruption, dealing with a foreign government official or third party sales representative, they can select a succinct 2 to 3 minute training to enhance their knowledge. This can certainly be effective for their ongoing development and awareness of compliance. Finally, through a technological solution, there will be an audit trail so that you can Document, Document, and Document.

I hope that you have enjoyed this series on ethics and compliance training and that it responds to Anderson’s original assert that ‘ethics trainings are even dumber than you think.’ Never forget that the US government considers training important, as reflected in the US Sentencing Guidelines and the Ten Hallmarks of an Effective Compliance Program. There are mechanisms in place that allow you to provide a more focused, effective training through risk ranking and design. You can evaluate the value of your training through estimating your return on investment (ROI). And finally, one should never lose sight that training is another way to communicate your company’s values. If you say it enough, tied to a culture of compliance, people will do the right thing.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Compliance Training IIIThis week, I am exploring issues related to compliance and ethics training, inspired by an article in the online publication, Slate, entitled “Ethics Trainings Are Even Dumber Than You Think, by author L.V. Anderson. Today I tackle the issues of effectiveness and evaluation of your compliance training.

While most people tend to overlook the issue of attendance at training, it is an issue that should also be considered. You should determine that all senior management and company Board members have attended Foreign Corrupt Practices Act (FCPA) compliance training. You should review the documentation of attendance and confirm this attendance. Make your department, or group leaders, accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.

 One of the key goals of any FCPA compliance program is to train company employees in awareness and understanding of the law; your specific company compliance program; and to create and foster a culture of compliance. The testing and evaluation of your FCPA compliance training program is an important aspect not to overlook. In their book, entitled “Foreign Corrupt Practices Act Compliance Guidebook: Protecting Your Organization from Bribery and Corruption”, Martin T. Biegelman and Daniel R. Biegelman provide some techniques which can be used to evaluate ethics and compliance training.

The authors encourage post-training measurement of employees who participated. A general assessment of those trained on the FCPA and your company’s compliance program is a starting point. They list five possible questions as a starting point for the assessment of the effectiveness of your FCPA compliance training:

  1. What does the FCPA stand for?
  2. What is a facilitation payment and does the company allow such payments?
  3. How do you report compliance violations?
  4. What types of improper compliance conduct would require reporting?
  5. What is the name of your company’s Chief Compliance Officer?

The authors set out other metrics, which can be used in the post-training evaluation phase. They point to any increase in hotline use; are there more calls into the compliance department requesting assistance or even asking questions about compliance. Is there any decrease in compliance violations or other acts of non-compliance?

What if you want to take you post-training analysis to a higher level and begin to consider the effectiveness through your return on investment (ROI)? Leona Lewis explored this issue recently on her podcast Masters of Disaster, where she interviewed Joel Smith, the founder of Inhouse Owl, a training services provider. He advocates performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. Smith admits that calculating legal ROI is very difficult as ethical and compliance behavior is an end-goal and of itself – not necessarily one that everyone feels should be subject to a ROI calculation.

Smith noted, “it is extremely difficult to isolate the training effect to calculate what costs you avoided due solely to your ethics and compliance training. Although each organization will have a unique ROI measurement due to unique training objectives, it is possible to use a general formula to calculate ethics and compliance training ROI.”

Smith’s model uses four factors to help determine the ROI for your ethics and compliance training, which are: (1) Engagement, (2) Learning, (3) Application and Implementation, and (4) Business Impact. These four factors are answered through posing the following questions.

  1. Figure out what you want to measure (i.e. what’s the “benefit”?) Before you ever train an employee, you should have a goal in mind. What actions do you want employees to take? What risks do you want them to avoid? In the FCPA, you want them to avoid ethical and non-compliant actions that would lead to FCPA violations. So your goal is to train employees to follow your Code of Conduct and your compliance program policies and procedures rules so you avoid liability related to actions. Therefore the benefit to calculate for ROI purposes is the total amount saved by the company because employees now understand (due to the training) not to engage in unethical and non-compliant conduct around bribery and corruption.
  1. Were employees satisfied with the training? What is their engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job. If it’s not targeted, employees will likely not be committed to changing risky behavior. Smith believes you can get data on employee engagement through a quick post-training survey. Although this factor does not produce a quantitative number to use in the ROI calculation, it will help you isolate and qualify the training benefit.
  1. Did employees actually learn anything? Smith believes that a critical part of any employee training is the assessment. If you want to understand the “benefit” of training employees, you must know whether they actually learned anything during training. You can collect this data in a number of ways, but for compliance training, the best way is to measure pre and post training understanding over time. Basically, each time you train an employee, measure comprehension both before and after training.
  1. Are employees applying your training? Smith says that for this point you will need to conduct a survey to determine employee application and their implementation of the training topics. To do so, you must conduct employee surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations. These surveys can provide a good sense of whether the training has been effective.
  1. What’s the quantitative business impact of your training? At this point you are ready to determine the numerical business impact of your ethics and compliance training. Smith has an approach he calls the “Best Guess” approach. Smith believes there are two parts to the business impact calculation: (1) the benefit calculation and (2) the isolation calculation. Smith provided five questions he would pose.
    1. How often could a noncompliance event occur?
    2. How much revenue would be involved?
    3. What is the profit margin on the revenue?
    4. What are the other costs?
    5. What are the noncompliance hard costs?

The next step is to isolate the benefits of training so that you properly attribute the ROI to the ethics and compliance training. To make this determination, you need to know at a minimum (1) whether employees understood the training and (2) whether employees are applying the training. This information must be compared with other factors, namely: (1) the effects of any other company initiatives involving anti-corruption, (2) employee attitudes regarding the topic and training, and (3) any business factors such as decreasing/increasing international revenue, macro-economic trends, etc. that may contribute to avoidance of a noncompliance event. From these calculations, you should then apply a percentage of the benefit to the training. Here Smith suggests 25%.

  1. ROI: bringing it all together. Now it is time to calculate the ROI. Here I turn to the formula as laid out on Smith’s company website: “Total FCPA Noncompliance Costs Avoided – Total FCPA Training Program Costs  ÷Total FCPA Training Program Costs ($20,000) x 100=ROI”. Smith concludes by noting, “Even though calculating training benefits is often difficult and imprecise, it’s incredibly important to make an attempt to quantify training ROI” to demonstrate not only effectiveness but also “so you can show business people the incredible effect that engaging training can have on the bottom line.”

The importance of determining effectiveness and the evaluation of your ethics and compliance program is becoming something that is emphasized more by the Department of Justice (DOJ). Beginning last fall, we started to hear that the DOJ wants to see the effectiveness of your compliance program. This is something that many Chief Compliance Officers (CCOs) and compliance professionals struggle to determine. Both the simple guidelines suggested by the Biegelmans and the more robust assessment and calculation laid out by Smith provide you with formulae you can use going forward.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Compliance Training IIYesterday I began what I thought would be a two-part series on compliance training.However, or perhaps more accurately, as usual, I got carried away so I am now off on a multi-part series on how to design, implement and assess an effective compliance and ethics training program. This series was inspired by an article in Slate, entitled “Ethics Trainings Are Even Dumber Than You Think”, by L.V. Anderson. Her article was generally dismissive of compliance and ethics training, panning it as a mere ‘check-the-box’ exercise so corporations could use it as a CYA defense if any government regulators ever came looking. In spite of her dismissive attitude, she did have some useful nuggets that you should incorporate into your Foreign Corrupt Practices Act (FCPA) compliance program.

The communication of your anti-corruption compliance program is something that must be done on a regular basis to help ensure its effectiveness. The FCPA Guidance explains, “Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, Department of Justice (DOJ) and Securities and Exchange Commission (SEC) will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been com­municated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.” Viewed from the perspective of what a company needs to do to work towards ensuring compliance and ethical behavior, training can be seen as a communications tool. But it should only be seen as one tool.

Anderson stated that for compliance training to be effective its needs to risk-based in its focus. This means employees with highest risk of exposure to bribery and corruption need to receive the highest levels of training and refreshers. From there you can tailor your training down to an appropriate level for those less at risk.

The risk ranking of employees is usually considered in a tripartite structure of (1) high-risk, (2) medium risk and (3) low risk. High-risk employees can be defined as those employees whose roles in your company can significantly impact the company. Medium risk employees can be defined as those employees who face risk on regular basis or present a moderate level of negative impact to a company if they mishandle the risk. Low risk employees can be considered those employees with a low likelihood of facing the attendant risk. Through the risk ranking process, you have internalized the admonition that “one size does not fit all in deciding the content and intensity of training needs for each role or individual”. You should be now ready to design your compliance training.

The first step is to define what you are trying to achieve in your compliance training. This certainly means more than simply ‘check-the-box’ training and when implementing compliance training you have put some significant time and thought into it. It should be well designed to the targeted group of employees who will receive it. Your compliance training can and should have several business-related goals, in addition to specifics of anti-bribery laws such as the FCPA. These include identifying the business objectives of engaging in commerce in a legally compliant manner; managing threats which may come to employees you have identified as high-risk and the business opportunities afforded if you have sufficient compliance systems in place to prevent bribery and corruption. Moreover, you can present tangible business benefits if you address these issues in a positive manner. Finally, such focused training can and should help to ensure integrity and the company’s reputation by strengthening your business culture and ethical conduct.

You are now ready to design your compliance training, with the above goals in mind. You should include the development of curriculum using a risk-based model and set uniform methods for acquiring content, maintaining records and reporting. This should be followed by the establishment of standards for selecting appropriate content, delivery methods, frequency, and assurance based on risk exposure. You can review any technological solutions for both e-learning delivery and documentation. Lastly, you will need to consider training content revision when requirements or risk analyses change.

After the design of the training program, the next level is to design the specific training courses. Here you should establish your learning objectives and map the training to legal and competency requirements. You must always remember who your audience is and what their characteristics might be. For the high-risk employee, you will need focused training so that they will be able to act with confidence in a wide range of scenarios and conditions based on a strong understanding of the risks, requirements and penalties. For the medium risk employee, compliance training should include scenarios so that they know the risks, requirements and penalties and should be able to apply their knowledge to common scenarios using standards and tools given to them. For the low risk employee, they should be made aware of the risks, requirements and penalties as well as your entity’s expectations about how to address it. They should know relevant policies and procedures and where to get assistance in addressing a risk or making a behavior decision.

Now you need to determine the most appropriate mechanism to deliver the content of your compliance training. You can use a variety of methods for each of the designed risk based rankings. The delivery of compliance training for high-risk employees should be repeated frequently using several methods of delivery. You can include ongoing risk profiling of individuals through assessment of behavior choices in online courses or live simulation exercises. Additionally, you should work to determine the effectiveness of your compliance training to this group through testing and certification. For your medium risk employees, your compliance training should have content to make them proficient in the subject, be refreshed periodically, use a mix of modes of delivery, both live and online, and have methods to demonstrate evidence of understanding. To address the content required for low risk employees it can be done largely through online training, again you will need to make sure the material is reviewed and updated on an as needed basis.

Lastly, and please do not forget this step, you need to ensure that the compliance training content is timely and the instructors are effective.

Tomorrow, I will consider the evaluation of your compliance training.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016