As you might suppose I read quite a bit. One of the pleasures I receive each month is when the copy of the MIT Sloan Management Review arrives. I also find the articles highly topical and present ways to consider new compliance strategies and technologies, together with insights on leadership. The 2017 Summer edition arrived on Friday so I am going to dedicate this week to considering an article the issue, each day this week, as it relates to the Chief Compliance Officer (CCO), compliance practitioner, compliance profession or a corporate compliance practice. Today I consider an article by Renée Richardson Gosline, Jeffery Lee and Glenn Urban, entitled “The Power of Consumer Stories in Digital Marketing”.

As I often note the customer for a CCO, compliance practitioner, or a corporate compliance practice is your employee. So why not use them to help you market the message of compliance. I can point to one current successful example of using the employee base and that is Louis Sapirman at Dun & Bradstreet, Inc. (D&B), who regularly connects with employees through in-company tweet-ups and other innovative techniques to tell stories around compliance identified using the internal hashtag #DoTheRightThing.

The authors consider a broader use and begin with the basic premise that “When consumers prepare to make purchase decisions, stories can deliver important information and shape the decision and the overall brand experience. With the advent of consumer-to-consumer social media platforms such as Facebook and Twitter, stories can be powerful tools for shaping cognitive processing, recall, brand image, and choice.” The authors found a statistically significant increase of product purchases, “when consumer-based storytelling was employed.” So why not use those same techniques around internal marketing of your compliance function and training on your compliance program?

From their research which led to the article the authors found that customers responded to a story about a brand, when certain factors were present. These included trust in the brand; that consumers saw themselves in the stories and there was a “self-connection” to the brand. Every corporate compliance program should have the employees trust and they should feel connected to the notion of doing business ethically and in compliance, if not the compliance function should fold up the tent and go home. The power of telling stories that resonate with the experiences of employees in the real world is also a well-known and used standard in compliance training. Here you can think of the RESIST training scenarios.

The authors proposed four steps which they advised a company to engage in to implement such a strategy. I found it quite use for the CCO or compliance practitioner to think through when considering this approach. I have adapted the authors’ consumer approach for the compliance practitioner and their employee base.

1.Work with consumers to generate believable and compelling stories. The authors found that by examining “comments on Facebook, Twitter, YouTube, and other social media sites, you should be able to find leads to consumer stories about your brand that you can follow up on. It’s a little like curating an art show: You need to find the best examples and work with storytellers to deliver the right message.”

For the CCO or compliance profession you should mine your data sources to find stories. Even if you are not as tech savvy as the compliance team at D&B, there should be a wealth of other compliance information and data available to you. You can consider hotline reports, remembering that not all hotline reports are of illegal, unethical or fraudulent conduct. It may only be the perception of unfairness or favoritism. Dispelling such faulty acuities can go a long way towards directly improving employee morale. This can be a powerful story and useful to utilize when marketing your hotline.

2.Convert stories into high-quality presentations. A great example here is a video CenterPoint Energy released in 2015 after the Volkswagen (VW) emissions-testing scandal became public. The video featured Scott Prochazka, CenterPoint Energy President and Chief Executive Officer (CEO). He used the VW scandal to proactively address culture and values at the company and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with a with an additional resource, entitled “Manager’s Toolkit – “What does Integrity mean to you?””, that managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, as noted by Amy Lilly, Director, Corporate Ethics and Compliance at CenterPoint Energy, the cost for the video was quite reasonable as it was produced internally.

3.Embed stories in your social media mix. The authors related, “Posting videos of customer stories on your brand website means they will be perceived as coauthored by the consumer and the brand. Use true consumer stories and present them through your branded social media channels to maximize impact.” Another way to consider this concept is that short videos are good videos. You can have a series of short videos communicating different aspects of your compliance program. It can range from short messages from your CEO, to videos of your CCO to videos of employees. Employees always tune in when senior management speaks to them internally through a video. Employees want to hear from the President and a message of commitment to the culture values of doing business ethically and in compliance is always a message that will resonate with employees. Finally, employees want to hear stories from and about their co-workers who faced compliance challenges and #DoTheRightThing.

4.Integrate paid media strategies with voluntary sharing of stories on social media. Here the authors focus on the overlap and intersection of professional media strategies with “story-based consumer content generated for social media.” For the compliance practitioner, this translates into an opportunity around training. You can use traditional methods of compliance training, interspersed with videos and other social media uses of your employee base with real world examples of how compliance not only helped them do business ethically and in compliance but also how it made your organization more efficient together with being more profitable.

The authors conclude by noting, “Throughout history, storytelling has been an integral way to convey attitudes and values, and it will remain a key source of information and influence in the digital world. As new technologies such as virtual reality evolve and improve, brands can expect to continue to have new opportunities to use consumer storytelling in their communication strategy.” You should incorporate these concepts and employee-told stories into your compliance message as well.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

May 4th is universally recognized (at least in the universe I inhabit) as Star Wars Day. According to Wikipedia, “May 4 is called Star Wars Day because of the popularity of a common pun spoken on this day. Since the phrase “May the Force be with you” is a famous quote often spoken in the Star Wars films, fans commonly say “May the fourth be with you” on this day.” Given the rejuvenation of the franchise, in the form of Star Wars VII – The Force Awakens and with the release of Star Wars VIII, The Last Jedi, scheduled for December 2017; all Star Wars fans and have reason to celebrate this May 4th in a manner we have not seen for some time.

The most recent entry into the Star Wars oeuvre was a prequel entitled Rogue One. It was a rollicking fun ride with hints of many of the characters that appeared in the first Star Wars movie A New Hope way back in 1977. It also had one of the most ingenious technical innovations, in a series filled with technical innovations, that of bringing Peter Cushing to life as Governor Tarkin. It will be interesting to see if Carrie Fisher receives the same treatment or if there was enough footage filmed before she moved permanently to the Star Wars universe last December.

In honor of May 4th, Star Wars and Carrie Fisher, today I want to consider the use of video to assist ongoing communications in a best practices compliance program. It has certainly been proven that social video can boost your company’s brand awareness and its sales. Why not consider using video to boost your compliance functions brand awareness and help spread the message of your corporate values and ethos. In an article in Inc., entitled “Get Rolling”, it reported that Facebook now generates an “average of eight billion video views per day and YouTube reaches more 18- to 49-year olds than any cable network in the U.S.” Why not take advantage of this natural tendency to produce compliance focused content that would engage your compliance customer base – your employees.

The article provides three short guidelines to consider which are equally valid for considering communications from the compliance function. The first is to have a plan around what you want to do. This includes not only your script but also your budget. It does not have to a large high dollar production. You can shoot a video in your office, literally using your iPhone if that are all the resources you can muster. I recently attended the tech conference Collision 2017 and in the press area, there was a set up for interviews using iPhones. At the 2016 SCCE Compliance and Ethics Institute, Kortney Nordrum recorded Roy Snell and myself for a live session of Unfair and Unbalanced using her iPhone.

Another resource is your corporate media function. A great example was a CenterPoint Energy video put out in 2015 after the Volkswagen (VW) emissions-testing scandal become public. The video featured Scott Prochazka, CenterPoint Energy President and Chief Executive Officer (CEO). He used the VW scandal to proactively address culture and values at the company and used the entire scenario as an opportunity to promote integrity in the workplace. But more than simply a one-time video, the company followed up with a with an additional resource, entitled “Manager’s Toolkit – “What does Integrity mean to you?””, which managers used to facilitate discussions and ongoing communications with employees around the company’s ethics and compliance programs. Finally, as noted by Amy Lilly, Director, Corporate Ethics and Compliance at CenterPoint Energy, the cost for the video was quite reasonable as it was produced internally.

This CenterPoint Energy example brings up another key point which is timing. Just as many Chief Compliance Officers (CCOs) used the New York Times (NYT) breaking story on Wal-Mart’s alleged Foreign Corrupt Practices Act (FCPA) violations in Mexico back in 2012 as an opportunity to brief senior management on what can happen when your company appears on the front page of a Sunday NYT edition for FCPA violations; CenterPoint Energy used the VW emissions-testing scandal as an opportunity to not only reaffirm its own corporate values but also engage in ongoing communications.

Another key element is also built around time and it is that “short videos are good videos”. You can have a series of short videos communicating different aspects of your compliance program. It can range from short messages from your CEO, to videos of your CCO to videos of employees. Employees will always tune in when senior management speaks to them internally through a video. They want to hear from the President and a message of commitment to the culture values of doing business ethically and in compliance is always a message that will resonate with employees.

Also consider having employees in short discussions on how they may have overcome compliance challenges. Celebrate these events but do not forget their power to educate and inspire other employees. Such techniques can give your employees a peek behind the curtain, not to show the wizard has no clothes but because it makes your internal compliance function seem more authentic.

What are some of the venues you can utilize for these videos? Of course internal channels are appropriate to use. If you have an internal Twitter like function, you can post short videos that can be posted and reposted multiple times per day. If you have a tech savvy, media-friendly company you might consider an Instagram type approach, combining videos and pictures. Finally, do not forget the power of YouTube. It is one of the largest search engines behind Google and the prime location for video watching by the vast majority of folks these days.

Finally, never forget that one of the key factors listed in the Morgan Stanley Declination to Prosecute was 35 compliance reminders provided to their recalcitrant FCPA violating Managing Director Garth Peterson over seven years. These types of videos can certainly be used in a variety of ways, including as a legal defense to any FCPA investigation.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today focus in the Code of Conduct series is on the aspect of training on your finalized Code of Conduct. Eric Morehead, Principal of Morehead Compliance Consulting, joins me in this series. While there have been criticisms of Code of Conduct training, if you consider training as one source of your communication, the rollout of a new or updated Code of Conduct can be an opportunity. Morehead has noted that a Code of Conduct can be the “centerpiece of a broad communications and engagement plan.” The delivery of a Code of Conduct is a key element of its effectiveness. By allowing your employees and other stakeholders to engage and interact with the Code of Conduct, through live or interactive training, the effectiveness can be better monitored and measured. This can also be used as an

In a white paper, entitled “Top 5 Tips for Effective Code of Conduct Revisions, Morehead noted that often companies have a formal launch of the Code of Conduct where senior management and the corporate compliance function “conduct on-site activities across the organization to promote the launch of the new Code, or launch interactive activities such as video competitions that ask stakeholders to such submit short videos on Code topics.” However, this is not the sole manner to have such a rollout as other companies “keep the message more informal but use frequent touchpoints, for example, through email or cascading messages through line managers, to keep up the drumbeat on compliance topics and reinforce the role of compliance.” The key is to “capitalize on the opportunity a new Code gives you.”

One of area in the recently release Department of Justice’s (DOJ’s) Evaluation of Corporate Compliance Programs (Evaluation) that had a new emphasis was in the effectiveness of training. I think everyone would understand you do need to train but now the government’s talking to us about effective training. I asked Morehead what he has observed on what makes Code of Conduct training effective. Fortunately, from his professional background with Corpedia and the NYSC Governance Services, he is quite familiar with various types of training.

You can start with live training that can be held at the corporate headquarters with senior management and even executive involvement. Many companies will videotape a message from the Chief Executive Officer (CEO) to help celebrate the rollout. Then there is the opportunity for localized training that gives employees an opportunity to see, meet, and speak directly with a compliance officer, not an insignificant dynamic in the corporate environment. Such personal training also sends a strong message of commitment to the Code of Conduct. It gives employees the opportunity to interact with the compliance officer by asking questions which are relevant to markets and locations outside the United States, which can often provide employees with the opportunity to have confidential in-person discussions.

An important part of in-person training is the opportunity to interact with the audience through Q&A. There are a couple different approaches to Q&A. The first is to solicit questions from the audience. However, many employees are reluctant, for a variety of different reasons, to raise their hands and ask questions in front of others. This can be overcome by soliciting written questions on cards or note pads. A second technique is to lead the audience through hypothetical examples in which the audience is broken down into small discussion groups (up to five people) to discuss a situation and propose a response. However, with a worldwide, multi-thousand person workforce with multiple languages, an entire Code of Conduct roll-out based on live training may not be feasible.

Not surprisingly, and one of the key themes in compliance, is to understand your company and tailor your compliance program, including your Code of Conduct training, for your audience. Companies have to consider their audience when considering drafting the Code of Conduct, the kind of tone it is going to have, how long it is going to be and topics you are going to cover in the Code of Conduct; the same analysis is true for your training.

Morehead believes most organizations put together custom training for their Code of Conduct rollout. It is typically online “and if it makes sense for them for their code of conduct training, and I think the same rules apply here, you want your training to really resonate with the audience that you’re trying to reach and I think the trends we see here, generally speaking, are that the code training is a lot shorter than it used to be in the past.”

He also suggested that your Code of Conduct training could be more modular in presentation. “For instance, if your company identified 12 key risk areas in the Code of Conduct, you could   train on six risk areas each year, instead of the full dozen. You could keep important topics like reporting and non-retaliation and similar aspects that always have to be talked about on an annual basis but maybe you split up the topics and try to shorten the length that way.”

Another mechanism Morehead has observed over the past few years is more interactive training. When audience members are required to answer questions on an ongoing basis it can foster more engagement. It can also help to meet the DOJ requirement to demonstrate the effectiveness of training. He also noted that “gamification which kind of goes hand in hand with interactivity has been talked about a lot over the last few years.” His understanding is that gamification and interactivity make “it a little bit more effective for millennial members of the workforce.”

At the end of the day, the reality is that just as with different types of codes making sense for different types of organizations the same is true for interactive training. As Morehead noted, “It may make sense for your population. It may not.” But it does mean you should consider your population, “take a look at the offerings that are out there to consider how does it fit into your organization.”

Morehead ended by noting that your “training really ought to bear some resemblance to the way you communicate in the Code and the topics that you communicate in the Code of Conduct.” It really does your organization no good, “If it’s completely divorced from that then you’re missing an opportunity to drive people from training to the Code and from the Code to you know better understanding the training. So you kind of missed, to use an overused term you’ve missed some synergy there if they are divorced from each other and they don’t really speak to the same topics or speak in the same way about those topics. So I would try to keep them similar and I guess that’s another call for considering a custom implementation rather than an off the shelf implementation”.

Whatever approach is used, one of the critical factors is the length of time of the training session. Although lawyers and ethics and compliance professionals can (sometimes) sit through a multi-hour Code of Conduct, it is almost impossible to keep the attention of business and operations employees for such a length of time. The presentation and number of PowerPoint slides must be kept to a manageable length before the attendee’s eyes start to glaze over.

Tomorrow I will conclude this week’s series by looking at a Code of Conduct update as a way to operationalize your compliance regime.

For more information on Eric Morehead, Morehead Compliance Consulting or to contact Eric Morehead, go to Morehead Compliance Consulting.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Prong 6, Training and Communication, of the Justice Department’s Evaluation of Corporate Compliance Programs reads, in part: 

Form/Content/Effectiveness of Training – Has the training been offered in the form and language appropriate for the intended audience? How has the company measured the effectiveness of the training?

Most companies have not considered this issue, the effectiveness of their compliance program. I would suggest that you start at the beginning of an evaluation and move outward. This means starting with attendance, which many companies tend to overlook. You should determine that all senior management and company Board members have attended compliance training. You should review the documentation of attendance and confirm this attendance. Make your department, or group leaders, accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program. 

One of the key goals of any  compliance program is to train company employees in awareness and understanding of the law; your specific company compliance program; and to create and foster a culture of compliance. In their book, entitled “Foreign Corrupt Practices Act Compliance Guidebook: Protecting Your Organization from Bribery and Corruption”, Martin T. Biegelman and Daniel R. Biegelman provide some techniques which  can be used to begin evaluate the effectiveness of your ethics and compliance training.

The authors encourage post-training measurement of employees who participated. A general assessment of those trained on the FCPA and your company’s compliance program is a starting point. They list five possible questions as a starting point for the assessment of the effectiveness of your FCPA compliance training:

  1. What does the FCPA stand for?
  2. What is a facilitation payment and does the company allow such payments?
  3. How do you report compliance violations?
  4. What types of improper compliance conduct would require reporting?
  5. What is the name of your company’s Chief Compliance Officer?

The authors set out other metrics, which can be used in the post-training evaluation phase. They point to any increase in hotline use; are there more calls into the compliance department requesting assistance or even asking questions about compliance. Is there any decrease in compliance violations or other acts of non-compliance?

What if you want to take you post-training analysis to a higher level and begin a more robust consideration of the effectiveness of compliance training through an analysis of return on investment (ROI)? Joel Smith, the founder of Inhouse Owl, a training services provider, advocates performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (IE., effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. Smith admits that calculating compliance ROI is very difficult as ethical and compliance behavior is an end-goal and of itself – not necessarily one that everyone feels should be subject to a ROI calculation.

Smith noted, “it is extremely difficult to isolate the training effect to calculate what costs you avoided due solely to your ethics and compliance training. Although each organization will have a unique ROI measurement due to unique training objectives, it is possible to use a general formula to calculate ethics and compliance training ROI.”

Smith’s model uses four factors to help determine the ROI for your ethics and compliance training, which are: (1) Engagement, (2) Learning, (3) Application and Implementation, and (4) Business Impact. These four factors are answered through posing the following questions.

  1. Figure out what you want to measure. Before you ever train an employee, you should have a goal in mind. What actions do you want employees to take? What risks do you want them to avoid? In the FCPA, you want them to avoid non-ethical and non-compliant actions that would lead to FCPA violations. So your goal is to train employees to follow your Code of Conduct and your compliance program policies and procedures so you avoid liability related to actions. Therefore the benefit to calculate for ROI purposes is the total amount saved by the company because employees now understand not to engage in unethical and non-compliant conduct around bribery and corruption.
  1. Were employees satisfied with the training? What is their engagement? The next step is to get a sense of whether employees feel that the training you provided is relevant and targeted to their job. If it’s not targeted, employees will likely not be committed to changing risky behavior. Smith believes you can get data on employee engagement through a quick post-training survey. Although this factor does not produce a quantitative number to use in the ROI calculation, it will help you isolate and qualify the training benefit.
  1. Did employees actually learn anything? Smith believes that a critical part of any employee training is the assessment. If you want to understand the “benefit” of training employees, you must know whether they actually learned anything during training. You can collect this data in a number of ways, but for compliance training, the best way is to measure pre and post training understanding over time. Basically, each time you train an employee, measure comprehension both before and after training.
  1. Are employees applying your training? Smith says that for this point you will need to conduct a survey to determine employee application and their implementation of the training topics. To do so, you must conduct employee surveys to understand whether they ceased engaging in certain risky behaviors or better yet understand how to conduct themselves in certain risky situations. These surveys can provide a good sense of whether the training has been effective. 
  1. What’s the quantitative business impact of your training? At this point you are ready to determine the numerical business impact of your ethics and compliance training. Smith has an approach he calls the “Best Guess” approach. Smith believes there are two parts to the business impact calculation: (1) the benefit calculation and (2) the isolation calculation. Smith provided five questions he would pose.
  1. How often could a noncompliance event occur?
  2. How much revenue would be involved?
  3. What is the profit margin on the revenue?
  4. What are the other costs?
  5. What are the noncompliance hard costs?

The next step is to isolate the benefits of training so that you properly attribute the ROI to the ethics and compliance training. To make this determination, you need to know at a minimum (1) whether employees understood the training and (2) whether employees are applying the training. This information must be compared with other factors, namely: (1) the effects of any other company initiatives involving anti-corruption, (2) employee attitudes regarding the topic and training, and (3) any business factors such as decreasing/increasing international revenue, macro-economic trends, etc. that may contribute to avoidance of a noncompliance event. From these calculations, you should then apply a percentage of the benefit to the training. Here Smith suggests 25%.

  1. ROI: bringing it all together. Now it is time to calculate the ROI. Here I turn to the formula as laid out on Smith’s company website: “Total FCPA Noncompliance Costs Avoided – Total FCPA Training Program Costs  ÷Total FCPA Training Program Costs ($20,000) x 100=ROI”. Smith concludes by noting, “Even though calculating training benefits is often difficult and imprecise, it’s incredibly important to make an attempt to quantify training ROI” to demonstrate not only effectiveness but also “so you can show business people the incredible effect that engaging training can have on the bottom line.”

The importance of determining effectiveness and the evaluation of your ethics and compliance program is now enshrined by the Department of Justice (DOJ) in its Evaluation. The Evaluation is the first formal step taken by the DOJ to demonstrate it wants to see the effectiveness of your compliance program. This is something that many Chief Compliance Officers (CCOs) and compliance professionals struggle to determine. Both the simple guidelines suggested and the more robust assessment and calculation laid out by Smith provide you with a start to fulfill the Evaluation but you will eventually need to demonstrate the effectiveness of your compliance training going forward.

Three Key Takeaways

  1. You must demonstrate you have measured the effectiveness of your compliance training?
  2. The DOJ is clearly moving into requiring a demonstration of effectiveness of compliance training.
  3. You should be moving towards a model of demonstrating compliance training ROI to validate full operationalization of your compliance training. 

This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.

The Justice Department Evaluation of Corporate Compliance Programs states the following around training: 

  1. Training and Communications

Risk-Based Training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?

I thought about the requirement for tailored training and how this leads to operationalizing your compliance program. Consider the current best practices to tailor your compliance training. It is through a risk ranking system of employee job duties or positions which is usually done by someone from the corporate compliance function reviewing lists of employees and then matching up their job duties, focusing on those involved in international operations which have foreign government or state owned enterprise touchpoints. Most usually it targets employees involved in sales.

However, this type of analysis does not fully tie the calculus of FCPA touchpoints to the full panoply of the prevent, detect and remediate mandates of an operationalized compliance program. There are innumerable employees in every corporation who could be employed in the detect prong and who are generally not being engaged as a part of compliance backstop.

Typically, high-risk employees have FCPA training annually. However numerous studies have shown that more focused, indeed tailored, training can be more effective. Imagine the scenario where a high-risk employee is traveling to west Africa, which they book through the corporate travel portal. Unless the employee notifies compliance of this travel it is highly unlikely the compliance department would know about such travel.

Now imagine a corporate algorithm which could connect the dots of a high-risk employee, traveling to a high-risk country on a high-risk assignment. The current practice, in tech speak, is single-tenant software hosting, i.e. one piece of software available at a time with no continuity between corporate functions. Now envision a more multi-tenanted, Software as a Service (SaaS), approach where a company’s information is available through a single application, rather than having the information diluted through multiple applications. If a company is not using multi-tenancy, it may be hosting or supporting thousands of single-tenant information systems and cannot aggregate information across the corporate base and extract knowledge from large data sets as every corporate discipline may be housed on a different server and possibly a different version of software. This allows large and, more importantly, disparate data to be constantly fed into a single system where compliance can move more quickly and efficiently.

Now consider our high-risk employee, traveling to a high-risk country on a high-risk assignment. When they book the travel, compliance could read the information and then deliver a tailored compliance training reminder. There need not a be referral to the compliance department who might call and ask the employee where they are going and what the business purpose, who they are meeting, etc. Communications and training would be delivered to the employee’s computer via email or other delivery mechanism. It could be as simple as a reminder about the FCPA, the company’s Code of Conduct and anti-corruption compliance program around facilitation payments. Yet it could be as sophisticated as the RESIST training which provides specific procedures to resist solicitations requests or even extortion demands, by referencing a company anti-corruption polices; its policies on facilitation payments and even corporate policies for employees. You could even add a list of potential responses such as an immediate response to the bribe-solicitor and reference to internal company reporting for assistance.

Of course, there would be an audit trail for all of this, which helps to satisfy the Document, Document, and Document component of your compliance program. Never forget the Justice Department specifically mentioned compliance reminders as one of the seven reasons Morgan Stanley received a declination back in 2012. This means when the government comes knocking you will have evidence of tailored training delivered to employees. Finally, such training also operates as internal control which helps to meet the Accounting Provisions requirement of the FCPA.

Again, consider another manner of how tailored training might be used for the traveling high-risk employees, where predictive analytics which could be used in conjunction with prior expense reports of both the employee and the region. On the personnel level, tailored training could help to determine if there were any issues around large expense reimbursements or those which might show a pattern of running up to the level where preapproval is required. Tailored training could give a wide range of statistics which would allow the compliance practitioner to operationalize compliance by considering sales expenses to determine if any issues might arise. Finally, in a continuous feedback loop, a prescription solution could then be delivered to prevent an issue arising to the level of an internal Code of Conduct violation or even a FCPA violation further operationalizing compliance.

Three Key Takeaways

  1. Training should all begin with risk ranking of employees.
  2. Tailored training focuses on the risk for each employee and their compliance needs.
  3. Using tailored training to operationalize compliance can provide continuous feedback. 

This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights On Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.