The communication of your anti-corruption compliance program, both through training and message, is something that must be done on a regular basis to ensure its effectiveness. The FCPA Guidance explains, “Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”
One of the key goals of any Foreign Corrupt Practices Act (FCPA) compliance program is to train employees in awareness and understanding of the FCPA; your specific company compliance program; and to create and foster a culture of compliance. Beginning in the fall of 2016 through the announcement of the FCPA enforcement Pilot Program, the DOJ began to talk about whether you have determined the effectiveness of your training. This continued with the 2017 Evaluation of Corporate Compliance Programs where they asked, “How has the company measured the effectiveness of the training?” This point has bedeviled many compliance professionals yet is now a key metric for the government in evaluating compliance training.
Also raised in the Evaluation was the focus of your training programs, where the DOJ inquired into whether your training was “tailored” for the audience. The Evaluation, In Prong 6, Training and Communication, asked, in part: Risk-Based Training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?
This adds two requirements. The first is that you must assess your employees for risk to determine the type of training you might need to deliver. This means that you should risk rank your employees. Obviously, the sales force would be the highest risk but there may be others which are deserving of high risk training as well. From your risk ranking, you need to then develop training tailored for the risks those employees will face.
The key going forward is that you have thoughtfully created your compliance training program. Not only in the design but who receives it, all coupled with backend determination of effectiveness. Finally, all of this must be documented. In Prong 6, Training and Communication, of the Evaluation it read, in part:
Form/Content/Effectiveness of Training – Has the training been offered in the form and language appropriate for the intended audience? How has the company measured the effectiveness of the training?
Most companies have not considered this issue, the effectiveness of their compliance program. I would suggest that you start at the beginning of an evaluation and move outward. This means starting with attendance, which many companies tend to overlook. You should determine that all senior management and company Board members have attended compliance training. You should review the documentation of attendance and confirm this attendance. Make your department or group leaders accountable for the attendance of their direct reports and so on down the chain. Evidence of training is important to create an audit trail for any internal or external assessment or audit of your training program.
Joel Smith, the founder of Inhouse Owl, a training services provider, considered an analysis of return on investment (ROI) for compliance training. He advocated performing an assessment to determine ethics and compliance training ROI to demonstrate that by putting money and resources into training, a compliance professional can not only show the benefits of ethics and compliance training but also understand more about what employees are getting out of training (i.e. effectiveness). The goal is to create a measurable system that will identify the benefits of training, such as avoiding a non-compliance event such as a violation of the FCPA. I have adapted his concepts on ROI to focus on compliance training effectiveness.
Smith’s model uses four factors to help determine ROI for your ethics and compliance training, which are: (1) Engagement, (2) Learning, (3) Application and Implementation, and (4) Business Impact. These same four factors can be used to determine compliance training effectiveness.
The beauty of using surveys is that it provides feedback on not simply the compliance training to determine effectiveness but a much wider variety of areas for your compliance program. These surveys can provide critical information on the state of your compliance program and provide substantive feedback for further inclusion back into your compliance program. Testing your program and using that information in a feedback loop is another key component of a best practices compliance program.
The importance of determining effectiveness of your compliance program is now enshrined by the DOJ in its Evaluation. The Evaluation demonstrates the DOJ wants to see evidence of the effectiveness of your compliance program. This is something that many Chief Compliance Officers and compliance professionals struggle to determine. Both the simple guidelines suggested and the more robust assessment and calculation provide you with a start to fulfill the Evaluation but you will eventually need to demonstrate the effectiveness of your compliance training going forward.
Three Key Takeaways
This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to Convercent.com.