Does your compliance training work?

Does your compliance training work? Lessons from the US Department of Justice

With every big news story of scandal, fraud, bribery, money laundering in global or Australian companies, comes a big question. How does it happen?

From highly regulated financial industries to any company which is bound by important legislation against issues like bullying or privacy, compliance training forms an essential barrier of protection.

The US Department of Justice last year released a new set of guidelines to assist company training programs, the “​​Evaluation of Corporate Compliance Programs”.

Its mandate is to prevent serious crime including fraud or bribery and act as a guide to US prosecutors to assist in making informed decisions as to whether the corporation’s compliance program was effective at the time of the offense.

 

The DOJ’s three big questions

 

The three questions the DOJ seeks to answer regarding the effectiveness of a corporate compliance program are:

 

1. Is the corporation’s compliance program well designed?

2. Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?

3. Does the corporation’s compliance program work in practice?

One of the key takeaways from the DOJ report is that training must be specific and relevant to the individual and must be effective to prevent serious crimes or even unintended yet serious slip ups.

In the US this is made more complex with a mix of State and Federal laws. As an example, there is no one comprehensive law that governs data privacy in the United States.

There's a complex patchwork of sector-specific and State laws, including laws and regulations that address telecommunications, health information, credit information, financial institutions and marketing.

Solving for this is difficult and creating eLearning to address this has been a challenge in the past. Yet each of these questions posed by the DOJ is essential for companies in any jurisdiction to ask. Let’s take a look.

Is the corporation’s compliance program well designed?

 

The DOJ report asks is the program designed for “maximum effectiveness in preventing and detecting wrongdoing by employees and whether corporate management is enforcing the program or is tacitly encouraging or pressuring employees to engage in misconduct”?

A snapshot of some of the recommendations essential to a well-designed program covers:

●     Risk assessment: what are the specific risks facing each employee and company

●     Policies and procedures: Is the training underpinned by comprehensive policy and procedure

●     Training and communications: Is the program well-integrated into the company and understood by employees

●     Confidential reporting: Are employees empowered to report breaches?

●     Third-party risk assessment: The compliance program applies due diligence to its third party relationships.

Is the program being applied earnestly and in good faith?“ In other words, is the program adequately resourced and empowered to function effectively?

While the DOJ goes into much greater detail, this is on the surface straightforward: without resourcing, no training program will be successful. The DOJ states it will need buy-in from senior and middle management, autonomy and resources for those in charge, and incentives for compliance (or discipline for non-compliance).

Does the corporation’s compliance program work in practice?

A compliance program is not a static testing document. It should be continuously updated, changed in real-time and relevant. In assessing whether a program works, the DOJ reports writes: “Prosecutors should consider whether the program evolved over time to address existing and changing compliance risks.”

To this end it recommends continuous improvement, investigations of misconduct and analysis of any misconduct.

Microlearning gives organisations the opportunity to do this through the ability to create and deliver more relevant, pointed and current training. This style of content is also easily deployed using adaptive eLearning technology and can be scheduled as a campaign, or as rapid deployment to address issues that are part of the conversation now and perhaps currently in the press, or as regular internal corporate communications.

This immediacy is particularly important in the age of rapidly changing information about topics such as COVID safety, where it is essential to get information to staff quickly.

Having the right data is the only way to know if your compliance programing is working in practice. Simple pass fail metrics and an 80% pass rate just don’t cut it. What about that remaining 20%? Did everyone get the same thing wrong? Is that where your company has systemic breaches? Deep question level analytics, time taken & language trained metrics, and a range of other data points help you understand systemic risk and provide actionable insights to your team.

D

riving employee engagement with the right technology is increasingly important with so many employees working remotely.

Hours of ineffective training can be a multi-million dollar  opportunity cost, and can demotivate staff. Companies that embrace the right technology and mindset will be well-placed to reduce risk of serious misconduct whilst increasing productivity and engagement. 

Curious? Chat to our award-winning team for more on compliance training and our new adaptive learning tool. contactus@grcsolutions.com.sg

Julian Fenwick is the CEO of GRC Solutions Pte Ltd
Julian is a regular presenter in Australia and Asia on compliance training, EdTech & RegTech, and managing organizational culture. He is an enthusiastic supporter of the start-up community with a particular interest in adaptive eLearning technology.