Notes on Good Compliance Training
Compliance professionals often use the words “training” and “communications” mushed together to represent one component of your compliance program. That’s not really true, however; training and communications are complementary concepts, and compliance officers need to appreciate that distinction if we want each one to support the other.
That insight came to me the other week as I moderated a webinar on compliance training and communications. Originally I expected the conversation to center on what makes for good training material. By the end of the hour, I saw that if compliance officers want to achieve our real goal here — driving employee conduct toward a higher ethical standard — we have a lot more to consider than training courses.
Let’s start by uncoupling those two words: training and communications.
Training is educating employees about a set body of knowledge. You can train employees on what an FCPA violation is or what personally identifiable information is. You can train employees on which laws apply to your business operations and how much trouble can arise from breaking those laws. You can train employees on procedures for reporting suspected violations.
Communications are the messages that motivate employees to put that knowledge to work. Communications explain why certain behaviors are important, and drive employees to take those actions — including, sometimes, by communicating the punishments that might befall employees if they don’t.
For example, you can train an employee on what an FCPA violation is, and how to report it; but you also need to communicate to them why FCPA violations are something to be avoided, or reported to compliance when encountered.
That might seem like semantic hair-splitting, but the distinction actually raises a host of practical issues for your compliance program.
Question 1: Testing Out
Back to our webinar. I asked the speakers about the wisdom of letting an employee test out of compliance training if he or she already knows the material, something we’ve discussed on these pages before. Both speakers said testing out can work, if you approach the issue thoughtfully.
For example, Len Larson, who manages compliance training, communication, and awareness at Starbucks, said a company could give all employees the “full sweep” of compliance training in their first year of employment; then let them test out of all courses the following year except, say, the two or three subjects where they had scored the lowest. You’d then re-train those employees on the same courses only once every several years, if they keep testing out.
At the same time, however, compliance officers would also want to measure employee attitudes and monitor compliance behavior closely. Larson, for example, said he includes employee surveys in almost all compliance training Starbucks requires. He reviews that data, as well as data from investigations, calls to the hotline, and even survey data from other, non-compliance training that employees receive — all to gauge how well his compliance training is working, and to understand which groups need what types of compliance training the most.
That’s a smart approach. It spares employees the tedium of taking the same courses on the same subject year after year; so long as you, the compliance officer, can see that employee behaviors are moving in the right direction.
Another speaker, Ronnie Feldman, who runs a compliance training firm, had a wonderful way to describe the testing out debate. Yes, he said, you can let employees test out of compliance training — but you should then “surround them with communications” about the importance of the material.
Feldman’s and Larson’s observations complement each other. Yes you can let employees test out of rote training, if you still surround them with communications about the importance of following that training, and take steps to see (and document) whether employees are actually then performing as instructed.
It’s great advice for testing out. It just depends on a clear understanding of how training and communication support each other.
Training and Justice Department Guidelines
All that said, let’s bring this back to the Justice Department’s guidelines on effective compliance programs. The guidelines do include a section titled “Training and Communications” (on Page 4, if you’re curious), but the text mostly dwells on the mechanics of the training and how employees interact with it:
Hmmm. Yes, all the questions above are important, and compliance officers must consider them. But immediately preceding that paragraph, the guidance also says this about the whole point of training and communication:
Prosecutors, in short, should examine whether the compliance program is being disseminated to, and understood by, employees in practice in order to decide whether the compliance program is truly effective.
Am I the only one who sees a mixed message here? The guidelines start by telling prosecutors (and by extension, you) to assess whether the compliance program is understood; that depends on communication. Then comes a flurry of specific questions about delivery mechanisms, curriculum updates, testing, and documentation.
What are compliance officers supposed to do with all that? Focus your efforts on details such as content libraries, testing records, completion rates, and the like? Because that’s one set of concrete stuff you can slide across the table to a prosecutor evaluating your program.
On the other hand, you could also compile lots of behavioral analytics to identify weak spots in corporate culture and employee conduct, and then map out your plan to strengthen those weak spots. That’s a more thoughtful set of stuff to slide across the table, but possibly less concrete. So which set is better to slide across?
Only you can answer that question, based on the specific facts that dragged you into the prosecutor’s office in the first place. Still, it keeps dragging us back to our very first point: you need a keen appreciation of how training and communications work together toward the ultimate goal of a better compliance program.
And a Word on Humor
Another question I asked on the webinar: Does compliance training have to be funny? No, the guests told me.
Funny helps, of course. You can use funny many times — just not all the time. For example, mocking racial discrimination in the office is probably a bad idea. Poking fun at senior management’s foibles and cluelessness might work for low-level employees, but not for senior management.
The question is more about whether the training is entertaining — and it can be entertaining without being all that funny. Feldman rattled off multiple formats for training that can be entertaining: a mock talk show, a game show, a zoom meeting, a podcast. You can enliven the format for the compliance message, without soaking the message in humor so much that it comes across as patronizing.
Also remember all the other training that employees get. Consider whether you can work with HR and business unit supervisors to “ethics-adjust” that other training, so that your messages about compliance are tucked into that material. That’s often a far better strategy than forcing employees to take a separate compliance training course, which typically leads to groans, eye-rolls, and all the usual dismay.
You might have to do some tricky data work documenting that compliance training delivered by other means, and success would depend on how well you work with the HR team and other business unit leaders. Then again, doesn’t it always?