(Want to get articles like this one by email? Here is the sign-up!)
In our last post, we discussed the importance of designing a compliance training program to target the right audience. This post discusses the issue of how often to have such training.
As an introductory matter, it is important to understand that compliance training is not just about learning. It is also about listening. Both formal and informal training opportunities give the corporate compliance and management functions a chance to hear about the “real world” from personnel. Thus, training opportunities can be valuable to all concerned if providing routine, in-person “teaching” sessions or covering compliance topics in business meetings evolves into interactive discussions. If there is trust, staff will bring forward examples of the compliance issues and risks they observe, and management will thus be better able to understand how the compliance program is actually working (or not) in practice. In other words, both planned and spontaneous compliance training benefits both company staff and company leadership.
In general, and aside from providing listening opportunities, compliance training serves a number of specific purposes:
- It reminds company personnel of their obligations under the law and the company compliance program.
- It helps company personnel – both those providing and those receiving the training – stay abreast of compliance leading practices.
- It underscores a culture of compliance by encouraging discussions about compliance issues.
- It supports the creation and maintenance of a relationship of trust between compliance personnel (delivering the training) and employees (receiving the training), which facilitates questioning and reporting by employees that may help prevent and detect violations.
- It helps create a record demonstrating a company’s ongoing commitment to compliance with the law – a record that will be important if ever the company finds itself subject to a compliance-related investigation.
The question of how often to have compliance training is a function of the company’s risk profile, leading practices among peers, the type of training (to be discussed by us next week), and practical realities such as location and web access. For example, an international company that wishes to provide anti-corruption training might consider using some or all of the following types and frequencies of training as part of its compliance plan:
- A mandatory, audience-targeted session on corruption issues, risks, and company procedures that is part of yearly sales team, finance team, and management meetings;
- A general anti-corruption component that is incorporated into compliance training each employee must complete prior to his or her yearly performance review;
- Discussions of case studies (that is, how to deal with specific risks) periodically presented by local managers as part of regular team meetings;
- Monthly presentations by the compliance function to the company’s management about various key compliance program metrics, trends, and risks the company faces and how they are being or could be mitigated;
- Periodic short and targeted compliance film clips (“vignettes”) sent out to appropriate higher risk groups by email; and
- Compliance “tips” updated periodically on the company’s intranet site.
Including a variety of training components – at different intervals – allows compliance training to target specific goals. For example, the in-person, detailed training provided annually to “higher risk” groups (such as sales, finance, and management) drills down into the specific operational issues and “red flags” they may encounter on a regular basis. More general training provided to all personnel helps employees understand the general legal requirements that apply to the company, big picture issues, and how to anonymously seek help if they need to raise an issue. Regularly posting communications about compliance on the intranet site helps remind people of their obligations and helps to create a corporate culture where discussing compliance is part of normal operations.
Regardless of the training plan your company creates, remember a simple cardinal rule:
Compliance training should take place as part of business, in the normal course of business.
Training is more than “formal” sessions or programs. Rather, company leaders who are committed to compliance are alert, as they conduct normal business operations, to everyday opportunities to provide compliance-related advice and encouragement.
Our next post will continue the discussion of compliance training by discussing what topics to cover.