When you conducted your compliance risk assessment, you identified specific areas that present risk for your company – for example (in the area of anti-corruption), the locations where your operate, your business activities, your customers, and your interactions with government officials. Then, you used this assessment as the basis for a compliance program aimed at preventing and detecting these risks. Now you want to teach your personnel about compliance, both with applicable legal and operational standards and with your program. How do you turn the many details concerning your company’s risk areas, compliance program, and the relation of this program to your specific business activities into training that targets the right substantive areas?
The following general guidelines may help you build the substance of your compliance training approach:
Teach company personnel about their obligations under the law.
Personnel will be more engaged in compliance if they understand why the compliance program is in place – in other words, the overarching legal violations that could subject the company (and them personally) to liability. Including examples of how sanctions and other negative repercussions from offenses have affected other companies and individuals (especially those in your industry) will help this discussion hit home.
Teach personnel about their obligations under the compliance program.
The real substance of any compliance training program is to make sure personnel understand what steps they need to take to avoid committing a legal violation on the company’s behalf. This includes explaining in necessary detail the preventive nuts and bolts of your compliance program, for example, which activities require special approval, what forms need to be completed, what documentation needs to be retained (and how), and so forth.
Note that the best compliance training programs are tailored not only to your company’s general risk profile, but also to the specific group of individuals being trained and their operational roles. The US Sentencing Guidelines discuss “disseminating information appropriate to … individuals’ respective roles and responsibilities” (USSG §8B2.1(b)(4)(A)). For example, the sales force needs a more in-depth understanding of the approval process for providing meals and entertainment to potential customers, while the finance team needs a more in-depth understanding of relevant accounting controls.
Teach personnel how to deal with higher-risk situations they may encounter.
As we have discussed before, different groups of personnel may encounter very different risks. To make compliance training engaging, use specific examples of the types of risks your particular audience (whether sales, finance, or another group) is most likely to encounter, and engage your audience in a discussion about the steps they could personally take to deal with these risks – within the framework of the compliance program.
Teach personnel who to contact when they have questions or notice a problem.
An important part of mitigating risk is knowing when to ask questions and who to ask. Involving the chief compliance officer or other compliance personnel in the training allows personnel to get to know them and (hopefully) feel more comfortable reaching out to them if questions arise. Compliance training is also a good opportunity to make sure personnel are aware of other avenues for asking questions, such as through local managers, a company ombudsperson, or a confidential whistleblower reporting line. You could also direct the audience to other resources where they can learn about their obligations, such as your company’s compliance handbook or compliance intranet site.
In any case, try to help personnel recognize that your company has an open door regarding compliance questions and issues; they do not need to try to handle these issues alone. Encourage them to use in-person or anonymous channels not only when they recognize inappropriate behavior or an obviously questionable transaction, but also when “something just doesn’t feel right.”
During training sessions, allow time for personnel to provide feedback on the compliance program, as well as the training itself.
As we noted in our last post, compliance training allows for feedback in two directions, from trainers to personnel and from personnel to the company. Your staff have a unique and important perspective on your company’s compliance program; they are the people who are living it day by day. As such, they are in an ideal position to share how the procedures and controls work in practice and to give feedback on how the program can be improved.