Using technology to make compliance training more effective: 5 key considerations
A fundamental requirement for contemporary organizations operating across economic sectors is the establishment of an ethical culture predicated on both the organization’s own internal values and the emerging expectations of consumers, regulators and society-at-large.
Building an ethical culture, however, can often seem like a Herculean effort — especially when that responsibility falls squarely on the shoulders of the compliance function, already grappling with the dramatic expansion of their compliance portfolio against fiscal constraints that ultimately force organizations to triage their compliance concerns.
The advent of more reliable and robust contemporary technology has now permitted organizations with significant expertise in corporate governance and compliance concerns to build high-quality, dynamic and engaging compliance courses that have now become ubiquitous as an electronic offering.
Whether offered through a compliance vendor’s own learning management system (“LMS”) or configurable as a component of an organization’s existing compliance platform, these courses offer compliance officers new options for customizable, impactful training that encourages retention through engagement and participation in real-world examples that are every bit as effective as in-person training.
The need for training
In the United States, the principal driving force behind the need for effective, customized training by corporations has its genesis in the U.S. Department of Justice’s (DOJ’s) widely publicized guidance concerning the Evaluation of Corporate Compliance Programs (“DOJ Guidance”). Last updated in March 2023, the DOJ Guidance is clear that a fundamental component of an effective, functioning compliance program is appropriate training.
To that end, the DOJ Guidance specifically addresses the need for training as a “hallmark” of a well-designed compliance program. Among other things, prosecutors faced with a potential infraction by a corporation are asked to examine the structure of the organization’s training program in deciding whether the organization qualifies for leniency. The factors to be considered by prosecutors include the following:
- Risk-based training: Whether the organization has provided employees in “relevant control functions” with training specifically tailored for employees in “high-risk” functions. Specifically, prosecutors are asked to consider whether: (a) the organization has identified its major risk factors utilizing a risk assessment; and (b) whether, as a result of that assessment and identification of tangible risk factors, the organization has adopted training designed to mitigate the potential for a legal violation. Similarly, prosecutors are obliged to consider whether employees operating in supervisory positions received different or supplementary training appropriate to their role. Finally — and perhaps most critically — the risk-based training prong calls upon enforcement authorities to understand the rationale behind the organization’s training regimen. In other words, the mere adoption of an ad hoc training program that fails to address major risk factors is likely to draw the ire of prosecutors in the context of any enforcement action.
- Form/content and effectiveness of training: Under this prong of the training element, the DOJ broadly instructs prosecutors to consider the form and content of the training in question. Some in the compliance community have been quick to point to the DOJ’s Guidance in this regard as an indicator that the DOJ disfavors online training, but this interpretation is strained at best. While the DOJ insists that training has an interactive component — including an opportunity for employees to submit questions arising from those trainings — it is a pure fiction that the DOJ has a preference for one form of training over another. As the DOJ Guidance makes clear, however, irrespective of the format utilized, employees must be tested on what they have learned for retention purposes; employers must address circumstances involving employees who fail all or a portion of the testing; and employers must measure the impact of the training provided on employee behavior and operational performance.
- Communications concerning misconduct: Another integral component of training is consistent communication to an organization’s employees concerning substantiated allegations of malfeasance. In that vein, the DOJ Guidance instructs prosecutors to consider whether the company has sufficiently expressed its position related to substantiated allegations, and what communications it has released when an employee is terminated or otherwise disciplined for failure to comply with the company’s policies, procedures, controls, etc.
- Availability of guidance: A final staple of the DOJ’s Guidance with respect to training stresses the need for organizations to make resources available to employees who might have questions about certain facets of an organization’s policies and procedures in relation to a compliance concern. Specifically, this prong of the Guidance asks prosecutors to consider what resources are available and to what extent the company has assessed whether its employees know when to seek guidance concerning an ethical quandary, and if they would be willing to do so in the first instance.
While the particular principles articulated above are specific to the United States, the general principles espoused in the DOJ Guidance have broad applicability to all corporations operating at global scale and can be used to benchmark current practices against desired improvements with an orientation toward continuous improvement.
5 key considerations in choosing the right compliance training for your organization
- It goes without saying that reputation is of paramount importance in selecting a compliance training solution provider. In an age where virtually any organization can claim competency in providing electronic learning resources for corporate personnel subject to stringent regulatory requirements, not all compliance solutions providers are created equally. To that end, compliance officers should seek out compliance solution providers that are both fully acquainted with the content of the product they supply (demonstrating relevant expertise) and able to customize that content, where necessary, to meet the organization’s specific needs. Moreover, best-in-class learning solutions are now capable of integration with an organization’s existing IT infrastructure, thereby eliminating the need to create additional silos of information that are inimical to the concept of organizational transparency. Organizations that offer such integrative capabilities — through mere uploads to an existing LMS, deployment of API connectors or otherwise — should be favored over those that do not.
- Additionally, compliance officers should ensure that a prospective training provider has the content resources necessary to address the major risk factors identified as part of the organization’s risk assessment process. While some smaller, boutique companies offer a wide range of training across multiple subject areas and geographic regions, only the most established companies with a consistent and reliable history of dealing with compliance concerns can truly offer the breadth and scope of training required to maximize corporate education as a key risk mitigation tool.
- In a similar vein, training providers with a history of equipping organizations with compliance solutions on an international basis are likely to have more relevant content that is more attuned to the needs of the company’s operations in specific jurisdictions and in a format that may be more culturally appropriate, accounting for the uniqueness of the population in question. The availability of this material as a core component of the training provider’s library enables the compliance officer to efficiently customize the curricular offerings by geographic location to account for compliance with laws and regulations that may be of unique importance to the company’s risk mitigation strategy in a given area. As jurisdiction-specific regulation continues to proliferate, only the most cutting-edge and established training providers will be equipped with the resources needed to quickly digest the core requirements of the laws in question, and convert those requirements into actionable content.
- Of critical import is the ability of the learning solutions provider to offer its training in a variety of languages suitable for organizations that operate at global scale. While English is certainly becoming the standard language of international commerce, exposure to compliance principles in the vernacular of the locale where the training is being accessed is indispensable in fostering both comprehension and retention.
- Crucially, the training provider’s content should be interactive, of appropriate length and tone, and of targeted scope. Interactivity has been empirically shown to increase audience attention and maximize the retention of critical concepts. Moreover, training delivered in shorter segments is likely to engender employee engagement more than training that is of considerable length. As such, it is critical that the training be confined to a single subject, overall framework, or set of interconnected principles that limit its scope and increase intelligibility. Ideally, such content will be subdivided into appropriate segments, allowing the learner to test his or her comprehension in real-time, prior to embarking on a final examination or comprehensive knowledge test. Learning content that lacks any of these elements is likely to be ineffective in both encouraging employees to take compliance considerations seriously, and to practically implement the material they have been exposed to.
While the final choice of a learning solutions provider is left to the sound discretion of the organization, it is clear that the benefits of contracting with an established company to deliver critical content far outweigh the costs associated with acquiring the content in question. To effectively meet both existing and emerging regulator expectations, organizations must carefully evaluate the offerings provided by the prospective learning solutions provider in question and, once selected, adopt a plan for strategic integration of that training into the organization’s overall compliance program in alignment with specific achievable goals.
Learn more about how Diligent can help increase the effectiveness of your compliance program.