A training program that is carefully crafted to target the right audience, cover meaningful issues, engage while educating, and occur regularly is a critical component of an effective corporate compliance program.
Accordingly, our next few posts will address some of the issues you should consider as you create and implement a compliance training plan. This first post in the series discusses the roles to target.
If your company took the fundamental first step of assessing its compliance risks when it created (or modified) its compliance program – and assuming the assessment was reasonably thorough – the individuals most likely to encounter the identified compliance threats are readily apparent. For example, as part of an anti-corruption risk assessment, we previously identified the following groups of individuals who either would be most likely to receive a bribe request or would be most able to help mitigate the risk of bribery:
- Those who regularly interact with government officials;
- Those involved in sales or obtaining new business;
- Those involved in certain accounting activities dealing with travel and entertainment, petty cash, and accounts payable;
- Those operating in corrupt environments;
- Company leaders; and
- Others in a position to detect problems (for example, finance or HR personnel)
All of these individuals would be prime candidates for receiving enhanced (as opposed to basic) anti-corruption compliance training.
But what about other personnel who have less direct ties to identified compliance risks? Again, the risk assessment is key. In general, regardless of the compliance concern at hand, the following questions may help you decide who to target for training:
- Which individuals would be able to commit the offense you are seeking to avoid (if so tempted or inclined)? In the case of overseas bribery, this category of personnel would likely be those involved in sales, or other individuals who might interact with government officials. If dealing with environmental compliance issues, for example, this might be those persons involved in managing hazardous waste removal and disposal (including the permit process). For compliance with employment laws, this might be HR professionals or personnel who hire, manage, or promote. In short, any individual who is in a position to engage in misconduct that is illegal or could otherwise reflect poorly on the company should learn about (a) the basic applicable standards, (b) his or her related obligations, and (c) how to avoid those situations that may make compliance difficult.
- Which individuals may be able to detect noncompliance? Consider who at your company would be in the best position to know if an offense were to occur. For offenses that involve financial transactions, this would primarily involve the finance function. For other areas, this could include those with access to certain types of documents, such as HR documents, scientific studies, or environmental analyses. Any person who supervises others or works on a team should also learn to be alert to the applicable compliance risks.
- Which individuals are in a position to influence others? Company leaders – whether at headquarters or at the local level – play a critical role in creating a positive compliance culture. They do this through their example, as well as by taking advantage of ad hoc opportunities to provide informal feedback and instruction. Of course, to teach and personify compliance means understanding both general compliance risks and how compliance is specifically operationalized in one’s department or area to address and mitigate particular risks. For example, a finance director does not personally review every accounting record, but he or she should (a) understand and communicate about the “red flags” that staff should look for, (b) periodically reinforce staff’s obligations, (c) seek input on how to better operationalize compliance, and (d) answer questions that may arise.
- What about agents? Approximately 90 percent of reported FCPA cases involve agents. Since agents can subject a company to liability if they act illegally on the company’s behalf, it is highly desirable to provide training to this high-corruption risk group. At a minimum, (a) agents should be screened through appropriate due diligence prior to working with the company and (b), once acting as agents, these persons should periodically certify to past, and warrant to future, suitable and compliant behavior vis-à-vis their actions on behalf of the company.
Our next post will discuss the factors companies may want to consider when deciding how frequently to have compliance training.
Adapting Your TPRM Program to Internal and External Change
How an Ethical Culture Can Drive Better Business Performance
Building Trust and Engagement in the Investigations Process