“Less is more” compliance training per the DOJ Guidance
April 8, 2021
How can we issue less training and still be aligned with DOJ Guidance?
I have the great pleasure of talking about compliance training strategy in my daily work and this is one of the most frequent questions.
Well, I have great news. If you’ve read the guidance (and checked out the latest interview our partner Ricardo from Broadcat did with Hui Chen), the DOJ does not mandate specific amounts of training time. Rather, it looks at training as a prevention tool. So how do you take all that training of yours and create a more thoughtful, efficient program that reduces training time so employees can do what they were hired to do in the first place? Start by doing these three things:
1) Take a step back and evaluate
Think about all the training you deploy. If it isn’t laid out on a spreadsheet or organized into a training plan already, put it all down (message me if you want a handy template). Then, think about your training as one of the most important tools you have as an organization to help prevent potential corporate crime. What type of training are your organization’s employees receiving, and why? If it helps them do their jobs well and provides resources they need, great. If not, it’s time to either (i) change the approach, (ii) target the right audience, (iii) reduce cadence, or (iv) cut it altogether. Evaluate by asking questions like:
- Cadence: How often is training deployed?
- Coverage: Is it going to everyone?
- Scope: Does training cover risky behaviors or abstract concepts and legal definitions?
- Risk: Has the risk rating for this topic changed in the last year (up or down)?
- Alignment: Are you seeing patterns in helpline and investigations data?
- Applicability: What has changed in your business? What no longer applies? (e.g., travel policies in light of COVID, M&A)
You can often find this data in places like your compliance risk assessment, helpline data, audit findings, and by talking with risk area owners and business partners around the organization. Remember – you’re not on an island. You may not own all the risks for which you oversee training, so it’s important to bring the experts who live it every day “into the room” on this.
It’s also important to be cautious of the all-too classic ‘defensibility approach’ that looks like this: You launch everything and the kitchen sink to all employees just to say you’ve deployed it and have a bunch of meaningless check-the-box records that don’t tell anyone anything…just in case a prosecutor comes knocking (which btw, they have now said is a hallmark of a paper program and not what they are looking for – a program that works in practice). Three points here – it won’t impress the regulators, it doesn’t make your employees understand how to do their jobs the right way, and the compliance team will feel less of an ally because they’re making employees sit through endless training that has nothing to do with their actual jobs.
2) Consolidate smartly
Now that you’ve gathered your training lineup and answered the questions, it’s time to consolidate. That means identifying what’s in (aka what you train on) and “who’s in” (aka who specifically you’re training). Based on the information you devised from the evaluation questions above, you should be able to assign audience criterions based on demographics including role, function, authority (both managerial and financial), and geography. If you can’t, you still don’t have the right people in the room who are helping you answer the evaluation questions.
This is also where behavioral insights from prior compliance training events if you have a data-rich adaptive solution can support by adding risk readiness as dimension for each risk topic. For example, if your year-over-year behavioral insights indicate employees are performing strongly in conflicts of interest concepts, consider consolidating it into your upcoming code training or issuing a micro-learning, communication or job aid instead. This step alone should yield thoughtful reductions in training while driving a risk-based approach. You may be wondering what about the x% that didn’t do so great, why am I giving them the ‘out’ – and answering that thought the right way means a lot of painful manual mapping, this is where you need to consider step 3.
3) Automate
Once you’ve evaluated and consolidated, it’s now time to automate. That is, employ technology that creates a more efficient, tailored experience. We’re in 2021 people (1/4 of the way through actually). Most things we experience in our day-to-day includes technology that recognizes us and tailors experiences to us. Instead of compliance training evolving with the rest of tech, it’s been more like a conversation where you ask someone what their name is every time you see them, no matter how often you’ve met. The following is a dramatization:
Compliance team: “Hi! We’re Compliance, nice to meet you. Let us walk you through how to interact with third parties.”
Employee: “Hi, nice to meet you. Okay!”
365 Days Later…
Compliance team: “Hi! We’re Compliance, nice to meet you. Let us walk you through how to interact with third parties.”
Employee: “Umm…we’ve already met…remember me? I know a lot about how to interact with third parties. I do it in my job and I understand the red flags associated with my line of work. I thought I showed you last time.”
Compliance team: “Hi! We’re Compliance, nice to meet you. Let us walk you through how to interact with third parties.”
Cue Twilight Zone Intro.
You get it. With the right technology at your disposal, you can leverage behavioral insights from a prior learning event to shape the learning path for each individual learner. This not only takes executional burden off the Compliance team, it helps you cut training time and personalize training concepts, optimizing it for the learner – all while taking a more thoughtful, risk-based approach aligned with the DOJ guidance. This not only demonstrates evolution of your program, but you can also show leadership meaningful ROI, in addition to the learner experience now being more like:
Compliance team: “Hi! Thanks for coming to chat with us again. We noticed you struggled the last time on hiring third parties, we’d like to talk to you more about that. And there’s this new thing you should know about.”
Employee: “Finally! You are listening to me and don’t just want to make me sit through the whole thing because you can. Let’s chat.”
So take a hard look, have the honest conversations, and automate, automate, automate. With risk-based technology driven approaches, your team will be happier, your learners will be happier, and the DOJ will be – well, hopefully you’ll never have the pleasure of hearing from them – but be happy knowing you have a rock solid program to talk to them about if the need arises. Want to learn about the risk-based strategies and technology that you need to get there? Let’s talk!
Got a learning problem to solve?
Get in touch to discover how we can help