Education and Awareness

Creating Effective Compliance Training

By Kirsten Liston[1]

Effective training has long been recognized as the cornerstone of a best-practice ethics and compliance program, but the consensus on what “effective” means has shifted over time. In the early days, compliance programs were focused on an audit trail: Does your program have these key elements in place? Can you prove it? Like the other key program elements, training is just as critical today, but simply proving you have a program is no longer sufficient. Instead, compliance practitioners must dig deeper to ask—and answer—the question: Is there a robust training program in place, and does it work?

“Does it work?” is a more complex, less-binary question than “do you have it?” and answering it with confidence requires a well-thought-out point of view supported by some evidence—preferably hard data.

The Case for Training

Where does the training requirement come from? Like many aspects of compliance programs, we can first point to the U.S. Sentencing Guidelines. This document included “conducting effective training programs” as a factor the U.S. Department of Justice (DOJ) will consider when a company that is accused of misconduct is being evaluated for a sentence reduction. There are also a range of inputs and influences beyond that document, including:

  • United Kingdom (U.K.) 2010 Bribery Act: The U.K.’s Serious Fraud Office is an enforcement agency for the U.K. Bribery Act. In 2010, the Serious Fraud Office published a guidance document which included six key principles for prevention, including communication and training (Principle 5).[2]

  • U.S. Department of Health and Human Service (HHS) Office of Inspector General (OIG) Compliance Guidance Documents: Like the Sentencing Guidelines and Serious Fraud Office’s guidance, the HHS OIG has published documents outlining the key components of an effective training program, which include training and education.[3]

In short, a variety of enforcement agencies addressing a range of industries and geographies have advised organizations to include training as part of a robust compliance program. In some cases, this guidance includes detailed suggestions on how to approach training, including which topics, how to train new employees, and how to involve managers in training initiatives.

Training as a Defense

In a landmark case in 2012, DOJ declined to prosecute Morgan Stanley for violations of the Foreign Corrupt Practices Act (FCPA).[4] Morgan Stanley employee Garth Peterson, who subsequently pled guilty, paid a kickback of $2.5 million to a Chinese government official to close a real estate transaction. While Peterson was prosecuted, Morgan Stanley was not, in part thanks to its ability to prove that Peterson had received seven anti-bribery trainings and 35 reminders in his time with the company.

The DOJ’s press release announcing Peterson’s guilty plea specifically mentioned the company’s system of internal controls, which included its training program:[5]

“After considering all the available facts and circumstances, including that Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the Department of Justice declined to bring any enforcement action against Morgan Stanley related to Peterson’s conduct.”

Four years later, the companies Nortek and Akamai received declination letters from DOJ, which were subsequently made public. Both companies received credit for fully remediating initial anti-bribery training deficits, among other issues.

Attorney Paul Weiss commented:

“The [DOJ letters] may shed some light on the type of remediation the DOJ believes favors declination. The SEC non-prosecution agreements with both companies provide extensive details about the nature of each company's remediation, which included disciplinary measures, expanded anti-corruption training, enhanced internal accounting controls, and strengthened anti-corruption polices.”

More than 20 years after the first release of the U.S. Sentencing Guidelines, government enforcement agencies continue to view training as a critical part of any defensible compliance program strategy.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings