In 2020, the U.S. Department of Justice shook up the compliance world once again by updating its Evaluation of Corporate Compliance Programs guidance. The document is intended as a reference of questions prosecutors can ask organizations during an investigation, but it also acts as a blueprint for how companies should be structuring their compliance programs.
As an essential element of a compliance program, training takes on even greater importance in the 2020 guidance. Understanding the DOJ’s strategy is key to modifying and expanding training programs to not only meet the expectations of the guidance but also strengthen employees’ compliance decision-making IQ.
What the DOJ Is Asking
The DOJ’s 2020 guidance asks three core questions when assessing the effectiveness of a compliance program. Each of these questions has fundamental goals behind it for organizations to show that they are being proactive with their compliance initiatives, including training.
1. ‘Is the corporation’s compliance program well designed?’
The DOJ’s new guidance is somewhat unique compared with past versions in that regulators now acknowledge that compliance incidents do happen and that you might not necessarily be sanctioned for that—if the elements of your program are well designed, interconnected, and inform each other. For example, does your program change and evolve when red flags are identified? And do departments and stakeholders seamlessly work together to solve compliance problems?
2. ‘Is the program being applied earnestly and in good faith? In other words, is the program adequately resourced and empowered to function effectively?’
The DOJ is less concerned about programs meeting base requirements as much as that they’re properly resourced and empowered to effectively function. The guidance emphasizes that a “paper program”—something that looks good on paper but might not withstand a real crisis—isn’t enough. Are employees being effectively trained? Do they have the resources and confidence to identify red flags and take action? Is the program continually improving?
3. ‘Does the corporation’s compliance program work in practice?’
When misconduct occurs, the DOJ wants organizations to be able to show the state of the compliance program at the time of the incident, how the incident was detected, and what steps are being taken to ensure it doesn’t happen again. Regulators are looking at not only how you reacted to a crisis but also everything you did before and after it.
What the DOJ Really Wants
Twenty pages of DOJ guidance can feel overwhelming, and even with explanations of what the three core questions are asking, you might feel unsure about how to apply all this to training and what steps to take next. The following three strategies offer a plan for meeting and exceeding the new guidance with your compliance training.
1. Prove that training doesn’t just ‘check the box.’
One-and-done, spray-and-pray compliance training will not impress the DOJ—it goes against the guidance’s mandate to avoid a paper program. However, even training that isn’t so basic still might not meet the DOJ’s expectations. Some common “check-the-box” problems include:
- Training with the same content over and over: Compliance best practices and mitigation strategies—not to mention the threats organizations face—are constantly evolving, so training must evolve as well. Also, training that reads like a legal brief may be confusing to employees who are left wondering how to apply the law to their jobs.
- Irrelevant training by role: Broad compliance training given to every employee might have just a few questions important to a person’s role and far too much content that won’t matter, thus leading to potential information overload.
- No engagement: Employees who don’t see the value of training will click through as fast as possible and gain nothing from it.
A first tactic to overcoming these shortcomings and transforming compliance training is to capture stronger data—metrics beyond completion numbers and time spent. Gather behavioral data that can help you assess engagement and information retention, uncover compliance blind spots, and inform program strategy.
Next, create role-based learning experiences by individualizing and personalizing training to the individual. Besides ensuring the right content is given to the right learners, you’re immediately addressing risk based on the role or function the individual was hired to do in the first place.
Finally, build an ecosystem of engagement that incorporates tools such as microlearning, job aids, video, and anything else that benefits employees after the formal training session is completed and creates a year-round compliance and ethics drip.
2. Design training around efficacy.
All the elements of a sound compliance training program may be in place, but are they actually effectively working together to affect employee behavior and reduce risk? Operational risk scorecards offer a great way to assess efficacy.
Collect as much data as possible—including operations, audit, helpline, training, and culture metrics—and evaluate the standards and policies already in place against the numbers. Ideally, you want to see a correlation among guidance, opportunity areas identified through training data, and a reduction in compliance incidents and risky conduct.
-
Create measurable—and continuously improvable—training.
The DOJ places a high emphasis on effectiveness—the new guidance uses the term or a form of it 54 times. The DOJ also wants organizations to be continually evaluating whether effectiveness and improvement are occurring. Again, the importance of data from training stands out.
Not surprisingly, completion data—checking the box rather than showing true progress—isn’t a strong indicator under the DOJ guidelines. Strong behavioral insight data can provide a better road map of effectiveness, engagement, and retention.
The benefits of behavioral insight data include:
- Insight into learners’ decision-making journeys
- Automatic adjustment of training path, in real-time, based on learners’ knowledge level and choices
- Low bias because simulated scenarios are based on the application of a specific, real-world risk topic
- High statistical validity if users must demonstrate proficiency before moving to the next topic
- Strong benchmarking and segmentation opportunities, from year to year, department to department, and any other comparison you want to make
- Actionable insights that can be used to target remediation and further guidance
Essentially, the DOJ wants compliance programs to be more proactive and less reactive. Training becomes more crucial as a way to get there. Engaging learners also empowers them to better detect misconduct and act compliantly. Under the scope of the new guidance, that effort can make all the difference.