How can you create or revise your compliance program? One of the first steps you should take is to devise an action plan. A recent article in the March edition of the Compliance Week magazine, entitled “Putting Together an Action Plan for Compliance”, Joel Katz, the Chief Ethics and Compliance Officer (CECO) for CA Technologies, wrote about his experiences in updating the company’s compliance training program.
He said that after the company had gone through a compliance investigation, it created a “best-in-class” compliance program. However, after a few years of intensive training and continued corporate reminders about compliance, the employees began to suffer from ‘compliance fatigue’. Katz decided it was time to come up with a way to determine what was working and what was not working regarding the company’s compliance program in the “eyes of the employees”. To facilitate this Katz literally went around the CA Technology world listening to employees, both in focus groups and individually, about what they thought was working and what they thought did not work. He found that the company’s managers and employees generally had the same four critiques, which were:
The compliance training was ineffective; it was too long, often too esoteric, and very often not helpful to employees because it did not relate to their core job responsibilities. Employees expressed a strong desire for training that was more engaging and relevant to their jobs.
Employees wanted live training but in their local language. Although most employees are fluent in English, many expressed the desire to be trained in the local language to ensure that nothing was getting “lost in translation.”
There was a lack of understanding regarding the role of the compliance group within the company. Both employees and managers at all levels felt that the compliance organization was a bit of a mystery to them – they did not fully understand what the compliance organization did on a day-to-day basis and felt that they lacked any real visibility into the types of compliance issues that the company was encountering.
At times compliance seemed liked the ivory tower as employees also felt that messaging around compliance was, at times, either condescending or written in a way that made it appear that the company did not trust its employees.
I found Katz’s responses to the training critiques very interesting and had some components that you may wish to incorporate into your program. CA Technologies decided to ditch all outside vendors for training and put it on using internal resources. The company also “made a conscious choice to focus our compliance training energies on issue spotting and awareness-raising, rather than on in-depth subject matter expertise” which was done for two reasons. First, the company did not believe that employees were retaining the information being covered in courses that attempted to deliver in-depth learning. Second, by “Focusing on issue-spotting and awareness-raising is consistent with our belief that if we can get people talking about compliance and asking questions, we can address most issues long before they become compliance problems.”
To make the training more real and more entertaining, the company began to use examples of “compliance related transgressions” demonstrated by the fictional character “Griffin Peabody” in courses and awareness campaigns. The company also used this character in company training videos that its employees starred in as participants. To help with the logistics of training, the compliance department enlisted the CA Technology law and HR departments to assist in putting on the training. Interestingly, compliance did not specify to the trainers how to put on the training, instead they gave them the flexibility to put on training in variety of ways such as ‘lunch-n-learns’ or other less formal training. But here is the real kicker – Katz “issued a mandate that no compliance course would take longer than 25 minutes to complete. We would rather have two 20 minute courses than one 40 minute course. Our experience has been that even the most interested audience begins to fade after about 20 minutes.”
To help de-mystify the role that the compliance function had in CA Technology, the group published “a quarterly newsletter called “Walk the Talk.” Each newsletter includes profiles of real-life, company compliance cases and quarterly compliance statistics (including the number of compliance cases by geographic region with a comparison from the prior year, as well as a breakdown of the types of compliance issues we are addressing, such as fraud, conflicts of interest, and others).” Katz noted that the names were removed to protect the innocent and guilty but that the company did “provide comprehensive descriptions of the compliance issues and how the issues were resolved (in many instances, employees were either disciplined or dismissed).” What Katz found was that CA Technology employees said that “they particularly liked reading the real-life cases and learning about how the company resolved these cases. Not all compliance officers agree with providing this level of transparency to employees, but our experience has been, thus far, very positive.”
In the article, Katz admitted that the compliance group “might, on occasion, come off as sounding a bit “preachy” to employees when discussing certain compliance issues”. To address this issue, the compliance team worked with the company communications team and the company’s global leadership team to “help ensure that our messaging has the right tone to effectively resonate with our employees. We strive to create communications that are engaging and easily understood by all employees.” With this assistance, Katz believes that the compliance group ensures “that we take the time to focus on how we are messaging things to our employees and this has helped improve employee perception about the compliance function.”
Katz’s article had several salient points around training for the compliance practitioner. His change in focus of the company’s compliance training from the subject matter expertness to issue raising awareness is something that certainly resonates with me. Employees can be your first and, many times, best line of defense from a compliance issue becoming a full bore Foreign Corrupt Practices Act (FCPA) or other legal violation. Giving them to tools to know when and how to raise their hand when something does not make sense is more important than droning on about the elements of a FCPA violation. Also the CA Technology methods for delivering compliance training are quite innovative but in many ways very cost effective. By moving the training in-house and allowing the trainers to determine how to deliver the training, you can obtain greater buy-in and participation. Lastly, how many of you out there put on training for only 20 minutes? Do you think that would make your employees sit up and take notice, if not smile, if they could get their compliance training in 20 minute increments?