Establishing a compliance and training system begins with a commitment to transparency. The first step would be to document the company’s story and the value proposition it offers to consumers. The next step would be to write a process map and training schedule. The more detail leaders can bring to the process map, the more they will minimize exposure or vulnerability to a government investigation.

Ideally, the process map would include details of every function, including:

• How the business goes about recruiting staff,
• How the business organizes its hierarchy of positions,
• How the business compensates staff members,
• The roles and responsibilities of each staff position,
• How the company trains staff members,
• How the company attracts customers,
• How the company selects vendors,
• How the company processes customer orders, and
• How the company retains records.

Documenting the company story should show the company’s good-faith effort to operate in compliance with all regulations and laws.

Further, the training should help all stakeholders understand consequences that can follow for those who fail to comply with the company’s policies and procedures. Resources from the Department of Justice and various regulatory agencies show that transparency goes a long way toward protecting the business and the people that build careers in the business.

Training will lessen a business’s exposure to charges of fraud, but it can also lessen a company’s risk of becoming a victim of fraud. Our team members at Compliance Mitigation have worked with more than 1,000 people that have been charged with white-collar crimes.

Those people claim to have begun careers with the best of intentions. Somehow, circumstances changed for them. As a result, some of them became less vigilant about ethics or morality. Other times, they broke laws without knowing how they were putting themselves and their companies at risk. Good training will lower the company’s risk profile. If that training includes lessons on the consequences of white-collar crime, more people may refrain from making the kinds of decisions that lead to criminal prosecution.

 

Overall Objectives:

1. If done well, compliance training will help everyone in the company get a clear understanding of corporate messaging. With better messaging, everyone on the team should work together to build a more efficient and profitable enterprise.
2. The compliance training should help employees grasp internal rules and regulations critical to their job responsibilities and tasks.
3. A good compliance training program helps a company avoid penalties and even potential lawsuits.
4. Simultaneously, it should improve employee efficiency, productivity, and satisfaction on the job.

 

 

General Requirements:

For a compliance training system to work effectively, the leadership team must commit. If the leaders embrace the organization’s goals and culture, the entire team will be more effective. Leaders should understand the relevant laws and know how to manage risk. Further, they should understand how lowering risk levels can lead to a company’s positive reputation, lessening the potential for penalties or lawsuits.

Without good leadership, the company may be vulnerable. The regulatory landscape may change, which could bring further problems. Leaders should give clear guidance with regard to all compliance matters.

Besides commitment, the leadership team must implement the training effectively. Our team recommends creating logs to measure the following key objectives of compliance training:

 

1. Do all staff members understand their compliance responsibilities?
2. Does everyone understand how the compliance program reduces risk?
3. In what ways does the compliance program minimize potential legal liability?
4. How does the compliance program protect the company’s reputation?
5. In what ways does the compliance program encourage integrity in the corporate culture?

 

Compliance training should cover internal regulations as well as external laws. Good leaders will understand the importance of identifying areas at high risk for non-compliance. They would then prioritize resources to document a strategy showing sensible controls. A good compliance system is like a good defense, providing leaders with confidence that they could respond to an investigator’s questions.

After covering the high-risk areas, leaders should create systems to show their commitment to good corporate citizenship. For example, the company may develop policies to show the business’s position on:

• Customer service standards,
• Anti-harassment,
• Anti-discrimination,
• Anti-sexual harassment,
• Conflicts of interest,
• Code of ethical conduct,
• Client confidentiality,
• Health and safety issues,
• Reporting protocols, and
• Issues particular to the business’s industry.

 

We encourage leaders to bring the training to life with human stories and interactive exercises. The business may build a stronger case of showing its commitment to compliance by designing quizzes that measure what each participant learned. By making those participant responses a part of each employee’s file, the company can build a stronger case of its commitment to compliance.

When employees earn their livelihoods from contacting clients over the phone, for example, leaders may want to include training exercises that profile dangers associated with the FTC’s Telemarketing Sales Rule and the Do Not Call List. The FTC regularly brings cases against small, medium, and large organizations if their investigations reveal a violation of FTC rules. The FTC’s website highlights how those investigations have led to injunctions, fines, asset freezes, and massive judgments against business leaders that profess ignorance of how they were violating rules, regulations, or laws.

Consider the FTC case against Sanctuary Belize. In that case, a real estate developer used television commercials to advertise a 14,000-acre community in Belize. The commercials attracted viewers with images of crystal-clear water, palm trees, and white-sandy beaches. Those commercials induced people to visit the company’s website. The website brought attention to what the developer called “a world-class marina” and other amenities at the project. Consumers that wanted to learn more would fill out a lead-capture form on the website, expressing interest in speaking with one of the developer’s sales reps.

Telemarketers would contact the prospective buyers to schedule appointments. They would show a computer screenshare of the property and respond to questions from the consumers. If the consumer expressed interest, the telemarketer would coordinate a tour of the property in Belize. When consumers saw the property in Belize, they would make a decision on whether to purchase property in the development.

Using that technique, the developer entered into contracts with consumers, selling more than 1,000 homesites in his massive development. Sales surpassed $100 million.

The Federal Trade Commission launched an investigation, conducting an undercover call with the developer. Investigators at the FTC went through the entire telemarketing pitch. Although they never visited the property in Belize, they built a case to accuse the developer of deceiving consumers. The FTC alleged that developer deceived consumers with coordinated misrepresentations.

As a result of those charges, investigators from FTC stormed the developer’s offices in Irvine, California. They seized computer records, all scripts, and other evidence to build a case. They began an investigation that turned telemarketers, managers, and leaders into either witnesses, subjects, or targets of their investigation. A lawsuit in federal court resulted in an asset freeze. Litigation expenses soared to several million dollars. In the end, a federal court issued a judgment in excess of $100 million. Further, the court placed enormous sanctions on the defendants, placing an earning cap of $5,000 per month on certain defendants; that earning cap would last a lifetime, or until the FTC fully recovered the full $100+ million judgment.

Had the company made a bigger investment in documenting the story, as well as its commitment to compliance training, the company’s leaders may have had a better defense against FTC allegations that they were operating a scam.

 

 

Regular Training:

 

Regular training represents another key component to an effective compliance program. If the program does not offer regular training, it will not move the needle in arguing for leniency or non-prosecution agreements in a government investigation. The company must show a true commitment to building a culture of truth, honesty, and transparency.

A good online system that makes all of the training material easily accessible would show such a commitment to compliance. Some training programs may require interactive exercises, while others may require independent learning. All compliance programs should have a takeaway, showing that participants are learning. When companies build records of compliance training, they protect the enterprise, the leaders, and the entire team.

Each component of the compliance training program should include a designated person, or responsible party. That person should have the appropriate training to oversee compliance. For example, the person in charge of training telemarketers should show fluency with the FTC Act and the Do Not Call List.They should be able to show how and why the company trains all team members to comply with such rules.

It’s important to ensure that all employees have an opportunity to speak with a responsible party. The company must be able to tell a story demonstrating the investment it made to operate in accordance with all regulations and laws.

 

 

Regular Analysis:

With changes in the regulatory landscape, an enterprise must show a concerted effort to stay on top of changes in laws and regulations and a pattern of continuously analyzing the effectiveness of its compliance or training program. Leaders should record every change, showing the company’s commitment to excellence. By documenting best practices, the company goes a long way toward building credibility with investigators.

Some useful tools to demonstrate a willingness to analyze and improve may include:

• Confidential performance reviews from immediate superiors,
• Confidential performance reviews from subordinates,
• Randomized peer reviews,
• Quarterly reviews by senior management,
• Periodic company-wide town halls to discuss the general direction of the company and important corporate developments,
• Management accessibility via internal email, and
• Documented strategies for internal corporate communications.

An effective compliance program will show a company’s commitment to do the right thing all the time, leading to more confidence that the enterprise can withstand an inquiry by investigators. Regulators look favorably upon such programs. By enacting steps to analyze and improve compliance policies, leaders show that they are not running the company by the seat-of-their pants, and that they’re not engaging in willful blindness that can lead to charges of criminal negligence.

 

 

Case Study:

Members of our team at Compliance Mitigation served time alongside thousands of other people who were convicted of white-collar crimes. We knew one person who owned a brokerage firm that specialized in trading bonds. As the company grew, the owner began to delegate responsibilities for day-to-day trading activities. Instead of overseeing trades, the owner focused on bringing in more capital. That strategy would have been fine, provided that the owner created well-documented and vetted compliance systems. Sadly, the owner did not.

Changing market conditions resulted in one of the lead traders making a series of unprofitable transactions. The trader then launched a series of events to cover up his decisions. When markets went against him, he lost more money than authorized, resulting in a margin call. The owner said that he was not aware of the losses, and he lacked the capital to meet the margin call. Chaos ensued, leading to a flash crash and obliterating the company’s entire portfolio.

The owner of the bond trading firm lost everything. A government investigation followed. Prosecutors brought charges against many people, including the owner for his criminal negligence in failing to supervise employees. After a guilty verdict, a judge sentenced the owner to serve a prison term of longer than 10 years and saddled him with a restitution order measured in the hundreds of millions of dollars.

Our team at Compliance Mitigation cannot vouch for the validity of what the owner told us—after all, we met him inside of a federal prison. On the other hand, we can say that if he had devised a better compliance system, he would have had a stronger defense against the charges that the government brought against him.

 

 

Elements of an Effective Compliance Program:

Like a three-legged stool, in order to stand, an effective compliance program should have three components:

1. The program should be clear with its objectives, communicating a commitment to compliance for all members of the enterprise;
2. It should show a commitment to transparency; and
3. It should include training on well-documented written policies, procedures, and standards of conduct. Having clear written policies and procedures in place that describe compliance expectations fosters uniformity within the company.

Without all three components, the compliance program will not serve much purpose in protecting the leaders or members of the enterprise. A clear authority figure should oversee the compliance program, and the person in that role should have appropriate training for oversight. That person must accept responsibility for staff training and demonstrate a good-faith effort to ensure every person in the enterprise understands the purpose behind every policy. Some compliance training will be basic, essential for all new hires. Other training modules may require monthly or even daily accountability logs.

A good system will encourage two-way communication throughout the organization. All team members should express confidence that the organization will consider their ideas for improvement. If the organization is willing to listen to concerns, the company can strengthen its defense of its commitment to act as a good corporate citizen.

All compliance training should include steps to document how the responsible person within the company monitors and audits compliance. A robust monitoring and auditing system may induce all company representatives to comply and shows corporate commitment to doing the right thing. Such tactics should:

 

• Lessen the company’s exposure to risks,
• Contribute to more efficient operations,
• Improve corporate messaging,
• Heighten each team member’s awareness of the dangers of government investigations, and
• Offer more insight to the risk levels associated with white-collar crime.

 

Corporate leadership must have the courage to be swift and certain when it comes to discipline. Sometimes, such a commitment can lead to an ethical dilemma. If a person serves in a leadership role and has a history of being a rainmaker for the company, owners may be reluctant to discipline the individual for noncompliance. Yet if the rainmaker undermines the enterprise’s commitment to compliance, the level of risk increases, often well in excess of the perceived benefit of the business generated by such rainmaker.

Again, leaders protect a company with well-documented commitments to transparency. If a team member fails to comply with program requirements, a clear record should show the appropriate corporate response.

When a company identifies vulnerabilities or violations through monitoring and auditing, management must take timely, consistent action to correct the issue. No company can implement a compliance program expecting to have considered all possibilities. We never know what we don’t know. For this reason, leaders within the enterprise should build a record of analyzing corporate compliance and making improvements when necessary.

 

 

How to Best Articulate a Company’s Compliance Program:

Google caught the world’s attention with its simple corporate motto: “Don’t do evil.” Since then, it’s become the target of several government investigations.

A company strengthens itself when it clarifies the corporate mission, then builds a compliance program that reflects a commitment to the mission. To that end, a company should establish and maintain a culture that promotes:

• Quality and efficiency,
• High standards of ethical and business conduct,
• The effective operation of the business,
• High-standard maintenance of customer, client and vendor relationships, and
• The prevention, detection and resolution of conduct that does not conform to the company’s standards and policies and applicable law.

A commitment to compliance should reflect those qualities above. It should apply to all company personnel equally, including but not limited to senior management, administration, personnel, ongoing contractors and all full-time and part-time employees of an organization.

All company programs should include elements that reflect best practices, including:

 

1. Written standards, policies and procedures to promote the company’s commitment to compliance with its own proscribed code of corporate conduct, applicable laws and regulations,
2. Designation of an employee as the Compliance Officer (at least, as a part of the employee’s overall job description) or the hiring of a full-time Compliance Officer charged, with the responsibility of implementing and monitoring the Compliance Program,
3. Designation of a Compliance Committee, if the corporate size warrants,
4. Regular, effective education and training programs for all personnel as appropriate to their functions,
5. A process to receive complaints concerning possible Compliance Program violations, procedures to protect the anonymity of complainants to the extent possible, and policies that protect complainants from retaliation,
6. Granting the Compliance Officer and/or the Compliance Committee, as the case may be, sufficient authority to investigate, report and make recommendations directly to senior management and the Board of Directors regarding any irregularities and all findings,
7. A process to respond to allegations of improper activities and the enforcement of appropriate disciplinary action against personnel who have violated policies, laws, regulations, or program requirements,
8. Periodic audits or other methods to monitor compliance and assist in the reduction of problems in any identified areas,
9. A process for investigating and resolving any identified problems, after investigation, report and recommendation by the Compliance Officer and/or Compliance Committee, as the case may be, and
10. A document stating the foregoing points that all stakeholders sign, including a member of senior management, the Compliance Officer and the employee, either upon initial implementation of the program or upon the hiring of any new employee.

 

The company’s compliance program should grow stronger and more effective over time, becoming an integral part of the corporate culture. When company leaders fail to implement a compliance or training program, they expose themselves and their team members to higher levels of risk.

As stated at the start of this module, the company should create an accurate organizational chart, defining excellence within each role of the organization. Such an organizational chart should become a part of the enterprise process map, illustrating the functions and responsibilities of every role. For example, the organizational chart should articulate the role of senior executives, showing responsibility for:

1. Evaluating risks that result from non-compliance with rules and regulations,
2. Approving and supporting the compliance program, and
3. Overseeing the performance of the compliance program to reduce risk.

The chart should show who bears responsibility to train on:

1. Compliance with laws and regulations,
2. Regulatory requirements of each functionary within the organization,
3. The company’s internal rules and codes of conduct, and
4. How the company works to remediate weaknesses and prevent violations.

The Compliance Officer/Committee should accept responsibility for:

1. Coordinating audits and examinations in connections with laws, regulations and corporate rules and codes of conduct,
2. Acting in an advisory capacity on the company’s policies and procedures,
3. Monitoring corporate transactions, functions, events and internal systems seeking violations and to uphold the integrity of the organization, and
4. Communicating issues to Senior Management and the Board of Directors.

 

Employees should acknowledge responsibility for:

1. Acknowledging that they’ve been trained in the compliance program,
2. Acting in accordance with the company’s compliance program,
3. Partaking and engaging in all of the company’s compliance program activities,
4. Reporting any violations of the company’s compliance program to either a direct manager or the Compliance Officer/Committee, confidentially or otherwise, as the case may be.

 

As a living, breathing entity, the enterprise should maintain the compliance program to protect against disruptions from litigation and government investigations, as well as to show a commitment to professionalizing the business. An effective program would demonstrate how the company pursues excellence, which leads to more success for all team members.