Sign up to save your podcasts
Or
Share Day 14 of One Month to Operationalizing Your Compliance Program-Operationalizing Compliance Through Tailored Compliance Training
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Day 14 of One Month to Operationalizing Your Compliance Program-Operationalizing Compliance Through Tailored Compliance Training
The Justice Department Evaluation of Corporate Compliance Programs states the following around training:
Risk-Based Training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?
I thought about the requirement for tailored training and how this leads to operationalizing your compliance program. Consider the current best practices to tailor your compliance training. It is through a risk ranking system of employee job duties or positions which is usually done by someone from the corporate compliance function reviewing lists of employees and then matching up their job duties, focusing on those involved in international operations which have foreign government or state owned enterprise touchpoints. Most usually it targets employees involved in sales.
However, this type of analysis does not fully tie the calculus of FCPA touchpoints to the full panoply of the prevent, detect and remediate mandates of an operationalized compliance program. There are innumerable employees in every corporation who could be employed in the detect prong and who are generally not being engaged as a part of compliance backstop.
Typically, high-risk employees have FCPA training annually. However numerous studies have shown that more focused, indeed tailored, training can be more effective. Imagine the scenario where a high-risk employee is traveling to west Africa, which they book through the corporate travel portal. Unless the employee notifies compliance of this travel it is highly unlikely the compliance department would know about such travel.
Now imagine a corporate algorithm which could connect the dots of a high-risk employee, traveling to a high-risk country on a high-risk assignment. The current practice, in tech speak, is single-tenant software hosting, i.e. one piece of software available at a time with no continuity between corporate functions. Now envision a more multi-tenanted, Software as a Service (SaaS), approach where a company’s information is available through a single application, rather than having the information diluted through multiple applications. If a company is not using multi-tenancy, it may be hosting or supporting thousands of single-tenant information systems and cannot aggregate information across the corporate base and extract knowledge from large data sets as every corporate discipline may be housed on a different server and possibly a different version of software. This allows large and, more importantly, disparate data to be constantly fed into a single system where compliance can move more quickly and efficiently.
Now consider our high-risk employee, traveling to a high-risk country on a high-risk assignment. When they book the travel, compliance could read the information and then deliver a tailored compliance training reminder. There need not a be referral to the compliance department who might call and ask the employee where they are going and what the business purpose, who they are meeting, etc. Communications and training would be delivered to the employee’s computer via email or other delivery mechanism. It could be as simple as a reminder about the FCPA, the company’s Code of Conduct and anti-corruption compliance program around facilitation payments. Yet it could be as sophisticated as the RESIST training which provides specific procedures to resist solicitations requests or even extortion dem
View all episodes
By Thomas Fox
4.7
2020 ratings
The Justice Department Evaluation of Corporate Compliance Programs states the following around training:
Risk-Based Training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?
I thought about the requirement for tailored training and how this leads to operationalizing your compliance program. Consider the current best practices to tailor your compliance training. It is through a risk ranking system of employee job duties or positions which is usually done by someone from the corporate compliance function reviewing lists of employees and then matching up their job duties, focusing on those involved in international operations which have foreign government or state owned enterprise touchpoints. Most usually it targets employees involved in sales.
However, this type of analysis does not fully tie the calculus of FCPA touchpoints to the full panoply of the prevent, detect and remediate mandates of an operationalized compliance program. There are innumerable employees in every corporation who could be employed in the detect prong and who are generally not being engaged as a part of compliance backstop.
Typically, high-risk employees have FCPA training annually. However numerous studies have shown that more focused, indeed tailored, training can be more effective. Imagine the scenario where a high-risk employee is traveling to west Africa, which they book through the corporate travel portal. Unless the employee notifies compliance of this travel it is highly unlikely the compliance department would know about such travel.
Now imagine a corporate algorithm which could connect the dots of a high-risk employee, traveling to a high-risk country on a high-risk assignment. The current practice, in tech speak, is single-tenant software hosting, i.e. one piece of software available at a time with no continuity between corporate functions. Now envision a more multi-tenanted, Software as a Service (SaaS), approach where a company’s information is available through a single application, rather than having the information diluted through multiple applications. If a company is not using multi-tenancy, it may be hosting or supporting thousands of single-tenant information systems and cannot aggregate information across the corporate base and extract knowledge from large data sets as every corporate discipline may be housed on a different server and possibly a different version of software. This allows large and, more importantly, disparate data to be constantly fed into a single system where compliance can move more quickly and efficiently.
Now consider our high-risk employee, traveling to a high-risk country on a high-risk assignment. When they book the travel, compliance could read the information and then deliver a tailored compliance training reminder. There need not a be referral to the compliance department who might call and ask the employee where they are going and what the business purpose, who they are meeting, etc. Communications and training would be delivered to the employee’s computer via email or other delivery mechanism. It could be as simple as a reminder about the FCPA, the company’s Code of Conduct and anti-corruption compliance program around facilitation payments. Yet it could be as sophisticated as the RESIST training which provides specific procedures to resist solicitations requests or even extortion dem
More shows like FCPA Compliance Report
View all
The Rachel Maddow Show
37,306 Listeners
Corruption Crime & Compliance
42 Listeners
UnJustified
7,667 Listeners
Compliance into the Weeds
12 Listeners
Daily Compliance News
7 Listeners
31 Days to a More Effective Compliance Program
1 Listeners
Think Fast Talk Smart: Communication Techniques
826 Listeners
Main Justice
7,035 Listeners