I’m really a nice guy. But first I find myself disagreeing with the FCPA Professor and Alexandra (I’ve never met the Prof, but I have met—and I tremendously admire—Alexandra). And now I find myself disagreeing, at least a little bit, with Thomas Fox. Maybe “disagreeing” is too harsh a word, because if Mr. Fox ever reads this, I think he’d agree with most of it. Let’s just say that I think that he, and the rest of the articles I’ve read recently on training, are missing the point.
Can we agree first of all that the purpose of training is to change behavior? Because I think that while people might say they agree with that statement, their training programs aren’t designed to actually do it. Their training programs are designed to be defensible, but not to be effective. You’d think the two are coterminous, but I find that they aren’t.
When it comes to compliance training, I have definite ideas. First of all, there’s no such thing as “compliance training.” It’s all business training. Second, “training” should always be referred to as “formal training.” Because the majority of training I give is informal. Let’s talk about each, and why informal training is more important.
Formal training is what Tom is talking about in this article, and his two-parter (Part I, Part II), and what the FCPA Blog talks about here. Formal training is classroom training, or an online course, or even a taped session that’s replayed (a good force multiplying idea from Alexandra). Formal training is a must, don’t get me wrong. Whether or not you have a test at the end is a question on which reasonable people can disagree.
I find myself leaning toward no test at the end. Here’s why: all compliance efforts are a trade-off. As a compliance officer, I had limited time, I definitely had limited resources, and I had to apportion my time where it did the most good. Administration around testing—giving the test, scoring the test, keeping track of passage rates, defining what happens if someone fails, handling people retaking the course, and re-taking the test, etc—is a pain, and a time-consuming pain at that. Plus you have the consequence management headaches: do you sanction them the first time they fail? How about the third or fourth? Do you then pull them off of sales? What if someone takes the course but doesn’t take the test? And that’s time I can spend doing something useful, because what do you get if someone passes the test, versus someone who took a course with no test? You get one subordinate clause in a sentence to the DOJ, “yes, the bribing employee took the training, and passed the test.” Is that “and passed the test” worth all the effort? I think not.
That said, you need formal training. For me, the way to do it right is to divide up your employees into three categories: high risk employees (those who interact with government officials as part of their duties or who have financial approval authority), medium risk (all non-high-risk marketing and sales people), and low risk (everyone else). I put the senior management (defined by me as direct reports of the CEO, and possibly CEO -2 depending on the size of the organization) in a separate category along with the Board. You’re not going to give them the same training as the rank-and-file, so put them to the side for a moment.
High risk employees should get more training. Preferably live training. Spend the money, because this is where you really need to concentrate your efforts. Identify your audience and tailor the training. High-risk salespeople should get one training, high-risk marketing should get a different training. When I was giving training, I had a base presentation that I’d work off of, but it would get tailored for every single training session I gave. It’s really not one-size-fits-all. Your high risk category should not get online training. With all respect to online training vendors, online training doesn’t change behavior, IMHO. It might look good, and I definitely see a place for it, but not with your highest risk employees. Simply put, nothing beats live training. You get an added benefit if you fly out someone to conduct live training, because the message is sometimes in the medium. But let’s not get ahead of ourselves.
Medium and low risk employees can certainly benefit from online training, especially low risk. This gets difficult to precisely define in the abstract, because every company is different, but for medium risk, you can use conference calls, WebEx, GoToMeeting, or Cisco’s Telepresence (one of the most amazing things I’ve seen in the videoconferencing world; and about 90% equal to being there) to imitate live training. [Full disclosure, Cisco is a client of Recommind, my employer…that said, I thought Telepresence was awesome before I came to Recommind]. Conference calls are also good because they can be recorded, and because a lot of systems can automatically track who calls in, which makes attendance-keeping that much easier.
[One thing I agree with Alexandra about: always have a Q&A. One caveat: be prepared for “we did this, was that okay?” questions, some of which will horrify you. And I really disagree with Alexandra about taping it: you definitely don’t want some of these questions on tape. Taping the course, yes; taping the Q&A, over my dead body.]
One other thing about tests. You must, simply must, give training to senior management. I think that’s even more important than giving training to the Board. If you give tests, you also have to give tests to senior management. Good luck with that.
As I said, I don’t believe in tests. But I do believe in keeping attendance. If you don’t keep attendance, don’t give the training. Most importantly, once you’ve identified your target audience, you need to monitor attendance and have consequence management in place in case someone doesn’t take it the course. Which brings me to informal training.
I once read that the majority of your message is in the non-verbal: how you stand, how you enter the room, your tone, etc. I strongly believe the same holds true for behavior management. What you say is important, but it’s the non-verbal—what you do—that’s crucial. Take consequence management: you must have it. Consequence management is a message, and a strong one. A supervisor saying, “hey, I just got an email that you didn’t complete your FCPA training on time…WTH?! Take it, and take it now, because the policy we follow says if you don’t take the course, you’re going to get pulled off government sales,” is a powerful message. Remember when I said it’s all business training? That’s what I meant. This message comes from a business supervisor, not the Chief Compliance Officer. And you touch not just that employee, but the supervisor, and pretty much everyone on that team, with how important the training is. That one line, given by an employee’s supervisor, is more likely to change behavior than the four-hour training of The Ethicist’s column.
There’s been chatter recently about compliance incentives. Incentives are a message also. I would sometimes ask the President of the business I supported to call out one employee on an all-employee call because of a good compliance catch. That’s a message. I would also ask certain supervisors to be sure to mention a good compliance catch in an employee’s next performance review. Believe me, that gets around. I would mandate the business appoint a business owner to every compliance initiative, and ask senior leaders to request updates from that employee, not from me.
Most importantly, I would have the compliance project become part of that employee’s scorecard. I am a big believer in compliance metrics becoming business metrics with a compensation connection.
Flying a senior compliance person into a market to give live training also sends a message. As I said above, the medium sometimes is a message all to itself.
The difficulty most companies have is that their formal training and their informal training are inconsistent. That’s a massive problem.
The key to behavior change is constant, and consistent, messaging.
If your compliance training says “don’t bribe,” but your sales scorecard is only about how much they sell, that’s inconsistent messaging. One of my key jobs, back when I was a compliance officer, was to get senior management to give “air cover” to rank-and-file employees who wanted to do the right thing, but who were being compensated solely on getting the deal done. It’s fine to say “be ethical,” but you have to back up that statement with action, or else you’re contradicting yourself. And actions still speak louder than words. People will ignore the words, especially if it means less compensation.
And think of what this means in your pitch to the Department of Justice. “This employee took our semi-annual, or annual training. But our training program is more than that. It includes informal messaging at town halls, staff calls, all-employee meetings, plus we back that up with actions: compliance is part of our compensation scorecard, and we have consequence management, up to and including termination, for missing formal compliance training.” I’d rather have that than, “he passed the test.”