last mile compliance training blog header-1

Could you defend your compliance training *content* to the Department of Justice?

January 14, 2019 8:17:59 AM CST / by Ricardo Pellafone

Not just "could you show you've done compliance training."

Could you defend what your training actually covers, so that you can answer the questions the DOJ has said they've asked?

There's a pervasive belief that prosecutors are box-checkers who simply look at training records and don't actually ask about what the training covers—like, as long as you have records, they'll just let it alone.

But that's not what the DOJ has actually said they do.

So, to that end: does your training address the last mile? Does it connect compliance to work duties, so that your front-line employees know how it applies to their specific jobs?

Because the Department of Justice has publicly flagged that this is what they've asked about since 2016 (and shameless plug: it's the type of training we specialize in). But we often run into folks who admit they don't do anything here yet.

So in this post, we're going to set up a little context and then drop some quotes on what the DOJ has said it asks about—so whether you work with us or not, you at least don't fall prey to the "anything goes, as long as there's a record" mindset, because that's a recipe for hurt.

 

Context: the three parts of training.

It helps to have a little context here. Big-picture, you can think of training as addressing values, concepts, and behaviors. Like this:

last mile compliance training

All three of these things are important, but compliance training hasn't historically focused on all three. For example, old-school compliance training really just focused on just the "concepts" part.

last mile compliance training blog

This is when lawyers dominated the compliance field, as they loved talking about laws and risks (trust me, I used to be one—we love it). And it was a massive failure; it lacked any connection to values or what people actually did at work, and so it was both dry and impractical. 

So, our profession had a values revolution. We went upstream, focusing on the values and ethical principles that made the legal and risk concepts relevant.

last mile compliance training blog2

This was a giant leap forward. It connected the concepts to deeper human values, and that helped people understand why the concepts mattered. And this is more or less where most folks are today—this is what most annual compliance training covers—although you have a few stragglers caught in the lawyer-driven "concept only" stage.

Even so, it's still incomplete, because misses the last mile of training— the part that connects the concepts to what people actually do in their specific jobs. 

And that part, the last part, is what the DOJ says they ask about.

last mile compliance training blog3

 

The DOJ asks about the last mile.

The reason the DOJ looks for the last mile—the part about behavior—is because their job is to enforce the law. And laws regulate behavior, not values or concepts. 

To that end, here's what Hui Chen, the DOJ's expert compliance consultant who guided how the DOJ actually evaluates compliance programs, said she looked for back in 2016:

I also look to see how the most front-line workers understand their jobs:

Does the clerk in the accounts-payable room understand his job to be processing payments as quickly as he can, or does he understand that he is supposed to keep an eye on certain things and escalate issues he identifies?

Does the new salesperson understand her job to be making the deal at all costs, or does she understand that there are boundaries? 

That's a last-mile training issue: how do concepts like "fraud" and "channel stuffing" and "corruption" actually translate to behaviors like processing payments and making deals?

And then, of course, there's the DOJ's Evaluation of Corporate Compliance Programs. That document was released in 2017 and gives you dozens and dozens of questions that the DOJ thinks are relevant to ask when they evaluate a compliance program. 

Here's the relevant bit:

What training have employees in relevant control functions received? 

Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? 

Again, this is getting at last-mile training: are you training people how to do their specific jobs—especially those whose jobs have a big impact on your risks? 

To be clear, values and concepts are important, and you should keep focusing on them; you need to understand your values and concepts to know which behaviors matter in the first place. Hui is now consulting, and her own website is heavily focused on values and ethics (as well as behavior). Don't throw the baby out with the bathwater.

The point I'm making it simply this: the part that is going to get you in trouble with the law, for better or worse, is not what people believe or know but what they actually do, because that's what laws regulate—behavior.

And that's why that's what the government asks about when they evaluate your program. Do employees know how to do their specific jobs compliantly?

Make sure that if they ask it of you, you have an answer.

Ricardo Pellafone

Written by

Ricardo Pellafone

Ricardo used to be in-house compliance, leading investigations for a sovereign wealth company in Abu Dhabi and a Fortune 500 tech company in California. He has degrees in psychology and law.