Last week, we released an interview with Hui Chen, the Department of Justice’s former compliance counsel expert, on what the DOJ looks for (and doesn’t look for) in compliance training. That is, when prosecutors sit down to see if you should get credit for the work you did, what do they care about—and what makes them roll their eyes?
Our interview is the most detailed, granular discussion of this you’ll find anywhere, and you can download a free copy right here.
It would be difficult to overstate how significant this is in the compliance training field, a field that has been dominated by magical thinking and fear-mongering that has forced compliance folks to do things that they will admit seem like a dumb waste of time, but feel that they need to do because “prosecutors want to see it.”
This interview blows that up, and you should read it right now.
We’ll be unpacking this interview for a while, because there’s a lot to process. Today, I simply want to highlight three big reasons why it’s so important.
1. It shows prevention and defensibility are in sync.
.png?width=600&name=Hui%20Chen%20quote%20(goal%20is%20not%20to%20break%20law).png)
Real talk: a lot of folks still believe that there is a big gap between the stuff you do to prevent misconduct and the stuff that prosecutors want to see.
As in: prosecutors will give you credit for stuff you believe is dumb as long as it’s in the right format, length, whatever (“defensible” stuff) … but will not give you credit for stuff that you explain was a sincere effort to prevent people from breaking the law if it doesn’t meet those requirements (“prevention” stuff).
Of course, when I phrase it like that, it sounds silly. But if you think people don’t hold to this belief, then I strongly encourage you to try out compliance training sales—they do.
Basically, this is a form-over-function myth, or what we sometimes call the "Hogwarts School of Compliance Wizardry"—the idea that prosecutors are interested in the right magic words or formula and as long as you have that you’re good. And conversely, that anything you do that does not fit that magic formula will be disregarded.
In the interview, Hui makes clear this is false—and that prosecutors can tell when you try to gin up dumb activity for “defensibility.”
In truth, defensibility is simply documenting what you do for smart, thoughtful prevention—and how you document what you do is pretty flexible. (For more, read Questions 1-3 and 8.)
2. It shows there is no magic formula.
.png?width=600&name=Hui%20Chen%20quote%20(format%20doesnt%20matter).png)
Building on the prevention/defensibility distinction, one of the major things we wanted to accomplish with this interview was finally kill off some of the worst myths in compliance training—those about finding the magic format, length, or so on to please a prosecutor.
For example, how many times have you met someone at a conference who is VERY CONCERNED about some parameter like completion rate, course length, number of employees covered, format, or so on, believing that this will make or break their training?
This is, again, the Hogwarts School: the belief that as long as you have the right magic formula you’ll be fine—and that if you don’t have it, it doesn’t matter what you do because a prosecutor will just throw it out no matter how thoughtful, sincere, or intentional you were.
The DOJ has been pretty consistent in recent years that this is not true, but it hasn’t been super direct on it. And to be fair, there is a difference between a theme you extract from guidance and interviews and someone just directly addressing it.
That is, if you’re the enforcer, you probably think that people will read all that stuff and figure it out without you needing to say it directly. But if you’re the in-house person doing the work, and you’re at all nervous about whether what you’re doing will “get credit,” you’ll probably end up doing a lot of overkill “just in case” to protect yourself and your team. And that overkill will signal to all of your employees that compliance is a check-the-box, do-stuff-for-the-sake-of-doing-it activity—so in trying to protect your team, you make it more likely that you’ll be at risk in the first place. It’s a tough spot to be in.
We know that, so one of the things we wanted to do in this interview was have Hui address some of this stuff directly. And of course, no, there is no magic formula—but the interview gets very granular on unpacking that. (For more, read Questions 4-11.)
3. It shows that less can be more.
.png?width=600&name=Hui%20Chen%20quote%20(simple%20solutions).png)
Finally, this interview shows that bigger is not (necessarily) better.
That is, if you’ve ever attended a compliance conference, joined a benchmarking group, or been on any vendor mailing lists ever, you’ve been bombarded with the endless arms race of Unnecessary Compliance Training Doodads.
And you’ve probably felt the temptation to believe that if your company was not spending money and time on the latest and greatest compliance training whatnot, you were going to be in a right pickle—because failing to keep up with the Joneses means you would get dinged by the government as not taking it seriously.
Now, if you’re a fan of that school of thought—that complicated and bigger is always better because those things are persuasive on their own—then read Question 12 in our interview to get Hui’s take on what prosecutors think about you telling them how much money and time you spent on training.
But if you’ve been exhausted with the moving target of “benchmarking,” frustrated with the feeling that you can’t do simple things because you have to make them complicated to “count,” or you’ve despaired about how you’re supposed to keep up when your budget has been eviscerated by a pandemic and recession: take heart, because this interview gets you the freedom you need to focus on what gets the job done—and that’s it. (For more, read Question 18.)
*****
Y’all, this is the tip of the iceberg, and there’s more to come. Do yourself and your company a favor and read it now, and stay tuned for more analysis as we go.