Companies need to have a plan when they begin the process of creating or revising a compliance training and communication program. But what does that really mean and how do companies go about building or revising such a plan? The answer to these questions will likely be company specific, but let me offer a few thoughts and observations drawing largely from my own experience at CA Technologies.

When I took over responsibility for the company's compliance training and communication in early 2009, the company was at a crossroads. Following an accounting-related government investigation, subsequent settlement, and the creation of a best-in-class compliance program, employees began to develop a bit of compliance “fatigue” after several years of their inboxes being inundated with compliance training messages and other compliance-related communications.

While the team had ideas and opinions on where to take our compliance program, we thought it was essential to get feedback from various constituencies within CA to ensure our global program truly reflected the global scope of our business and to better understand which aspects of our compliance program were working (at least in the eyes of our employees) and which were not.

During my first year on the job, we visited a number of offices around the world to help gain the global perspective we were seeking.  We conducted employee opinion surveys and employee focus groups, and we held one-on-one meetings and conversations with employees at all levels of the organization to gather information and learn. While we initially thought we would hear different types of feedback from different parts of the world, surprisingly, our managers and employees generally told us many of the same things:

1.     Compliance training was too long, often too esoteric, and very often not helpful to employees because it did not relate to their core job responsibilities. Employees expressed a strong desire for training that was more engaging and relevant to their jobs.

2.     Many employees stressed the need for live training conducted in the local language. Although most employees are fluent in English, many expressed the desire to be trained in the local language to ensure that nothing was getting “lost in translation.”

3.     Employees and managers at all levels felt that the compliance organization was a bit of a mystery to them— they did not fully understand what the compliance organization did on a day-to-day basis and felt that they lacked any real visibility into the types of compliance issues that the company was encountering.

4.     Employees also felt that messaging around compliance was, at times, either condescending or written in a way that made it appear that the company did not trust its employees.

Armed with this feedback, we began outlining ways that we could incorporate it into the design of our plan for compliance communication and training.

First, we stopped using third-party vendors for compliance training and began creating all mandatory compliance courses in-house because we felt that the external offerings, while very informative, were often too dense and too long. We made a conscious choice to focus our compliance training energies on issue spotting and awareness-raising, rather than on in-depth subject matter expertise.  

We did this for two reasons:

1.     Our experience had been that our employees were not retaining the information being covered in courses that attempted to deliver in-depth learning; and

2.     Focusing on issue-spotting and awareness-raising is consistent with our belief that if we can get people talking about compliance and asking questions, we can address most issues long before they become compliance problems.

We also issued a mandate that no compliance course would take longer than 25 minutes to complete. We would rather have two 20 minute courses than one 40 minute course. Our experience has been that even the most interested audience begins to fade after about 20 minutes.

Our compliance training and communication plan is and will always be a work in progress. I think this has to be the case for every organization, as such organizations and legal and regulatory landscapes will undoubtedly evolve and change over time.

To address the concern that compliance training was “boring,” we created a fictional character named “Griffin Peabody” and featured him prominently in a number of our compliance training courses and awareness campaigns. This pseudo-employee regularly gets himself into trouble for his numerous compliance-related transgressions—from questionable client expenses to inappropriate workplace conduct. Most of our employees immediately took a liking to Griffin and began looking forward to new materials that featured him.

To further engage our audience in training initiatives, we began using company employees as actors in our compliance videos, even going so far as to hold casting calls for the video shoots. The end result was a series of highly entertaining videos (many of which can be found on YouTube) featuring employees engaging with Griffin, which generated even greater interest from other employees who looked forward to seeing their friends and colleagues in starring roles.

To ensure that compliance training materials were being delivered live and in the local language, we enlisted the help of the company's Worldwide Law Department. CA's general counsel created a goal for all company lawyers, requiring them to hold at least 3 live training sessions on compliance–related subjects for their clients, with the training conducted in the local language.

We gave the lawyers flexibility to determine the format for this training. Some scheduled formal training sessions with their clients, while others hosted things like “lunch and learns” where they spent time discussing various compliance-related topics including antitrust, insider trading, Regulation Fair Disclosure, the Foreign Corrupt Practices Act, appropriate workplace conduct, and the appropriate use of social media. Because the live training has been so well received by employees, we continue to incorporate it into the annual goals of the company's legal team (it should be noted that the human resources team has also taken an active role in offering this live training to employees).

In our efforts to de-mystify the company's compliance organization, we began to publish a quarterly newsletter called “Walk the Talk.” Each newsletter includes profiles of real-life, company compliance cases and quarterly compliance statistics (including the number of compliance cases by geographic region with a comparison from the prior year, as well as a breakdown of the types of compliance issues we are addressing, such as fraud, conflicts of interest, and others).

While we do not list employee names, we do provide comprehensive descriptions of the compliance issues and how the issues were resolved (in many instances, employees were either disciplined or dismissed).  

Employees responded that they particularly liked reading the real-life cases and learning about how the company resolved these cases. Not all compliance officers agree with providing this level of transparency to employees, but our experience has been, thus far, very positive.

We also created Regional Business Ethics Councils in each of our 3 major geographic regions (the Americas, EMEA, and Asia-Pacific). Each Council is comprised of 6 to 8 senior business leaders from each part of the company's business (legal, finance, HR, sales, development, administration, and others) and meets quarterly. The councils largely serve as a communication vehicle between our corporate compliance team in the United States, business leaders, and employees.

Council members play a critical role with compliance messaging to employees in their respective regions. During each council meeting, members discuss current compliance issues and internal and external trends, significant legal or regulatory changes that impact the business, and upcoming compliance initiatives. We also solicit feedback from the business on the current business environment, any concerns the business leaders may have about our business or our compliance program, and any other issues they wish to discuss. While the level of engagement with council members varies from person to person and council to council, this exercise has succeeded in creating more visibility into the compliance function for company business leaders and more visibility into the global business for our compliance team.

To address employee concerns that compliance messaging showed a lack of trust, we have worked closely with our communications team, as well as our network of business leaders around the globe to help ensure that our messaging has the right tone to effectively resonate with our employees. We strive to create communications that are engaging and easily understood by all employees. We might, on occasion, come off as sounding a bit “preachy” to employees when discussing certain compliance issues, but we ensure that we take the time to focus on how we are messaging things to our employees and this has helped improved employee perception about the compliance function.

Our compliance training and communication plan is and will always be a work in progress. I think this has to be the case for every organization, as such organizations and legal and regulatory landscapes will undoubtedly evolve and change over time. Every company should examine its plan at least annually to ensure it is still viable and continually look for opportunities to improve it. This iterative approach to training and communication will help ensure that messages are being heard, understood, acted upon and appreciated by your employees.