Unsure whether your organization’s compliance training program needs a refresh? Try taking it for yourself from the perspective of a new employee.
Vinca Russell once found herself in that situation. Hired by a company to manage its global ethics and compliance training communications program, she sat down for 2 1/2 hours of annual training and thought to herself, “Boy, this is a heavy load for everybody every year.” And so, she set to work on refining the program.
“We set a hard-and-fast rule that each year we would not train associates on more than three topics, and we would rotate them based on risk,” Russell said. “We were able to reduce that burdensome 2 1/2 hours of training to 26 minutes on average.”
Russell, now senior manager of compliance at Danaher subsidiary DH Diagnostics, spoke to this initiative as part of a session on behavioral analytics in compliance training at Compliance Week’s 16th annual National Conference this week. The session carried an extra element of timeliness, coming less than a year since the Department of Justice updated its “Evaluation of Corporate Compliance Programs” guidance to stress its desire to see compliance programs are “adequately resourced and empowered to function.”
“The DOJ is not looking for you to cross some visibility threshold—like this myth of if you get to 98 percent completion, you’re bulletproof. It’s just not true.”
Neha Gupta, CEO, True Office Learning
The guidance asks the following:
Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?
“From at least a DOJ perspective, what you’re showing is how your program is informed by data and how there is an integrated journey across the elements of your program: what you’re putting into place from a controls perspective, how you’re updating your policies, and how you’re doing your communications and awareness,” explained Neha Gupta, CEO of software vendor True Office Learning. “The DOJ is not looking for you to cross some visibility threshold—like this myth of if you get to 98 percent completion, you’re bulletproof. It’s just not true.”
Even 2 percent would still be a lot of grey area for chief compliance officers to fill. When assessing your program from a data perspective, start small, advised Susan Castaneda, chief compliance officer for property and casualty at financial services giant, The Hartford.
“What I found was that my business partners were incredible resources,” she said of her own experiences. “That really started me thinking in the right direction on what I wanted to measure. Then we had a few early wins that got the ball rolling, and we used those wins to help fund a data resource to come on board and work with us.”
Like Russell, Castaneda found herself needing to confront her training program. Her compliance team was hounding a new senior executive at The Hartford to complete his privacy training. Turns out he was the new privacy officer for the company.
“I walked into my one-on-one with him, and he said, ‘What in the heck are you doing, you’ve got 20,000 people taking ungodly amounts of training and to what end?’” Castaneda shared. “We knew we had a little bit of a task in front of us, and what we also realized is we were a little bit out of step. We were training every single employee … on the exact same type of privacy-related issues, which made absolutely no sense considering the type of work the individuals were doing.”
Through the use of analytics, Castaneda and her team figured out a way to reshape training at a job-specific level. Doing so cut down the time it took annually from an hour to 30 minutes, which saved the company approximately $250,000 given the size of its staff.
“That pays for an awful lot of goodwill when it comes to asking business support in furthering data and analytics and hiring compliance if you’re able to show them you are a progressive organization that’s looking at those things and spending human capital resources as effectively as possible,” she said.
That kind of sales pitch is key, noted Russell. Many CCOs will find it’s “hard to move the ship sometimes” when it comes to getting buy-in to update analytics. Having other areas of the business on board—IT, HR, etc.—can go a long way to answering the inevitable question, “What’s wrong with the way we’re doing it now?” Russell said.
Simply accepting the status quo as sufficient is no longer an option. It’s a competitive disadvantage, Gupta said, one that could have your business run afoul of a particular audience.
“Frankly, there’s a lot of forces from a regulatory compliance perspective that are pushing you in that direction that you want to be careful of ignoring,” Gupta said.
CW21 Career Day provides timely forum for CCO advice
- Currently reading
Updated DOJ guidance stresses need for data in compliance training