Any ethics and compliance training program needs to do double duty: It must provide accurate training that meets legal requirements, and must speak to the unique needs and nuances of your industry and company. No two ethics and compliance training programs will look exactly alike, but that can end up being their biggest strength. So how do you choose your own adventure, develop an ethics and compliance training program that meets legal requirements and engages your employees, while covering all the essentials? Let’s unpack the purpose of an ethics and compliance training program, the best courses to include in every training program, and how you can personalize your training program to reinforce your company culture and values.
Before we look at exactly what ethics and compliance training should cover, it’s important to root this conversation in the larger “why.” Remember that your training program’s mission, at the core level, is to reinforce a strong culture of ethics and trust and encourage ethical behavior at your organization. Yes, mitigating risk and ensuring compliance are vital core tenets of your program, but when you ask your employees to learn policies and procedures without connecting them back to a larger, holistic vision, the training will ring hollow and will be easily forgotten. Think of your policies as a roadmap that, combined with your code of conduct, helps your employees stay true to your company values and do the right thing.
In order to build and maintain an ethics-first culture, your training program should provide a modern, learner-driven experience where courses evolve with the regulatory environment. Your training content should meet the unique compliance requirements for your company by spanning unique geographic, regulatory, industry-specific, and company-specific needs. Regulatory requirements differ from one state and country to the next, just like training needs differ from one employee group to the next. To satisfy regulators, start with what each relevant regulatory body expects and build from there. Below are some examples of the regulatory bodies that may oversee areas where you do business, and their documented stance on compliance training.
Department of Justice
In June of 2020, the U.S. Department of Justice (DOJ) updated its guidelines for evaluating corporate compliance programs. These updated regulatory compliance guidelines set out to determine “the adequacy and effectiveness” of a corporate compliance program, because the DOJ “does not use any rigid formula to assess the effectiveness of a corporate compliance program.” They make individualized determinations based on multiple factors, including “the company’s size, industry, geographic footprint, regulatory landscape, and other factors, both internal and external to the company’s operations, that might impact its compliance program.”
The three common “fundamental questions” a prosecutor should ask when evaluating a company’s corporate compliance program are:
Do I have to train foreign employees on FCPA compliance?
The U.S. Federal government is as focused as ever on the bribery and corruption of foreign officials, making the Foreign Corrupt Practices Act (FCPA) more important than ever before. The FCPA “was intended to halt those corrupt practices, create a level playing field for honest businesses, and restore public confidence in the integrity of the marketplace.” Even though the FCPA has been around since 1977, both the DOJ and the Securities and Exchange Commission (SEC) have increased the number of Enforcement Actions in recent years. While the FCPA is an American law, it has a wide extra-territorial reach, impacting jurisdictions overseas.
So what does this mean for your compliance training program? A good compliance training program shows a focused effort to avoid corruption, or “evidence of good faith,” by training relevant employees on bribery, anti-corruption, third-party due diligence, and proper gift, travel, and entertainment policy. In practice this can look like requiring an FCPA training upon hire, then requiring annual training for specific roles/locations, such as overseas sales, marketing, and finance, who are more likely to be exposed to bribery and corruption risk. Reduce the risk of your employees breaking the law by providing proper training, communicating clear expectations in writing, and providing a detailed roadmap with standards and procedures, should any issues arise.
If your organization does business in Europe, you’ll need to comply with the European Union’s (EU) system of laws. Composed of 27 member states, the EU is an influential consortium comprising 5.8% of the global population and a Gross Domestic Product (GDP) of $17.1 trillion in 2021. The regulations coming out of the EU have global implications, and if you do any business abroad, you may want to train your employees on both the GDPR and the EU Whistleblower Protection Directive at a minimum.
The General Data Protection Regulation (GDPR) aims to give individuals more autonomy over their personal information and how it is used. The GDPR requires organizations to operationalize and demonstrate compliance with many requirements and principles for personal data processing. It also defines eight data subject rights, guaranteeing specific entitlements for individual’s personal data. Across their data landscape, organizations must demonstrate the enforcement/governance of these policies and principles. Your compliance training must demonstrate accountability and enforce governance of these policies.
EU Whistleblower Protection Directive
On December 17, 2021, the new EU Whistleblower Protection Directive came into effect for large companies and completely transformed how businesses in EU member states receive and address whistleblower complaints. The Directive expects companies to broaden required awareness and trainings to cover full-time employees, vendors, contractors, interns, and more. In practice, this means training your EU-based employees on whistleblowing systems, and anti-retaliation measures.
The French Anti-Corruption Agency (AFA) and Sapin II
The French Anti-Corruption Agency (AFA) is a regulatory agency, modeled after the FCPA and the UK Bribery Act, built to help public and private sector entities prevent and detect bribery, influence peddling, extortion by public officials, illegal taking of interest, misappropriation of public funds, and favoritism. Sapin II passed in 2016, establishing corporate compliance program guidelines for companies operating in France. Sapin II requires companies to establish a compliance program that aligns with the AFA’s guidelines. The law also defines a whistleblower reporting procedure and prohibits retaliation against whistleblowers. Because new Sapin II-related guidance is issued regularly, it is imperative to keep your compliance training up-to-date for all relevant employees.
There are no universal training requirements applicable to every company. However, there are courses, regardless of local or industry requirements, we can suggest every company should train on. These courses set the tone for your training program, speak to your organization’s values, and establish a strong foundation from which to build the rest of your program.
Compliance training course examples
After you’ve covered your regulatory compliance bases, it’s time to determine the other ethics training topics your organization would benefit from. Remember this isn’t about a “pray and spray” philosophy, believing that more training is better, but rather an approach tailored to your organization’s unique needs. Operate internationally? Consider the effectiveness of your compliance training and how offering the content in multiple languages will help reach a diverse workforce. Prefer the fit of a custom-made, bespoke program? When designing a made-to-measure program, one as unique as you and your organization, your training courses can take whatever shape you can imagine. If your company values inspire your staff or a particular policy has grown into a success story, you should see these wins as opportunities to show off and celebrate your unique organization.
A modern ethics and compliance training program will benefit your organization by ensuring compliance, demonstrating your value-driven actions, and engaging your workforce. Even better, by meeting them where they’re at and how they learn, your ethics and compliance team can further strengthen your company culture and encourage ethical behavior.
Looking for a library of ready-made compliance training courses? OneTrust Ethics Training offers a library of 14 compliance training courses that are continually updated to comply with regulatory updates and available in 27 languages – plus, you can customize and add courses according to your company’s unique needs. Request a demo today.