In April 2019, the Department of Justice issued a guidance document for the evaluation of corporate compliance programs. The guidelines are directly intended to provide prosecutors a roadmap on what to look for in compliance programs of companies under investigation or already charged for violating federal laws. However, the map can also guide companies’ decisions as they develop and evaluate their programs.
The guidance, revised and updated from previous DOJ guidance a couple years earlier, offers a sort of blueprint that organizations can follow to create a more compliant corporate operation, including in how it delivers compliance training to employees. The end result is less risk, smarter employees, better reporting, and more accountability.
Moreover, following these guidelines can make all the difference in how prosecutors investigate, charge, and resolve compliance incidents. If the DOJ identifies that companies are striving to meet these guidelines, that could favorably factor into how it proceeds with enforcement.
The updated DOJ guidance is structured around three fundamental questions prosecutors will consider when evaluating corporate compliance programs—and each ties into compliance training in key ways.
Fundamental Question #1: Is the Program Well Designed?
This part of the guidance is comprehensive, covering everything from risk assessment to policies and procedures to confidential reporting to third parties. At its core, this first section gives a blueprint to prosecutors to determine if a business had a plan and a strategy to execute a working, relevant, and effective corporate compliance program that is enforceable, accessible, and efficient. From this blueprint, companies can better understand which best practices the DOJ looks for and design their programs accordingly.
Compliance training constitutes an important element of meeting the DOJ’s guidance of this section. The document states, “Prosecutors should assess the steps taken by the company to ensure that policies and procedures have been integrated into the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”
In other words, companies that haven’t taken strong measures to train their people will potentially face harsher consequences when a problem arises or suspicion has been raised. Employees should receive risk-based compliance training that is relevant to them, delivered in an appropriate and impactful format, and incorporates lessons learned from prior incidents. Training in such a program should include:
- A way to measure the effectiveness of training
- A way to test employees’ knowledge of what they’ve learned
- Resources and guidance after training that employees can consult as needed (job aids would fall into this recommendation)
This part of the guidance recommends training be integrated into all levels of the organization; be tailored to the audience’s size, sophistication, and subject-matter expertise, and use case studies and real-life scenarios to teach compliance. Outstanding compliance training partners are perfectly suited to provide this level of depth and deliver relevant, impactful learning that benefits the entire company.
Fundamental Question #2: Has the Program Been Effectively Implemented?
This section’s full question as listed in the guidance is “Is the program being applied earnestly and in good faith?” The guidance notes that a well-designed compliance program may be unsuccessful with poor implementation.
One question posed is if the program has sufficient staff to analyze results and effectiveness. In training terms, this could include whether the company dedicates enough resources toward not only conducting compliance training but also compiling data and applying the analytics to immediate and future strategy. This is an area in which a top-notch compliance training platform can take some of the burden off compliance personnel. The best solutions automatically deliver robust data and analytics, thus freeing up time for compliance officers to make key adjustments, plot training strategy, and attend to all the other parts of the program that require their attention.
Fundamental Question #3: Does the Program Work?
Well-planned, well-designed, well-implemented compliance programs still must be effective and deliver ongoing positive results. Even then, there are no guarantees of preventing a violation. The DOJ guidance notes, “… the existence of misconduct does not, by itself, mean that a compliance program did not work or was ineffective at the time of the offense.”
To determine effectiveness at the time of a charging decision or resolution, prosecutors can consider if a compliance program evolved over time to address current and developing risks. They also look at whether an organization took steps to understand how a noncompliance incident happened and what remediation steps were taken to prevent the incident from reoccurring. Again, this is an area in which metrics and analytics can be valuable.
Great training data can identify weak spots to be shored up via updated training and other measures. These analytics can provide benchmarks and show regulators and prosecutors that you’re serious about improving your program.
Top learning solution vendors help organizations with courses that are continually updated to reflect new laws, guidance, and industry best practices, and also can be customized to a company’s specific needs, areas of weakness, and, especially, past incidents to prevent noncompliance issues from occurring again.
The Path Forward
DOJ guidance on corporate compliance programs—and the training those programs offer—requires plenty of due diligence. Risk cannot be completely eliminated, but proactive compliance and dynamic training can help minimize it. And if a noncompliance event does occur, a strong program shows prosecutors that an organization was doing its best to design and implement an effective program.
Quality training from an experienced vendor delivers the proactive approach prosecutors like. The best partners keep training current, emphasize key concerns and concepts in today’s corporate compliance, and produce comprehensive data—thereby engaging users and solidifying your compliance profile. That’s the right thing to do, not only for impressing the DOJ, but also for creating a culture of compliance that employees respect and thrive in.