What The DOJ Wants From Your Compliance Training Program

Aligning Your Training With DOJ Guidance

Introduction

In 2020, the Department of Justice updated its guidance document, Evaluation of Corporate Compliance Programs, superseding previous guidance from April 2019 and February 2017. The Guidance, which was intended as a reference of information and questions for prosecutors to ask companies when evaluating their compliance programs amidst investigations and subsequent charging decisions, provides us a lens into how we should be structuring our programs. 

While there were updates to various aspects of the compliance program, we are going to focus in on aligning your compliance training and communications with the DOJ guidance. In order to break down the latest DOJ guidance so that you could apply the framework to your compliance training program, let's first look at how the DOJ assesses a compliance program overall.

Download a PDF version of this guide by filling out this form, or keep scrolling to read.

What The DOJ Wants From Your Compliance Training Program

Download the Guide Instantly

Chapter 1

What Core Questions Does The DOJ Use To Evaluate A Program's Effectiveness?

1. Is the corporation’s compliance program well designed?

If you want to evaluate effectiveness of your compliance program, the gaps and strengths of its design is a great place to start. Specifically, the DOJ guidance asks whether your program is "adequately designed to prevent and detect by employees" and "whether the program is well integrated into your company's operations and workforce.

2. Is the program being applied earnestly and in good faith?

The second question to ask yourself, is whether your program is resourced and empowered to function well. The DOJ asks prosecutors to evaluate whether the program is implemented as effectively as possible, and to assess whether the program is really just a "paper program", or if it is “implemented, reviewed, and revised in an effective manner."

3. Does the corporation’s compliance program work?

Just because misconduct happens, doesn't mean the program behind it was ineffective. What the DOJ encourages prosecutors to look into last, is “whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems” and “whether remedial improvements to the compliance program have been tested to demonstrate that they would prevent misconduct in the future.”

A Recap On The DOJ's 2020 Guidance Update

A Recap On The DOJ's 2020 Guidance Update

In 2020, we broke down the latest guidance, and connected it to specific areas of a compliance program. To get a refresher on this 2020 update, click on the button below to open the table in full resolution.

Compliance Area

Updated Content

I. Is the corporation's compliance program well designed?

Risk Assessment

Prosecutors should endeavor to understand why the company has chosen to set up the compliance program the way that it has, and why and how it has evolved over time

  • Updates and Revisions - Is the periodic review limited to a "snapshot" in time or based upon continuous access to operational data and information across functions? Has the periodic review led to updates in policies, procedures, and controls?

  • Lessons learned - Does the company have a process for tracking and incorporating into its periodic risk assessment lessons learned either from the company's own prior issues or from those of other companies operating in the same industry and/or geographical region?

Policies and Procedures

  • Addition to Design - What is the company's process for designing and implementing new policies and procedures and updating existing policies and procedures, and has that process changed over time?

  • Accessibility - Have the policies and procedures been published in a searchable format for easy reference?

Training and Communications

  • An acknowledgment that training programs may contain shorter, more targeted training sessions to identify timely identification and reporting of issues

  • Form/Content/Effectiveness of Training

  • Whether online or in-person, is there a process for employees to ask questions arising out of the trainings

Confidential Reporting Structure and Investigation Process

  • Effectiveness of the Reporting Mechanism

  • How is the reporting mechanism publicized to third parties?

  • Does the company take measures to test whether employees are aware of the hotline and feel comfortable using

Third Party Management

  • Prosecutors should assess whether the company knows the risks posed by third party

  • Management of Relationships - Does the company engage in risk management of third parties throughout the lifespan of the relationship, or primarily during the onboarding process?

Mergers and Acquisitions (M&A)

  • Ensure a process for timely and orderly integration of the acquired entity into existing compliance program structures and internal controls (noting flawed or incomplete pre-or-post acquisition diligence and integration can allow misconduct to continue at the target company)

  • Due Diligence Process - Was the company able to complete pre-acquisition due diligence and, if not, why not?

  • Process Connecting Due Diligence to Implementation - What has been the company's process for conducting post-acquisition audits at newly acquired entities?

II. Is the program being applied earnestly in good faith? In other words, is the program being adequately resourced and empowered to function effectively?

Commitment by Senior and Middle Management

  • Emphasis that the company foster a culture of ethics and compliance "at all levels of the company... from the middle and the top"

Autonomy and Resources

  • Structure (where the function is housed) - What are the reasons for the structural choices the company has made?

  • Experience and Qualifications - How does the company invest in further training and development of the compliance and other control personnel?

  • Data Resources and Access - Do compliance and control personnel have sufficient direct or indirect access to relevant sources of data to allow for timely and effective monitoring and/or testing of policies, controls, and transactions? Do any impediments exist that limit access to relevant sources of data and, if so, what is the company doing to address the impediments?

Incentives and Disciplinary Measures

  • Consistency Application - Does the compliance function monitor its investigations and resulting discipline to ensure consistency?

III. Does the corporation's compliance program work in practice?

Continuous Improvement, Periodic Testing and Review

  • Evolving Updates - Does the company review and adapt its compliance program based upon lessons learned from its own misconduct and/or that of other companies facing similar risks?

 

What The DOJ Wants From Your Training Program In 2021

The 20-page DOJ update could feel like an overwhelming amount of information to break down - let alone build and reshape training strategies on. We wanted to eliminate some of the heavy lifting for you, and boil the document down into the three major guidance themes that the DOJ makes crystal clear throughout its guidance.

Chapter 2

Prove That Your Training Goes Far Beyond "Checking The Box"

One of the most consistent themes throughout the latest DOJ guidance, is that a "one-and-done" program doesn't work. Organizations may be content to merely fulfill compliance training requirements that meet laws and guidelines, or perhaps they offer basic learning and believe that’s enough for employees to make good compliance decisions. We see a pattern of program pitfalls among organizations that prevent them from reaching beyond ‘checking the box’:

Training with more of the same:

Compliance best practices — and the threats those best practices are intended to mitigate —are always evolving. If training doesn’t keep up with the changes, employees will receive substandard learning and miss out on the things they must know and react to in the present.

Asking the right questions to the wrong employees:

One-size-fits-all compliance training gets only a few relevant points to each user and potentially subjects them to an overload of information that doesn’t apply to their jobs.

Employees don't engage:

If users don’t see the value or have a vested interest in compliance training—either before or during the session—they’ll speed through it, clicking as fast as possible just to get it over with. Subsequently, employees don’t digest anything they need to learn and are even less likely to apply the training in everyday compliance situations.

 

Escaping The Box

Capture stronger data.

Your journey to escaping the box starts with generating, capturing, and assessing data beyond hindsight data (completions, helpline, etc.). Look for ways to generate predictive, behavioral data that can help you assess engagement and retention, uncover your risk blind spots, and drive a strategy for a more effective future program.

Create a role-based learning experience.

By individualizing and personalizing the experience to the learner, role-based learning ensures the right courses and questions are given to the right users. No valuable learning time is wasted, and employees are exposed to the information most applicable to their jobs.A good rule of thumb – work backwards from the risky tasks your employees are doing (who is doing those risky tasks) and train them to do those jobs the right way. Focus on employees with supervisory authority, those with approval authority, or gatekeepers in a process or function. 

Build an ecosystem of engagement:

A comprehensive training ecosystem that incorporates other tools, such as, microlearning, job aids, and videos helps you operationalize your program by continually engaging employees and targeting specific areas in which certain employees are weak.

Build An Ecosystem Of Engagement

The True Office Learning Approach To Building

An Anti-Paper-Program

Award Winning Data & Insight

Winner of the 2020 Brandon Hall bronze for Best Advance In Learning Measurement, The I.Q. Analytics engine generates the compliance data clients "wished they had" (a real I.Q. Analytics testimonial). The behavioral data captured behind every step of the learning journey measures engagement of your training, and identifies opportunities to improve. Completely unique to I.Q. Analytics is the ability to generate predictive data - powerful enough to uncover risk blind spots, slice and dice learner-populations for stronger training segmentation, and drive the intelligence of the complete ecosystem.

Truly Personalized Training & Coaching

Another of True Office Learning's award-winning solutions, Scholar, is the only truly adaptive way to train employees. Each learner's experience is unique, and builds a journey based on proven knowledge, retention, and specific needs. Over 12 million learners across the globe were guided and coached to a proven 100% topic-proficiency using the Scholar solution.

A.I. Learning Paths

Scholar's intelligence has allowed us to build a feature that earned True Office Learning the 2020 silver medal from Brandon Hall's Best Advance In A.I. & Machine Learning category. A.I. Learning Paths has unlocked the ability for Scholar to learn which employees, from which groups and segments require additional training, and which to reward based on their expertise. A.I. Learning Paths can schedule and launch a predetermined set of reinforcements to learners that need the support.

Reinforcement Tools That Actually Work

True Office Learning content and solutions are built around the strongest possible engagement - data-backed and proven-out. This has led us to build a suite of tools and partnerships that prevent training from becoming stale, and engage learners in the most effective way. This group of products is known as the Coach offering, and is a proven opportunity to train using completely fresh content and formats - meaning your training never has to be viewed as "the same old stuff" again.

Chapter 3

Design Your Training Program Around Efficacy

2021 should include evaluation of the elements of your program, whether they work in practice, and contribute to an overall effective program. This year, work towards gathering and aggregating your data - operations, helpline, audit, culture, training - into an operational risk scorecard to tell whether your efforts are working. For any key risk as a high-level example (note this isn’t an exhaustive list of questions, rather a general guide):

First look at the standards and training you have in place and ask:

  • Do I have an updated policy in place that is easily accessible and localized for employees?

  • Have I trained your employees on proper handling of common dilemmas they can encounter, reporting, and where to seek guidance?

    • Do those with management, reporting or investigation responsibilities receive additional guidance?

    • Do behavioral insights from the training experiences demonstrate clarity and readiness in the audience? If not, what trends do you see?

  • Is there messaging that reinforces appropriate behaviors to those who need it throughout the year?

  • Outside of online training, are employees given clear guidance and resources to know how to do this task correctly?

If you answered yes to all the above, great. You also want to look at the controls, monitoring, and reporting you have in place:

  • Are my internal systems and controls working as expected and monitoring for potential red flags?

  • Do we see helpline reporting in the same areas that showed opportunity in the behavioral insights? If not, do we have a culture where people feel comfortable speaking up if they have questions or see alleged wrongdoing?

  • Is my investigations and substantiation process working effectively through any reports and what additional trends are visible in this hindsight data?

To demonstrate whether your program is working in practice, evaluate the standards you have in place against the operational and helpline data collected in your systems. If there is a correlation between guidance, opportunity areas identified from training and related reduction in risky conduct or predictive insight into helpline substantiations for example, then you’re on the right track.

THE TRUE OFFICE LEARNING APPROACH TO EFFICACY

The True Office Learning Approach To Efficacy

Scenario-Based Adaptive Learning

True Office Learning's Scholar solution is the smartest way organizations can train their employee population. We take our proprietary adaptive technology and pair it with a scenario-based, learn-by-doing format of training. This methodology helps learners reach 100% proficiency, and sustains knowledge retention more effectively.

A Suite of Operationalization Tools

With the right engagement and communication tools, you can operationalize your program to sustain learning throughout the entire year. We partner with best in class content providers to bring clients the strongest operationalization tools available for their programs.

  • Broadcat: Job Aids and Manager Toolkits that provide clients with assets that connect directly to a learner's specific roles and responsibilities, making the information relevant, timely, and actionable

  • Micro Learning Assets & Video Moments: A complete library of expertly-designed training material.

  • Tuesdays With Bernie: A compliance training sitcom that trains on topics in a format learners enjoy

  • Step Up by Gary Turk: Emotion-packed videos that communicate to learners how and why to do the right thing

Proactive Behavioral Data

Unique to True Office Learning are two things that make us the best solution for aligning with DOJ guidance: Access to real behavioral data throughout the entire learner journey, and a training product ecosystem driven by that advanced level of data. The data provided by I.Q. Analytics can help you create a true Organizational Risk Scorecard; a piece of insight strong enough to shape the future of your compliance program with improvement and efficacy in mind.

Chapter 4

Create Measurable, Continuously Improvable Training

You can't improve what you can't measure. So not surprisingly, the DOJ looks for your ability to measure the effectiveness of your program, and that the data drives purposeful improvements throughout the year.

Good behavioral data is key in the evolution of compliance programs. The DOJ provides a roadmap and descriptive guidance of what this looks like. Within their guidance, the term “effective” or “effectiveness” comes up 54 times throughout this document. And within the training and communications program element specifically, this is especially critical now that the DOJ has inserted a new question: “Has the company evaluated the extent to which the training has an impact on employee behavior or operations?”

To help you compare value of "old data" like quiz data and completions to the behavioral data you'll need to make strategic decisions, have a look at the below table.

 

Quiz Data

Behavioral Insight Data

Description

  • An output of quiz questions

  • All learners within the designate learning track receive the same questions, irrespective of knowledge level

  • Data that shows each learners' decision making journey in simulation

  • Unlocks different scenarios based on knowledge level, which can move up and down through the course of the training

  • Allows for engagement & mastery measurement

  • Uncovers weak and strong areas of training, and reinforcement opportunities

What it shows

The average number of attempts it took before answering the question correctly

Behavioral data based on the choices the employee made within the given scenario and alternate equivalents

Level of bias

High - written to be theoretical assessments, not application-oriented decisions

  • There is no equivalent in the event learner chooses incorrectly

Low - written as simulated scenarios that require application of a compliance risk topic

Statistical Validity

Low - Answers do not change (i.e., if the learner selects “a” and it is incorrect, they select “b” the next attempt out of process of elimination

  • High - the user is given an alternate, equivalent, scenario and must demonstrate proficiency on the subject before moving on

  • Simulation analysis is a demonstrated method in assessing risk

Discoverability

High – brute force. Can’t demonstrate learning

Low – coaching up the proficiency curve demonstrates the learning journey to mastery

Segmentation & Benchmarking Ability

Low – no real point of comparison or meaningful insight that contributes to benchmarking

High – ability to compare segments across organization and industry to determine risk hotspots and areas that need remediation. Built to assess performance year over year.

Actionability

Low – no true analytics that allow teams to target risk areas or trouble segments

High – situational simulation presents actionable insights compliance can use to target remediation and guidance

 

THE TRUE OFFICE LEARNING APPROACH TO ACTIONABLE TRAINING MEASUREMENT

The True Office Learning Approach To

Actionable Training Measurement

Powering An Entire Training Ecosystem With Behavioral Intelligence

Winner of Brandon Hall's 2020 Best Advance In Learning Measurement Bronze medal, I.Q. Analytics is the intelligence platform that powers it all. The data captured by each training engagement, at the learner-level, drives the full True Office Learning ecosystem, and intelligently shapes your entire compliance training strategy.

"This is the data we've been talking about, but never had a way to get to".

Real behavioral insight from your training is your only path to making continual, data-backed improvements to your program. We like to create a vision with our clients so that their program is classified as an "intelligent Experience".

Foundational Phase 1

Consolidation Phase 2

Intelligent Experience Phase 3

Transform existing compliance risk areas

Identify risk areas requiring additional focus, and update training modules based on intelligence

Aim to reduce training cadence based on performance data

Deploy adaptive learn-by-doing training (basic targeting of audiences based on role & risk)

Swap in and out training modules per behavioral performance, helpline data, etc.

Add Intelligent recertification

Review aggregate performance and behavioral intelligence collected with team & subject matter experts

Further refine training audiences based on role & risk (new hires, high risk targeted compliance areas) Build in reinforcement (awareness tools)

Add A.I. nudge

 

Review YOY data with program owners, stakeholders & compliance committee

Begin role-based mapping process and align with training calendar on multi-year approach

   

Add manager/supervisor tools and resources

   

Leverage data and plans for board reporting

 

We make program evolution easy

I.Q. Analytics is our clients' strongest partner in continually improving their program over time - a main point in the DOJ's guidance around proving that your program works in practice. It allows you to make data-driven decisions on how to improve, what risks to mitigate, and how to create an organization where every learner can be his or her most ethical and compliant self.

close chapters modal

Download a PDF version of this guide by filling out this form

Simply fill out this form to receive a PDF version of our guide.

Download The Guide Instantly

preview-1-What The DOJ Wants From Your Compliance Training Program