Individualized Compliance and Benchmarks: Focus on Your Company
Benchmarking is a valuable tool because it gives you a window into industry practices. Compliance professionals have to be careful how they use benchmarking information.
Falling into a benchmark should not necessarily give someone comfort. It is better to develop your own “personal” benchmark – what you think the company needs, and the reasons for the details of your program.
Take for example a recent survey which revealed that 50 percent of the responding companies conduct all of their training on-line, or the finding that 75 percent of the companies responding train their employees once a year (the remaining companies responding did so less frequently than once a year).
If you fall within these benchmarks, that does not provide any comfort. Nor will it be persuasive if a violation occurs and you are defending your compliance program to management and the Board, as well as the Justice Department and the SEC.
The key is to focus on what your company’s risk assessment is and how best to promote your compliance program within the company’s culture. Compliance programs differ especially when it comes to important programs such as training.
If possible, training should always be conducted in person. Of course, there are economic and practical realities which have to be taken into account. But I would never expect to conduct training exclusively online. Nor would I ever expect training to be conducted only once each year.
In-person training is invaluable because it promotes dialogue and questions. I have witnessed senior managers who, for the first time in years, learned that certain entities they have been dealing with for years were “foreign officials” under the FCPA. I also have observed how personal interactions leads to increased dialogue among the participants, leading to a more robust discussion of issues and practical problems which occur under the FCPA compliance policy.
While conducting training once a year may be sufficient, there is no reason that multiple sessions cannot be conducted in the same year. If compliance commits to a broad program to train the trainers, this may lead to increased training opportunities and more fruitful dialogue among managers and employees.
Training is the primary means of communicating a compliance program. A CEO can send out a letter; email reminders can be regularly scheduled; but when it comes down to it, there is nothing better than a personal presentation and dialogue with managers and employees to get the word out on a compliance program and establish a forum for answering questions and discussing compliance issues.
A robust training program fosters another important compliance value – training increases the likelihood that managers and employees will report potential problems internally and allow the company to elevate compliance issues and concerns to the appropriate level. The more dialogue the better and training is one of the most important opportunities for dialogue.