Compliance Training Governance Committee
By Thomas Fox ,The Compliance Evangelist, Author
One issue not often considered by compliance professionals around compliance training is that of compliance training governance. Yet a multinational organization subject to the Foreign Corrupt Practices Act (FCPA) faces many legal and regulatory risks and often many of those risks are “owned” by organizations that are outside of the compliance function.
How can your organization create a comprehensive compliance training program that covers its complete risk profile?
In the age of Coronavirus, any multinational organizations will have a broad risk portfolio which are typically owned across the organization. Consider compliance risk, fraud risk, reputational risk, financial accounting risk and discrimination risk. These are but a small sample of risks that will not be “owned” by the Corporate Compliance Function. This presents a real challenge when you are trying to create a comprehensive compliance training program that covers all of the legal and regulatory risks faced by a company.
How can your organization create a risk-based compliance training program that addresses ALL of a company’s legal and regulatory risks, including the risks that are “owned” outside of the established compliance function?
Shawn Rogers, Senior Director, Global Ethics and Compliance – Training and Awareness at Walmart suggests that one approach
“Is to establish a corporate Compliance Training Governance Committee that looks at the company’s overall risk profile and builds a cross-functional and comprehensive multi-year training plan that effectively addresses all of the risks in a company’s risk portfolio.”
There are several reasons for doing so. First, your organization can establish a truly risk-based program; where not only will you meet the Department of Justice (DOJ) expectations, as set out in the 2020 Update to the Evaluation of Corporate Compliance Programs and 2020 FCPA Resource Guide, but you will end up with a program that truly covers all of the company’s main compliance risks.
Second, such an approach allows each risk-owning stakeholder to see how their risk stacks up against the entire risk portfolio of the organization. Rogers stated, “This lends to a negotiated and coordinated solution for the risk managers, and it leads to a measured and balanced program for the learning audience.”
Third, such an approach allows your organization to drive standards and consistency across all of the training courses. Rogers believes that one of the biggest frustrations for many employees “is taking multiple required courses, all done by different vendors, all with different interfaces and different approaches to presenting the material.” Finally, never forget the efficiency component as such an approach eliminates redundancy across the courses and allows for cross-course coordination. There are often numerous common learning objectives that cut across cybersecurity, data privacy and information lifecycle management. These common learning objectives can be coordinated and exploited.
How do you set up a cross-functional governance team?
You should begin by identifying the individuals in your organization who will have ultimate decision-making authority. Next move to identify the representatives of the various risk-owning organizations.Rogers noted this can include
“representatives from the Compliance Department, Product Safety, Workplace Safety, Information Technology, Data Privacy, Human Resources, Marketing, and the General Counsel’s Office. These representatives were typically the individuals tasked with training responsibilities in those organizations, and either served as subject matter experts or were well-connected to subject matter experts. The final component is to identify representatives to sit on the committee from the supporting organizations.”
After the individuals for your Compliance Training Governance Committee have been selected, the next step is to prepare a Committee Charter which clearly sets out the objectives of the governance teams, the roles and responsibilities and the meeting cadence. Any training course proposed for the organization will go have to be submitted to and approved by the Compliance Training Governance Committee. Additionally, the Compliance Training Governance Committee can review, assess and update any training courses.
A Compliance Training Governance Committee will allow your organization to effectively establish a multi-year training plan, help in the vendor selection and engage in course creation.Rogers noted,
“One of the biggest benefits has been the predictability that it has brought to the compliance training program. Every stakeholder from a risk-owning organization knows exactly when his or her function will have their course deployed over the three-year calendar. They can plan resources, they have a long lead-time to develop the courses, and during their off-years they can do communications campaigns and events to keep their risk top-of-mind.”