Training is a key component of any properly functioning compliance program. The training component has essentially been codified as a requirement when constructing a comprehensive compliance program. In the “Evaluation of Corporate Compliance Programs,” released by the DoJ’s Criminal Division’s Fraud Section in 2017 number six on the seven elements list was “training and communications”. This important aspect of compliance has been reiterated each time the DoJ or a government regulator has updated their publications on compliance expectations.
A prime example of the importance of a training program is the 2012 indictment of a former Morgan Stanley director in a Foreign Corrupt Practices Act enforcement action. In that DoJ initiative it was alleged that the Morgan Stanley director engage in conduct that was not sanctioned or authorized by Morgan Stanley. Specifically, the Director pled guilty to “one-count criminal information charging him with conspiring to evade internal accounting controls that Morgan Stanley was required to maintain under the Foreign Corrupt Practices Act (FCPA).” Importantly, it was the employee that was charged, not Morgan Stanley.
Excerpts from the DoJ’s press release pointed out that “Between 2002 and 2008, Morgan Stanley trained various groups of Asia-based personnel on anti-corruption policies 54 times. During the same period, Morgan Stanley trained Peterson on the FCPA seven times and reminded him to comply with the FCPA at least 35 times.” The release went on to say, “After considering all the available facts and circumstances, including that Morgan Stanley constructed and maintained a system of internal controls, which provided reasonable assurances that its employees were not bribing government officials, the Department of Justice declined to bring any enforcement action against Morgan Stanley related to Peterson’s conduct.”
Items to consider when constructing the training component of your program are:
- Risk-based training
- The audience of the training
- Inclusion of case studies
- Prior compliance incidents
- What to do if an employee fails the testing
- Measuring the effectiveness of the training
As noted in a previous blog post the DoJ has updated its guidance to prosecutors contemplating taking action against a corporate defendant. In the April 2019 update the DoJ suggested, “Prosecutors should assess the steps taken by the company to ensure that policies and procedures have been integrated into the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners.”
The costs of not having a robust training component are increasing daily.