How Well Does Compliance and Ethics Training Actually Reduce Risk?


According to papers filed by the government in an FCPA prosecution late last year, the defendant company (RAE Systems) had learned of a practice of bribery in its joint venture in China but also concluded that “implementing an effective compliance program could hurt sales.”  Company personnel did, however, want to “evidence” that they were trying to stop bribery and so they provided “some FCPA training” to at-risk personnel.  In this attention-getting case, the Justice Department seemed to suggest – somewhat ominously – that the training (which it labeled a “half measure”) may have enabled the criminality to continue (by creating a possible defense in the event the bribery was detected).

A very different but equally troubling recent story about C&E training is found in an exchange in The Ethicist column in the New York Times Magazine last month, in which an employee wrote: “My company now requires all employees to complete a self-directed training course on the Foreign Corrupt Practices Act, relevant to our overseas staff but not to my job. This training takes about four hours, time better spent on something more productive,” and he asked about the ethics of skipping the course! The Ethicist responded that the employee was duty-bound to take the training regardless of his views of its relevance, and the employee replied to this that he subsequently “got the course materials.  He did not read them but immediately took the online test, passed it and was certified as having mastered the course work,” adding (unnecessarily in this case) that the course was “simplistic.”

On a less public level, one increasingly hears similar discouraging words about the limited value of current approaches to on-line C&E training.  For instance, an employee of a global company recently told me “In Europe, people pay their children to click through it” and at another company the phrase “mind numbing” was used to describe such training.  (Indeed, a lawyer whose full-time job had been developing on-line C&E training recently told me he doubted its efficacy.)   And, not infrequently, in-person training is criticized as well.

None of this should be surprising.  From a design perspective, training is often created in an utterly wholesale manner, so that, for instance, salespeople, those in finance and senior managers are all being given the same FCPA training even though their risks and responsibilities differ significantly.  Perhaps worse, from a deployment perspective, training is often disconnected from risk-causing events or other contexts in which C&E messages could be more effectively conveyed.

The significance of this latter point was underscored in a recently published study of widespread misconduct and C&E program failures at a large financial services firm.  (MacLean and Behnam, “The Dangers of Decoupling: the Relationship between Compliance Programs, Legitimacy Perceptions and Institutionalized Misconduct,” Academy of Management Journal, 2010, vol. 53, no. 6, 1499-1520.)   Among the failures noted in the study was the decoupling of compliance training from sales activities at the firm.   As with the suggestion in the above-mentioned FCPA prosecution, this and other C&E program failures were seen by the authors of the study as having contributed to the misconduct at issue.

The bad news is that much C&E training – both online and in-person – also suffers from decoupling.  The good news is that a just-in-time C&E communications – a solution to the dangers of decoupled messaging – can have a powerful impact in reducing risk.   This was suggested by another study (Mazar, Amir and Ariely, “The Dishonesty of Honest People: A Theory of Self-Concept Maintenance,” Journal of Marketing Research, 45 [December 2008], 633-645), in which individuals who were asked to read the Ten Commandments immediately before being presented with an opportunity to cheat were far less likely to take that opportunity than were others. The implications of this study for the C&E field are, to my mind, potentially revolutionary.

What, then, will the future of C&E training and other communications look like?   Very possibly, the “same as it ever was” – because many companies simply do not push for excellence and innovation in C&E program matters (the way they do for corporate functions more traditionally seen as mission critical, such as sales).  Indeed, it is not only businesses actively engaged in bribery that pursue C&E “half measures.”

But for organizations with a dynamic – and truly risk-focused – view of C&E programs, the path is clear: training should be developed in a far more granular way than it currently is and deployed when, where and how it can make the most difference.  After all, if C&E risks can evolve – which they do all the time – so can training.

No related content found.

About the Author

Jeff Kaplan

Jeffrey Kaplan, a partner in the Princeton, New Jersey office of Kaplan & Walker LLP, has practiced law in the compliance and ethics field since the early 1990's. Mr. Kaplan is also former adjunct professor of business ethics at NYU's Stern School of Business, co-editor (with Joseph Murphy) of Compliance Programs and the Corporate Sentencing Guidelines (West Thomson), former counsel to the Ethics and Compliance Officer Association and co-author of a study by the Conference Board on the use of compliance and ethics program criteria in government enforcement decisions.

One Comment

  1. Elliot Fisch
    February 9, 2011

    Mr. Kaplan: I enjoyed your article and agree with many things you say. However, after teaching ethics and compliance classes to students and corporate workers for over 40 years, I think that the training programs are mostly failures. The problems I find is that the workers who normally “take orders” listen and follow the rules. The workers who are given leeway in their job decision-making either don’t think the subject applies to them, they won’t get caught or reprimanded, or they ignore the class content. This is particularly true of managers and executives who often don’t even take the class. For this infraction the companies don’t fire or reprimand them-depending on how important they are to the company this is not even considered. There are a few exceptions, but in my experience I would say that this is the course most companies follow. The other problem is with non-US companies where their ethics are culturally quite different and compliance is non-existent. Trying to impose the US or UK’s “holier-than -thou” ethics approach is like talking to the wall. Unless we plan to stop doing business with these countires (unlikely) or fire our good producing employees (unlikely) these training programs are just a lot of hot air.