ComplianceAsk the bank that just paid the SEC more than $ 6 million for failing to adequately train its Asia Pacific Region (APAC) personnel on antibribery with respect to hiring practices.  The bank had policies against hiring personnel in exchange for business, but, according to the SEC’s order, the company “failed to effectively train APAC employees or monitor their compliance with those policies…. APAC bankers and compliance personnel lacked familiarity with and understanding of [the company’s] anti-bribery and corruption policies, particularly as those policies relate to hiring.” SEC Order in Administrative Proceeding File No. 3-19537.

Andrew Gentin, acting Assistant Chief of the DOJ’s FCPA Unit, recently spoke about the importance of compliance programs, including the necessity of customizing training to employees’ particular job responsibilities, at the Society of Corporate Compliance and Ethics’ 18th Annual Compliance & Ethics Institute in September.  “What we see a lot is companies coming in and presenting these really impressive statistics, like 99.2% of this group has training… That doesn’t tell us much.  We need to know that the training is well tailored to the specific function.”  An example he gave was that sales people working in high-risk jurisdictions require more sophisticated training than sales people working in the U.S.

The government’s emphasis on tailored training is not new. In the FCPA Resource Guide released by the DOJ and SEC in 2012, the agencies described training as being a critical part of a company’s compliance plan.  They stated in the Resource Guide:

Compliance policies cannot work unless effectively communicated throughout a company. Accordingly, DOJ and SEC will evaluate whether a company has taken steps to ensure that relevant policies and procedures have been communicated throughout the organization, including through periodic training and certification for all directors, officers, relevant employees, and, where appropriate, agents and business partners. For example, many larger companies have implemented a mix of web-based and in-person training conducted at varying intervals. Such training typically covers company policies and procedures, instruction on applicable laws, practical advice to address real-life scenarios, and case studies.  Regardless of how a company chooses to conduct its training, however, the information should be presented in a manner appropriate for the targeted audience, including providing training and training materials in the local language. For example, companies may want to consider providing different types of training to their sales personnel and accounting personnel with hypotheticals or sample situations that are similar to the situations they might encounter. Resource Guide at 59 (emphasis added).

The DOJ’s Justice Manual also addresses training specifically.  It provides that a hallmark of a well-designed compliance program is appropriately tailored training and communications.  The DOJ stated on pages 4-5 in its April 2019 guidance on Evaluation of Corporate Compliance Programs:

Prosecutors should assess the steps taken by the company to ensure that policies and procedures have been integrated into the organization, including through periodic training and certificate for all directors officers, relevant employees, and, where appropriate, agents and business partners.  Prosecutors should also assess whether the company has relayed information in a manner tailored to the audience’s size, sophistication, or subject matter expertise.  Some companies, for instance, give employees practical advice or case studies to address real-life scenarios, and/or guidance on how to obtain ethics advice on a case-by-case basis as needs arise.  Prosecutors should also assess whether the training adequately covers prior compliance incidents and how the company measures the effectiveness of its training curriculum.

Prosecutors, in short, should examine whether the compliance program is being disseminated to, and understood by, employees in practice in order to decide whether the compliance program is “truly effective.”  JM 9-28.800.

Tips for FCPA Training

Given the guidance from the DOJ and SEC and the lessons learned from recent cases, here are some training tips:

  • Examine where the company’s greatest risks of FCPA violations exist (e.g., sales and marketing; foreign government licensing and permits; third-party agents, distributors and consultants; subsidiaries’ and affiliates’ operations outside the U.S.).
  • Interview employees in those areas where interaction with foreign officials occurs and discuss real-life examples of scenarios they face when conducting the company’s business.
  • Create hypotheticals based on the real-life-scenarios to present in training sessions, accompanied by instruction on how to handle such situations in a lawful manner so as not to violate the FCPA or the anti-bribery laws of that country.
  • Conduct the discussions in the native language of the company’s employees.
  • Review the elements of the FCPA in the training sessions.
  • Make the training sessions mandatory and take attendance.
  • Require training certifications following the training session.
  • Determine whether training should be annual or bi-annual.
  • Schedule training on the FCPA for the company’s officers, directors, and upper management appropriate for their respective roles in the company.
  • Design a methodology for monitoring performance of FCPA compliance in a way that rewards compliance and punishes non-compliance.
  • When problems occur, repeat and/or revise the training to address the problems, so everyone can learn from them.