The Challenge of Compliance in an Uncertain World
Online training offers a critical step forward in the unending challenge of corporate governance.
- By Donald A. Deieso, Ph.D., Hope S. Foster
- Feb 01, 2003
IN the face of a still-raw tragedy more than a year ago, Americans were forced to redefine the idea of national security and the actions necessary to ensure their safety. Since then, all-too-frequent disclosures of corporate corruption have destroyed the investment accounts of millions of people, established a business climate of suspicion and fear, and resulted in scores of criminal indictments.
There has never been a greater need for effective corporate compliance programs. And with corporate budgets under strain from a sluggish economy and a complex web of compliance demands resulting from highly publicized examples of corporate corruption, there has never been a time when such programs are more difficult to initiate and sustain.
Compliance After Enron
"An effective . . . compliance program can literally mean the difference between survival and possible extinction to a corporation," said Deputy Assistant Attorney General William J. Kolasky of the U.S. Department of Justice's Antitrust Division on July 12, 2002, when he spoke before the Corporate Compliance 2002 Conference at the Practicing Law Institute in San Francisco, Calif.
Although corporate compliance officers always have known the importance of effective compliance programs, the stakes have been raised by the implosion of companies including Enron and WorldCom, by the questions surrounding other publicly traded companies, and by the dozens of investigations now underway by the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ). In today's redefined compliance climate, what may have been acceptable in past years is no longer tolerable. The enactment of new laws and the intense scrutiny under which companies must operate encourage all companies to assess their own management of regulatory and legal risk, as well as their ability to detect, contain, and resolve problems within their organizations. Many compliance programs will need to be updated to address a range of new compliance responsibilities, including the following:
- The New York Stock Exchange has issued final corporate governance rules for companies listed on the NYSE. If adopted, the rules would require many companies to change the composition of their boards of directors, adopt and publish corporate governance policies and charters, and expand the responsibilities of their audit committee members and chief executive officers. These rules implement both the SEC's earlier proposals and Section 302 of the Sarbanes-Oxley Act of 2002.
- The Sarbanes-Oxley Act is a sweeping corporate governance law that contains multiple requirements. One of the most daunting is the required certification by a regulated company's chief executive officer and chief financial officer about the accuracy of the company's financial information. The final rule also mandates that public companies establish, maintain, and regularly evaluate controls and procedures for gathering, analyzing, and disclosing information.
Effective, Comprehensive Compliance
While the recent spate of new compliance rules has garnered substantial attention, the risks managed by compliance officers have steadily increased over the past decade. At a minimum, an effective compliance program should address such wide-ranging issues and regulations as antitrust; non-discrimination in the workplace; corporate governance; document management; environmental practices; the USA Patriot Act of 2001; privacy; procurement policies (including anti-kickback and commercial bribery laws, as well as the Foreign Corrupt Practices Act); and securities regulations.
The reasons for compliance might seem self-evident, but it is worth noting that the costs of non-compliance continue to escalate--and the benefits of implementing a comprehensive compliance program increase in parallel.
1) The best, most obvious, reason to have solid compliance policies and programs is to maximize the likelihood of adherence to the law and decrease the consequences for companies and individuals in case things go wrong. DOJ has made clear that it considers "the existence and adequacy of the corporation's compliance program" and of the remedial steps taken by the company, including "any efforts to implement an effective corporate compliance program or to improve an existing one," in determining whether to prosecute a corporation for alleged violation of civil and criminal laws.
2) The availability and cost of liability insurance for directors and officers have changed dramatically over the past year. Many insurers are likely to require an effective compliance program before they write affordable policies.
3) A company's value is determined in part by its ability to attract and retain investors, top-quality employees, and corporate partners or clients. Given the scrutiny triggered by recent corporate disclosures of wrongdoing, companies with effective compliance programs are more likely to excel in each of those areas. Perhaps of equal value, companies with effective compliance programs are less likely to attract employees, suppliers, or partners who might be willing to violate the law.
Training: The Key to Compliance
In general, compliance is an industry-specific endeavor, especially for companies in highly regulated industries such as health care, defense and government contracting, insurance, and financial services. Notwithstanding the specific compliance requirements that will be shouldered by companies in any individual industry, however, there is one inescapable component of any effective program: Employees and executives must receive appropriate and regular training that deals with the legal requirements and risks in the areas most relevant to their work.
Training is at the heart of any compliance program, whether the company is a financial institution struggling to determine which documents must be retained or a self-insured manufacturing firm grappling with the privacy standards under the Health Insurance Portability and Accountability Act. The need for training is not limited to rank-and-file employees. In today's business world, the actions of one employee--a senior manager, a part-time worker paid by the hour, or a salesperson employed by the company's foreign subsidiary, for example--can expose the company to millions of dollars in penalties or even incarceration of its employees.
The compliance requirements affecting virtually all U.S. businesses are undergoing such rapid change that compliance training programs cannot afford to be static, either. Consider, for example, just a few recent decisions and how they could affect existing training programs:
- The U.S. Supreme Court invalidated a Department of Labor regulation that required employers to grant additional leave to employees who were not informed that their absence would count against their Family and Medical Leave Act entitlement.
- The U.S. Equal Employment Opportunity Commission addressed questions from employers about whether, under the Americans with Disabilities Act and the Rehabilitation Act, they could request information to identify individuals who might need assistance during an evacuation and whether the employer could share this information with others in the workplace.
- The Federal Trade Commission finalized the Safeguards Rule, which requires each financial institution to develop an internal, written information security program.
These recent actions add to the complexity of already far-ranging compliance requirements, whether imposed by government or by a company's own standard operating policies. The only reasonable hope a company has of meeting those compliance obligations is by having an effective, up-to-date, and consistent training program in place.
Online training is uniquely suited to today's compliance and risk management challenges. It is worth remembering that online training is not merely an expanded "e-mail" program between management and rank-and-file employees. Rather, it is a comprehensive, cohesive system of changing the behavior of the workforce in a way that reduces the risk of noncompliance.
Several factors contribute to the effectiveness of online training in delivering employee learning goals:
- Online learning courses can be deployed rapidly. With legal requirements changing frequently, companies need to routinely update their compliance standards and communicate the changing requirements to their employees quickly. Online courses can be developed fast and distributed through the Internet, allowing employees to learn at any time of the day or night. Of particular importance for employers is the ability to provide new-hire training with no lag time between hiring and training.
- The message of online training courses is consistent, regardless of the location of the learner. Companies with multiple facilities in several different states or countries gain particular benefits by taking advantage of an expert's limited time, yet having access to that expert's knowledge on an unlimited basis. Online learning can employ renowned industry experts located in other countries or states to present instruction to employees.
- Online training has been shown to be highly effective. In studies comparing online learning to more traditional classroom training, learning gains are up to 56 percent greater, and the consistency of learning is up to 60 percent better.
- Time and cost savings are possible with online learning. In 2000, for example, IBM trained nearly 200,000 employees through online learning and cut its training bill by $350 million, simply because online courses do not require travel. With the difficulties of traveling today and the time required to comply with modern security concerns, savings might be even greater.
- Online training can be documented, providing defensible evidence of a cohesive training initiative. The documentation system is crucial, establishing what training was provided to each student by time and date, when the learner passed the quizzes and tests to confirm learning, whether the employee demonstrated mastery of the subject matter, and whether each course was completed before the learner proceeded to the next course.
Although online learning need not be the only method of training employed by a company, it can be an effective and cost-efficient basis for a comprehensive compliance program. Online training, firmly rooted in effective instructional design that addresses the ways in which adult learners learn, provides a highly interactive multimedia experience that promotes adult learning.
That learning serves as the basis for ongoing behavior change--and for a critical step forward in the unending challenge of corporate governance.
This article originally appeared in the February 2003 issue of Occupational Health & Safety.