Compliance training
Compliance training refers to the process of educating employees on laws, regulations and company policies that apply to their day-to-day job responsibilities. An organization that engages in compliance training typically hopes to accomplish several goals: (1) avoiding and detecting violations by employees that could lead to legal liability for the organization; (2) creating a more hospitable and respectful workplace; (3) laying the groundwork for a partial or complete defense in the event that employee wrongdoing occurs despite the organization's training efforts; and (4) adding business value and a competitive advantage.[1]
Purpose
Organizations offer their employees compliance training on a wide range of topics, including workplace discrimination and harassment, dealings with competitors, insider trading, protecting trade secrets, records management, bribery and kickbacks, etc. Typically, most or all of these compliance topics are addressed in an organization's Code of Conduct, and the organization may offer employees annual or bi-annual Code of Conduct training in lieu of requiring employees to take multiple individual training programs.
Compliance training is essential in ensuring that all employees of an organization are aware of how to properly perform their job so that the company and the employees are not in a position of liability. With a wide range of internal company policies and procedures among many different industries, standards must be set on all levels of the organization.
Corporate Compliance vs. Regulatory Compliance
Corporate compliance covers both industry policies and procedures as well as federal, state and local compliance laws. Regulatory compliance is when a company abides by those laws and regulations. If a company is found to be out of compliance with certain laws pertaining to their industry, this can result in fines and/or legal punishment. [2]
History
Compliance training in the U.S. which refer to how employees are to act and be treated in the workplace can also be traced back to the creation of the United States Labor Laws as early as 1908 and the Federal Employers Liability Act. [3]
In 1977 the Foreign Corrupt Practices Act addressed accounting transparency requirements, and bribery of foreign officials.
The 1985 Blue Ribbon Presidential Commission was in response to possible scandals during the Reagan presidency.
"The history of how compliance regulations and mandates came about is not linear and completely clear, however most refer that it began around the Reagan scandals during his presidency. Moving ahead from that, it was the early 1990s after the Federal Sentencing Guidelines promised reduced fines for implementing an Effective Compliance and Ethics Program (ECEP). The last phase came from a number of high profile corporate corruption cases that include companies such as Enron, MCI/WorldCom, and Tyco."[4]
1991 Federal Sentencing Guidelines for Organizations (FSGO) was created for the United States Sentencing Commission.
1992 Ethics Officers Association (EOA) changed in 2005 Ethics and Compliance Organization (ECOA) which joined with the Ethics Resource Center ERC) in order to offer industry leading programs, research, events and professional development.
2004, Society of Corporate Compliance and Ethics (SCCE) was established to provide resources for ethics and compliance professionals from various industries.
Types of Compliance training
Sexual Harassment training teaches employees about sexual harassment laws and helps illustrate how to avoid, recognize, or report sexual harassment in the workplace.
Workplace Violence Prevention training is designed to work with policies that prevent workplace violence, and how to handle such situations.
Cyber Security Training is a common growing need as technology plays a larger role in everything we do. This training is designed to protect users and corporations from outside digital attack through better end-user practices. [5]
Ethics training is designed to illustrate what behaviors, or practices are considered to be morally right or wrong based on general standards of business.
Right to Know Safety is a topic revolving Health and Safety of employees in the workplace as overseen by OSHA.
Child Sexual Abuse Reporting & Prevention specifically is taught in industries that deal with children to help protect their safety and well being.
The Center for Workplace Compliance is also a great resource for additional type of compliance training.
Compliance training as a business practice
"A Compliance Program helps to create a structure around all compliance obligations and risks, so that an institution is proactively understanding them, and making efforts to mitigate them in a consistent and proactive way before a crisis arises." [6]
"Establishing different types of compliance training depending on the industry involved can help avoid:
- Monetary loss and the financial and legal penalties that result from non-compliance
- Damage to an institution's reputation
- Demands on Executive Management time that is spent investigating and mitigating non-compliance incidents, and repairing reputational damage that can result from them"
Who is required to have compliance training?
In the modern marketplace, nearly every industry is held to certain regulatory standards for information and data handling. Certified regulatory compliance has proven to be a challenge for many businesses. Regulation complicates many aspects of recordkeeping and operations, especially in industries that handle sensitive data. As a result, the line between remaining compliant and properly protecting customer data and sensitive assets has a tendency to blur.[7]
Companies in all business sectors are under pressure to demonstrate that their employees are trained in laws and regulations, and internal policies, that pertain to their roles. Most notably, companies in the financial, healthcare and education sectors - who face stringent regulations - and publicly regulated companies have taken the lead by instituting firm-wide compliance training programs. For example, WalMart would be required to train their employees on sexual harassment, data security, anti-harassment, and more.
For financial institutions, the key compliance training topics are anti money laundering, sanctions, and insider dealing (market abuse in the EU).
Hospitals and clinics are required to have strict compliance training on a range of different topics relating to the health and safety of all visitors, patients and staff members. Since the healthcare industry has a tendency to be litigious in today's day and age, it is even more important for all doctors and medical staff to be aware of their local, state and federal laws as it pertains to their job.
Organizations that mandate compliance training
FAA - https://www.faa.gov/about/initiatives/cp/
Law Enforcement - https://www.fletc.gov/state-local-tribal-law-enforcement-training
Emergency Response - Responsing to emergencies require certain skills and processes to be followed or lives can be lost. https://www.fema.gov/training
Healthcare - visit the Office of the Inspector General for more information. https://oig.hhs.gov/compliance/compliance-resource-portal/
Transportation - https://www.fmcsa.dot.gov/regulations/hazardous-materials/training-education
In addition, there are many other professions and industries that require mandated compliance training.
Process
Compliance training can be performed in-house by compliance training specialists, or hired out to consultant firms. Some compliance training is done online.
Penalties for non-compliance
While this is entirely tied to the realm of compliance that is being considered, the penalties can range from a Fine, through the seizure of company assets, to jail time for executives of the company at fault. For example, the consequences of not being compliant with Anti Money Laundering cost the Las Vegas Sands Resort to pay $47 Million in penalties for suspicious credit card transactions.[8]
HIPAA fines for lack of compliance can be staggering as well. In the past, the Alaska State Department paid $1,700,000 in fines for an Unencrypted USB hard drive stolen, poor policies and risk analysis.[9]
References
- "The Business Case For Safety". Occupational Safety and Health Administration. United States Department of Labor.
- "What Corporate Compliance is and Why Compliance is Important". www.powerdms.com. 2018-04-05.
- Williams, Edward V.; Troelsgård, Christian (2001). Ethikos, Nikephoros. Oxford Music Online. Oxford University Press. doi:10.1093/gmo/9781561592630.article.09050.
- Joe. "History and Emergence of Ethics and Compliance". The Truth About Business. Retrieved 2017-06-22.
- "Masstech.org".
- "State University of New York".
- "Three Industries that Require Certified Regulatory Compliance". www.divergeit.com. 2017-06-08.
- "Consequences of Having a Poor Anti-Money Laundering Program - Marks Paneth". www.markspaneth.com. Retrieved 2017-06-22.
- "What is the penalty for a HIPAA violation? - TrueVault". www.truevault.com. Retrieved 2017-06-22.