Training as a tool for promoting “mood in the middle” compliance

May 12, 2015

By Julie DiMauro, Compliance Complete

NEW YORK, May 12 (Thomson Reuters Accelus) – The training and education programs offered business staff by compliance departments can be an important tool for setting the right “mood in the middle,” an ethical tone demonstrating the embedding of a firm’s compliance objectives within its culture, according to industry participants at last week’s Thomson Reuters Financial and Risk Summit in New York.
Dozens of recent and expensive compliance failures illustrate that policies alone do not make an effective compliance culture. Speakers emphasized the importance of mid-level managers, and not just the top of company hierarchy, in conveying the necessary ethical and compliance standards. Regular and ad hoc compliance training sessions, used to keep business personnel apprised of the firm’s policies and procedures as well as regulatory events, are a good venue for that. 

“A firm must target mid-level managers to make sure they are fully trained, are approachable – so their employees feel comfortable reporting possible breaches to them – and have dialogues with their staff to ascertain where risks lie,” said Brad Nassau, managing director of Gartland & Mellina’s Regulatory and Compliance Practice.

Mitch Avnet, founder and managing partner at Compliance Risk Concepts, called this approach, emanating from middle managers, the firm’s “mood in the middle.” “Making sure such managers understand the organization’s policies and procedures and how to find them, and help the firm take a consistent approach in training its staff, is the key to effective training,” he said.

Employees often view compliance training as dull and feel disengaged from the process of creating an ethical culture, the speakers noted.

“Some employees don’t know where your compliance policies are located, and that is step number one for compliance departments,” observed Maria D’Avanzo, Division General Counsel and Chief Ethics Officer at Cushman & Wakefield. “And then compliance officers need to explain to employees what they need from them in terms of learning those policies.”

Compliance can accomplish this by training employees at preset times. Time of hire and the assumption of a new role are givens, but there are also topical opportunities – such as training employees on gifts and entertainment policy during the holiday season, said Peter Feeley, Chief Corporate Compliance Officer at The Guardian.

“Give employees training at preset times, and then follow up on what they learned and what might have surprised them,” he said. Use other companies’ missteps as a basis for training, such as ones involving errors made in safeguarding customer data or in opening phishing emails.

The important thing is not to overwhelm employees at one time, so giving them small pieces over time is often more effective.

Multiple locations and generations

One challenge larger firms face is training across multiple locations. E-learning courses can help with this, using audit tools to document and aggregate the results. A comprehensive learning management system can help the firm manage, track and report on training activity.

“Surveys are quite effective across geographic boundaries,” said Feeley. “They can tell you if an employee’s direct manager is someone they can report to, for instance,” he said. Compliance officers can follow up on the results, knowing that these managers should be sending the right message to their staff members.

“Use training modules and surveys, follow up on the results, and then document all of the findings and the actions taken in light of the results. Training has to be documented if a good one will receive any credit from a regulator at examination time,” Nassau said.

Compliance officers should also document why they are focusing on a certain topic in training. “Since training modules cannot cover everything, you should explain why your firm chose to focus on these certain items,” D’Avanzo said.

Avnet advised compliance officers to vary training programs for different generations of employees. “Consider using video for younger employees and maybe in-person training for older ones,” he said. “You don’t want to lose a whole segment of your workforce because you took one approach with all employees.”

Training should also include more than just instructions on the pertinent regulations. “Train on the soft skills as well — those values that people at your firm are expected to embrace — and let them know where to turn if they are unsure of how to act in any given situation.”

Hotlines

Having a hotline and an anti-retaliation policy is vital, the panelists said.

“I’d rather have 100 bad hits on a hotline than none,” said Feeley. “Disgruntled employees are a great resource to firms. They have lots of information – and even if some of it is exaggerated or even untrue, normally there are some true details in there that are important to know.”

D’Avanzo reminded compliance officers to make sure the hotline is working — such problems are more common than expected. And Feeley reminded the audience to look for patterns in the incoming calls.

Anti-retaliation assurances should be built into each policy, telling employees how they will be supported when they raise allegations or report concerns to managers, she said.

Nassau recommended that in addition to hotlines, firms use a private social network, such as Yammer, that helps employees collaborate across departments, locations and business apps.

Such a network can help managers see day-to-day activities and feedback from teams that help ensure compliance, he said.

All of the panelists agreed that ascertaining the return on investment of training can be difficult, but Avnet advised thinking of training as a hedge – and to present it as one to directors and executives. Nassau recommended painting training and training budgets as a revenue-protection strategy.

Said Feeley, “One regulatory fine will by far by overshadow any training budget these days.”

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. Compliance Complete provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 400 regulators and exchanges. Follow Accelus compliance news on Twitter: @GRC_Accelus)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/