Compliance professionals are accustomed to spending some of their time walking the beat, hearing concerns from people and sharing information. When they went home to work because of the COVID-19 public health emergency, some compliance professionals reported losing their ability to “plug into the culture,” as one expert put it.
That has started to change, said Kirsten Liston, a principal at Rethink Compliance. “People have been finding tools and approaches to collect feedback and take people’s ethical temperatures,” she said. “On the one hand, we are further apart than ever, but on the other hand, we are more in contact than ever.”
The paradox is partly a function of “the death of distance,” a phrase coined by economist and journalist Frances Cairncross “to describe how telecoms, the internet and wireless technology were overcoming geography as a barrier to communication,” according to HuffPost.[1]
The way compliance professionals communicate also is shaped by the Department of Justice (DOJ) June 2020 update to its Evaluation of Corporate Compliance Programs.[2] DOJ highlighted targeted training, role-based training and management training, as well as the use of analytics to defend and improve compliance programs.[3]
Six Principles for Better Compliance Training
“A lot of what happened in 2020 accelerated changes that were already in motion,” Liston said at a July 23 webinar sponsored by Health Care Compliance Association.[4] In light of these developments, here are Liston’s six principles for what she said is “great compliance training.”
-
It’s not what you say; it’s what your audience takes away. Compliance training has three audiences: the person who develops or purchases it (e.g., the compliance officer), prosecutors who assess it during an investigation and the audience (e.g., employees) who is required to attend, Liston said. Compliance professionals tend to stuff in as much content as they can, while DOJ is pushing shorter, targeted training, a sentiment shared by the audience, which doesn’t want to waste time. “You have to tailor it, make it relevant, have stories and terminology that are relevant to their lives, and then check in and see if it’s working,” she said. Also look at what you want your audience to walk away with. They don’t need chapter and verse on the anti-bribery rules, for example. “They need to know it’s important to the company, it’s a big deal if it goes wrong and to get guidance if they are facing a situation that involves them.”
It may help to think of training content like it’s an executive summary. “You’re smart and informed and your audience is busy. Make it easy for them to understand,” Liston said. “What’s the issue? Why does it matter to me? What are my choices? This approach shows a lot of respect for the audience.”
-
Think like a lawyer, talk like a human. “Once you know what you want to say, write about it in short, clear sentences,” Liston said. “Simplifying can enhance understanding.” Compliance professionals go into the weeds of risk areas, but typical learners, “for whom this is a small part of their day,” are more likely to remember and apply information shared in plain language. And it’s helpful to let go of the impulse to dive deep. “There is in compliance often a hesitation to move away from in-depth, substantive training,” Liston said. “DOJ has given you a get-out-of-jail-free card. They are saying, ‘We will accept shorter training if it gets the job done, and it’s your responsibility to prove it.’” Some more exhaustive training is mandatory, however, such as Medicare Advantage fraud, waste and abuse education.
-
Online courses are online. Some organizations are stuck in the e-learning world of the 1990s and early 2000s, with lots of paragraphs and “the ‘next, next, next’ style of navigation,” Liston said. “People are used to it.” But internet technology obviously has matured. Pages scroll, it’s far more accessible, and text is short and styled. She recommends the use of “direct address” with online training. “If you change one thing about your compliance training content, it’s to change it to direct address,” Liston said. “Big brands do this” (e.g., Colgate). It’s a person talking to you from your computer. “People are genetically programmed to respond to a person’s face.”
Another advance: consider the use of QR codes (a type of bar code) to confirm that your employees, especially if they’re all over the country or world, completed training, signed the code of conduct or even completed a short module, Liston said. Avoid scanning malware in the process.
-
We are all content marketers now. Sometimes it seems like people in compliance “can absorb the audience’s opinions that compliance training is boring,” she said. “A better way is to take the journalism approach and assume your content is interesting to your audience. You just need to find the right way into it.” She said writer Malcolm Gladwell is the “poster child for making anything interesting.” He did a TED Talk on why there are so many brands of spaghetti sauce that was watched by 7 million people. The presentation was about how people think and make decisions. “There are no boring topics, only boring content creators,” Liston said. With compliance training, she advises figuring out who cares about the topic, what’s intriguing about it and what questions the audience might ask. As you narrow it down, ask yourself what areas truly require a course (outside mandated topics, such as anti-discrimination). Sometimes people just need encouragement or reminders not to take shortcuts. “The whole point of content marketing is to take people who are strangers to you and turn them into fans who will go out of their way to do things you ask,” Liston said.
-
With analytics, insights matter. “Analytics has been a little bit of a black hole for most organizations, and not just in compliance,” Liston said. The reasons: it can be hard to define, obtain and apply. “How will it drive insights and deliver business value?” An analysis by Gartner,[5] an information technology blog, states that “through 2022, only 20% of analytic insights will deliver business outcomes,” although it also said “by 2022, 90% of corporate strategies will explicitly mention information as a critical enterprise asset and analytics as an essential competency.”
The bottom line is key stakeholders care about data, including the board and the C-suite. DOJ’s guidance mentioned data analytics 18 times, she noted.
Her suggestion: First decide what you want to know and whether “it will move the needle if you can quantify it. Can we identify bad behavior before it gets out of hand? Can we show the compliance program is effective? These are not new questions. We are just being asked to go about it in different ways.”
-
Qualitate the quantitative. “Analytics does not have to mean big data or data for data’s sake,” Liston said. “What we need is meaningful data we can use to properly evaluate a program.” That’s both quantitative and qualitative data, and then you mix the two. Quantitative analytics include how many calls came into the hotline, what people called about, how many people completed training and how long it took the company to complete training. The second part is qualitative: insights, reasons, feelings and recommendations, she said. “This is the secret of meaningful compliance data.” Do people perceive this to be an ethical culture? Does doing the right thing seem like a priority for the organization? Does it have a speak-up culture? Do people know how to report concerns, and do they believe reporting is welcomed and that concerns will be addressed without retaliation? Did they give a gift in the past year? Are they aware of the company’s gift limit? “This is compliance walking around,” she said. If 5% of people say the culture isn’t ethical, and you ask 20,000 people, “that is suddenly quantifiable and actionable data,” Liston said. “It tells you something you can choose to do something about.”
Contact Liston at kirsten@rethinkcompliance.com.