According to papers filed by the government in an FCPA prosecution late last year, the defendant company (RAE Systems) had learned of a practice of bribery in its joint venture in China but also concluded that “implementing an effective compliance program could hurt sales.” Company personnel did, however, want to “evidence” that they were trying to stop bribery and so they provided “some FCPA training” to at-risk personnel. In this attention-getting case, the Justice Department seemed to suggest – somewhat ominously – that the training (which it labeled a “half measure”) may have enabled the criminality to continue (by creating a possible defense in the event the bribery was detected).
A very different but equally troubling recent story about C&E training is found in an exchange in The Ethicist column in the New York Times Magazine last month, in which an employee wrote: “My company now requires all employees to complete a self-directed training course on the Foreign Corrupt Practices Act, relevant to our overseas staff but not to my job. This training takes about four hours, time better spent on something more productive,” and he asked about the ethics of skipping the course! The Ethicist responded that the employee was duty-bound to take the training regardless of his views of its relevance, and the employee replied to this that he subsequently “got the course materials. He did not read them but immediately took the online test, passed it and was certified as having mastered the course work,” adding (unnecessarily in this case) that the course was “simplistic.”
On a less public level, one increasingly hears similar discouraging words about the limited value of current approaches to on-line C&E training. For instance, an employee of a global company recently told me “In Europe, people pay their children to click through it” and at another company the phrase “mind numbing” was used to describe such training. (Indeed, a lawyer whose full-time job had been developing on-line C&E training recently told me he doubted its efficacy.) And, not infrequently, in-person training is criticized as well.
None of this should be surprising. From a design perspective, training is often created in an utterly wholesale manner, so that, for instance, salespeople, those in finance and senior managers are all being given the same FCPA training even though their risks and responsibilities differ significantly. Perhaps worse, from a deployment perspective, training is often disconnected from risk-causing events or other contexts in which C&E messages could be more effectively conveyed.
The significance of this latter point was underscored in a recently published study of widespread misconduct and C&E program failures at a large financial services firm. (MacLean and Behnam, “The Dangers of Decoupling: the Relationship between Compliance Programs, Legitimacy Perceptions and Institutionalized Misconduct,” Academy of Management Journal, 2010, vol. 53, no. 6, 1499-1520.) Among the failures noted in the study was the decoupling of compliance training from sales activities at the firm. As with the suggestion in the above-mentioned FCPA prosecution, this and other C&E program failures were seen by the authors of the study as having contributed to the misconduct at issue.
The bad news is that much C&E training – both online and in-person – also suffers from decoupling. The good news is that a just-in-time C&E communications – a solution to the dangers of decoupled messaging – can have a powerful impact in reducing risk. This was suggested by another study (Mazar, Amir and Ariely, “The Dishonesty of Honest People: A Theory of Self-Concept Maintenance,” Journal of Marketing Research, 45 [December 2008], 633-645), in which individuals who were asked to read the Ten Commandments immediately before being presented with an opportunity to cheat were far less likely to take that opportunity than were others. The implications of this study for the C&E field are, to my mind, potentially revolutionary.
What, then, will the future of C&E training and other communications look like? Very possibly, the “same as it ever was” – because many companies simply do not push for excellence and innovation in C&E program matters (the way they do for corporate functions more traditionally seen as mission critical, such as sales). Indeed, it is not only businesses actively engaged in bribery that pursue C&E “half measures.”
But for organizations with a dynamic – and truly risk-focused – view of C&E programs, the path is clear: training should be developed in a far more granular way than it currently is and deployed when, where and how it can make the most difference. After all, if C&E risks can evolve – which they do all the time – so can training.