The DOJ wants your compliance training to focus on prevention. What does that look like?
You’ve read the interview about what Department of Justice prosecutors look for in compliance training, and you know that they want to see a focus on prevention.
That is, you don’t do one set of substantive things for “defensibility” and another for “prevention;” they’re the same thing, because a substantive focus on prevention is defensible—and recordkeeping for the sake of recordkeeping isn’t.
Fair enough. But what does that look like in practice? That’s what we’ll unpack in this post.
Haven’t read our interview with the Department of Justice’s former compliance counsel expert yet?
Overview: focus on root cause, not abstract risk.
Here’s the basic idea: “Prevention” means focusing your compliance training on the behaviors most likely to get you in trouble, not broad education on abstract risks. You want to work backwards from what would be a root cause of an investigation—something a businessperson did—not forwards from some abstract legal framework like “anti-corruption” or “privacy.”
That is, if you end up in front of a prosecutor, it is because someone did something that put you there: they approved a third-party invoice with shady expenses, they promised someone something they shouldn’t have during a deal, etc. Focusing on prevention means identifying that stuff, prioritizing it, and then training on it, not just dumping legal information on employees and hoping they figure it out.
The problem is that this is the exact opposite of how most companies do compliance “training”—and I’m using scare quotes because what they’re doing isn’t really “training” at all—it doesn’t tell anyone how to do anything, just gives them information on abstract concepts. So, let’s give a little more clarity on what to do (and not do), starting with what to avoid.
What not to do: educate on abstract concepts.
Again, the common (and wrong) approach to compliance training is to identify your legal risks, give employees information on those risks, and hope they figure it out. It looks like this diagram from Question 15 in the interview:
The basic problem here is that training happens too early. The company hasn’t understood the risk well enough to figure out what people do that could get them in trouble, and they basically are asking regular employees to do all that work.
Which they don’t and won’t, because that’s not their job—figuring out how these abstract risks apply to specific things people do is a lawyer's or compliance professional’s skill set and job. The company just needs its salespeople to sell compliantly, and getting them to do that is what the government is looking for. Another quote from the interview:
And another one:
OK, so the government is not asking you to dump a bunch of school-style courses on everyone in an effort to make them mini-compliance officers. Good. What do you do instead?
What to do: integrate into process, then train on process.
Basically, you figure out what you want people to do, then you tell them how to do it. You might otherwise know this as “training,” because that’s what real training actually is in virtually every realm of your life.
Practically, that means your training looks like this diagram:
Now, the good news is that you should already know what this stuff is because you discovered it in your risk assessment. That is, if you think you need to train people on anti-corruption, it’s because your risk assessment identified things your business does that are prone to corruption risk. Those are the things you train on, not the abstract concept of “anti-corruption."
Put otherwise, it’s not that this is that much more conceptual work, it’s just integrating the parts of a compliance program together with a focus on actually preventing misconduct.
Of course, this can seem like a ton of work. But we asked that too:
In short, you prioritize things, make a plan, and execute. Just like every other part of your business does when trying to do big things.
And for a head start, you can join Compliance Design Club. It’ll let you pick and choose from hundreds of training tools and resources, including process-focused resources for sales, HR, legal, finance, and more—all easily customizable, brandable, and quickly deployed. Go here to see some samples and learn more.