More than half (58 percent) of organizations surveyed in NAVEX Global’s 2017 Ethics & Compliance Third-Party Risk Management Benchmark Report ranked their third-party programs as mature or advanced. This is encouraging, but also means that more than four in 10 organizations have third-party management programs that are either reactive or basic. Given the increasing global scale of supply chains, training third-party partners is especially important.
To avoid common mistakes, your organization should develop a compliance training game plan.
To be sure, training third parties isn’t an easy task, especially for global organizations. Messaging for third parties needs to be uniquely delivered and packaged to make sense to the individuals and groups receiving the training. To avoid common mistakes, your organization should develop a compliance training game plan.
Your Third-Party Compliance Training Game Plan Should:
Take into Account Regional Differences
Not all concepts transcend cultural differences. Every organization needs to understand its company culture before it can effectively train its employees. When it comes to training third parties, you must also understand the larger regional cultures in which third-party partners work. The words, tone, content, topics, spokespeople, and context of your training need to be considered before deploying training to vendors that may not readily identify with every concept.
This most commonly takes one of two forms.
Gift cards aren’t commonly used in Mexico. Golf outings don’t really happen in Brazil.
First, there are the hypothetical examples about dos and don’ts that simply aren’t applicable in some areas. Gift cards aren’t commonly used in Mexico. Golf outings don’t really happen in Brazil. Therefore, mentioning either as part of anti-bribery training to workers in these countries won’t resonate. Second, there is the issue of alphabet soup – this is training that includes a lot of acronyms (e.g., FCPA, DOJ, SEC, etc.) that are next to meaningless to local workers. Name-dropping these organizations (or, worse, acronym-dropping) is a way to confuse workers and make trainees become detached.
In addition to your risk assessment, this is where your compliance training program can be informed by your whistleblower hotline and incident management data. Dig into regional data to get an understanding of what internal reporters are identifying as top concerns. You can better tailor your training and compliance messaging to the hots spots within each region.
Tailor Third-Party Compliance Training to Fit the Relationship
Organizations have consistently ranked bribery and corruption among their top concerns in NAVEX Global’s third-party benchmark reports. This year, it was the second most-common concern at 42 percent (trailing only cyber security and data protection at 49 percent).
With this in mind, it might be tempting for organizations to provide detailed training on the Foreign Corrupt Practices Act (FCPA) to all employees of a third party – the landmark 1977 legislation that continues to be the benchmark for defining bribery and corruption activities, relevant risks and government enforcement actions. But those receiving training don’t really need a history lesson. They need scenario-based examples that tie the black letter of the law to the specific work they are doing with your company.
This requires organizations to assess the risk of specific vendors and employee groups to ensure the training they’re getting is applicable to their job descriptions, duties and processes.
Mind the Nuances of Each Third-Party Relationship with Core Values
Tailoring training programs for your audience is key; however, providing a perspective that is too narrow can limit a trainee’s understanding of the spirit of the law.
Tailoring training programs for your audience is key; however, providing a perspective that is too narrow can limit a trainee’s understanding of the spirit of the law. This is where core values training is important. Core values are the reasons behind the things we do and don’t do. These values need to be instilled in each employee and third party in conjunctions with specific behavior training. For instance, mentioning facilitation payments during your training provides good tactical knowledge to trainees. However, it needs to be complemented by similar training around the larger value of not offering undue incentives to public or government officials.
When you train employees on very specific “dos” and “don’ts,” you run the risk of keeping trainees in the dark about all the nuances of an issue. Core value training gives the third party the big picture perspective they need respond accurately even when circumstances vary.
Understand the Difference Between Fun & Engaging
A lot of training these days involves cartoons, videos and funny vignettes. These are methods that serve a purpose and can make compliance training more effective. The key is understanding when “fun” makes educational concepts resonate better, or when it’s just fun for fun’s sake.
If training is too light, employees can walk away remembering only the jokes. And that, of course, defeats the point of the exercise. Gamification and a lighter tone are effective methods, but only in the right balance with meaty, pertinent material. You may disagree with this, but think about you meeting with the regulator and trying to explain why the training deck had so many jokes…
Effective training starts with understanding the relationship between your content, your context and your trainee. This takes effort, but with a game plan for your training, you can ensure your audience is engaged and concepts resonate.
Download Definitive Guide: Definitive Guide to Ethics & Compliance Training