Compliance training programs are not always easy to navigate, but if you don’t get the fundamentals right, your business is exposed. To make sure you’re on track, let’s take a look at the key features of an effective compliance training program.
1. Assign ownership of the compliance training program
Determine the owner of the compliance training program within your organisation. The responsibility may sit with a team or with individuals – for example, the Risk and Compliance Officer or General Counsel. It’s important that the person or team responsible is well supported at a senior level and has appropriate authority to implement the training program. The board and senior management should not only support but endorse a compliance training program.
2. Start your compliance training program with a risk assessment
A solid compliance training program starts with a risk assessment. The risk assessment should cover the following.
Start with the Board or Executive team and address all areas of the organisation.
This will ensure that you’ve covered all bases.
Recognise the key areas of risk faced by your organisation.
These will include risks relevant to all businesses, such as fraud, appropriate workplace behaviour (including vicarious liability risk) and cyber security, as well as risks specific to your industry or business.
Ascertain the harm that could be caused by the identified risks.
Crucially, assess the level and seriousness of the harm; this ensures appropriate prioritisation of the risks and controls or actions necessary to manage those risks.
Understand the risks already addressed by comprehensive policies and training, and which risk areas are leaving your organisation exposed.
Areas of exposure, particularly where there is an immediate or high risk of harm to the business must be promptly addressed. Those employees with ownership of each area within the program (or the designated compliance manager) should make business recommendations to the Board or Executive team based on their understanding of the risks in their areas.
3. Ensure policies are in place to address risk areas that are leaving you exposed
Where policies are absent, work with appropriate internal or external legal advisers to develop suitable policies. Communicate these clearly and effectively to all workers. Ensure a record is kept of when workers were provided with policies and when they indicated that they’d read those policies. A learning management system is the ideal tool for this.
Policies should include:
- your organisation’s position on the topic in question
- an indication of how compliance will be achieved within the organisation, setting the cultural tone
- the procedure for reporting any issues and to whom such reports should be made (establishment of a whistle-blowing service can assist with this, and is viewed favourably by regulatory bodies and the courts)
- confirmation that those who make reports or ‘blow the whistle’ will not face retaliation
- a statement about how the company will respond to compliance breaches – while it’s not advisable to set out a detailed procedure (which can lead to breach-of-policy claims), the statement should focus on what conduct will not be tolerated and the range of responses that may be taken.
4. Implement the policies through an effective compliance training program
It’s important that policy implementation is backed by effective training. The training should be completed upon induction by all workers (or upon engagement for contractors) and annually thereafter. Legal compliance training should be written or conducted by a legally qualified person with expertise in the relevant area. In addition, it’s essential that you keep records of training delivery and completion for all workers.
5. Review your compliance training program
To ensure your compliance training program helps you mitigate risk as much as possible, you need to review the program regularly by:
- conducting your risk assessment annually (at least), adjusting your program to address newly identified risk areas
- making sure changes to the law (or any other relevant changes) are incorporated into the training
- adapting your training program to address business changes that require you to provide training in other jurisdiction (such as in the aftermath of a company acquisition).
If you would like to find out more about how we can help you roll out an effective compliance training program, please get in touch with us today for a chat on 1300 133 151, or a sign up for a free trial.