Compliance training

Last updated January 31, 2024

Compliance training refers to the process of educating employees on laws, regulations and company policies that apply to their day-to-day job responsibilities. An organization that engages in compliance training typically hopes to accomplish several goals: (1) avoiding and detecting violations by employees that could lead to legal liability for the organization; (2) creating a more hospitable and respectful workplace; (3) laying the groundwork for a partial or complete defense in the event that employee wrongdoing occurs despite the organization's training efforts; and (4) adding business value and a competitive advantage.^[1]

Purpose

Organizations offer their employees compliance training on a wide range of topics, including workplace discrimination and harassment, dealings with competitors, insider trading, protecting trade secrets, records management, bribery and kickbacks, etc. Typically, most or all of these compliance topics are addressed in an organization's Code of Conduct, and the organization may offer employees annual or bi-annual Code of Conduct training in lieu of requiring employees to take multiple individual training programs.

Compliance training is essential in ensuring that all employees of an organization are aware of how to properly perform their job so that the company and the employees are not in a position of liability. With a wide range of internal company policies and procedures among many different industries, standards must be set on all levels of the organization.

Corporate Compliance vs. Regulatory Compliance

Corporate compliance covers both industry policies and procedures as well as federal, state and local compliance laws. Regulatory compliance is when a company abides by those laws and regulations. If a company is found to be out of compliance with certain laws pertaining to their industry, this can result in fines and/or legal punishment. ^[2]

History

Compliance training in the U.S. which refer to how employees are to act and be treated in the workplace can also be traced back to the creation of the United States Labor Laws as early as 1908 and the Federal Employers Liability Act. ^[3]

In 1977 the Foreign Corrupt Practices Act addressed accounting transparency requirements, and bribery of foreign officials.

The 1985 Blue Ribbon Presidential Commission was in response to possible scandals during the Reagan presidency.

"The history of how compliance regulations and mandates came about is not linear and completely clear, however most refer that it began around the Reagan scandals during his presidency. Moving ahead from that, it was the early 1990s after the Federal Sentencing Guidelines promised reduced fines for implementing an Effective Compliance and Ethics Program (ECEP). The last phase came from a number of high profile corporate corruption cases that include companies such as Enron, MCI/WorldCom, and Tyco."^[4]

1991 Federal Sentencing Guidelines for Organizations (FSGO) was created for the United States Sentencing Commission.

1992 Ethics Officers Association (EOA) changed in 2005 Ethics and Compliance Organization (ECOA) which joined with the Ethics Resource Center ERC) in order to offer industry leading programs, research, events and professional development.

2004, Society of Corporate Compliance and Ethics (SCCE) was established to provide resources for ethics and compliance professionals from various industries.

Types of Compliance training

Sexual Harassment training teaches employees about sexual harassment laws and helps illustrate how to avoid, recognize, or report sexual harassment in the workplace.

Workplace Violence Prevention training is designed to work with policies that prevent workplace violence, and how to handle such situations.

Cyber Security Training is a common growing need as technology plays a larger role in everything we do. This training is designed to protect users and corporations from outside digital attack through better end-user practices. ^[5]

Ethics training is designed to illustrate what behaviors, or practices are considered to be morally right or wrong based on general standards of business.

Right to Know Safety is a topic revolving Health and Safety of employees in the workplace as overseen by OSHA.

Child Sexual Abuse Reporting & Prevention specifically is taught in industries that deal with children to help protect their safety and well being.

The Center for Workplace Compliance is also a great resource for additional type of compliance training.

Compliance training as a business practice

"A Compliance Program helps to create a structure around all compliance obligations and risks, so that an institution is proactively understanding them, and making efforts to mitigate them in a consistent and proactive way before a crisis arises."^[6]

"Establishing different types of compliance training depending on the industry involved can help avoid:

Monetary loss and the financial and legal penalties that result from non-compliance
Damage to an institution's reputation
Demands on Executive Management time that is spent investigating and mitigating non-compliance incidents, and repairing reputational damage that can result from them"

Who is required to have compliance training?

In the modern marketplace, nearly every industry is held to certain regulatory standards for information and data handling. Certified regulatory compliance has proven to be a challenge for many businesses. Regulation complicates many aspects of recordkeeping and operations, especially in industries that handle sensitive data. As a result, the line between remaining compliant and properly protecting customer data and sensitive assets has a tendency to blur.^[7]

Companies in all business sectors are under pressure to demonstrate that their employees are trained in laws and regulations, and internal policies, that pertain to their roles. Most notably, companies in the financial, healthcare and education sectors - who face stringent regulations - and publicly regulated companies have taken the lead by instituting firm-wide compliance training programs. For example, WalMart would be required to train their employees on sexual harassment, data security, anti-harassment, and more.

For financial institutions, the key compliance training topics are anti money laundering, sanctions, and insider dealing (market abuse in the EU).

Hospitals and clinics are required to have strict compliance training on a range of different topics relating to the health and safety of all visitors, patients and staff members. Since the healthcare industry has a tendency to be litigious in today's day and age, it is even more important for all doctors and medical staff to be aware of their local, state and federal laws as it pertains to their job.

Organizations that mandate compliance training

FAA - https://www.faa.gov/about/initiatives/cp/

Law Enforcement - https://www.fletc.gov/state-local-tribal-law-enforcement-training

Emergency Response - Responsing to emergencies require certain skills and processes to be followed or lives can be lost. https://www.fema.gov/training

Healthcare - visit the Office of the Inspector General for more information. https://oig.hhs.gov/compliance/compliance-resource-portal/

Transportation - https://www.fmcsa.dot.gov/regulations/hazardous-materials/training-education

In addition, there are many other professions and industries that require mandated compliance training.

Process

Compliance training can be performed in-house by compliance training specialists, or hired out to consultant firms. Some compliance training is done online.

Penalties for non-compliance

While this is entirely tied to the realm of compliance that is being considered, the penalties can range from a Fine, through the seizure of company assets, to jail time for executives of the company at fault. For example, the consequences of not being compliant with Anti Money Laundering cost the Las Vegas Sands Resort to pay $47 Million in penalties for suspicious credit card transactions.^[8]

HIPAA fines for lack of compliance can be staggering as well. In the past, the Alaska State Department paid $1,700,000 in fines for an Unencrypted USB hard drive stolen, poor policies and risk analysis.^[9]

Related Research Articles

Business ethics is a form of applied ethics or professional ethics, that examines ethical principles and moral or ethical problems that can arise in a business environment. It applies to all aspects of business conduct and is relevant to the conduct of individuals and entire organizations. These ethics originate from individuals, organizational statements or the legal system. These norms, values, ethical, and unethical practices are the principles that guide a business.

The Occupational Safety and Health Administration is a regulatory agency of the United States Department of Labor that originally had federal visitorial powers to inspect and examine workplaces. The United States Congress established the agency under the Occupational Safety and Health Act, which President Richard M. Nixon signed into law on December 29, 1970. OSHA's mission is to "assure safe and healthy working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education, and assistance." The agency is also charged with enforcing a variety of whistleblower statutes and regulations. OSHA's workplace safety inspections have been shown to reduce injury rates and injury costs without adverse effects on employment, sales, credit ratings, or firm survival.

The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves. Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.

Corporate social responsibility (CSR) or corporate social impact is a form of international private business self-regulation which aims to contribute to societal goals of a philanthropic, activist, or charitable nature by engaging in, with, or supporting professional service volunteering through pro bono programs, community development, administering monetary grants to non-profit organizations for the public benefit, or to conduct ethically oriented business and investment practices. While once it was possible to describe CSR as an internal organizational policy or a corporate ethic strategy similar to what is now known today as Environmental, Social, Governance (ESG); that time has passed as various companies have pledged to go beyond that or have been mandated or incentivized by governments to have a better impact on the surrounding community. In addition national and international standards, laws, and business models have been developed to facilitate and incentivize this phenomenon. Various organizations have used their authority to push it beyond individual or even industry-wide initiatives. In contrast, it has been considered a form of corporate self-regulation for some time, over the last decade or so it has moved considerably from voluntary decisions at the level of individual organizations to mandatory schemes at regional, national, and international levels. Moreover, scholars and firms are using the term "creating shared value", an extension of corporate social responsibility, to explain ways of doing business in a socially responsible way while making profits.

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to the deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer and by others. This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium. However, psychological research on motivation provides an alternative view: granting rewards or imposing fines for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.

A code of conduct is a set of rules outlining the norms, rules, and responsibilities or proper practices of an individual party or an organization.

An employee handbook, sometimes also known as an employee manual, staff handbook, or company policy manual, is a book given to employees by an employer.

<span class="mw-page-title-main">California Civil Rights Department</span> State government housing agency in California

The California Civil Rights Department (CRD) is an agency of California state government charged with the protection of residents from employment, housing and public accommodation discrimination, and hate violence. It is the largest state civil rights agency in the United States. It also provides representation to the victims of hate crimes. CRD has a director who is appointed by the governor of California and maintains a total of five offices and five educational clinics throughout the state. Today, it is considered part of the California Business, Consumer Services, and Housing Agency.

A regulatory agency or independent agency is a government authority that is responsible for exercising autonomous dominion over some area of human activity in a licensing and regulating capacity.

Environment, health and safety (EHS) is the set that studies and implements the practical aspects of protecting the environment and maintaining health and safety at occupation. In simple terms it is what organizations must do to make sure that their activities do not cause harm to anyone. Commonly, quality - quality assurance and quality control - is adjoined to form the company division known as HSQE.

The International Labor Rights Forum (ILRF) is a nonprofit advocacy organization headquartered in Washington, D.C., U.S., that describes itself as "an advocate for and with the working poor around the world." ILRF, formerly the "International Labor Rights Education & Research Fund", was founded in 1986, and the organization's mission statement reads: "ILRF believes that all workers have the right to a safe working environment where they are treated with dignity and respect, and where they can organize freely to defend and promote their rights and interests. ILRF works to develop practical and effective tools to assist workers in winning enforcement of protections for their basic rights, and hold labor rights violators accountable."

The chief compliance officer (CCO) is a corporate executive within the C-suite responsible for overseeing and managing regulatory compliance issues within an organization. The CCO typically reports to the chief executive officer or the chief legal officer.

Organizational ethics is the ethics of an organization, and it is how an organization responds to an internal or external stimulus. Organizational ethics is interdependent with the organizational culture. Although it is to both organizational behavior and industrial and organizational psychology as well as business ethics on the micro and macro levels, organizational ethics is neither organizational behavior nor industrial and organizational psychology, nor is it solely business ethics. Organizational ethics express the values of an organization to its employees and/or other entities irrespective of governmental and/or regulatory laws.

The Office of Congressional Workplace Rights was created through the Congressional Accountability Act of 1995 (CAA) which applied workplace protection laws to approximately 30,000 employees of the legislative branch nationwide and established the Office of Compliance to administer and ensure the integrity of the Act through its programs of dispute resolution, education, and enforcement. The OCWR educates members of Congress, employing offices and employees, and the visiting public on their rights and responsibilities under workplace and accessibility laws. The OCWR also advises Congress on needed changes and amendments to the CAA; and the OCWR'sGeneral Counsel has independent investigatory and enforcement authority for certain violations of the CAA.

Internet Security Awareness Training (ISAT) is the training given to members of an organization regarding the protection of various information assets of that organization. ISAT is a subset of general security awareness training (SAT).

<span class="mw-page-title-main">Whistleblower protection in the United States</span>

A whistleblower is a person who exposes any kind of information or activity that is deemed illegal, unethical, or not correct within an organization that is either private or public. The Whistleblower Protection Act was made into federal law in the United States in 1989.

Occupational safety and health (OSH) or occupational health and safety (OHS), also known simply as occupational health or occupational safety, is a multidisciplinary field concerned with the safety, health, and welfare of people at work. These terms also refer to the goals of this field, so their use in the sense of this article was originally an abbreviation of occupational safety and health program/department etc. OSH is related to the fields of occupational medicine and occupational hygiene.

The Sexual Harassment of Women at Workplace Act, 2013 is a legislative act in India that seeks to protect women from sexual harassment at their place of work. It was passed by the Lok Sabha on 3 September 2012. It was passed by the Rajya Sabha on 26 February 2013. The Bill got the assent of the President on 23 April 2013. The Act came into force from 9 December 2013. This statute superseded the Vishaka Guidelines for Prevention Of Sexual Harassment (POSH) introduced by the Supreme Court (SC) of India. It was reported by the International Labour Organization that very few Indian employers were compliant to this statute. Most Indian employers have not implemented the law despite the legal requirement that any workplace with more than 10 employees need to implement it. According to a FICCI-EY November 2015 report, 36% of Indian companies and 25% among MNCs are not compliant with the Sexual Harassment Act, 2013. The government has threatened to take stern action against employers who fail to comply with this law.

LRN, founded in 1994, is an American company which provides advising and educating on ethics, regulatory compliance, and corporate culture to other organizations. When founded, the company focused on the legal industry and was named Legal Research Network, before expanding into other fields.

Sexual harassment in the workplace in US labor law has been considered a form of discrimination on the basis of sex in the United States since the mid-1970s. There are two forms of sexual harassment recognized by United States law: quid pro quo sexual harassment and behavior that creates a hostile work environment. It has been noted that a number of the early sexual harassment cases were brought by African American women and girls.

References

↑ "The Business Case For Safety". Occupational Safety and Health Administration. United States Department of Labor.
↑ "What Corporate Compliance is and Why Compliance is Important". www.powerdms.com. 2018-04-05.
↑ Williams, Edward V.; Troelsgård, Christian (2001). Ethikos, Nikephoros. Oxford Music Online. Oxford University Press. doi:10.1093/gmo/9781561592630.article.09050.
↑ Joe. "History and Emergence of Ethics and Compliance". The Truth About Business. Retrieved 2017-06-22.
↑ "Masstech.org".^{[ permanent dead link ]}
↑ "State University of New York".
↑ "Three Industries that Require Certified Regulatory Compliance". www.divergeit.com. 2017-06-08.
↑ "Consequences of Having a Poor Anti-Money Laundering Program - Marks Paneth". www.markspaneth.com. Retrieved 2017-06-22.
↑ "What is the penalty for a HIPAA violation? - TrueVault". www.truevault.com. Retrieved 2017-06-22.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "The Business Case For Safety". Occupational Safety and Health Administration. United States Department of Labor.

[2] "What Corporate Compliance is and Why Compliance is Important". www.powerdms.com. 2018-04-05.

[3] Williams, Edward V.; Troelsgård, Christian (2001). Ethikos, Nikephoros. Oxford Music Online. Oxford University Press. doi:10.1093/gmo/9781561592630.article.09050.

[4] Joe. "History and Emergence of Ethics and Compliance". The Truth About Business. Retrieved 2017-06-22.

[5] "Masstech.org".^{[ permanent dead link ]}

[6] "State University of New York".

[7] "Three Industries that Require Certified Regulatory Compliance". www.divergeit.com. 2017-06-08.

[8] "Consequences of Having a Poor Anti-Money Laundering Program - Marks Paneth". www.markspaneth.com. Retrieved 2017-06-22.

[9] "What is the penalty for a HIPAA violation? - TrueVault". www.truevault.com. Retrieved 2017-06-22.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]