This is the archive of CPA Now blogs posted on the PICPA website through April 30, 2025. Want more recent blogs?

Read current blogs

By Benjamin A. Cohen, CPA, CFE, CFF

Training is one of the most essential, and perhaps overlooked, elements of an anti-corruption compliance program. It is one of the 10 hallmarks of effective compliance programs per U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) guidance.¹ A suitable training and communication program enables organizations to disseminate its policies, reinforce business practices, and mitigate improper behavior. Effective training provides a clear understanding of a company’s operations and principles and how it intends to conduct business.

A proper training program also strengthens the culture and proactively deters corruption enforcement actions. Regulators do consider the strength of a company’s anti-corruption training program when evaluating criteria for declinations or deferred prosecution agreements. For example, in 2012 in one of its few public FCPA declinations, the DOJ declined to prosecute Morgan Stanley for the actions of a former managing director. Contributing to that decision was that the company demonstrated that it frequently trained employees across various groups on its internal policies and anti-corruption laws.²

More recently, Nortek and Akamai Technologies both received declinations in connection with the DOJ’s Foreign Corrupt Practices Act Pilot Program due to the remediation efforts by the companies.³ According to Nortek’s and Akamai Technologies’ nonprosecution agreements with the SEC, the companies had extensive mandatory in-person and online anti-corruption training for its global employees in local languages.⁴

Just last year, the Fraud Section of the DOJ issued guidance on the evaluation of corporate compliance programs in the context of a criminal investigation.⁵ Training was prominently featured in the list of questions the DOJ may ask in determining the effectiveness of a program:

• Compliance role – Was compliance involved in training and decisions relevant to prior misconduct?
• Gatekeepers – Has there been clear guidance and/or training for the key gatekeepers (e.g., the persons who issue payments or review approvals) in the control processes relevant to misconduct?
• Risk-based training – What training have employees in relevant control functions received? Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred? What analysis has the company undertaken to determine who should be trained and on what subjects?
• Form/content/effectiveness of training – Has the training been offered in a form and language appropriate for the intended audience? How has the company measured the effectiveness of the training?
• Management of relationships – How has the company trained the relationship managers about what the compliance risks are and how to manage them?

Training is a valuable tool for reinforcing company culture. From day one, companies can leverage training as part of its onboarding program to get new employees up to speed on company culture, policies and procedures, and best practices. The same or a condensed version can serve as a periodic refresher for current employees. Taken a step further, companies with a heavy reliance on external sales channel partners may choose to provide anti-corruption training directly to third parties as an additional monitoring measure.

Based on my experience with clients of diverse size, global reach, and sector, companies are becoming increasingly aware of the benefits of compliance training, but often struggle with the best way to implement. Merely employing 30-minute online anti-corruption training is insufficient for many businesses. Companies may boast about completion records in excess of 90 percent for their online training, but does that mean its global employees really understand and recognize corruption risk in their daily responsibilities? Companies that tend to achieve more effective training programs do not simply adopt a standardized module approach, but rather tailor the program to its risk profile and employee base. Here are a few tips for designing a program for more effective training:

• Behavior-based – Training sessions focused on encouraged and prohibited behaviors instead of reciting the letter of the law tend to resonate better.
• Real-world – Include scenarios and case studies specific to your business, providing insight on daily situations.
• In-person – If resources allow, live trainings are more valuable because they allow for open dialogue and employees frequently feel more comfortable raising issues or concerns.
• User-friendly – Ensure training materials are easily digestible and readily accessible for follow-up review.
• Avoid “lost in translation” – Auto-translating printed or Web-based trainings can be inadequate at times. Trainings should be delivered in the local language when possible.
• Function-specific – Modify trainings by concentrating on risks most appropriate for the intended audience (e.g., training for the sales force could focus more on customer interactions; a finance audience could emphasize payment controls and the accuracy of books and records).
• Tracking – Keep organized and documented records of scheduled and delivered training sessions, including attendance and completion records.
• Innovate with technology – The traditional training format may not be the only solution. Consider learning management system options to centralize content, automate assignments, and generate reporting dashboards or provide mobile access via compliance training apps.

To ensure training is not just a paper-based, check-the-box exercise, attention should be paid to the setup and delivery of a program. The most effective anti-corruption compliance training programs are unique to each individual company, leverage technology and available resources, and adapt to changes in the business environment.

¹ A Resource Guide to the U.S. Foreign Corrupt Practices Act, Criminal Division of the U.S. Department of Justice and the Enforcement Division of the U.S. Securities and Exchange Commission, November 2012.
² https://www.justice.gov/opa/pr/former-morgan-stanley-managing-director-pleads-guilty-role-evading-internal-controls-required
³ https://www.justice.gov/criminal-fraud/file/865406/download; https://www.justice.gov/criminal-fraud/file/865411/download
⁴ https://www.sec.gov/news/press/2016/2016-109-npa-nortek.pdf; https://www.sec.gov/news/press/2016/2016-109-npa-akamai.pdf
⁵ https://www.justice.gov/criminal-fraud/page/file/937501/download

Benjamin A. Cohen, CPA, CFE, CFF, is a principal with Control Risks Group in Washington, D.C. He can be reached at ben.cohen@controlrisks.com.