Compliance Training for Third Parties Needs a Game Plan

More than half (58 percent) of organizations surveyed in NAVEX Global’s 2017 Ethics & Compliance Third-Party Risk Management Benchmark Report ranked their third-party programs as mature or advanced. This is encouraging, but also means that more than four in 10 organizations have third-party management programs that are either reactive or basic. Given the increasing global scale of supply chains, training third-party partners is especially important.

To avoid common mistakes, your organization should develop a compliance training game plan.  

To be sure, training third parties isn’t an easy task, especially for global organizations. Messaging for third parties needs to be uniquely delivered and packaged to make sense to the individuals and groups receiving the training. To avoid common mistakes, your organization should develop a compliance training game plan.  

Your Third-Party Compliance Training Game Plan Should:

Take into Account Regional Differences

Not all concepts transcend cultural differences. Every organization needs to understand its company culture before it can effectively train its employees. When it comes to training third parties, you must also understand the larger regional cultures in which third-party partners work. The words, tone, content, topics, spokespeople, and context of your training need to be considered before deploying training to vendors that may not readily identify with every concept.

This most commonly takes one of two forms.

Gift cards aren’t commonly used in Mexico. Golf outings don’t really happen in Brazil. 

First, there are the hypothetical examples about dos and don’ts that simply aren’t applicable in some areas. Gift cards aren’t commonly used in Mexico. Golf outings don’t really happen in Brazil. Therefore, mentioning either as part of anti-bribery training to workers in these countries won’t resonate. Second, there is the issue of alphabet soup – this is training that includes a lot of acronyms (e.g., FCPA, DOJ, SEC, etc.) that are next to meaningless to local workers. Name-dropping these organizations (or, worse, acronym-dropping) is a way to confuse workers and make trainees become detached.

In addition to your risk assessment, this is where your compliance training program can be informed by your whistleblower hotline and incident management data. Dig into regional data to get an understanding of what internal reporters are identifying as top concerns. You can better tailor your training and compliance messaging to the hots spots within each region.  

Tailor Third-Party Compliance Training to Fit the Relationship

Organizations have consistently ranked bribery and corruption among their top concerns in NAVEX Global’s third-party benchmark reports. This year, it was the second most-common concern at 42 percent (trailing only cyber security and data protection at 49 percent).

With this in mind, it might be tempting for organizations to provide detailed training on the Foreign Corrupt Practices Act (FCPA) to all employees of a third party – the landmark 1977 legislation that continues to be the benchmark for defining bribery and corruption activities, relevant risks and government enforcement actions. But those receiving training don’t really need a history lesson. They need scenario-based examples that tie the black letter of the law to the specific work they are doing with your company.

This requires organizations to assess the risk of specific vendors and employee groups to ensure the training they’re getting is applicable to their job descriptions, duties and processes.

Mind the Nuances of Each Third-Party Relationship with Core Values

Tailoring training programs for your audience is key; however, providing a perspective that is too narrow can limit a trainee’s understanding of the spirit of the law. 

Tailoring training programs for your audience is key; however, providing a perspective that is too narrow can limit a trainee’s understanding of the spirit of the law. This is where core values training is important. Core values are the reasons behind the things we do and don’t do. These values need to be instilled in each employee and third party in conjunctions with specific behavior training. For instance, mentioning facilitation payments during your training provides good tactical knowledge to trainees. However, it needs to be complemented by similar training around the larger value of not offering undue incentives to public or government officials.

When you train employees on very specific “dos” and “don’ts,” you run the risk of keeping trainees in the dark about all the nuances of an issue. Core value training gives the third party the big picture perspective they need respond accurately even when circumstances vary.

Understand the Difference Between Fun & Engaging

A lot of training these days involves cartoons, videos and funny vignettes. These are methods that serve a purpose and can make compliance training more effective. The key is understanding when “fun” makes educational concepts resonate better, or when it’s just fun for fun’s sake.

If training is too light, employees can walk away remembering only the jokes. And that, of course, defeats the point of the exercise. Gamification and a lighter tone are effective methods, but only in the right balance with meaty, pertinent material. You may disagree with this, but think about you meeting with the regulator and trying to explain why the training deck had so many jokes…

Effective training starts with understanding the relationship between your content, your context and your trainee. This takes effort, but with a game plan for your training, you can ensure your audience is engaged and concepts resonate.  


Download Definitive Guide: Definitive Guide to Ethics & Compliance Training

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Internal Controls for Gift Giving this Holiday Season

Thanksgiving and the start of the holiday season is upon us. This makes for the perfect time to review your company's internal controls that apply to gifts and entertainment.
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Defining the GDPR’s Data Protection Officer Requirement

Under the upcoming GDPR, many organizations will be required to appoint a Data Protection Officer tasked with specific responsibilities under the new regulation. Learn from a current data privacy officer what this will actually look like, who it should be, and what capabilities and characteristics this person should possess.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.