Ethan was at a sales conference when he ran into a college friend, Michelle, whom he hadn’t seen in several months. They chatted for a while, and Michelle said she had passes to a golf course and asked Ethan if he wanted them. Ethan took the passes and had a great time on the links with some co-workers. The next day, he learned that Michelle now worked for one of his company’s biggest vendors—which Ethan hadn’t realized since he hadn’t seen Michelle in so long. Ethan knew his company had policies against accepting large gifts from vendors, and he knew that playing golf on Michelle’s dime didn’t look great. When he got back from the conference, he had to decide: Should he tell his boss about the golf passes?
Ethan and Michelle are not real people. They’re characters in an online compliance training module created by Inspired eLearning and available for purchase by corporate clients. After reading about Ethan’s predicament, trainees are asked: “Now that Ethan realizes he’s accepted what may have been an inappropriate gift or form of entertainment from a vendor, what should he do?” The choices are “Nothing. It was an honest mistake and he won’t base any business decisions on it” and “Report it to his supervisor. Even the appearance of misconduct is a problem.”
Regardless of what company you work for, if you have a pulse you will intuit that telling the boss is the correct answer. If you answer nothing, don’t worry—the module will prompt you please try again until you get it right. (At the end of the lesson, Ethan does the right thing and tells his boss, the boss determines that it was an honest mistake, Michelle apologizes to both of them, and everyone lives happily ever after.)
If you’ve ever worked in corporate America, it’s likely you’ve encountered a compliance training program like Inspired eLearning’s. (I’m not trying to pick on Inspired eLearning, whose offerings seem very much par for the course when it comes to compliance training.) Mandatory trainings on basic ethics, harassment, and discrimination are as accepted—and irritating—a part of office life as stale coffee and bad conference-call connections. And if you’ve ever found yourself answering a multiple-choice question about a black-and-white ethical situation with an obvious correct answer, you may have wondered: Why is my company making me do this? Is this just a form of legal ass-covering, or do executives actually think that compliance training will prevent someone from taking a bribe, harassing an underling, or discriminating against a job candidate?
In general, companies are not required by law to provide those boring compliance courses to you. (An exception is California, where managers at big companies are required to take sexual harassment training.) But even when training isn’t legally required, it’s effectively mandatory thanks to the Sarbanes–Oxley Act of 2002, which strengthened anti-corruption requirements for publicly traded firms, and the Federal Sentencing Guidelines for Organizations, which decree that “the existence of an effective compliance and ethics program” can “mitigate the ultimate punishment of an organization” accused of wrongdoing. Companies that can point to mandatory compliance training can get off easier if they’re investigated or sued.
All this training has costs. A 2011 survey of 46 multinational corporations found that they spent $206,164 on average on compliance training each year, and millions more on other compliance activities (like investigations, risk analyses, and salaries for compliance officers). And that’s just the direct cost of training—it doesn’t account for the cost of the hundreds or thousands of hours of productivity lost to compliance training each year.
Companies that do get investigated for wrongdoing are often required to implement even more trainings as part of their settlements. Con Edison, for instance, agreed to hire “an independent equal employment opportunity specialist to develop and conduct employee training” and to “provide training to field supervisors on Title VII of the Civil Rights Act of 1964” as part of a settlement with the Equal Employment Opportunity Commission over claims of pervasive sexual harassment and gender discrimination last year. And Hillshire Brands Co. (formerly the Sara Lee Co.) recently told regulators it would “engage in remedial measures such as anti-discrimination training” after black workers sued over a hostile work environment at a Sara Lee bakery in Texas.
This might all be for the greater good, if compliance training actually prevented ethical violations, sexual harassment, and discrimination. Unfortunately—as you’d expect from the dumbed-down nature of most compliance courses—there’s very little evidence that it does. Enron required employees to read a code of conduct and sign certificates of compliance; you remember how that worked out. In a 2010 case study of “decoupling” (the creation of gaps between stated policies and actual practices) at a large insurance company found that “organization members adopted a cynical view of the decoupled program, and as a result of its internal illegitimacy, began to violate the formal compliance rules in a widespread fashion.” A 1999 survey of 10,000 employees at six corporations found that the least effective kind of compliance program is “an ethics/compliance program that employees believe exists only to protect top management from blame.” The authors of that study warned executives that “a ‘quick fix’ (distributing an off-the-shelf code written by someone outside the company, along with a canned one-hour training program) may do more harm than good if it suggests to employees that top managers are just trying to protect themselves if the company ends up in court.”
In other words, regulators, managers, and employees are caught in a vicious cycle. Regulators pressure companies to implement training programs in hopes of reducing corporate crime and malfeasance. Executives implement training programs in hopes of protecting themselves against lawsuits and prosecution. Employees see through executives’ motivations and ignore, or even rebel against, the lessons of the trainings.
Although there’s not much research one way or the other, the online nature of compliance courses probably exacerbates this vicious cycle. Companies prefer online programs to in-person training mainly because they’re a lot cheaper, but also because they’re uniform and easy to track. In the event of a lawsuit or an investigation, a company that uses online training courses has hard evidence that every employee took the training and that the training covered, say, Title VII of the Civil Rights Act of 1964. By contrast, a company that uses in-person compliance trainings might have to scramble to prove that Joe Schmo was in the conference room on the day of the training and that the instructor covered every relevant topic. So online courses are ideal for companies looking for legal protection—but they’re so impersonal, and frequently so simplistic, that it’s hard to take them seriously.
Jeff Kaplan, a lawyer who has specialized in compliance and ethics since 1991, says online compliance training is an understandable solution for companies looking to convey a basic message to lots of employees, but that it works best if it’s only the first step in an ongoing conversation. “Once you’ve created the base knowledge,” said Kaplan, a partner at the law firm Kaplan and Walker, “there’s an opportunity to develop more approaches that are tailored to employees by risk area, project area, location, role—and that kind of thing is often more effective if it’s done in person.” In-person trainings, he emphasizes, aren’t a panacea—“If you just have a lawyer stand up and read a bunch of PowerPoints, that's going to have the same effect as the lousy online training”—but companies that have managers train their teams, rather than outsourcing the job to lawyers, are more likely to prompt real engagement. If your boss is looking you in the eye when she tells you the company values fairness and integrity, you’re likely to take her more seriously than an email from HR directing you to an online course.
But those courses are unlikely to go away until regulators stop rewarding companies for implementing them. Research shows that the only thing that actually prevents wrongdoing is a strong company culture that discourages wrongdoing. That 1999 study found that the best approach was “a values-based cultural approach” comprising “leaders’ commitment to ethics, fair treatment of employees, rewards for ethical conduct, concern for external stakeholders, and consistency between policies and actions.” In other words, there’s no quick fix for corporate ethics: “[C]oncerns for ethics and legal compliance must be baked into the culture of the organization.” If executives focused on culture—and if regulators gave it more weight than box-checking when considering corporate malfeasance—we would reduce corporate malfeasance and waste a lot less time on the simplistic ethical dilemmas of fictional characters.
Need career advice? Got a problem at work? Email firstname.lastname@example.org.