This is part 4 of a 5-part podcast series with Tom Fox and the FCPA Compliance Report on Culture, Training, and Compliance. Listen to the series from the beginning.
Why is tailored and risk-based training so critical now? Getting ahead of regulators and ensuring your institution has skills-based training is critical. But more than this, regulators now want to see specific risk-based training, tailored to individual needs. This approach is not limited to financial institution regulators but also is the approach favored by the U.S. Department of Justice (DOJ), the Securities and Exchange Commission (SEC), the Financial Crimes Enforcement Network (FinCEN), and the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC). An institution cannot have a blanket training without follow-up trainings on specific job functions.
Different employee classifications need different, specialized training. For example, bank tellers need to know more about cash transactions and regulatory requirements, such as currency transaction report (CTR) and pouch activities. Employees in trade finance departments need to know more than others about sanctions and embargoes. Moving on to third-party relationships, correspondent banking departments need to know, for example, the red flags for nested accounts. Private bankers, who are covered under the Foreign Account Tax Compliance Act (FATCA), must be trained on that law so they can be more vigilant about detecting tax evasions.
The key is that each group requires unique training and since every institution has a different set of risks, institutions should understand that one form of training cannot fit all situations. Tailored training is a key element and a universal one, regardless of an institution’s size, risks, and resources. Each institution needs to assure proper and tailored training throughout the institution.
Training begins with the basics: compliance professionals must know the risk profile of their organization, where the blind spots may be, and what exposures may emerge. An institution’s risk profile would include the types of products and services it provides. For example, for those institutions that don’t have corresponding banking accounts or provide banking services to other financial institutions, corresponding bank-related training may not be relevant. Similarly, financial investment institutions that do not deal with cash do not need to train on those requirements. Yet as risks change and new threats emerge, it is important to equip your operational teams on the front lines with the skills to manage these changes, whether triggered either by a new regulation or by a new product or service the institution plans to introduce. As an example, Covid-19 brought new risks in the working-from-home environment and those risks will change again as people return to work.
Compliance professionals must continually assess compliance risks. This is where having regular ongoing communication with the “field” is so important. By visiting branches and corporate departments, compliance professionals can gain valuable insight into what risks have emerged and what training is needed.
Tailored training may feel like a heavy lift up front, but it pays dividends not only in increased compliance but also in operational efficiencies. Ensuring that your operation and IT staff know what to do going forward will save a lot of pain and effort both for them and the compliance team.