Building a Comprehensive Compliance Training Program


May 18, 2021  |  John Wiese


Building a well-rounded compliance training program can be tricky, and it goes deeper than just checking a few boxes. HR and Compliance leaders need to know what topics to cover, who to train and when to train, and it all needs to be packaged and delivered in a way that doesn’t cause training fatigue for your employees. Deploying 6 one-hour compliance training courses at once is not exactly a recipe for success, no matter how engaging the content. Training on overlapping topics at the same time will start to feel duplicative to employees and limit their retention. When building an annual compliance and workplace culture training program, Compliance Officers can ask these questions to identify the topics to address in employee compliance education.

What compliance training courses do you need to take?

Do I need to provide Sexual Harassment Prevention Training?

Short answer: yes. Biennial sexual harassment training is the bare minimum. Employers nationwide should administer sexual harassment prevention training on at least a biennial basis. This is crucial for creating a healthy workplace and mitigating enterprise risk for the organization by reducing the frequency of harassment claims and potentially damaging lawsuits.

The U.S. Equal Employment Opportunity Commission (EEOC) prescribes that all employers “should provide [harassment prevention] training to all employees to ensure they understand their rights and responsibilities.” Additionally, California, Connecticut, Delaware, Illinois, Maine, New York State, and New York City have passed laws requiring employers to train employees on sexual harassment prevention.

Does my company handle personal data of people living in California?

If yes, then the California Consumer Privacy Act (CCPA) applies to your organization, and you should definitely train employees on Global Data Privacy laws. Though, the CCPA is not the only data protection law that companies who handle personal data need to navigate. Companies should ensure their data privacy practices are consistent with the US Federal Trade Commission’s Fair Information Practice Principles (FIPPs), a set of guidelines intended to lay the framework for how online entities collect and manage personal information. Employers who operate internationally also need to be aware of Europe’s General Data Protection Regulations (GDPR), a data privacy law, which protects the data rights of people living in the European Union.

compliance training calendar

Does my company handle Personal Health Information (PHI)?

If your organization is considered a healthcare provider or is associated with a health care provider, you are likely considered a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA) and should train your employees accordingly. Covered entities include:

  • Health plans
  • Healthcare clearinghouses
  • Healthcare providers who conduct certain financial and administrative transactions electronically.

The most common HIPAA violations result from careless management of personal health information and human error, and any violation presents a damaging liability risk to the business. HIPAA Training is a simple but vital step to protecting both your business and your clientele.

Does my company conduct business internationally? Specifically, do we work with anyone who could be considered a foreign official?

Employers who answered “yes” should train their workforce on Global Anti-Bribery & Corruption. The Foreign Corrupt Practices Act (FCPA) is a federal law prohibiting US entities (and individuals) from giving anything “of value” to foreign government officials who could influence business decisions and benefit their business interests. Companies found in violation of the FCPA can face fines of up to $25 million, and individuals can face prison times and fines up to $5 million. Anti-bribery training is appropriate for employees working in marketing, sales, business development, finance and accounting, and operations, as well as executives. In addition to the FCPA, anti-bribery and corruption training should cover the United Kingdom Bribery Act (UKBA) and similar laws in China, Russia, Brazil, and India.

Is my company vulnerable to an antitrust violation?

Yes! All companies are vulnerable to antitrust violations. Antitrust and anti-competition laws regulate business activities such as market allocation, bid rigging, price fixing, and tying products. Even the appearance of a violation in any of these areas can lead to costly, time consuming, and potentially damaging investigations into business practices. Antitrust experts argue that at least a few people at every organization should have a working knowledge of antitrust and anti-competition regulations. Antitrust training is a simple and cost effective way to brush up your workforce’s knowledge of what behaviors can be damaging to your business and your brand.

Is my company publicly traded? Or, do we have information on other companies that is not available to the general public?

Insider trading presents a huge threat to any publicly traded company or any organization that has confidential information about other companies (such as law firms, investment firms, etc.) All companies and individuals are subject to insider trading laws. If anyone at your business has access to information that could benefit a third party’s investing decisions, then they are at risk of insider trading criminal activity. Insider trading violations damage both your company’s brand, as well as the corporate culture. Training on insider trading is essential, because for many employees, these violations are not intuitive, and an accidental misstep can have severe consequences.

This is not an exhaustive list of ethics and compliance training topics, but these are the nuts and bolts to address compliance laws in the United States. Compliance officers should also remain vigilant of cyber security threats and potential conflicts of interest at your organization. Code of Conduct training is also one of the best ways to align your company on overall mission and values, and cover your bases when it comes to fair and safe business practices.

This list of compliance training courses may seem daunting, and it is not an exhaustive training list for your workforce. There are also a number workplace culture courses that would be highly beneficial to your organization such as Unconscious Bias and Diversity & Inclusion Training. HR Officers should also be on top of topics around Wage and Hour laws (FLSA), Equal Employment Opportunity, and the U.S. Americans With Disabilities Act (ADA). Trust me, the list goes on!

Luckily, Emtrain is here to help. Educating your workforce on all these topics can’t be done overnight, it can’t even be done in one month–it’s just not realistic. Compliance training should be a continuous education process that is spread out over the course of the entire year. We have put together this Training Calendar to help you conceptualize how to best spread these programs out. And our dedicated team of Emtrainers is happy to walk you through it, just contact us for a consultation!


antitrustcompliance trainingcyber securitydata privacyfcpaglobal anti-bribery and corruptionhipaainsider training