Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Richard Bistrong: Who’s gaming your compliance program?

Instead of completing compliance training modules on their own, three Credit Suisse bankers had their administrative assistants do the work for them.

The admins logged in with their boss’s credentials and completed two modules — “Understanding Money Laundering, Terrorist Financing, Sanctions and Corruption” and “Global Records Management.”

Wall Street’s independent regulator, FINRA, found out about the cheating and ordered all three bankers to give back part of their 2015 bonuses.

That reminded me . . . . .

Ten years ago, while I was cooperating with the FBI and using a computer the FBI was monitoring, several agents and intermediaries sent me due-diligence self-assessments to complete on their behalf. The self assessments were part of the vetting process for a well-known multinational.

One thing I noticed right away, other than my being an unlikely candidate then to complete an anti-bribery self-assessment, was that the requests came from agents where English was a second language, and yet all of the self-assessments were in English.

Of course, agents who send self-assessments to someone else to complete probably aren’t “best in class” in terms of ethics and compliance. And while I declined to complete the assessments, some of those agents were successfully on-boarded. 

In another example, a few years ago, I was chatting on the phone with a good friend who worked then for a global bank. In the background, I heard “FCPA” and I asked what that was about. He said he was going through his annual anti-bribery training.

I said, “Hey, your best friend got locked up for breaking that law. How about ending our call, paying attention, and let’s talk later.”

When I posted the Credit Suisse article on LinkedIn, Marc Leu, a compliance and risk management executive, asked: “Is it because of the culture, because they don’t care, or is it because it is the same training they have been doing for the last three years and the content does not address the real questions, nor does it give useful answers, re how to deal with difficult situations.”

Those are great questions. How do we engage a globally disbursed workforce with effective training that’s  tailored to someone’s role and knowledge base?

As my three examples show, how do we even know (or how can we know) that people are using and completing the modules on their own?

The solution is often a combination of multiple platforms and training content, where face-to-face instruction is combined and complemented with e-learning programs, video and other material.

I often hear compliance leaders say, “It’s good to change things up.” That’s true. Different compliance perspectives can spark the “difficult discussions” I often talk about. That’s why it’s healthy to use multiple tools that don’t stop at a desk-top, lap-top or smart device. Creating an interactive experience across numerous platforms makes things more memorable and easier to share and retain.

On-line training and self-assessments have value and can be an important part of training and on-boarding. But when they stand alone — separate from more adaptive education and deep-dive due-diligence solutions — they easily be discarded, diluted, and gamed by the people who need them the most. Worse, as the three examples demonstrate, standing alone, they can lead to a false and dangerous sense of complacency that “all is ok” when those responses are collected, aggregated and even scrutinized.


Richard Bistrong is a contributing editor of the FCPA Blog and CEO of Front-Line Anti-Bribery LLCIn 2010 he pleaded guilty to a conspiracy to violate the FCPA and served fourteen-and-a-half months at a U.S. federal prison camp. He was named to Compliance Week’s list of Top Minds in 2017 and was one of Ethisphere’s 100 Most Influential in Business Ethics in 2015. 

His popular real-life compliance training video, Behind the Bribe, produced in cooperation with Mastercard, was released in 2017.

To request a demo of the full eleven-minute video or a licensing fee schedule, please click here.

Share this post


1 Comment

  1. All very good points – but let me add one. Most compliance training teaches too much. I learned that the hard way. Training should focus on fundamentals, issue spotting, and how to get help that won't impede ones business. When we tested and piloted online training to see if we were actually teaching anything (this was at GE in the aughts) we discovered that we were – painfully – overloading the teaching. Simple was more effective (and more likely to be completed)

Comments are closed for this article!