Essential Compliance Trainings for the Holiday Season

It’s that time of year again.

The nights are getting longer. The weather is getting colder (at least in the Northern Hemisphere). And pumpkin spice is invading every flavor and fragrance known to mankind, soon to be replaced by peppermint.

The “holiday season” has officially begun, and while compliance training may not be the first topic that springs to mind as the year draws to its close, we recommend that you give it some thought.

‘Tis the Season

Getting employees to focus on compliance education is always challenging, so choosing the right time to schedule courses can mean everything when it comes to your workforce absorbing and retaining important details. And typically, you want to schedule these educational sessions during periods of lighter workflow, when your employees can focus on the content rather than on all of the work that they should be doing instead of watching a training video or sitting in a classroom.

In many cases, the period right before a major holiday or break will prove to be an ideal period for compliance training, especially if your clients and vendors are also winding down their workloads.

So what types of training are useful during the holidays?

Business Courtesies

From Christmas to Chanukah to Chinese New Year, this time of year is littered with gift-giving holidays that bridge cultural, religious, and national boundaries, making now a great time to revisit corporate gift, travel, and entertainment policies.

How much can you reasonably spend on a gift for current or potential clients? Should you invite those helpful government officials to your holiday party? When does seasonal generosity turn into bribery and corruption?

Conversely, how should your employees respond when they receive holiday-themed tokens from your suppliers and vendors? Is it ethical to keep them? Is it legal?

By addressing these subjects proactively with training, your business can better avoid turning an innocent oversight into a legal violation.

Harassment Prevention

Along with gift-giving, the frequency of office parties and functions also increases during this time of year. Back in 2016, outplacement firm Challenger Gray & Christmas surveyed human resource managers from companies across the United States about their holiday party plans. Among participants, 76 percent planned on hosting an office holiday party, with roughly 62 percent of these festivities featuring alcohol.

With “holiday cheer” playing such a prominent role during these work-related functions, your organization would be well-advised to reiterate to staff what is and is not appropriate behavior.

Diversity and Inclusion

While the calendar is littered with several holidays over the next few months, we should all remember that not everyone celebrates this time of year in the same way. And some choose to abstain altogether.

Certain days may be filled with deep religious or cultural significance for a large portion of your workforce, while other employees may have never heard of these celebrations.

Striking an inclusive tone and accommodating the diverse backgrounds and expectations of your workers can prove challenging throughout this season, and taking the time as a group to reflect on and discuss creating a tolerant and welcoming environment can only help.

Data Security and Privacy

In 2016, U.S. consumers spent roughly $2.7 billion in desktop e-commerce sales on “Cyber Monday,” the first Monday after the Thanksgiving holiday and one of the largest shopping days of the holiday season. And many of these transactions occurred while at work. In fact, one CareerBuilder survey found that 53 percent of surveyed employees admitted to online holiday shopping while on the clock.

As retailers flood your employees’ email inboxes with a flurry of advertisements to capitalize on this increased spending, cybercriminals are equally active, sending out phishing emails with bogus discount links and setting up fraudulent ecommerce sites that offer holiday deals that are too good to miss.

To protect your business and data, you should consider providing your staff with a solid refresher on effective cybersecurity, particularly highlighting anti-phishing training.

Want to learn more about how we can help your organization develop an effective compliance program with our growing library of training courses? Request a demo of our services.

How to Tell if Your Compliance Program is Working

Risk is inherent to every human enterprise, and how we manage and mitigate risk is often critical to our personal success in life as well as the overall achievement or failure of any organization.

To help mitigate this risk, businesses often draft comprehensive codes of conduct that outline appropriate and inappropriate behavior for both individual employees and the business at large. And to make sure that these written guidelines are followed, corporations invest hundreds of millions of dollars each year into training, reporting, and enforcement mechanisms under the banner of a “compliance program.”

But hidden behind these protocols and investigation guidelines and eLearning budgets, how can an organization be confident that it’s compliance efforts are meeting with success?

How Do You Know If You Have an Effective Program?

Leadership is involved

Few things will highlight a thriving, healthy compliance program more than executive buy-in, and when a company’s leaders are committed to building an ethical culture and prioritizing corporate responsibility, the rest of the organization will follow.

Of course, you don’t have to take our word for it. The , the U.S. Department of Justice (DOJ), the U.S. Securities Exchange Commission (SEC), and the  all cite executive leadership as critical in fostering an ethical corporate culture.

No one is exempt

Consistent reporting and enforcement also plays a major role in effective compliance, at least, if you believe recent research produced by behavioral economist Dan Ariely. In a series of experiments, Ariely found that test subjects were more likely to engage in dishonest behavior when exposed to existing corruption. And by merely being offered a bribe, experiment participants were more likely to behave dishonestly.

Bearing this research in mind, it should come as no surprise that in a recent survey of more than 4,000 employees regarding the largest challenges related to worker compliance, Deloitte found that inconsistent corporate practices dominated the responses. In particular, workers were most concerned about the:

  • Inconsistency of ethics communications and training (24.7 percent)
  • Differing ethical standards for various employee groups (15.4 percent)
  • Insufficient incentives to reward/punish behavior (16.8 percent)
  • Varying ethical policies of third parties (14.5 percent)

You receive bad news

If your workforce is too afraid to notify their supervisors or senior management of a failure or business setback, they’ll either find ways to hedge the information or outright lie.

Take for example the Veterans Health Administration in Phoenix, Arizona. When staff were unable to cut wait times for medical appointments — one of the key performance indicators used to determine salary increases — workers began keeping “secret” waiting lists and not entering patients into tracking systems. Official reports cited 24-day waiting periods, while patients were actually waiting an average 115 days for appointments.

You need to make clear to staff, both through education and policy, the importance of honesty and compliance.

Your employees tell you

It’s amazing how (sometimes brutally) honest your employees can be when you ask them a direct question, particularly if you offer them the chance to comment anonymously. Even if you’ve built a culture where your staff feels free to bring up problems, they may still feel reluctant to proactively speak out, particularly if the compliance issue is systemic to an entire department.

Routinely conduct anonymous surveys that gauge employee attitudes and perceptions regarding company ethics, discrimination, customer service, and overall corporate culture. Exit interviews are also a good time to raise these types of questions. Then match these impressions of corruption or potential ethical issues against reported incidents. If a noticeable gap exists, you need to take action.

Similarly, your business should have mechanisms in place, such as fraud hotlines, where employees can anonymously report incidents of inappropriate behavior. Based on its 2016 global fraud study, the Association of Certified Fraud Examiners found that tips and whistleblower activity were the most commonly cited means of detecting fraud — cited in 39.1 percent of cases — among respondents.

Don’t forget to vet the effectiveness of your compliance training efforts as well. Not only should you choose a platform that incorporates testing into the training exercises — allowing you to verify that your workers have absorbed the relevant content — but you should test them again a couple of months later to track their overall retention. These results can help you determine whether you need to adjust your education strategy or potentially employ refresher courses.

Want to learn more about how we can help your organization develop an effective compliance program with our Request a demo of our services.

How Ethics and Compliance Applies to the Employee Experience

You don’t have to misuse (or even, have) a million dollar slush fund to violate anti-bribery laws like the Foreign Corrupt Practices Act (FCPA). Nor do you need to be a high rolling corporate exec or a diplomat to be embroiled in a conflict of interest. Federal enforcers don’t care whether you have a fancy title if you violated insider trading laws. Nor do they care whether you’re the chief executive or an account executive if the feds find evidence of antitrust violations.

These laws and ethical standards apply to every employee in their everyday experience. In other words, ethics and compliance applies to you.


Avoiding bribery takes more than just common sense. For example, the FCPA defines a bribe as an offer, payment, or promise of “anything of value” to a foreign official in order to obtain or retain business.

The “offer” and “promise” parts mean that just offering or agreeing to bribe someone is illegal — nothing of value needs to change hands.

The “anything of value” part is also complicated; it means that a bribe includes not just money, but things such as gifts, employment, entertainment, and travel. Also, whether the bribe is “of value” depends on the economic standards in the foreign country, not the US.

What might be a modest dinner by US standards could be considered lavish in the foreign country. In that situation, an employee paying for a foreign official’s dinner after talking up your business could be a bribe in violation of the FCPA.

Employees should avoid even the appearance of bribery for the sake of organizational morale and avert the possibility of a federal inquiry.

Conflicts of Interest

Conflicts of interest can arise for any employee who has a private interest that makes it difficult to act in their organization’s best interest. Even employees who think they can set competing interests aside may still be subconsciously influenced to favor their own interests.

Conflicts can include competing financial incentives (e.g., a second job or side business), workplace romances, favoritism in the hiring process, improper business gifts, or the improper use of confidential information (e.g., insider trading). Although conflicts of interest can violate the law, they are just as often ethics violations that don’t rise to the level of illegal conduct.

Insider Trading

Insider trading means trading in the stock of a company while being aware of inside information about the company. Employees at any level can gain inside information about a company, whether it’s your organization or another company that your organization does business with.

When employees become aware of confidential information, they have a duty not to trade in the company’s stock. The law also prohibits them from disclosing the information to someone else so that person can make a trade. This is called “tipping.”

In our “Insider Trading” course we recount a legal case against a railyard worker that the Securities and Exchange Commission (SEC) vigorously pursued. The worker bought as much company stock as he could afford after observing evidence of a pending acquisition, and later profited handsomely when it went through. Although the SEC did not ultimately win a jury verdict against the worker, this case illustrates that any employee can face legal action on insider trading charges. [SEC v. Steffes, Case No. 1:10-cv-06266 (N.D. Ill. Verdict Jan. 27, 2014)]

The US Supreme Court also recently upheld the criminal conviction of a Chicago grocer for insider trading (he had traded based on tips from an investment-banker friend), once again illustrating that you don’t have to be a high-flyer to have your wings clipped for violating the law.


Outside of the finance and legal fields, if the average employee has heard of antitrust law, they probably know that it has something to do with the rarefied realm of mergers and acquisitions. But antitrust law is much broader than that. It prohibits all anti-competitive conduct that unreasonably restrains free trade.

Because the law prohibits anti-competitive agreements, words matter. An antitrust investigation would not bode well if it uncovered sales people emailing one another an intent to “dominate the market” or having discussions with competitors about key aspects of the business such as prices, current bids, customer quotes, marketing plans, or geographic territories.

An unwary employee may jump to the conclusion that cooperation is good. But since antitrust law and the ethical duty of organizational loyalty prohibit collusion with competitors, employees who have the power to make deals on behalf of your organization need training to avoid this kind of costly mistake.

Not Just Common Sense

Yes, common sense helps, but it’s not enough. Applying complex legal mandates and ethical maxims to the often gray areas of the everyday work world is far from intuitive. It takes training — that includes practice navigating situations based on real scenarios — to prepare employees to respond appropriately to nuanced circumstances they may encounter.

Effective training takes ethics and compliance beyond a “gut feeling” something is wrong, and teaches employees to determine the most ethical course of action in the face of conflicting options. Feeling that “something is wrong” is a good start when faced with an ethical or compliance challenge. Knowing the ethical and compliance standards can help translate the feeling into understanding what is wrong, why it is wrong, and what to do about it.

Learn More About Ethics and Compliance Training

EVERFI delivers online ethics and compliance training to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, EVERFI delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

How Ethical Conduct Leads to Compliance

Compliance, as it has been traditionally known, is dead. Training mandates, accepting statements like “that’s how it’s been done,” and keeping up appearances to avoid scrutiny are unsustainable practices. Look at any major scandal that has hit the news lately, be it fraud, data security, gender discrimination, and you will find echoes of the old way of doing compliance.

Compliance practitioners should be aware of this by now. “Culture of compliance,” “tone at the top,” and “ethics” are oft-used terms to describe effective compliance programs. However, just saying these words doesn’t mean the workplace understands effective compliance, and even more, doesn’t mean it helps the workplace become compliant.

Ethics Must Be the Foundation for Compliance

Ethics is a necessary foundation for modern compliance programs. Ethics means a lot of things. Merriam-Webster clarifies: “While ethics can refer broadly to moral principles, one often sees it applied to questions of correct behavior within a relatively narrow area of activity.” For organizations, ethics is especially narrow. The “moral principles” to follow are the values of the company, which are further defined by the organization’s mission.

When employees (including executives) do their jobs according to an organization’s moral principles, and do “what’s right,” they effectively “comply” with ethical standards. This also makes for an ethical culture. To be sure, social expectations and mores can impact how ethical a company appears. For example, a company that reveres and follows the value of “making money at all costs” would not be viewed as ethical to millennials. For the purposes of compliance, organizations should focus on the values they believe in.

How Ethics Leads to Compliance

The above explains the “what,” but it doesn’t explain the “how.” First, compliance means adhering to external laws, internal policies and practices, and of course ethical standards. Some practitioners may wonder how being ethical translates to following specific laws, such as the Foreign Corrupt Practices Act (FCPA), or a company’s conflict of interest policy.

Employees must know about the law. For example, being a bastion of “honesty and integrity” pursuant to an organization’s values may not prevent an employee from violating record keeping and internal control requirements under the FCPA. At the same time, mere knowledge about the law doesn’t change behavior. To be effective, knowledge of the law must be incorporated into a larger ethical framework. “[I]n a specific type of culture, characterized by specific values such as openness, trust and honesty, employees are more likely to engage in compliance behaviours which collectively will contribute to organizational compliance,” says Lisa Interligi in the Journal of Management & Organization.

Finally, compliance must resonate with employees not just on a professional level (“company policy tells me to do X”) but on a personal level (“doing X is the right thing to do.”) “Research has shown that when the organization and employees [sic] values are in sync and when there is trust, employees view other employees’ transgressions as a personal affront – an affront against themselves,” states researcher and University of Miami law professor Michele DeStefano. When employees intrinsically believe in their organization’s purpose and values, ethical behavior should drive their everyday actions.

It Starts With Training

Where to start? Effective ethics training. “By most accounts, compliance begins with education: effective communication so that agents within the firm understand the firm’s commitment to compliance and enough about the law to spot issues that arise within their own scope of authority and know how they are expected to respond,” according to Donald C. Langevoort in his formidable law review article, Monitoring: The Behavioral Economics of Corporate Compliance with Law.

Dry technical language found in statutes and company policies must be transformed to resonate with employees. Sure, companies need to avoid writing in legalese, but communicating ethical principles goes way beyond that. EVERFI Lead Instructional Writer Carmen Poole explains her research:

Using case studies to facilitate learning has long been celebrated as one of the best ways to encourage critical and experiential thinking skills. Case-based learning in ethical training contexts is advantageous because case studies can be tailored endlessly, giving rote content the potential to get up and walk around, while giving the learner an opportunity to experiment, to explore, to evaluate.

When done right, and adapted to fit a company’s values, the result on employees could be transformational. Training is not the end-all, but it is a critical part in communicating, informing, and building an ethical culture.

Learn More About Corporate Compliance Training

EVERFI delivers online ethics and compliance training to help your business meet compliance requirements both dynamically and scalably. In addition to our award-winning online courses, EVERFI delivers a robust, cloud-based learning management system to help you easily deploy and track our growing library of ethics, anti-harassment, data security and employee conduct courses.

How to Detoxify Your Work Environment to Promote Diversity

A toxic workplace is deadly for diversity and inclusion. Even when there is diversity in form, a diverse workforce that occupies only the lowest rung of the organization’s hierarchy in an otherwise homogenous work environment is identified as a risk factor for discrimination and harassment by the Equal Employment Opportunity Commission.

But even if workers are not subjected to illegal harassment, some work environments are the opposite of inclusive. The good news is that by fostering a supportive corporate culture, your organization can not only detoxify a toxic workplace, but also build a diverse and inclusive organization.


Two Main Types of Toxic Work Environments

By “toxic,” I mean a workplace that would fall under either one or both of the following:

  1. A traditional “hostile work environment” in which employees face discrimination due to their membership in a protected class
  2. A work environment in which employees face bullying, intimidation, or abuse — even when the abusive conduct does not rise to the level of illegal harassment.

This is what workplace bullying prevention expert Professor David C. Yamada calls a “status-blind hostile work environment.”

The first kind of toxic work environment obviously impacts diversity and inclusion. Even when you have a diverse workforce, it may not stay that way if workers feel they are targeted for their protected characteristics. This is not only illegal, but counterproductive from a business standpoint.

The second kind of toxic work environment may have a less obvious impact on diversity, since discrimination is not directly implicated. But more nuanced forms of abusive conduct may still mask illegal discrimination. Bullies tend to target workers with less power, who in turn tend to be historically underrepresented workers in the workforce — e.g., women and minorities.

Even when illegal discrimination is not implicated, toxicity in the workplace is often based on rigid expectations that all workers must act and think the same, which kills diversity of thought and innovation. A climate of fear is the opposite of an environment of inclusion that welcomes dialogue and differences in point of view — often stemming from variations in life experience and culture.


Toxic Employees Thrive in Toxic Environments

A workplace does not get toxic by itself. It’s created by “toxic” employees and a workplace culture that supports them. A workplace bully, according to a 2015 Harvard Business School (HBS) study, is “toxic” because the worker is not a problem just to the individuals they target, but to the entire workplace. And toxicity spreads.

But it’s not just employees that create a toxic environment that can erode inclusion efforts. Senior leadership plays a large role in setting tone at the top so that work culture doesn’t foster toxicity. Sometimes the worst bully is a manager, leader, or even the CEO. In the latter case, the board of directors may need to implement restraints up to and including termination.

On the other hand, numerous studies show that “establishing workplace cultures that cultivate respect and trust will elevate the standards of behavior expected, and consequently place a higher value on the health and well-being of all workers.”


Diversity and Inclusion Thrives in Supportive Workplaces

It turns out that many of the leadership and organizational culture qualities that discourage bullying also encourage inclusion. Inclusion is more than just a head-count affirming that a company is “diverse” — inclusion is creating a supportive environment that tells employees that they are valued. It’s the opposite of a toxic work environment.

According to research by the Center for Talent Innovation and summarized in the Harvard Business Review, there are “four levers” that drive inclusion:

  1. Inclusive leaders who welcome team members to express opinions and innovative ideas while still providing actionable feedback and team-oriented results
  2. Authenticity in demeanor and style (for example, no workplace advantage should accrue to workers who “act like a man,” regardless of gender, or “compromise” their ethnic identity)
  3. Networking and visibility, including sponsorship of talented employees (especially women and minorities) by senior leaders who advocate key assignments and promotions for the junior employees (the authors warn that “lack of sponsorship increases someone’s likelihood of quitting within a year”)
  4. Clear career paths that are available to everyone, so that qualified workers aren’t blocked in their tracks for inexplicable reasons, leading to suspicions of discrimination (rightly or wrongly).



Detoxifying your work environment may not always guarantee diversity and inclusion. But striving for more than just a non-toxic environment, and going beyond that to foster a supportive and inclusive workplace, can help promote diversity in the same move. Results may not be guaranteed — but consider the alternative: a toxic environment that sticks to the very air and spreads like a virus over the organization for years to come.

EVERFI can help support your corporate culture with online compliance training for employees and supervisors. Additionally, EVERFI will deliver a robust, cloud-based learning management system to help you easily deploy and track our growing library of compliance training courses, including diversity and inclusion, anti-harassment, data security, ethics, and much more. Contact us today for a free demo.

5 Employment Law Basics Managers Need to Know

From the individual employee’s standpoint, managers and other company leaders are your organization. Executives and compliance personnel make policies to reflect the legal and ethical standards workers are expected to measure up to. But managers must apply, interpret, and execute the policies and legal standards pragmatically based on concrete contingencies employees encounter.

Yes, the law holds employers (that is, organizations) responsible for ensuring employee rights are protected. However, employers can only act through responsible human beings — your leaders and managers.

Managers in particular are on the front lines of making sure employers appropriately follow employment laws. This means that managers need to have at least a high-level awareness of the essential employment law concepts.

That’s why it’s important to make sure your managers know the employment law basics.


1. Discrimination & Harassment

Managers may not fire or refuse to hire, limit employment opportunities, benefits or pay, or otherwise discriminate based on:

The takeaway is that managers need to focus on helping employees to do their jobs, not on characteristics or activities that the law protects. Nor may managers retaliate against workers for complaining about discrimination or harassment. Managers must treat all employees fairly and equally.


2. Protected Leave Laws

Employees who are eligible for leave under the Family and Medical Leave Act (FMLA) may take time off from work for the birth of their child, to adopt a child, or to care for their own or a specified family member’s serious health condition. If the family member is called to active duty in the armed forces, the employee may also be entitled to qualifying exigency leave under the FMLA.

The Uniformed Services Employment and Reemployment Rights Act of 1994 (USERRA) protects veterans and reservists from discrimination and retaliation for taking time off to serve in the armed services.

Managers should treat employees who have taken or plan to take any kind of protected leave no differently from employees who have not taken such leave. This also means that managers may not penalize employees in any way for taking protected leave.


3. Compensation & Overtime

Managers may require employees to work extra hours at times, especially when facing a deadline or time-sensitive project. Managers often need to keep track of how many hours employees work, and make sure they permit employees to take any break times mandated by state and federal law.

The federal Fair Labor Standards Act (FLSA) sets the federal minimum wage and requires that covered employees are paid time-and-a-half if they work overtime (more than 40 hours per week). But not all employees are covered by the FLSA (or state law equivalents).

These workers are “exempt” employees. HR and other compliance personnel are usually responsible for determining which employees are exempt, according to specified legal criteria. This means that managers need to be in-the-know as to which employees are not exempt from these laws before assigning extra work hours or modifying break times.

4. Safety

Managers need to ensure that workplace safety is a top priority. The Occupational Health and Safety Act requires employers to provide a safe workplace, including any necessary training for managers and employees.

If workers are injured during work despite all the best safety precautions, they may be eligible for worker’s compensation, which could include time off to recover or even permanent disability.

Managers must not discourage workers from using proper safety precautions or penalize workers for refusing to work in unsafe conditions or for exercising their right to worker’s compensation. No matter what other production goals or quotas managers may have, there’s no excuse for cutting corners when it comes to worker safety.


5. State and Local Laws

This article has focused on the major federal laws that managers need to be familiar with. Since this article is short, we weren’t able to discuss all the important federal employment laws, nor go into much detail about the ones we did cover.

But it’s still important to point out that many states and cities have similar laws, several of which are stricter than the federal laws. For example, several states list additional protected characteristics and activities and have stricter wage and hour laws. Managers need to understand that they are responsible for complying with federal employment laws, in addition to state and local laws.


What Managers Need to Know

What’s important here is that managers are aware of the major employment rights workers have. Experts agree on the need for legal awareness and legal literacy for managers. If managers know the basic concepts (for example, that there are protected characteristics and activities), they are more likely to take care when a workplace situation implicates these rights. Managers do not need to memorize every protected characteristic or know the intricacies of FMLA law.

What they do need to know is that employees must be treated fairly and equally based on their work; that certain workplace absences are protected; to be mindful when assigning work outside of regular work hours; to foster a safe work environment; and not to retaliate or appear to retaliate when workers do exercise their rights.

EVERFI can help support your managers with online compliance training for employees and supervisors. Additionally, EVERFI will deliver a robust, cloud-based learning management system to help you easily deploy and track our growing library of compliance training courses, including diversity and inclusion, anti-harassment, data security, ethics, and much more. Contact us today for a free demo.

How Promoting Diversity Helps Prevent Discrimination

Diversity and inclusion are important themes in today’s workplace. In June 2017, 175 CEOs pledged publicly to promote diversity and inclusion at their companies. Deloitte reports that the majority of Millennials, who are expected to reach 75% of the workforce by 2020, want to work for companies that actively foster inclusion. Public outcry about organizations that fail to meet these growing expectations has been persistent.

Like any worthwhile initiative, diversity and inclusion is made up of many parts. Discrimination is one of those parts. This post describes how diversity and inclusion overlap with discrimination, and what companies can do to promote diversity and inclusion while stamping out discrimination.

Lack of Diversity Can Cause Discrimination

Research suggests that a lack of diversity and inclusion in the workplace can promote discriminatory behavior. After reviewing considerable literature and drawing from practical experience, the Equal Employment Opportunity Commission (EEOC) concluded that harassment (a form of discrimination) is more likely to happen in the workplace with a lack of diversity, and explains:

Workers with different demographic backgrounds than the majority of the workforce can feel isolated and may actually be, or at least appear to be, vulnerable to pressure from others. They may speak a different language, observe different customs, or simply interact in ways different from the majority. Conversely, workers in the majority might feel threatened by those they perceive as “different” or “other.” They might be concerned that their jobs are at risk or that the culture of the workplace might change, or they may simply be uncomfortable around others who are not like them.

Imagine a worker who feels “different” bringing up personal issues of exclusion, self-doubt, or even discrimination to a group of homogenous senior leaders who the worker believes may not understand. The dynamic is likely not intentional. Nonetheless, certain groups of people can be shut out.

Discriminatory dynamics may be ingrained in a company’s culture, making quick fixes or surface-level changes ineffective. Tristin Green argues as much in her law review article, “Work Culture and Discrimination.” Informal socializing among coworkers, appearance norms, and managerial expectations of what success “looks like” can all contribute to a culture that excludes people of varying backgrounds. Diversity and inclusion has a lot to do with this.

Take hiring, for example. A company that hires people with similar ethnicities, professional backgrounds, and education from the same talent pool sets a tone that a certain make and model is required for success. Those that feel “different” from the pack are less likely to be chosen for informal gatherings, less likely to speak up, and less likely to be satisfied.

While Green argues that diversity efforts in practice may not be enough to meet the remedial promise of Title VII, they do have the potential to help companies fight discrimination. Diversity is not a “nice to have” but rather an important element of a company’s duty to prevent discrimination and harassment in the workplace.

Diversity Raising Allegations of Discrimination

Many practitioners worry about running afoul of state and federal anti-discrimination laws when implementing a diversity and inclusion program. There is some merit to the concern. Title VII explicitly prohibits unequal treatment of employees according to their protected characteristics, like race, gender, religion, or disability. Companies cannot show a preference by treating one group differently than another.

That is, unless they have a really good reason for it. For private companies, preferential treatment has been accepted if it’s created to remedy past discrimination specific to the particular workplace, according to the U.S. Supreme Court and subsequent case law.

Additionally, contractors with big enough contracts with the federal government are required to implement affirmative action policies. Unless a company falls under these two exceptions, they generally cannot give preference to certain groups over others.

This shouldn’t be a problem for modern companies, however. The diversity and inclusion trend is moving away from a “compliance” justification to more of a “business” justification, explains Stacy L. Hawkins in her Spring 2017 law review article. Those justifications usually include (1) responding to culturally diverse markets, (2) improving innovation, and thus performance, and (3) building a reputation internally and externally that the company is “open.”

Common Diversity/Discrimination Scenarios

So how is diversity and inclusion done? It is done through positive programs, as well as by mindfully handling common practices that may involve discrimination. Some common diversity/discrimination scenarios are below.

Employee Resource Groups

The Human Rights Campaign recommends inclusivity when building employee resource groups. “Make it clear that group membership is open to all employees, and thus complies with your organization’s anti-discrimination policies and applicable law.”

Additionally, Jonathan A. Segal, writing for the Society for Human Resource Management, suggests organizers tell group participants they must still follow company policy in regards to reporting issues like harassment or discrimination. Doing so avoids excluding people while legitimizing company policies.


Companies should be deliberate in creating job descriptions that only include necessary and major job functions. Doing so supports inclusion because it focuses on what’s “needed” and not what’s “wanted.” The latter could be laden with the implicit (or honestly, explicit) bias of managers.

Additionally, hiring can be discriminatory if large swaths of people are left out. Watch the language used in job descriptions. Language like “must be able to run a mile a minute” and “vibrant energy” could prevent whole swaths of persons with disabilities or older workers, respectively, from applying or being considered.

And finally, the source of potential applicants must be scrutinized. It is good practice to diversify a job search. Some ideas are conducting job fairs in low-income communities, historically black or women’s colleges, and taking a deliberate, second look at any employee referral (we tend to consider people who think, look, and have experience just like us).


Businesses should establish a system for promotion, especially if they aren’t stellar on diversity and inclusion efforts. Green warns that “relationally dependent” work environments where “recommendations for promotion are made on an informal, ad hoc basis” and where “performance reviews are conducted by coworkers, group leaders, and even subordinates” and “determinations of skill competence are ongoing” could deny the “outsiders” of a homogenous work culture from ever reaching upper management. The latter could be, and has been found in lawsuits to be, discriminatory.


Diversity and inclusion is closely linked with discrimination. Thoughtfully combining diversity and inclusion with the anti-discrimination thrust of Title VII aids “in securing the long sought ideal of workplace equality,” according to Hawkins. Companies should consider diversity and inclusion as a duty, not only for its own sake, but also as one of many ways to prevent harassment and discrimination from occurring in the workplace.

EVERFI can help support your managers with online diversity training for employees and supervisors. Additionally, EVERFI will deliver a robust, cloud-based learning management system to help you easily deploy and track our growing library of compliance training courses, including diversity and inclusion, anti-harassment, data security, ethics, and much more. Contact us today for a free demo.

Why Code of Conduct Training is Essential for an Ethical Culture

What is Ethical Culture?

Terms like “corporate culture” or “business culture” are usually descriptive, but they don’t necessarily imply an aspiration to do good. By contrast, the concept of “ethical culture” is aspirational in the best sense of the word.

While a reference to culture points to the overall environment in a particular company, a reference to ethical culture focuses on “the best” kind of environment — the way things “ought to be.” In other words, culture is about who we are (the good, the bad, the ugly) in the world of work, and an ethical culture is about putting our best selves forward in that world. 

Informal and Formal Systems

Business research platform observes that an organization’s ethical culture “can be thought of as a slice of the overall organizational culture” that’s supported by informal and formal systems.  Informal systems include leadership role modeling, behavioral norms, and organizational rituals.

For example, an organization may informally support senior managers who exemplify trustworthiness by their actions, or team-building that encourages stakeholders to freely exchange ideas in a mutually respectful setting.

Formal systems include resources that support ethical structures and programs, “selection systems, policies and codes, orientation and training programs, performance management systems, authority structures, and formal decision processes.”

An ethical culture doesn’t arise out of nothing. While the informal systems piece is outside the scope of this article, the rest of this article will discuss two essential elements of formal systems — policies and training.

Codes of Conduct Codify Ethical Culture

Specifically, an uncodified ethical culture is unsustainable. It’s nearly impossible to navigate consistent ethical judgments long-term without a compass in the form of a code of conduct.

The effective development and implementation of a code of conduct makes it a living document that sustains ethical culture, not just another dead piece of paper. To effectively formalize ethical culture, codes of conduct need to be readable and relatable to employee’s day-to-day experiences.

They should be written in a language employees understand and speak — both literally and figuratively. This means a code of conduct needs to be engaging, including by avoiding legalese and using emotive language (yes, even in corporate policy).

Training Communicates Codes of Conduct

After developing a code of conduct, how can everyone at your organization gain a strong understanding of how it applies to their day-to-day ethical decision-making? Training is what communicates policy.

Just as effective codes of conduct need to be engaging and clearly relevant to employees’ experiences, effective code of conduct training must also engage workers with real-life examples, interactive design, and applicability to everyday ethical situations.

Powerful, well-designed training does this by thoughtfully reinforcing important material in successive sessions, and by involving multimedia, micro learning, and gamification. Since training does not take place in a vacuum — and learners can tell when organizational practices are inconsistent with training messages — the efficacy of training rests on the organization’s explicit commitment to ethics. The sum comprises ethical culture. 

Sustaining & Maintaining Ethical Culture

Ethical culture can neither be sustained without formal systems, such as codes of conduct, nor can it be maintained without periodic — sometimes even frequent — reinforcement in the form of training. After all, ethical culture is made up of the humans that form organizations, in addition to the policies and codes of conduct that codify organizational ethics.

Reinforcement and maintenance of these systems requires communication and engagement. Training, as an important and potentially engaging means of communicating policies and codes of conduct, is an essential part of the formal systems side of ethical culture. 

Don’t Settle for Mediocre Corporate Culture

Every company has an organizational culture. The difference is that not all companies have formal and informal systems in place to support an ethical culture.

An ethical culture does not happen accidentally. Once leadership commits to fostering an ethical culture, long-term sustainability requires formal systems, including documentation in a code of conduct that reflects core company values, and in training that reinforces and clearly communicates those values at all organizational levels.


Learn More About Our Code of Conduct Training

EVERFI can help support your managers with online compliance and ethics training for employees and supervisors. Additionally, EVERFI will deliver a robust, cloud-based learning management system to help you easily deploy and track our growing library of compliance training courses, including code of conduct and ethics, anti-harassment, data security, and much more. Contact us today for a free demo.

How Data Security Training Mandates Impact Private Companies

In the wake of the WannaCry incident where the National Security Administration (N.S.A.) was hacked and exploited, both public and private companies recognize the crucial need to continue evaluating their cybersecurity programs. Incidentally, state governments are passing laws that require data security training, sending a signal to private companies that they should do the same.

Current Cybersecurity Threats Out There

Many data security risks arise from the hands of insiders, which include employees, contractors, and third parties. Verizon’s 2017 Data Breach Investigations Report shows that social engineering attacks, such as phishing and pretexting scams, are the most common data security risks created by insiders. The data suggests that only 20% of insiders who do fall prey to social engineering attacks would report them to their employer.

Human data security risks also implicate ransomware, which Wired explains as “malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom.” According to the Verizon Report, social engineering scams were found in 21% of all recorded ransomware attacks. Even worse, ransomware attacks have steadily risen from the 22nd most common attack to 2014 to the fifth most common attack in 2016.

Finally, gaining unauthorized access to sensitive information is a data security risk created by insider actions, especially employees. “The insider threat, while not as common in breaches as external actors, is still very significant, accounting for 15% of breaches,” the Report maintained.

Regardless of intention, employees are getting access or allowing others to access sensitive information, leading the Report to recommend security awareness training as an essential control.

Cybersecurity Awareness Training Mandates

Perhaps as a result of the risk of insiders, states are mandating cybersecurity awareness training for state government employees. For example, three states—Oregon, Illinois and Nevada—passed laws that require the employees and staff of each state’s agencies to take cybersecurity awareness training, among other requirements. As will be explained, private-sector businesses should do the same.

Oregon – S.B. 90

Oregon law now requires the state’s executive agencies “[c]onduct and document the completion of annual information technology security awareness training for all agency employees.” The law is part of a large effort to overhaul the entire information technology program of Oregon agencies and became effective on July 1, 2017 as an “emergency” measure.

Illinois – H.B. 2371

Illinois law directs the Illinois Department of Innovation and Technology to provide employees of the executive branch to take cybersecurity training at least once a year. The training content must include (1) detecting phishing scams, (2) preventing spyware, infections, and identity theft, and (3) preventing and responding to data breaches. The bill expressly mentions that the training may be delivered online. The law is effective on January 1, 2018.

Nevada – A.B. 471

The bill creates the Nevada Office of Cyber Defense Coordination and requires it to coordinate cybersecurity awareness and training for state agency employees. The law has been in effect since July 2017 and requires the Office to publish its report by January 1, 2018.

Why State Data Security Training Mandates Impact Companies

While the laws do not affect private employers, they may affect them in the near future. The New York State Department of Financial Services is requiring all banks under its stead to provide cybersecurity awareness training to bank employees by March 2018.

The cybersecurity regulation impacts a large portion of the banking industry that is already under considerable data security regulation given the Gramm-Leach-Bliley Act, FFIEC examination protocol, and international laws such as the General Data Protection Regulation and the UK Privacy Shield.

Following the law is necessary. However, laws and policies do not always regulate human actions. As my colleague Steve Treagus explains,

Insider negligence is the leading cause of data loss or theft, and unauthorized data sharing can undermine your best efforts at data security — even if employees are otherwise trained in cybersafety protocols. Training in cybersecurity awareness is extremely important — but no training can stand alone. Employers need to also shore up cybersecurity policy, balance security with productivity needs, and bolster their security infrastructure to secure data in whatever form it takes and wherever it’s stored and used.

Data security awareness training is a critical facet of a company’s cybersecurity program. While many companies are not required to provide cybersecurity training, new laws and data security trends show the benefits of doing so regardless of requirement.

Learn More About Our Data Security Training

EVERFI can help support your managers with online compliance and ethics training for employees and supervisors. Additionally, EVERFI will deliver a robust, cloud-based learning management system to help you easily deploy and track our growing library of compliance training courses, including code of conduct and ethics, anti-harassment, data security, and much more. Contact us today for a free demo.

What Data Says About Ethical Behavior in the Workplace

Ethisphere and Convercent recently collaborated to release a survey about aligning business goals with ethics and compliance programs. The report provides many insights about ethical behavior at work.

The two most interesting include the different kinds of data metrics companies are using to measure compliance program effectiveness and the role managers play in creating successful ethics and compliance programs.

Different Types of Compliance Data Metrics

“Activity” Data Versus “Performance” Data

Companies are sitting on enormous mounds of data, much of which can help “to detect and anticipate ethical issues in real time before they become a real problem.” According to the report, the most common data companies collect is:

  • Training Completion Rates (78%)
  • Hotline Statistics (74%)
  • Investigation Statistics (70%)
  • Likelihood and Severity of Top Risks (60%)

However, while important, the report calls this data more or less “activity” data, which is less valuable than “performance” data. Performance data is an “excellent measure” of ethical behavior and culture, is tracked marginally well, and comes in the form of:

  • Audit Results
  • Risk Assessment Results
  • Third-Party Due Diligence
  • Conflicts of Interest Disclosures
  • Culture Surveys

Difficult to Track “Desired” Metrics

The report also identifies “desired metrics” that chief ethics and compliance officers (“CECOs”) want to track, but find doing so difficult:

  • Open-Door Reporting
  • Behavioral Root Cause Analysis (behavioral factors that lead to an incident, such as the effect of incentives on an unethical sales decision)
  • Campaign and Engagement Effectiveness
  • Benchmarking
  • Ethics and Compliance Value

Additionally, even if compliance and ethics professionals have this data, they may not use it:

  • 65% of CECOs struggle to aggregate and analyze data due to lack of time and resources
  • 55% indicate that data are housed in disconnected and unintegrated systems
  • 44% say the data simply isn’t available to them.

Apparently, many CECOs feel are not properly equipped to measure the effectiveness of their compliance programs. But one major resource CECOs have for information is their managers.

How Managers Help Ethics Programs Succeed

Managers hold a lot of power over people in an organization. According to the report, 73% of employees indicate they raise concerns primarily with their manager, their manager’s manager, or human resources.

On one hand, this is good news — the vast majority of employee survey respondents are comfortable addressing at least some issues with management (known as “Open-Door Reporting”).

On the other hand, it puts a lot of responsibility on managers, some of whom may not know it’s their responsibility to collect and capture data from their teams. They may be given lukewarm instruction to keep track of complaints or issues, or not given any instruction at all.

According to the report, gathering data begins with good policies. Employers must hold their managers accountable to company policies and values. Accountability is one sign of an ethical manager.

Academic research and experts agree that examples set by senior and local management are strongly influential on the actions and attitudes of employees. The stakes are high.

Second, managers should receive training on best practices to not only address real problems, but work with ethics and compliance teams to fully use data and information that’s reported to them.


The report concludes with the observation that successful companies are built not only on financial goals, but also on fundamental values and ethics. In other words, good ethics are good for business. Utilizing real data, and supporting managers, are important ways that companies can improve their ethics and compliance programs.

EVERFI can help support your managers with online compliance and ethics training for employees and supervisors. Additionally, EVERFI will deliver a robust, cloud-based learning management system to help you easily deploy and track our growing library of compliance training courses, including code of conduct and ethics, anti-harassment, data security, and much more. Contact us today for a free demo.