To Your Health! What assessments do regulators require?

John Kleeman HeadshotPosted by John Kleeman

In Questionmark’s white paper, The Role of Assessments in Mitigating Risk for Financial Services Organizations, we shared advice  and requirements from financial services regulators about compliance-related testing for employees.

Do health care regulators also advise or require companies to test their employees to check understanding?

The answer is yes, and here are some examples.

The World Health Organization (WHO) states in its principles for good manufacturing practices for pharmaceutical products:

“Continuing training should also be given, and its practical effectiveness periodically assessed.”WHO | World Health Organization

WHO guidance also states:

“If training is conducted to achieve a goal, it is reasonable to ask if the goals of the
organization’s training programme and the specific training course have been attained or not. Assessment and evaluation are conducted to determine if the goals have been met.

European Commission logo

The European Commission directive 2005/62/EX requires for organizations handling blood that

“Training programmes shall be in place and shall include good
practice. The contents of training programmes shall be periodically assessed and the competence of personnel evaluated regularly.”

The US Department  of Health and Human Services in its Compliance Program Guidance for Medicare Contractors states:

US Department of Health & Human Services“Contractors should consider using tests or other mechanisms to determine the trainees’ comprehension of the training concepts presented.”

Also in the US, the Pharmacy Compounding Accreditation Board (PCAB) gives guidance that

PCAB.org“The pharmacy has SOPs for educating, training, and assessing the competencies of all compounding personnel on an ongoing basis, including documentation that compounding personnel is trained on SOPs.”

Just like in financial services, health care regulators strongly encourage and in some cases require that regulated organizations test their employees to ensure that they have understood training and that they are competent to do their jobs.

One thing health care regulators emphasize more than those overseeing financial services  is the merit of giving  observational assessments  as well as knowledge tests — presumably because skills are often more practical. For example PCAB guidance says that:

“Staff competency can be evaluated by a combination of … direct observation … written tests [and] … other quality control activities”

Previously, in this series on assessments in health care, I’ve covered good practice in competency testing in the health care industry and shared analysis of why errors are made and how testing can help. I hope these examples of regulator guidance and requirements are also useful.

Can testing show commitment to compliance with regulations?

Posted by John Kleeman

Almost every day, you can open the financial pages of a newspaper and see a new compliance failure – another company fined multi-millions for breaking regulations. How can an organization develop a culture of compliance?

Charles Jennings, former CLO of Reuters and our keynote speaker at the 2013 Questionmark User Conference, made an interesting comment in a recent blog post:

There seems to be a common thread that runs through almost all high-profile compliance catastrophes. It is that the top-tier executives and middle managers in the organisations simply didn’t model the behaviours that would lead to a culture of compliance.

In other words, an organization must not just pay lip service to complying with regulations but must also communicate effectively to its employees that it really means it. This is a regular theme from regulators. The UK Ministry of Justice, in its guidance on the UK Bribery Act, lists Top-level Commitment as one of its six key principles for bribery prevention. And the U.S. Department of Justice says in its Principles of Federal Prosecution of Business Organizations:

Prosecutors should therefore attempt to determine whether a corporation’s compliance program is merely a “paper program” or whether it was designed and implemented in an effective manner. … prosecutors should determine whether the corporation’s employees are adequately informed about the compliance program and are convinced of the corporation’s commitment to it.

Obviously, commitment is commitment, and you can’t fake it. Executives and managers need to genuinely believe that compliance with regulations is important and exhibit appropriate behaviour.

But my research about this issue tells me that by administering regular tests, an organization can reinforce the message that it is committed to compliance – and that this works best under the following five conditions:

  • Employees are required to take tests regularly
  • Employees believe the tests are fair and genuinely measure their ability to do a job or understand and apply regulations
  • Questions are seen to be relevant, not just a tick-the-box exercise – for instance by having employees respond to real-life scenarios
  • There are consequences for repeated failures
  • Managers and executives set an example by taking relevant tests themselves

Do regulators agree? Here is a quote from the UK Financial Services Authority about an insurance company fined UK£5.5m for bribery (my emphasis):

Aon Ltd should have ensured that appropriate members of staff – particularly those in the Aviation and Energy divisions – received focused training in relation to this area and were tested on their understanding of the relevant risks involved. Effective training and testing in this regard would have emphasised to staff the importance of carrying out effective due diligence prior to authorising an Overseas Third Party for payment.

So how can you stop your company being fined?

Posted by John Kleeman

The summer has seen a several large fines for companies who’ve made compliance mistakes – with fines reaching hundreds of millions or more.

These fines are hugely costly both in the money that has to be paid and the knock-on damage to the brand. But  how does a compliance department stop such things happening? Your company may be doing something illegal, and some employees may know it’s illegal but many may just think they are helping your revenue or profits, not realizing that mistakes are being made. You want your employees to be “happy to help”, but only if it’s legal.

One obvious answer is training. Regulatory requirements after the event often require training to be developed. And training people on the rules is definitely going to help. But it’s not going to find problems in advance, nor will it check they stay fixed. The best way to check if training has been effective and whether knowledge is retained is to use testing and assessment. Regulators agree; for instance the UK Financial Services Authority has said:

We note that, where staff understanding has not been tested, it is hard for firms to judge how well the relevant training has been absorbed.

And the U.S. FDIC Compliance Manual says:

Once personnel have been trained on a particular subject, a compliance officer should periodically assess employees on their knowledge and comprehension of the subject matter.

Is online assessment a magic bullet that will stop all compliance mistakes and future fines? No.

But if used well, it can pinpoint regulatory failings before they become serious and check your employees know and retain knowledge of the rules.Role of Assessments in Mitigating Risk for Financial Services Organizations

For more information on how assessments can help, check out Questionmark’s white paper on The Role of Assessments in Mitigating Risk for Financial Services Organizations (free with registration). Although focused on financial services, much of the paper also makes sense in other industries.

Very often, the vast majority of the company is compliant with regulations, but there is a problem in just one area. Online assessments are one of the few tools available that allow a compliance department and senior management to touch and get response from every one of their employees.

Providing you implement online assessment well (set up tests that cover the full range of regulatory liabilities, make sure that the testing procedures are reliable and trustable, and look at the reports and take action when you need to), then online assessments can substantially reduce the risk that your organization will break the rules and pay a fine.