Compliance in Focus: Three Key Considerations for Maintaining an Effective Compliance Program in a Time of Crisis

Print PDF
April 17, 2020

Successful compliance policies identify risk based on business realities. Today, compliance officers face unprecedented and mounting challenges as businesses realities shift in response to the on-going crisis. Office closures, inaccessibility of documents and remote working arrangements are just the tipping point of issues compliance departments must now tackle to maintain the integrity of their compliance programs. The critical role of compliance is to identify operational risks. Although some business risks remain the same, the pandemic will create new risks that compliance departments have to nimbly address in order to protect their companies.

Critical compliance processes are in jeopardy: conducting internal investigations, due diligence processes, training protocols, approval requirements and audits and assessments will all likely be impacted by the significant changes to the global working environment. And these challenges arise at a time when the need for robust compliance controls is at its highest: times of crisis have always bred misconduct from corruption to self-dealing to accounting irregularities to sanctions violations. Companies and business units facing financial and logistical difficulties are more prone to misdeeds. For this reason, economic downturns are routinely followed by significant upticks in enforcement activity. 

The enforcement landscape following this crisis will be compounded by the unique challenges it presents for oversight and controls. Compliance departments would be well served to conduct a thoughtful review of their controls in this new operating environment and adapt their programs to address new risks and accommodate the challenges of the global pandemic in order to protect their companies. Compliance will need to be agile and creative to weather this new world and the risks and potential new opportunities it presents.

Overall, as any company that has faced regulatory scrutiny knows, the best defense a company can mount is a well-documented compliance process. Recognizing the risks this crisis presents and developing detailed information demonstrating meaningful efforts to assess and prevent risk will be critical. However, a largely digital workforce coupled with shutdowns and restrictions on key information sources (e.g. government registries; third party diligence providers) can create roadblocks in obtaining information necessary to oversight. The compliance processes established prior to this crisis may no longer be feasible. Even though the crisis was unanticipated, the standards of liability remain unchanged - regulators will closely scrutinize companies’ actions in hindsight and, rather than forgiving missteps, will expect that controls will have been enhanced to address the increased risks created by the crisis.

How can compliance departments navigate these unprecedented times while maintaining effective internal controls? 

  • Compliance departments must make communication a priority. Personnel need to be reminded of the critical controls that they must follow, even when working under such strange circumstances. Identify key risk areas that may arise as a result of this crisis and send frequent reminders to ensure that compliance remains relevant to those business decisions. This may include new risks created by the crisis, such as the inevitable fraud and phishing schemes or it may be existing risks that are now heightened due to a lack of supervision or an urgency to replace unavailable resources. It is also important that the compliance department communicate with the business about potential operational risks that may arise due to delays in the compliance process, such as the lack of in-person resources and availability of records. The compliance department should communicate openly with the business about changes to the compliance timeline and identify areas critical to operations so an effective alternative diligence strategy can be developed before an impending deadline looms.   
  • Review existing policies and procedures and issue interim adaptations as needed to address your current working environment. Conduct an assessment to determine whether the new working environment presents new compliance risks that should be promptly addressed. For example, your anti-harassment guidelines may need modifications to address and reiterate controls for a remote workforce. Also, identify the requirements under your policies and procedures that may be challenging to satisfy under the current circumstances and determine whether there is an effective alternative that can be implemented. For instance, your policy may require an annual, in-person training or physical supervisory expense approvals that are no longer feasible.  
  • In times when the standard tools and resources may not be available, compliance departments will need to adopt novel solutions. For example, while the standard mantra of every company is that “compliance is everyone’s responsibility” it may now be time to implement that aspiration on an organizational basis.  Accordingly, where a risk analysis identifies an oversight gap, either because of a new market or process or simply a geographic displacement, there needs to be an absolute commitment to identification of the resource for filling it – whether through remote training, oversight, auditing or through delegation to on-site personnel that are not within the normal “compliance” function.

To assist our clients in navigating this changing landscape, RK&O is issuing a series of short, practical pieces discussing specific compliance risk areas. In this series, RK&O compliance and enforcement advisors will provide thoughtful analysis and practical risk mitigation strategies for identifying weaknesses and adapting compliance controls to navigate the risks and opportunities of this new era. The series will be available as a resource at www.rkollp.com/complianceinfocus and will be updated and circulated regularly. We hope you will find it helpful as you develop your approach to compliance in this time of crisis.