Successful compliance policies identify risk based on business realities. Today, compliance officers face unprecedented and mounting challenges as businesses realities shift in response to the on-going crisis. Office closures, inaccessibility of documents and remote working arrangements are just the tipping point of issues compliance departments must now tackle to maintain the integrity of their compliance programs. The critical role of compliance is to identify operational risks. Although some business risks remain the same, the pandemic will create new risks that compliance departments have to nimbly address in order to protect their companies.
Critical compliance processes are in jeopardy: conducting internal investigations, due diligence processes, training protocols, approval requirements and audits and assessments will all likely be impacted by the significant changes to the global working environment. And these challenges arise at a time when the need for robust compliance controls is at its highest: times of crisis have always bred misconduct from corruption to self-dealing to accounting irregularities to sanctions violations. Companies and business units facing financial and logistical difficulties are more prone to misdeeds. For this reason, economic downturns are routinely followed by significant upticks in enforcement activity.
The enforcement landscape following this crisis will be compounded by the unique challenges it presents for oversight and controls. Compliance departments would be well served to conduct a thoughtful review of their controls in this new operating environment and adapt their programs to address new risks and accommodate the challenges of the global pandemic in order to protect their companies. Compliance will need to be agile and creative to weather this new world and the risks and potential new opportunities it presents.
Overall, as any company that has faced regulatory scrutiny knows, the best defense a company can mount is a well-documented compliance process. Recognizing the risks this crisis presents and developing detailed information demonstrating meaningful efforts to assess and prevent risk will be critical. However, a largely digital workforce coupled with shutdowns and restrictions on key information sources (e.g. government registries; third party diligence providers) can create roadblocks in obtaining information necessary to oversight. The compliance processes established prior to this crisis may no longer be feasible. Even though the crisis was unanticipated, the standards of liability remain unchanged - regulators will closely scrutinize companies’ actions in hindsight and, rather than forgiving missteps, will expect that controls will have been enhanced to address the increased risks created by the crisis.
How can compliance departments navigate these unprecedented times while maintaining effective internal controls?
To assist our clients in navigating this changing landscape, RK&O is issuing a series of short, practical pieces discussing specific compliance risk areas. In this series, RK&O compliance and enforcement advisors will provide thoughtful analysis and practical risk mitigation strategies for identifying weaknesses and adapting compliance controls to navigate the risks and opportunities of this new era. The series will be available as a resource at www.rkollp.com/complianceinfocus and will be updated and circulated regularly. We hope you will find it helpful as you develop your approach to compliance in this time of crisis.