COVID-19 has caused unparalleled business disruptions for organizations of every size, industry, and geography. Regulators across the globe have issued hundreds of notifications to deal with the pandemic. On the one hand, compliance teams need to stay on top of the regulatory updates and see how they are impacting their business, and all of this in a remote working environment. On the other hand, given the financial stress, uncertainty, and weakened controls caused by most of the employee base working remotely, there is an increased risk of non-compliance. This may expose organizations to investigations, public scrutiny, fines, civil and criminal penalties, and in some cases even forceful shutdown of business operations.
Compliance professionals can step up, be proactive, strengthen their compliance focus and prepare to deal with this uncertainty. They need to re-examine their risk profile, review their existing policies and procedures, put new controls in place wherever required, encourage employees to identify and report misconduct, and instill a culture of compliance.
The insight below gives some key recommendations for compliance professionals to stay on top of existing and new risks facing their organizations and be prepared for the uncertain future.
Compliance functions while focusing on the immediate risks should also consider the risks on the horizon. They can work on a strategy that captures all aspects of the compliance program including identifying and mitigating risk, tracking and managing new regulatory obligations that impact the business, improving policies and procedures that are in place to address new risks, effectively handling compliance and ethics cases and also handling the engagement with regulators. Some of the questions they can address in the strategy are:
The focus on communication has never been more important than in today’s pandemic environment. Effective and timely communication to employees, customers, partners, and even third parties should be a key priority for organizations. Ideally, the communication should come from senior management or C-level executives to emphasize that attention is being paid to compliance and how important it is for the organization to sustain compliance.
With the remote working setup, health and safety policies, information security policies etc., need to be revised regularly. The updated policies and the risk of non-compliance need to be clearly communicated to the relevant individuals, and attestations need to be tracked. Policy awareness campaigns can be managed with awareness drives. Messaging on the company’s continued commitment to a culture of ethics and compliance, and zero tolerance for any misconduct needs to be reinforced and employees need to be encouraged to speak up. The focus should be on concentrating on the most important messages and keeping them short, engaging and empathetic.
As the risk landscape continues to evolve, it makes sense to view compliance through a different lens. Prioritize the compliance risk areas and focus on the ones that need more attention. Focus on the risks that have spiked in the recent past. It is critical to conduct regular, dynamic risk assessments in order to quickly comprehend the new circumstances and address the risks in a holistic manner. These risks must be contained with quick and timely action plans whether it is revising policies, implementing new controls, or escalating issues. Clear and defined review and escalation mechanisms are also very important.
There are many ways technology can come to the rescue to mitigate the risks of non-compliance during uncertainty. With technology, compliance professionals, can stay on top of regulatory updates so that no important revisions are missed. They can easily update polices and procedures and get the revised policies quickly to where employees are. Policies can be easily linked to regulations, risks, processes and controls to quickly get a view into policies that are impacted. Details of compliance cases can be captured and analyzed to gather trends and the necessary controls can be implemented quickly. Technology can also help in managing comprehensive compliance assessments and facilitating quick and proactive response to any compliance issues identified. Another important benefit of technology is that organizations can ensure that all the compliance information is available in one common centralized repository. As a result, everybody involved will have access to the right information at the right time and there is no redundancy. Moreover, compliance teams can quickly see the overall compliance posture by business unit, by process, or by geography.
In conclusion, there is clearly no doubt that the current pandemic situation has disrupted businesses resulting in unparalleled economic uncertainty. Business leaders, including governance, risk and compliance (GRC) professionals are finding it difficult to navigate the storm. The focus on GRC is now more so than ever before. The compliance function should take this in its stride, viewing the current situation as an opportunity and not a threat. The more proactively compliance professionals can anticipate and mitigate risks by sharpening their focus on compliance, supported by technology, the more their business will grow, and they will be more prepared to safely navigate and stay resilient through these uncertain times.