Synergos

Síguenos en LinkedIn

Compliance from now on

Compliance from now on: Beyond 2020

By: Ari Blumenfeld

For those who work in the compliance areas of organizations, or who work in highly regulated industries, such as finance, for example, 2020 will be remembered as a symbolic year. In addition to everything that the pandemic has implied, the United States Department of Justice (DJ), an entity that largely dictates the guidelines in terms of international compliance standards, published two important updates to regulatory documents. The update to the Corporate Compliance Programs Assessment (“Assessment” hereafter) appeared in June, followed quickly in July by an updated version of the Foreign Corrupt Practices Act Resource Guide, underscoring continued expectations of the DJ on organizational compliance efforts.

During the pandemic, the stakes can prove particularly high, with companies struggling due to challenges in their supply chains, budget cuts, closed borders and lost revenue. In this article, we propose how business leaders and heads of compliance can take advantage of the key recommendations of the Updated Assessment to effectively manage high levels of risk (note: at the bottom of this article, in the sources, there is a link to download the updated version of the Evaluation).

The evolution of risks and the adaptation of companies.-

Business leaders must be prepared to evolve their compliance programs to deal with the impact of COVID-19. An example? Suppliers and partners in supply chains and sales channels may experience difficulties in their sourcing or manufacturing capabilities, especially in the retail and manufacturing industries. This means that organizations must have plan Bs, in this case second-tier partners, or be able to scale and speed up due diligence processes to select and attract new partners.

When it comes to training, e-learning will become essential and probably the only option. Companies must ensure that their courses are up to date and contain information relevant to the current circumstances, with a greater focus on data privacy, bio-security and anti-corruption.

Different due diligence options.-

The DJ Assessment highlights the importance of managing third-party risk, stating that “control over the management practices of third parties (suppliers, partners) is a factor that compliance officers -or prosecutors- must assess to determine whether their programs compliance officers are able to detect the particular types of misconduct most likely to occur in each line of business.”

Compliance professionals fully understand the value of background checks and good due diligence, but now they should consider evaluating other options. With limited or closed physical locations, on-site visits may not be realistic and should be replaced by reputation inquiries instead. Onboarding times for new partners or vendors may have to be shortened due to market pressure, so you may need to expedite work or consider faster options such as online research and database review.

The GM’s evaluation echoes the need for follow-up by stating that evaluations should cover more than just a “snapshot” of the moment. Many organizations are now subjecting all of their high-risk partners to continuous monitoring, receiving daily updates on any changes in their status, and leveraging the findings to guide future decisions.

A subject under permanent evaluation.-

The spread of COVID-19 has been reason enough to update the risk assessment to take into account changes in:

  • Supply chains and sales channels;
  • The geographies where certain activities can (or cannot) be carried out;
  • Due diligence requirements;
  • The compliance human resources available;
  • The presence of new or high risks (own and third party);

For example, with supply chains and sales channels, organizations may need to expand the volume and types of partners (depending on industry) based on customer demand or changes in the geopolitical environment. The risk assessment should help guide the company on the scope of due diligence required for these new third parties. The compliance team will also need to provide guidance on shipping or receiving goods, services and materials from countries or territories where the company does not normally operate or have a presence.

Business leaders should also document how the loss of staff (especially compliance staff) could affect risk coverage and what can be done to maintain oversight, including expanding responsibilities of existing resources, training junior resources, or outsourcing of compliance functions to a qualified vendor.

In today’s business climate, data privacy and information security may become more critical given the large number of employees working from home, widespread job losses, and former employees and vendors who may have access to company systems.

In addition, the current environment has highlighted new topics that deserve the attention of compliance professionals, including corporate social responsibility and social justice. Now is the time to partner with the organization’s stakeholders to help promote the importance of these themes and put them into practice, including building more diversity in the employee base and choosing suppliers that uphold similar values.

The internal message to the organization must be simple.-

The Assessment highlights the importance of ongoing communication of the compliance program and organizational values, indicating that prosecutors should ask themselves, what is senior management doing to make employees aware of the company’s position on misconduct?

Due to the constant cycle of negative news, rising unemployment and loss of loved ones, employees may not have compliance on their minds. Messages should be simple and direct. To do this, some business leaders are holding frequent micro-meetings as a reminder about integrity.

The power of information and data.-

Compliance officers must effectively leverage data to monitor key program areas.

In practical terms, data can be used to manage risk by:

  • identify third parties that require renewal based on the expiration of their contracts;
  • scanning systems to ensure that all third parties included in the scope go through due diligence;
  • run data analytics on transactions to identify high-risk trades;
  • review employee completion, score, and pass rates for online compliance training;

For most organizations, interactions (legitimate or otherwise) with government officials can become difficult to track, as these communications can be conducted in private by employees working remotely. To ensure that these communications or transactions are legitimate, companies may use data analytics to review transactions that exceed certain value limits or that involve certain topics.

In summary.-

While there is no perfect roadmap for managing risk in a time as challenging as the one we are experiencing, business leaders and compliance professionals should see this moment as an opportunity to prepare their organizations for the future. Due to consumer demand and changing values, business leaders need to be more involved than ever in launching compliance initiatives and process improvements. Organizations that stay active and aware on these issues will see the most success in the future.

Sources: