Companies have been moving at breakneck speed to respond to the COVID-19 pandemic. As a compliance professional, you’ve been there: from work-from-home and planning to go back to work, to layoffs and furloughs, to sales downturns, supplier SNAFUs and CEO talks.
But there is no reason to think that enforcement will ease. Reporting to local, state and federal agencies has been upended; there are new regulations to deal with, like the California Consumer Privacy Act (CCPA) - and through it all, regulatory enforcement didn’t suddenly stop with COVID-19.
The risk to the company’s bottom line and good name, due to inadvertent violations of laws, standards, or codes of conduct, has never been higher. But with management likely preoccupied with more pressing matters – like staying in business –the compliance program may be under pressure to let things slide. This “perfect storm” of high-risk circumstances means risk and compliance professionals are central to business success in the new world; compliance isn’t optional.
Here are three ways for compliance to step up and be the department that shines during this difficult period for business.
Perform a compliance risk assessment to develop a baseline
A compliance risk assessment may include strategic, operational and financial risks; risks that could impact the organization’s ability to achieve its strategic objectives; and risks to cash flow and operations. Assess all regulations, standards and rules to discover what has changed. Perform a compliance risk assessment, to understand the highest-impact risks.
Many regulatory bodies are relaxing certain rules and requirements to unburden businesses and their employees impacted by COVID-19, so be sure to check each requirement that affects your business and see if anything has changed recently. Given the many other business concerns, it’s easy to make a mistake and get slapped with a violation, a fine or both.
Another reason to conduct a compliance risk assessment is to check in with regulations that apply to people and today’s hot topic, data privacy. Regulations applicable to the workforce or privacy like CCPA should receive special attention.
CCPA enforcement action started on July 1, 2020, with stiff penalties for non-compliance.
Learn more about CCPA compliance
Create new policies and revisit compliance requirements
Given its global impact, COVID-19 could usher in a new normal. Millions have accepted wearing a mask, avoiding crowds and washing hands throughout the day. The custom of shaking hands in business may well be a relic of the past. Working remotely from home was a national experiment of sorts, but it’s looking permanent for many companies.
Return to work will require new policies and compliance requirements. This represents a high-profile opportunity for the corporate compliance program. Together with the HR team, write a communications plan for new policy roll-out and training. Collaborate with IT on backend processing needed for employee communications, policy attestations and more. You may need a new Code of Conduct specific to COVID-19.
Such was the case with The Mountaineers, an alpine club serving the state of Washington and founded in 1906. In response to COVID-19, The Mountaineers created a new COVID-19 Code of Conduct following the Safe Start Washington phased re-opening plan. Individuals who refuse to comply with the Mountaineers' code of conduct will be removed from the roster and asked to leave the trip.
It can be hard to gain acceptance from employees to follow recommendations without a reprimand for non-compliance that could hurt culture, community, or stir up political debates. Get employee buy-in by borrowing from the manager’s toolbox: articulate a vision, model by example, cater to people’s strengths, follow up regularly and address resistance quickly.
Develop program support with the 2020 Definitive Risk & Compliance Benchmark Report
Create a compliance-lead business continuity program
COVID-19 has been a wakeup call to all types of disruptions, from natural disasters and telecom outages to cybercrime. Organizations are shifting from disaster recovery to business continuity to manage risk and build resiliency to operational disruptions. Compliance should have a leadership role on the company’s business continuity team. Compliance is most qualified to develop policies, meet requirements and interpret guidance. Experience with regulatory change is a nice prerequisite for applying lessons from business continuity testing.
Both compliance and business continuity stress documentation, tracking and reporting on progress and delivering results. Business continuity programs often represent a new initiative and attract the best and brightest from across the organization, and compliance should be present among these decision-makers.
The COVID-19 pandemic has been a business disrupter of the highest sort. It’s dramatically changing the way we live and work. Compliance is in the perfect position for the COVID-19 response period and whatever comes after. The key is to transcend the day’s challenges and get proactive with three action steps: perform a compliance risk assessment, embrace the new normal and take the lead on business continuity.
Change is in the air. Make the most of it.
Discover Lockpath for Privacy, Risk & Compliance from NAVEX Global