Compliance in the Age of COVID-19
By Bill Hall
Chief Compliance Officer
“The World Turned Upside Down” is both a wonderful song from the musical Hamilton and an apt description of the immense impact of the COVID-19 pandemic on business operations. One area of a business where the impact may not be quite so apparent, but where a failure can lead to serious consequences, is the compliance function. Disruption of the activities of your compliance team can mean a potentially dangerous diminishment of oversight, assessments, monitoring, auditing, training, and other essential risk management and risk mitigation activities.
Every business is aware that the pandemic has caused significant negative financial impacts, uncertainty, stress, transition to new remote work environments, and an overall crisis mentality that touches every employee and every aspect of daily life. What may not be so clear is the fact that these impacts to your business may result in an environment of increased non-compliant behavior along with a lessened ability to detect and correct such behavior. To make certain that your company does everything it can to maintain a robust compliance function during a tremendously challenging time, here are six key elements for your business to consider:
- Compliance is not optional. This is a rule we live by at FinFit, and we clearly communicate it to all of our employees. It is vitally important to ensure your team understands that compliance remains a top priority regardless of the challenging circumstances. Make sure that all employees are clear on your organization’s expectations, and that the rules have not changed even as the world seems to be completely different.
- Test Audit. Not only should all monitoring, testing, and auditing continue on the normal schedule to confirm adherence to policies, laws, and regulations, any operational changes as a result of the pandemic should be added to the monitoring process. Short-term or emergency adaptations are vulnerable to compliance short-cuts and need to be carefully considered. Simply put, pre-pandemic monitoring processes are likely no longer adequate in this new and unprecedented operating environment.
- Account for the unique circumstances of a remote work environment. Even the most professional, hardest-working employees may be overwhelmed trying to juggle work with childcare issues, closing of schools and online learning, dealing with the technology essential to remote work, and the many other adjustments that have become part of life. Make sure your company is providing guidance on telecommuting issues such as protecting confidential information, appropriate use of company systems and equipment, procedures in the case of any sort of data breach, and reminders on the use of personal email, smartphones and computers for company business.
- Invest in appropriate technology. You may find that your technology dollars have been wisely spent, or you may soon be facing the costs of failure to make adequate investments in IT. Businesses need to make sure that employees can access the documents, information, and data necessary to do their jobs in a secure fashion. Compliance personnel are among the employees who need to be able to continue to access information just as they would in the office in order to conduct audits, monitor ongoing operations, and conducting investigations. As home networks are typically more vulnerable, you need to make sure that all this is done in a secure, compliant environment with adequate protections in place such as firewalls and multi-factor authentication. You should also make sure both the company and all employees are alerted to phishing and other attempts to access your systems, as the sense of urgency and the lack of face-to-face time make it easier to exploit a vulnerable and anxious workforce.
- Pay particular attention to customer-facing employees. In this environment, you may have shifted some of your employees’ responsibilities to handle large increases in customer service needs. When employees with limited training and experience move into an unfamiliar role – especially a role that involves dealing with customer inquiries – there is an increased possibility of mistakes, incorrect information, or compliance failures. Make sure you’re providing all necessary training, and increase monitoring and tracking of your customer service personnel especially when you’ve added personnel in response to increased customer demand. Regulatory authorities are likely to focus on issues involving vulnerable customers and you should therefore make sure you can spot and correct any issues in this area immediately.
- Closely follow legal and regulatory developments. Compliance personnel should be tasked with alerting your organizational leaders of new requirements in a timely manner. Regulators at all levels – local, state, and federal – have issued guidance and requirements on countless issues, and compliance needs to be informed and able to communicate these developments.
COVID-19 has disrupted every aspect of your business and maintaining a robust and adaptable compliance function is essential to make sure the business manages and contains the risks arising from this disruption. Identifying and addressing the new risks in the pandemic environment will ensure your business is as financially fit as possible as we all continue to navigate business adjustments.