Navigating the impact of COVID-19
How to manage compliance and criminal risk
In this time of unprecedented business disruption, maintaining robust governance and risk management practices will not only help companies overcome the day-to-day challenges presented by COVID-19, but will also prepare them to address the increased shareholder, counterparty, and regulatory scrutiny that will inevitably follow in the wake of the crisis.
The pandemic may add a new perspective on an old risk (eg data privacy, anti-bribery and corruption, anti-trust etc.) or present a new risk altogether. It is important to take time to review corporate misconduct risks in light of the current situation and adjust mitigation measures accordingly.
Five focus areas to keep compliance fit for purpose
1. Maintain governance and oversight
- Evaluate whether the company’s approach to governance and oversight is sufficient to deal with novel issues raised by the crisis.
- Keep compliance issues on board agendas.
- Review and, if appropriate, adjust decision-making/approval matrices.
- Ensure careful governance of disclosures and public statements.
- Continue to monitor and respond to incidents and complaints.
2. Understand the risks you face today and respond appropriately
The COVID-19 crisis is a real-life stress test and companies should evaluate whether their controls are fit for purpose in the current environment, taking a risk-based approach.
- Take advantage of information that already exists to inform the approach.
- Consider new ways to get feedback by:
- reviewing your risk assessment in light of the information you have gathered;
- where adjustments are appropriate, proactively engaging with the first line of defence to help adapt day-to-day compliance practices; and
- documenting any changes made (and where change is not needed).
3. Make the most of internal communications
- Where appropriate, leverage internal communications to send or reinforce key compliance messages.
- Maintain tone from the top with simple enterprise-wide messages on the principles of ethical conduct.
- Engage management at all levels in cascading the message, give them the tools to do so and encourage feedback.
4. Ensure compliance resources are deployed most effectively, adjusting as necessary
- Take steps to avoid silos and promote engagement with other functions.
- Consider resourcing needs and adjust activities as appropriate.
5. Pay close attention to engagement with public authorities
- Keep compliance teams close on new and evolving interactions with government
- Ensure proper governance around applications for relief
- Stay on top of the messages from authorities and update senior management as needed
Finally, avoid document pitfalls
These steps should ideally be documented and revisited at regular intervals.
All documentation should be factual and avoid speculation, sarcasm, exaggeration or a tone that could be misconstrued when read out of context later.
Compliance risks to consider through a COVID-19 lens
The main compliance risks are:
- bribery and corruption;
- abusing market opportunity;
- data security;
- internal accounting;
- financial reporting;
- securities offences; and
- pandemic specific offences.
Our people and reward team is also available to discuss issues relating to whistleblowing, including ensuring a ‘speak-up’ culture is maintained at this time, implementing and reviewing whistleblowing procedures and responding to any incidents.
Get in touch
If you would like to discuss these issues in more detail, please speak to your usual Freshfields contact or one of the lawyers listed below who can direct your query.
Eric B. Bruce US Head of disputes, litigation and arbitration, and global investigations
Washington, DC, New York