Ethics & Compliance is certainly one of the key areas of all modern companies, non-profit organizations, and governments and, thanks to information technology tools, it will be one of the least affected areas by the COVID-19 pandemic, since most of operational actions can be undertaken remotely.
Speaking quickly about the main routines of an internal compliance program, policies and procedures will continue to be elaborated or revised and approved by the responsible areas, thanks to the specific IT tools that store them or manage their approval or reviewing process. If the company does not have a specific system, it is possible to do so even by email, preventing any interruption on such actions. Discussion meetings can be held by conference call or video conference.
Concerning trainings, it is recommended that the company focus on e-learning or online trainings. There are numerous tools on the market that optimize online trainings, including those which provide a questionnaire to validate the knowledge acquired by the participant and his certification. Depending on the size of the audience, it is also possible to have a videoconference, allowing the discussion and immediate clarification of any doubts. In parallel to the training, communication should be increased, transparently reinforcing the channel for allegations (Hotline), a means of remote contact that is quick and easy to access answers to questions (Helpline) and, if possible, a monthly newsletter, with important tips and warnings about aspects of the organization’s main policies and procedures. An equally important aspect is to use findings resulting from compliance monitoring and use of them, without references to names, as lessons learned for the rest of the organization.
Due diligences should not be impacted, as they are generally managed by an IT tool. And even for companies that do not use an IT tool, they can use a self-assessment questionnaire sent by e-mail. Regarding compliance monitoring, it depends on the company to use an IT tool or not for keeping it in force. If you do not use such a tool, the compliance area must count on the collaboration of the other areas to send the necessary information for the preparation of the oversight. Possibly, the biggest challenge will be related to the oversight of commercial transactions with vendors which supply goods and services due to the obstacles of obtaining purchase orders and invoices or receipts. If the company, however, has such documents inserted in a payment system (e.g. Concur, Ariba, SAP, etc.), this will not be a problem. By the way, disciplinary measures and incentives should continue to be applied, when necessary, regardless of whether the work is being done partially or entirely in the home office.
Compliance investigations can continue to be made, internal or through an external specialist, if through videoconference features. Do not make the mistake of interviewing over the phone, as the result is often disastrous. Difficulties may exist in obtaining physical evidences, although currently, digital resources are a great source of information and generally meet the need for any paper document.
Risk assessments may also be prepared, provided that there is easy alignment and an interview with the champions of every area, in order to build a heat map or similar dashboard to identify the probability and the impact of risks on the business. It is very important that a timeline schedule is made and followed to result in a consistent report that will guide the attention of the organization’s compliance area in the future.
Count on Licks Attorneys to assist you in this challenging moment.