During a crisis – especially one with unforeseeable and unpredictable patterns – management is faced with many operational issues, from business and cash flow disruptions to layoffs and furloughs. At the same time, companies are subjected to additional scrutiny from regulators, customers, and shareholders; thus, notwithstanding many operational distractions, they should devote attention and resources to ensure the proper implementation and operation of their compliance programs.
Whether your company already has a robust compliance program in place or is in the process of developing one, preventative measures during a crisis of this magnitude must include an assessment of internal and external material risks faced by a company. Such risks, for example, may include an increase in suspicious trading activity; questionable payments to third parties; improper payments to government officials, vendors, and consultants; cybersecurity threats caused by an increase in remote work activities; misconduct by terminated or furloughed employees; and other fraudulent acts.
Companies should establish strategies to deal with these threats, and these strategies should be applicable throughout their operations. For example, internally, the company should reinforce the preventative measures previously put in place, which may include reminding employees about the company’s code of conduct, relevant laws, industry standards, and training materials, in particular when any new training is likely to be put on hold during the crisis.
External communications should be maintained with accountants, vendors, banks, and regulators. Ongoing monitoring of third-party relationships should continue, and outside vendors, like internal personnel, should be reminded about the company’s compliance measures. In unstable situations, such as war or pandemic, when law enforcement and regulatory agencies are overextended and understaffed, the risk of illegal transactions – including bribes and kickbacks to government officials – through consultants and third parties is particularly high.
Compliance measures aimed to detect misconduct and impropriety are of utmost importance during the spikes in fraudulent activity. A company should devote enough resources to “investigations of … complaints, including the routing of complaints to proper personnel, timely completion of thorough investigations, and appropriate follow-up and discipline.” The hallmarks of a well-functioning compliance program aimed to detect illegal activity are “timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees or agents.”
If misconduct is detected, a company should not delay the implementation of the corrective measures, and, if necessary, voluntary disclosure of the misconduct. The company’s response, including any disciplinary or remediation measures, should be well documented. Additionally, the company should conduct a “root cause analysis” and, where appropriate, implement remediation measures to address the root cause. Timely detection of misconduct and implementation of corrective measures to prevent further misconduct will ensure that the company is in a strong position to face, if necessary, regulatory inquiries and civil complaints in the aftermath of the COVID-19 crisis.
This article was co-authored with Charles A. DeMonaco and can be found in its entirety on Corporate Compliance Insights. https://www.corporatecomplianceinsights.com/corporate-compliance-during-covid-19/
Oksana Wright is a partner at Fox Rothschild in the New York City office. She represents domestic and foreign companies, financial institutions, health care providers, real estate developers, bankruptcy and estate trustees, and individuals in a broad range of litigation matters in federal and state courts and alternative dispute resolution forums. She also holds legal degrees from both common law and civil law systems. She helps foreign clients navigate the U.S. legal system and comply with regulations affecting international trade.