The scope of business risk in the new world of work during or after the COVID pandemic is vast and still growing. The new landscape is diverse: monitoring employee conduct and productivity while working from home; managing employee health data like that collected from temperature checks; renegotiating sales commission structures to mitigate fraud; planning for supply-chain disruption – risk comes from everywhere.
Yet despite the increased scope of risk, FCPA enforcement has not lessened during the pandemic. Neither has the DOJ: “As the [updated Evaluation of Corporate Compliance Programs guidance] now specifically states, the effectiveness of the program will be ‘reviewed both at the time of the offense and time of the charging decision and resolution,’” writes Chief Risk and Compliance Officer Carrie Penman.
Business partners, too, require the same level of third-party due diligence as before, even as their risk profiles change faster than ever.
Compliance professionals are under a lot of pressure to account for the increased scope of risk due to operating business during the pandemic. To ensure there are no surprises when returning to work now or later (and to sleep better at night), our new Coronavirus Comeback Kit offers a framework to block and tackle risk during return-to-work planning. Most R&C professionals are concerned with risks that roll up to three main categories: managing a remote workforce, COVID-specific risks, and risk related to employee conduct.
Here are 3 main risk categories for returning to work after COVID, and the types of compliance risk in each area:
1. Managing Remote Workforce Risks
- Cyber security
- Policy communications
- Remote investigations
2. Managing COVID-Related Business Risks
- Business Continuity
- Third-Party Visibility
- Conflict-of-interest disclosure
3. Managing Increasing Employee Conduct Risks
- Retaliation
- Manager Training
- Code of Conduct Risk
Get the Coronavirus Comeback Kit and turn best practices into action.
Policy management risk while working from home
“Increasing the Awareness of Our Policies and Regulations Across the Organization” was the #1 priority of R&C professionals who responded to our recent 2020 Definitive Risk & Compliance Benchmark Report.
Policy management is part of managing a remote work force: an area of risk and concern for all companies with employees working from home. Most companies have BYOD (Bring Your Own Device) policies that limit types of privileged company information employees can access on personal devices, as well as which websites can be accessed on employer-provided computers. In addition to a host of cybersecurity threats, the current remote work environment has likely put most employees in breach of company policies.
It’s difficult to monitor policies and ensure they’re still relevant (and realistic), and it’s hard to update policies across platforms in response to a quickly changing environment.
Non-compliance is a problem. And if employees are in breach of policies and don’t know it – that's a problem as well.
Policy and procedure distribution, attestations and tracking have become essential activities for organizations, due to the urgency and nuances of pandemic communications. Evolving shelter-in-place orders and work-from-home expectations requires increasingly fluid communications across organizations. These communications become more complex when employees in different locations, departments or essential functions require tailored policies or procedures.
Policy management solutions during the pandemic
If you’re responsible for keeping policies and procedure documentation up to date, here are a few immediate actions to help prepare your company to return to work:
- Ensure employees read and understand relevant policies and procedures: Automatically route new and updated policies and procedures to your employees, assign attestation requirements, give comprehension quizzes, and run ad-hoc reports.
- Enable remote access to important policies and procedures: Make relevant policies and procedures easily accessible from any location and device.
- Stay audit-ready: Implement a reporting system that tracks policy changes, summarizes reports, and archives active dates and attestation records for documents and versions.
Policy management is just one area where compliance professionals are being asked to manage a complex and growing scope of responsibility.
To learn how technology is helping R&C professionals block and tackle cybersecurity, third-party risk, remote investigations, and other risk to resuming business post-pandemic, get the Coronavirus Comeback Kit.
