The coronavirus pandemic has created a legal minefield for companies.
Massive disruptions have forced compliance officers to vet new suppliers and revamp internal safeguards, while travel restrictions and remote working have complicated investigations and increased exposure to cyberattacks.
Compliance chiefs must also help businesses navigate the risks and complex requirements of relief programs and the mechanics of an eventual return to the office—all while continuing to meet the ever-shifting expectations of regulators and law-enforcement agencies.
Investigations, risk assessments and employee training have become almost fully remote, and many companies are looking to technology to make their compliance programs more resilient and efficient in the long term.
The trick now, they say, is continuing to maintain a presence within the organization from afar—at a time when a return to normalcy is difficult to predict.
Here’s a look at some of the biggest challenges compliance officers face—and how they are dealing with them.
Monitoring employees
Good compliance programs are deeply integrated into a company’s business. But a remote workforce can make it difficult for compliance chiefs to maintain a clear line of sight into a company’s operations.
Touching base via phone or Zoom isn’t always adequate, says G. Scott Hulsey, a partner at law firm Kobre & Kim LLP and a former chief compliance officer.
“When I was a compliance officer…there was something to be said about the fact that I could walk down the hall to the head of our supply function, have a conversation, and look over the materials they had developed,” he says. “It facilitated a more seamless effort to monitor what was going on in the company.”
To maintain their presence within the business, compliance officers are getting creative. In a training video that it recently sent to employees, in-flight entertainment company Panasonic Avionics Corp. recast its compliance staff as cartoon avatars.
The video featured employees working in their homes. Members of the compliance staff appeared when employees had to make tough decisions. The video was meant to convey that, “while where we worked may have changed, how we work hasn’t,” says Catherine Razzano, the company’s chief compliance officer.
The timing of outreach and communications is also key. As business and travel ramp up, compliance officers are thinking about how they can remind employees about important policies and procedures—including those prohibiting bribes—that employees may overlook or be tempted to ignore in the face of the sales pressures created by the pandemic.
Travel restrictions
The inability to travel also poses a challenge, especially in the area of internal investigations, which are critical to understanding the depth of any allegations of wrongdoing.
In regular times, the most sensitive investigations and interviews often involve sending in-house investigators or outside lawyers to far-flung jurisdictions for in-person meetings and document collection.
Now, amid the pandemic, companies and law firms have shifted to conducting most interviews via videoconferencing. This has, for the most part, allowed investigations to continue, but the new processes often take more time, and investigators may be unable to adequately read body language or easily display documents and other evidence—making them a poor option for particularly sensitive conversations.
What’s more, if a company’s offices abroad remain closed, key documents may simply be out of reach for now.
“It’s just wait and see,” says Nathaniel Edmonds, a partner at the Paul Hastings LLP law firm. “You tell the regulator or government authority: ‘This is what we’re doing to try to come up with [the documents]. We’ll let you know when the local restrictions are eased.’ ”
Shifting operations
The pandemic has caused companies to make big changes to their operations and supply chains. Some auto makers, for instance, have shifted portions of their production to make masks, ventilators and other medical equipment.
But new business lines mean new business partners and suppliers. And compliance officers are charged with conducting due diligence on third parties to ensure they aren’t on sanctions blacklists or don’t have other attributes—such as ties to a foreign government—that would put the company in jeopardy of violating antibribery laws.
“Companies that are in the middle of a vaccine push or have an urgent need to deliver medicine or maintain a crucial supply chain, they are just under incredible pressure with their compliance risks,” says Gary Giampetruzzi, a lawyer at Paul Hastings LLP who previously served as head of investigations for Pfizer Inc.
Donations, too, are a compliance concern. Funds or equipment given to state-run hospitals or governments must be reviewed by compliance staff to ensure they don’t create conflicts of interest and that they comply with antibribery laws such as the U.S. Foreign Corrupt Practices Act.
Budget pressures
The pandemic has sapped revenue at many companies, forcing them to cut costs across the enterprise to ride out the downturn.
Compliance teams—whose responsibilities have grown along with increased regulatory demands over the past decade—haven’t been spared. Some have been asked to trim budgets and head count while taking on pandemic-related compliance demands, creating the potential for compliance failures that allow misconduct to go undetected or unaddressed.
The situation is occurring at a time when employees across the business are facing additional workloads and growing pressure to meet goals during a financially difficult time, increasing the risk of corruption and fraud.
Compliance officers are being asked to do more with less, says Alejandra Montenegro Almonte, a lawyer at Miller & Chevalier Chartered and a former corporate general counsel. “That’s a tale that’s all too familiar to compliance in the best of times,” she says. “It’s 10-fold now.”
The financial pressure is forcing compliance officers to look for ways where they can be more efficient—including through the use of technology. Some have invested in tools that allow them to streamline workflow and approval processes, decreasing the workload for compliance and for employees across the business.
Access to data is another focus. By tapping into a company’s financial systems and bringing together other corporate data sources, compliance officers can respond more quickly to legal risks. Some companies have begun to harness data analytics, machine learning and artificial intelligence to automatically flag suspect transactions or risky third-party relationships, such as entities with ties to government officials.
Relief programs
Government stimulus programs, such as the $670 billion Paycheck Protection Program, can also pose new legal risks. Banks participating in the program were under enormous pressure this year to disburse loans to struggling businesses quickly while still doing an appropriate amount of due diligence on applicants.
Compliance officers must help their institutions navigate the complex requirements of these loans, and take steps to ensure they are protected from liability further down the road. Emergency funds and other federal initiatives are already being scrutinized by federal prosecutors for fraud, Justice Department officials have said. The scrutiny applies to applicants and lenders.
“Whenever there is lending like this, there is always a high likelihood or high possibility of bank fraud and other types of fraud,” then-Assistant Attorney General Brian Benczkowski said in May. Mr. Benczkowski left the agency in July.
The public, too, has scrutinized recipients—an outcry over PPP loans arose after disbursements appeared to favor larger businesses, causing some companies to return the funds. And while the priority is currently getting money out the door as soon as possible, there is the risk that later on—when the amount of fraud that occurred becomes clearer—politicians, law-enforcement officials and the public will see banks’ efforts to quickly disburse loans in a different light.
Documenting decision-making is key, says Jeffrey Naimon, a partner at law firm Buckley LLP. “You try to make sure the decision was reasonable and appropriate to begin with,” he says. “You record the steps you went through, so that even if someone second-guesses you later, you can say, ‘Well, we met with the right constituencies.…We were trying to do the right thing.’ ”
The Small Business Administration, which administers the PPP program, has said banks must only conduct a good-faith review of loan applications. But many are doing more, including by asking for tax forms and other documentation that could help them spot fraud.
The return to the office
Depending on the nature of a company’s business, the health and safety of employees may be a daily concern for compliance officers. Many companies who sent employees to work from home in the spring are also plotting how to safely bring employees back to the workplace. Compliance officers should be part of those discussions, says Allen Chiu, a chief compliance officer at Genesys Telecommunications Laboratories Inc., a call-center-software company.
“Compliance officers have to have a role because there are regulatory challenges, both on the labor and employment front of a rapidly changing work from home structure,” he says. The key is being adaptable, reacting quickly as the situation changes and collaborating with leaders across the company, Mr. Chiu says.
Privacy- and employment-law concerns are likely to arise as companies take steps—such as imposing daily temperature checks, contact tracing and in-office social distancing—to ensure an outbreak of the virus doesn’t occur.
Employees may be asked to disclose medical and other personal information about themselves and their family members. Companies will need to balance the obligation to provide a safe workplace with privacy and other regulatory issues.
“It ends up being an all-hands-on-deck effort because there is just a lot to deal with in the Covid environment,” says Michael Leiter, a partner at the law firm Skadden Arps Slate Meagher & Flom LLP.
Compliance chiefs’ involvement on issues like health and safety, which may not normally fall under their purview, underscores one of the upsides of the pandemic from their point of view—a chance to prove their value to the larger organization.
“It’s really an opportunity for the compliance role, as part of a larger leadership team, to rely on some soft skills—to deploy empathy, and to really engage with employees world-wide,” says Mr. Chiu. “Whether it’s things about diversity and inclusion, the work-from-home challenges, or physical safety—[we need to] put all of those things together and look for smarter ways to tackle those challenges.”