Gene Cahill (firstname.lastname@example.org) is a Partner at Grant Thornton LLP in Chicago, IL, USA, and Kristin Nado (email@example.com) is a Senior Associate at Grant Thornton LLP in Arlington, Virginia, USA.
Since the outset of the COVID-19 pandemic, companies have been faced with a rapidly changing economic landscape that has transformed the way that they do business now and for the foreseeable future. The global environment has placed unprecedented pressures on businesses to adapt to the new challenges facing their worldwide operations, and many of these challenges involve or require governmental touchpoints in order to navigate. Notable global organizations, such as the Organisation for Economic Co-operation and Development, have observed that this mix of new pressures and opportunities presents a potential breeding ground for bribery and corruption as both businesses and governments navigate the transition to what some are calling the “new normal.”
Yet in the face of the increased risks that the pandemic poses on businesses, many companies are facing a decreased capacity for monitoring and oversight. According to a report from the Association of Certified Fraud Examiners, nearly three-quarters of anti-fraud professionals have reported that preventing and investigating instances of fraud, which includes corruption, has become more challenging in the wake of COVID-19. Factors such as travel restrictions, workforce reductions, transition to remote work, and technological limitations have all changed the control environment and interfered with the way in which compliance, legal, security, and internal audit professionals have traditionally performed their work.
In spite of both increased internal and external challenges, however, companies do not get a free pass when it comes to anti-bribery, anti-corruption (ABAC) compliance. For example, both the U.S. Securities and Exchange Commission and Department of Justice (DOJ) have expressed their continued dedication to enforcement of the Foreign Corrupt Practices Act (FCPA), the primary piece of US legislation that holds organizations and individuals accountable for bribery of foreign officials either directly or through third-party intermediaries. The DOJ’s continued focus on FCPA enforcement was underscored by the DOJ’s issuance of the second edition of FCPA: A Resource Guide to the U.S. Foreign Corrupt Practices Act during the heart of the pandemic in July 2020. Moreover, the DOJ and the Securities and Exchange Commission have brought a combined 30 enforcement actions so far in 2020, including two of the largest settlements ever with the almost $4 billion global settlement related to Airbus and Goldman Sachs’ $2.9 billion resolution.
As a result of this unique business environment, it becomes even more important for companies to have an efficient and risk-tailored ABAC compliance program. This article explores what is driving the increased risk landscape under COVID-19, why it is proving difficult to conduct compliance activities as usual, and how companies can strengthen their programs to counter the increasingly risky landscape that businesses currently face.
A look at risks for three industries
This article analyzes three industries and the specific circumstances those industries face, but note that the risks and recommendations are likely applicable in other scenarios where financial pressures and government interactions are increasing.
Real estate development and construction: Permits and inspections
As the world experienced waves of lockdowns in the first half of 2020, a number of construction projects across the globe experienced delays or temporary shutdowns of work. Even after construction recommenced, supply chain and labor interruptions have placed additional pressure on contractors to keep their projects on schedule and on budget. Because contractors historically work on thin margins and have limited working capital, slowdowns in work can have an oversized impact on their liquidity and financial position, leaving many construction companies anxious to remobilize, receive funding, and cover their mounting fixed costs. This pressure to get back to work is often reliant on obtaining appropriate approvals, permits, and inspection results from government regulators for projects in higher-risk countries.
Obtaining these various approvals in countries with elevated risks always carries a possibility of bribery and corruption, but that risk is intensified as COVID-19 did not discriminate against which projects it affected. As such, most (if not all) active projects within a specific geographic location will be trying to obtain various approvals, permit extensions, and positive inspection results at the same time. This could result in backlogs for the government regulators required to provide these approvals and result in a natural incentive for developers, contractors, and project owners to “get to the top of the list” by bending, if not breaking, established rules against improper payments. These improper payments may be viewed as a necessary cost of doing business and are often transmitted through third-party intermediaries (TPIs) to obfuscate the true intent of the cost. This use of TPIs is not unique to the construction industry, as they have been involved in more than 90% of all FCPA enforcement actions since 2010.
Health care and life sciences: Government contracts and grants
From the outset of the pandemic, the medical field experienced a rapid increase in demand for a variety of medical equipment, supplies, and personal protective equipment (PPE) that spurred a number of manufacturing companies to reorganize their production facilities to meet this demand. Meanwhile, health and safety requirements established to protect factory workers also placed limitations on the manufacturing capacity of individual companies. Outside of equipment and supplies, there has been significant need for new pharmaceutical treatments, therapies, and vaccines to fight the virus, which contains significant profit potential for drug companies that are able to successfully discover safe and effective pharmaceutical options.
Throughout the world, state-run hospitals have faced the need to source critical supplies, including PPE, from new and different companies in order to address the elevated demand. This renegotiation of purchasing contracts potentially opened up a financial incentive for companies to give in to demands for bribes from officials in charge of these purchasing decisions, who themselves may be aware that, due to the critical health situation, their organizations are more concerned with expediency than with policing potential wrongdoing. Meanwhile, the issuance of governmental aid to pharmaceutical and biotechnology companies for research and development into potential COVID-19 treatments presents an additional area of opportunity for companies to corruptly influence either the initial distribution of funds or later certification that the company has met requirements associated with aid. The research, development, and distribution of treatments are also heavily reliant on TPIs (e.g., clinical search organizations, consultants, and distributors), which is typically an area of elevated risk of corruption. When large amounts of government aid are deployed at a rapid pace during a crisis, the opportunity for unethical actions is amplified. Many times, compliance controls will break down in these fast-paced environments as the mission can inadvertently create blinders to the associated risks.
Tech and telecommunications: Importing and exporting
Manufacturers of consumer and industrial products are faced with changing consumer behaviors due both to economic slowdown and the work-from-home environment. While these changing consumer behaviors have actually increased demand for certain consumer electronics as people spend more time within the home, manufacturers of these products are faced not only with health and safety regulations in their manufacturing facilities as described above, but also with difficulties in ensuring that they are able to obtain needed raw materials in time for production schedules and to subsequently move goods from production facilities located across the globe to major consumer markets.
Due to uncertainty regarding the future ability to source critical materials, organizations are likely to onboard additional suppliers as part of the increased demand and/or contingency planning. This could lead to entering into relationships with new, potentially unvetted suppliers to obtain materials and with other third parties that facilitate the overall global supply chain and logistics process to meet production and distribution requirements. At the same time, limited international flights and other transportation options may make it difficult for manufacturers to export goods in order to reach consumers. Corrupt officials who are aware of the pressures on companies to expedite goods through customs may take advantage of the situation to demand bribes, while the use of customs brokers or other third-party intermediaries in the import and export process may reduce companies’ line of sight into the payments that are being made on their behalf.
Responding to the changing compliance environment
In this environment of increased pressure and expanded interactions with government officials, the need to monitor and provide oversight of these risks does not go away. However, companies are continually challenged by “doing more with less,” and the work-from-home model may both affect the previously established internal control frameworks and limit the ability for companies to monitor and diagnose higher-risk activities of their employees, vendors, and other relevant entities. In addition to the change in operational controls and second-line reviews, many companies are changing—or at least not enforcing—policies related to their key business functions in order to keep the business moving. The willingness to increase risk tolerance and relax rules may be necessary to achieve short-term business goals, but there is a potential long-term cost. The world has had to creatively adjust to continue to move forward through the pandemic; now is time for companies to be innovative about their compliance efforts, as well. Consider the following recommendations to enhance oversight, strengthen your company’s response to the quickly changing internal and external landscape, and reduce the likelihood that the actions of today will be regretted later.
Embed legal and compliance into the operational environment
Particularly when resources are limited, repositioning compliance from after-the-fact referees into the frontline decision-making process can help companies avoid potentially time-intensive and costly remediation efforts. Involving legal or compliance professionals earlier in the risk life cycle—for example, encouraging compliance professionals to attend sales meetings to understand potential risks as they arise—can provide valuable insight that reduces the amount of after-the-fact review and approval. In addition to lowering the risk profile, this adjustment may also result in the tangential benefit of actually moving the business through key decisions faster and with greater confidence, resulting in a competitive advantage.
Double down on due diligence procedures
As mentioned above, the various supply chain impacts of the global pandemic have required some companies to work with new business partners, sometimes with significant time pressure to onboard the third parties in order to avoid business disruption. Despite this pressure, companies should continue to be vigilant in enforcing current due diligence requirements. In response to time pressure, companies may consider enhancing the efficiency of their due diligence risk models to prioritize those third parties that are critical to keeping the business strong and have a high likelihood of government touchpoints within the scope of their services. Refreshing due diligence procedures more frequently to understand rapid changes that third parties may be undergoing themselves may be the most direct manner to proactively understand emerging third-party risk in higher-risk geographies.
Renew risk assessments and refresh trainings
The DOJ has consistently emphasized risk-based approaches to compliance. Due to the changing risk landscape, a company’s prior risk assessments may no longer capture the current likelihood or impact of risks or suggest the optimal distribution of resources to combat these risks within a compliance program. Companies may also consider teaching department heads to deliver ABAC training directly to their groups in order to communicate that the business as a whole takes responsibility for compliance rather than delegating that responsibility to potentially shrinking legal or compliance groups. In doing so, first-line employees and their management teams recognize the importance that leadership places on compliance and acting in accordance with established policies and expectations.
Monitor changes in transactional behavior with analytics
The DOJ has demonstrated leniency toward companies that integrate data analytics into their compliance programs, and, as an additional bonus, the automation of transaction monitoring allows compliance departments to do more with less in the face of staffing cuts. However, due to the economic impact that COVID-19 has had on nearly every imaginable sector of the economy, companies may need to perform additional vetting of their transactional data to understand which of the traditional red flags remain meaningful indicators of potential corruption and which simply reflect the economic changes faced during the pandemic. Companies should consider focusing on changes during the pandemic (i.e., since March 2020) compared to prior periods and assess whether the changes are expected by the business and if there is a clear explanation for them. For scenarios where there is no clear or reasonable answer, companies should invest resources to understand the relationship, which may require performing a third-party audit to gain comfort in their business activities.
The risks that companies are facing due to COVID-19 are varied and continue to change. However, one thing is clear: the decisions and actions of today will be analyzed later by regulators. The current environment requires that companies rely on innovation in order to maximize resources. In addition to updating current compliance tools such as risk assessments, trainings, and due diligence to this new environment, companies should also consider partnering compliance with the front line of the business to minimize costly reactive approaches and leveraging analytics to help prioritize actions that keep the business strong while protecting the reputation of the organization.
The authors would like to thank Alex Koltsov, a senior manager in Grant Thornton’s Strategy & Transactions practice, for his contributions to this article.
Changes in the business environment related to COVID-19 have intensified pressures on global companies due to economic slowdowns, supply chain interruptions, and health and safety regulations.
Simultaneously, interactions with government officials related to import/export delays, permits, and the securing of product through government channels result in additional opportunities for corruption.
The added reliance on government interactions and approvals for business-critical functions is enhanced across many industries, including the real estate and construction, health care and life sciences, and tech/telecommunications industries.
Compliance programs within this new environment are challenged in understanding and managing these risks in a primarily remote oversight and governance model.
Companies may need to develop new approaches to performing core compliance duties in a way that appropriately balances changing operational needs and enhanced anti-bribery, anti-corruption risks.