Rachel Barack (firstname.lastname@example.org) is the VP – Compliance & Associate General Counsel for The Clorox Company in Los Angeles, California, USA. Ben Kimberley (email@example.com) is the Director, Legal, for The Clorox Company in Oakland, California, USA.
The global COVID-19 pandemic continues to leave a lasting impact on nearly every facet of our society and likely will for years to come. It is an agent of disruption and change that has touched nearly everyone in some manner. For many companies, it has produced new opportunities, challenges, and risks, including for compliance and ethics programs.
The pandemic has required that compliance professionals adapt their programs to fit new ways of working. While this has been a challenge, it can also be viewed as a positive opportunity for continuous improvement. We look at five key lessons learned from the pandemic for compliance programs.
1. Continue to consider employee health and well-being
Compliance policies, processes, and procedures are important, but employees exercising judgment in an ethical manner is perhaps the most important pillar of an effective compliance program. Stated another way, the collective judgment of a company’s employees represents its culture and is vital to the health of the compliance program.
COVID-19 has strained employees in countless ways—physically, emotionally, and mentally—both inside and outside the office. For this reason, one of the most important lessons of the pandemic wasn’t really a compliance lesson—it was a human one. The best way for companies to help their employees do the right thing during this challenging time came in the form of companies doing the right thing for employees. By providing employees with empathy, understanding, flexibility, and trust during one of the most challenging times of their lives, employees could feel that they were supported by an employer that was involved and caring. When employees feel healthy, well, and supported by a company, they are more likely to exercise ethical judgment and not fall into an “us or them” mentality. This pandemic reminded us that people are at the center of any compliance program and that we, as compliance professionals, need to craft programs for the people, not impose programs on them.
2. Keep flexible real-time risk assessments
In addition to altering the compliance risks faced by many companies, the pandemic also changed how many companies approached risk assessments. Most companies conduct periodic risk assessments, but few have the opportunity—or need—to undergo such activity in real time on a nearly constant basis; by altering every function of a business from manufacturing and shipping to human resources, the pandemic gave companies the chance to do just that. It pressure-tested compliance programs for all companies in one way or another. And for those that haven’t taken time to check in on their post-pandemic risk, it might be time.
Assessment of risk is fundamental to developing and maintaining a strong compliance program and is a factor that regulators will evaluate in assessing a company’s program. From an operational standpoint, risk assessments are fundamental to provide the blueprint to guide employees toward certain standards of conduct and resources toward higher-risk activity.
In the short term, all companies have faced new or increased risks (whether commercial or compliance) during the COVID-19 pandemic. For some, it might have been pressure to deliver numbers during a challenging sales environment. For others, it could have been global supply and logistics challenges. For all, it was fast-moving and unanticipated in its breadth and presented employees with difficult choices on a near-daily basis. For compliance professionals, it provided transparency into the fact that internal risk assessments are happening on a constant basis, and without strong guiding principles and an evolved corporate culture, the results aren’t always pretty.
From a longer-term perspective, the pandemic altered the future trajectory and business objectives for many companies, which has led or will lead to changes in the fundamental risks associated with those new or revised objectives. For this reason, companies should evaluate their external risk assessment timing and determine whether it should be accelerated. While companies cannot prevent all risks, particularly those associated with once-in-a-lifetime events like COVID-19, a post-pandemic risk assessment can provide insights from what has been a pandemic-driven program “stress test” to help strengthen the program for future compliance challenges, whatever the cause.