What compliance issues can arise when the only one looking over your shoulder is your cat?
My morning commute has gone from an hour-long train ride to a four-foot shuffle from my bed to my work desk. This is the situation that many of us find ourselves in.
- Office = bedroom/kitchen, laptop propped up by book you’ve meant to read
- Proper dress = anything but naked (dependent on Zoom)
- Hygiene = sparkling hands all else looks like the Clan of the Cave Bear
The line between home life and work life is gone, and this can make for some embarrassing moments for sure.
Given this environment what compliance issues should we be looking for?
People behave dishonestly enough to profit but honestly enough to delude themselves of their own integrity.
Let us look at some primary factors that affect business ethics and compliance in light of the pandemic crisis.
Tone at the top – This does not just mean your company’s CEO, board of directors, or senior management, but also your direct supervisors. If leaders or those who can affect culture that does not just make corruption more likely, but encourages it.
The right tone at the top is set by four key steps:
- Lead by example
- Clearly communicate that ethical behavior is expected of all associates
- Provide a safe means of reporting concerns free from retaliation
- Reward integrity, especially when tough choices were involved
So, about Covid?
We are much more likely to cheat if we feel owed something or are not being treated fairly
There are some companies whose leadership is doing it right. Prudential is one, they were one of the first companies to offer the ability to work from home, and are providing a lot of resources to help their employees through this crisis. Starbucks is another, they have given their employees several weeks of emergency pay in States that are under lockdown.
While other companies, like Tyson Foods and Amazon are facing a backlash from their workers over charges of putting profits before lives.
But in truth, this is an unfolding crisis and there are many stories yet to be written. Time will tell who handled this well and who didn’t.
if you would like to track how some major companies are handling the pandemic Just Capital has a powerful tracking tool.
Behaviour of colleagues – The actions of our peer group affects our ethical behavior to a great extent. This remains very true in social networks.
Beyond embarrassing Zoom conferences (which can actually make our co-workers seem more human and approachable), what are some behaviors hat may affect this work-from-home corporate culture?
For one, if I wasn’t a Compliance and Ethics professional, I wouldn’t be thinking about it. Right now, many of us are thinking just about survival.
But this natural response can be taken too far (as evidenced by the quote below). This isn’t the Apocalypse, it just smells like it, and co-workers that no longer care, can create an environment where our compliance obligations are pushed aside. We still need to follow HIPAA, SOC 1, SOC 2, GDPR, SOX, or other regulations.
I don't care, it's the _______Apocalypse, if you show up to these Zoom classes, you're all getting A's. Anonymous Teacher
Many of us, including myself, are keeping odd hours these days. Life seems to have fallen into a non-regulated pattern of work, eat, sleep, eat, work, eat, work. I have been on non-internation conference calls at 10 p.m., and have sent emails at midnight, but have made up for it by taking a nap in the afternoon. This much different work environment is rife with wage and hour concerns.
Also, for an employer there are new and fast-moving temporary regulations and guidelines to adhere to, such as Paid Leave under the Families Coronavirus Response Act.
Opportunity – When given the opportunity to act dishonestly, many individuals do cross ethical boundaries, if only “by a little bit.”
Our wardrobe isn’t the only thing that lowering it’s standards. Many regulatory bodies are temporarily relaxing some regulations. Included in these are:
- Federal Reserve Board (Fed)
- S.E.C.
- O.H.S.A.
- F.D.A
Now is a time of triage, where we must focus on the highest and most likely compliance risks.
As the lines between work and life disappear, it may be harder to separate what is yours and what belongs to the company, This creates many chances for clients’ personally identifiable information, Company confidential information, and intellectual property to get leaked or misused.
Another risk inherent from having a diminished, dispersed staff is not maintaining proper segregation of duties. In this environment, check that tour controls and procedures still ensure an employee is not in a position both to perpetrate and to conceal errors or fraud.
Work stress and insecurity – when we are under stress and our minds are taxed, we tend to make poorer choices, especially those that have short-term gains, but long-term consequences. And we are under unprecedented amounts of stress of every stripe and flavor- economic, health lifestyle, relationships, necessities (if only stress were toilet paper).
For example. if you are a small business owner, the good news is, in the U.S. there are various programs like CARES (coronavirus Aid, Relief, and Economic Security) Act, the Paycheck Protection Program(PPP), and other federal relief measures that have been enacted to lessen the financial hardship of this crisis. The big “but” is, there is a large amount of compliance controls and tracking required by the business. This may be an issue after the crisis is over.
How to Mitigate Emerging Risks During COVID-19
Pick your battles. These are the most uncertain times in living memory, mistakes will happen, and the controls you have in place may not be suited to the currernt situtation. It is important that we focus on risks that are high impact, or have a high probability of occurring, or both.
To tackle a highly fluid risk environment we need a dynamic continual risk assessment. these should not and could not have the same formalities ad structure as a traditional audit or test, but can be as simple as a roatation weekly or biweekly round table discussion between compliance and businesss leaders asking straight forward questions:
- What emerging risks are we seeing/noticing./concerned about?
- Why? How do we know?(risk indicators)
- Waht risks have a high impact, high probability, or both?
- What regulations/guidance has changed?
- What market changes are affecting our risk areas?
- Are our controls, policies, or procedures adequate?
Identify risks that are high impact and most likely
Water seeks the lowest level and leaks from the weakest point
Stop the Slow Drip of Death. In the aggregate, risks that ahve a low or medium impact can cause more damage due to the frequency of their occurrence.
A small ethical nudge just before a decision point makes a big difference. Because most people think of themselves as honest people, a moral reminder of that self-image of honesty right before a choice can go a long way, especially if it’s coupled with a degree of peer-pressure, or social normalization.
Take these two signs promopting prople to reuse their hotel towels:
Standard Message
“HELP SAVE THE ENVIRONMENT. You can show your respect for nature and help save the envionment by reusing your towels during your stay.”
“JOIN YOUR FELLOW GUESTS IN HELPING TO SAVE THE ENVIRONMENT. Almost 75% of guests who are asked to participate in our new resource savings program do help by using their towels more than once. You can join our fellow guests in this program to help save the environment by reusing your towels during your stay.”
As you can see, the descriptive approach was much more effective in promoting compliance. Think about your own business processes, where would be a good place little moral prompt?
Covid isn't a drill.
I was a fire safety volunteer at a former company. One of the hardest things to do was to get people to close their office door as they left for a fire drill.
As compliance professionals, our job is not unlike getting people to close their office doors during an actual fire. This story is still being written, but from my experience and the research l’ve conducted, I think we can get through this with our compliance obligations met and our risks under control, by:
- Conducting stramlined ongoing risk assessments.
- Focusing on high impact and/or high probability risks.
- Reminding employees at key moments of the ethical standards and compliance obligations that are expected on them.
