The COVID-19 pandemic altered in a dramatic way how companies operate their anti-corruption compliance programs, but not necessarily for the worse, according to two experts who shared their experiences at Diligent’s virtual “Modern Governance Summit” on Sept. 14.
“Necessity was the mother of training,” said Drew Northern, director of global anti-corruption at Cook Group, a U.S. privately held medical device manufacturing company. The pandemic required changing everything, from the delivery of training to investigations and audits, he said.
It has been during this time that many compliance programs have begun to realize the untapped benefits of doing certain tasks remotely. Take audits as an example: “We have all learned from the last year and a half that we can do audits remotely and there are a lot of efficiencies in it,” Northern said. “Our ability to do remote audits without the travel time and expense frees up resources and time to do more audits and to do more in-depth audits.”
Saving time and expenses has shown to be a boon for compliance professionals that know how to shift their limited resources wisely. Food and beverage giant PepsiCo is another example of this. Before the pandemic, PepsiCo’s anti-bribery/anti-corruption compliance program had both an online and in-person training component, but now all training is being done on Zoom.
“Switching to Zoom has had a number of benefits,” said Shana Cappell, senior legal director and chief anti-corruption/investigations counsel at PepsiCo. One positive of the shift is it has freed up time for PepsiCo’s compliance officers and lawyers who lead training to focus on more critical tasks, Cappell said. For that reason alone, remote training is likely something PepsiCo will continue to do moving forward, she said.
On the flip side, certain tasks are more effective when done in-person and on-site, “especially when we need to gather documentation,” Cappell said. Requesting information over email doesn’t hold the same weight or immediacy as asking for documentation in-person when it rests on somebody’s desk or computer, she said.
Not having the ability to be on-site has resulted in delays across the board—from due diligence in mergers and acquisitions transactions to risk assessments and internal investigations, Cappell said. “Things take longer, and they are less efficient,” she said.
“We have all learned from the last year and a half that we can do audits remotely and there are a lot of efficiencies in it.”
Drew Northern, Director of Global Anti-Corruption, Cook Group
Another challenge has been scheduling around senior executives’ schedules. “Instead of things being done in the three days that you’re on-site, it could be a month that goes by between interviews,” Cappell said.
The upside, however, in the case of internal investigations is that, while face-to-face interviews and on-site visits may be ideal, “remote virtual interviews suffice in many cases,” Northern said. “They don’t keep you from getting to the truth,” he said, nor from doing “fair, prompt, and thorough investigations.”
During the panel discussion, Cappell and Northern also shared what relationship compliance has with their boards. “We have direct line of sight and direct connection with the board, specifically the audit committee,” Cappell said.
PepsiCo’s global chief ethics and compliance officer (CECO) twice a year gives a deep dive presentation to the audit committee. One of those presentations takes place early in the year, giving a lookback on the past year’s activities and providing a program overview of what to expect in the coming year. The second is done later in the year and explores a particular area of compliance that was pivotal that year.
The CECO also meets in executive session with the audit committee at every meeting, so there is always that touchpoint. “We feel like we have a very strong relationship with our board, and they are very integrated with our compliance processes,” Cappell said.
In addition, any time a new member joins the board, PepsiCo’s CECO will have a one-on-one with them to give an overview of regulatory expectations and what that means from a compliance perspective while also educating that individual on the company’s compliance processes, she said.
Cook Group’s CECO similarly works closely with the company’s board, reporting directly to the audit committee, Northern said. Compliance and ethics program directors, not just the CECO, meet quarterly to keep the board appraised about certain topics, like what’s on the enforcement and regulatory horizon, for example. “We talk about our risks, how we segment those risks, assess those risks, and what we are doing to mitigate those risks,” he said.
Asked about how the compliance profession will evolve in the coming months, Cappell said data analytics is “definitely the wave of the future. We are going to see companies investing very heavily in this area.”
“I also think third-party oversight is going to become more sophisticated,” she said. “Right now, we have a basic third-party due diligence program … but I think there is going to be an expectation of dialing it up a notch.” Enforcement authorities are going to want to see a broader package of capabilities, including robust transaction testing, auditing, and a focus on third-party training.
“You can’t just check the box by saying, ‘We do diligence reports, so we’re good,’” Cappell said.
Moreover, the evolution and growth of environmental, social, and governance (ESG) issues over the last year is “one of the biggest challenges facing ethics and compliance professionals,” Northern said. “Where do we fit in? Are we responsible wholly or partly for ESG? What does the structure look like? How do we best integrate ethics and compliance into ESG?”
Compliance Week in September held its first “Everything ESG” virtual event, during which compliance leaders at power generation business ContourGlobal and outdoor hardgoods company Osprey explained how they are working to craft effective ESG programs at their respective firms.