Remote and hybrid working caused by the pandemic has meant it can be more difficult for organizations to monitor compliance and detect incidences of rules being broken or procedures not being followed.
Speaking at Compliance Week Europe last month in Edinburgh, Scotland, Bandini Chhichhia, associate director, policy and ethics at the European Bank for Reconstruction and Development (EBRD), said working from home has resulted in a reduction in the time between decision-making and decision-taking, which means in certain circumstances employees have been more likely to act on their own accord—and not always in line with the rules.
Additionally, the physical absence of managers, colleagues, and compliance officers to raise queries or to ask for advice has also meant employees have relied on their own judgments but not always made the right call.
Chhichhia said the pandemic also changed the profile of several compliance risks; for example, code of conduct concerns or violations around inappropriate acceptance of gifts and hospitality—traditionally, the highest area of noncompliance—dropped massively because of lockdowns.
As hybrid working looks set to stay (at least in the short term), Chhichhia told attendees it is an opportunity for companies to re-evaluate their compliance risks and get employees to buy into their codes of conduct and corporate ethics.
“I find that I learn more if I ask managers to tell me what they think is wrong, rather than me telling them what I think is happening. It gives me a better idea of how they identify problems, react to them, and take action.”
Bandini Chhichhia, Associate Director, Policy and Ethics, EBRD
For example, arranging virtual talks with key stakeholders to get a better sense of the challenges they are facing can result in more targeted training or advice for specific compliance issues and risks.
Similarly, inviting managers and other stakeholders to tell compliance functions what help or support they think they would benefit from can also start an ongoing conversation about the level of compliance awareness and employee risk management.
“I find that I learn more if I ask managers to tell me what they think is wrong, rather than me telling them what I think is happening,” said Chhichhia. “It gives me a better idea of how they identify problems, react to them, and take action. It also provides me with a strong indication of how they view compliance and the EBRD code of conduct.”
Anil Karmel, co-founder and CEO of RegScale, said compliance professionals needed to embrace new technology to make their jobs easier, particularly in a post-pandemic world where monitoring employees and their behavior in the workplace is “completely different.”
Karmel said compliance functions still rely on decades-old technology such as spreadsheets to deliver a lot of their work when they should be leveraging new technologies to achieve better results more quickly.
“Manual compliance is tedious and out of date the moment it is created,” Karmel told attendees. He added compliance across multiple standards and frameworks further complicates this activity while “taking into account the different lines of business you may have, as well as the number of countries you may be operating in—each with their own legislation and sets of rules—makes manual compliance practically impossible at scale.”
Karmel added it was important for compliance functions to constantly have access to up-to-date information to improve monitoring and to make audits less risky. “The more timely the information we have, the more chance compliance has of finding problems, reporting them to management, and mitigating them before they are uncovered in an audit.”
He said compliance functions should employ automation where possible to keep compliance documents and information continuously up to date, as well as reuse assessment information across multiple standards and frameworks. He added compliance functions should move away from manual processes and use regulatory operations technologies to speed up workload.
“Compliance processes that are boring and repetitive should be automated. It’s good for the business, good for the regulator, and good for the employee,” he said.
No comments yet