Five ways the pandemic has changed compliance—perhaps permanently

1. Heightened risk environment

Most would agree the pandemic has accelerated existing risks. Many organizations hastily reorganized around remote work, without what would typically be a reasonable amount of time to design and roll out technology tools and procedures for a solid, controlled environment in employees’ homes. As a result, many organizations have faced cyber-security and data privacy issues affecting everything from firewalls to how a company’s confidential information can be properly safeguarded at home.

Employee relations issues have increased as the work/life boundaries and interpersonal norms we relied upon for control and balance have eroded. Employee well-being has universally been a concern, as the drain of nonstop video calls required to stay connected saps our energy more than running between conference rooms ever did (“Zoom Fatigue” is real). We miss the mental breaks and psychological support that in-person interaction in the hallways and breakrooms afforded. Lastly, those in frontline healthcare, customer service, distribution, retail, and hospitality especially face the omnipresent risk of contracting COVID-19—which intensifies the mental stress everyone is feeling from trying to adjust to so much change so fast. It can be a constant challenge to our energy level and well-being (Compassion Fatigue is real, as well).

The lack of transparency with vendors, customers, and employees is of great concern, both out of fear that people will take shortcuts and that there is an unprecedented environment for unethical behavior. “Public health emergencies, like natural disasters, are petri dishes for fraud and corruption,” says Alison Taylor, executive director of Ethical Systems, one of NYU/Stern’s Business & Society Programs. As a silver lining, Taylor believes this will result in a post-pandemic backlash that illustrates why the role of compliance in organizations is so critical.

Organizations have been placed in an unforeseen struggle with the liability of reopening—when, how? Federal, state, and local governments have created a lack of clarity by providing conflicting guidance on how to reopen and protect employees, consumers, and the company from litigation.

As advised by Andrea Bonime-Blanc, founder of GEC Risk Advisory, compliance professionals need to become constructive change agents and “develop a keen sense of situational awareness,” integrating continuous risk management into their daily compliance routines. Pressure and fear are powerful motivators for misconduct. Put succinctly: “Stay on top of relevant news and make it part of compliance.”

2. Core compliance processes are changing

Remote work and the cessation of travel has impacted core compliance processes that were formerly hands-on, such as investigations, reporting concerns, monitoring and auditing, and in-person training. As stated by one colleague, “I used to receive 95 percent of my reports by employees walking in and/or engaging me around the workplace. Now I do not have the access or contact and am not seeing even close to the same levels of reporting.”

There is a strong acknowledgment that compliance will be forced to rely heavily on technology to ensure an adequate level of visibility to emerging issues. We need to strategically leverage technology and efficient systems to monitor risk. This is causing some speculation that a greater skills overlap will be required of CCO and CISO roles. This, however, also raises privacy concerns.

Taylor believes the remote environment will lead to “exponential growth” in employee surveillance and that compliance officers will need to tread carefully given that this can undermine ethical culture: “Just because the tools exist, doesn’t mean you have to use them,” she says.

Compliance veteran and advisor Keith Darcy predicts dynamic and continuous risk assessment—one that considers “the rapidly deteriorating and changing business conditions. ‘One-and-done’ assessments are completely inadequate.”

Some predict that investigation interviews conducted on video conference and remote auditing will become the norm. Others are concerned that policies cannot be monitored or enforced without being in the office together; that compliance will be “out of sight, out of mind” to some degree. Communication must be a top priority for compliance, as the reduction of informal contacts with stakeholders and employees makes effectiveness more challenging.

Richard Bistrong, CEO of Front-Line Anti-Bribery, urges compliance to be proactive: “No news doesn’t necessarily mean good news, so this is the perfect time to proactively reach out to those who need you the most,” he says. Bistrong believes this is the time to remind the workforce that compliance is there to make sure “that no one person, or the organization, is left with a regulatory crisis after the current crisis has passed.”

3.  Workplace culture

With the lack of interpersonal contact, workplace culture has been severely impacted. With no face-to-face contact, how do we onboard new employees onto the culture and the ethical norm?

We have been used to face-to-face interaction, the ability to talk and build personal bonds with new employees. This can be done remotely (and for geographically dispersed businesses, it has been done this way)—but for many, it means redesigning new-hire processes and exploring all employee touch points to look for opportunities to be present. As Taylor says, “If you aren’t already working closely with your HR and corporate responsibility teams, now is the time to start.”

Some are concerned about visibility and a decreased influence of compliance and its oversight role. Other compliance teams report experiencing increased collaboration, with other teams now looking to E&C teams for guidance, where it previously was not as integrated. All agree compliance needs to find ways to stay involved with the business, to overcome barriers to building relationships with staff, and to be more alert.

Darcy emphasizes the importance of trust and truth: “In an era of truth decay, leaders must be honest to engender the trust necessary to lead today and into the future.” In our era of transparency, building trust is essential to driving a culture of employee accountability and speaking up.

For some, the pandemic means increasing bottom-up governance instead of straight classic hierarchic, top-down governance. Culture is even more important, as we cannot rely on observable behavior. Cédric Dubar, chief compliance and ethics officer of Volvo Car Group, finds the pandemic has reinforced that in a changing world, “culture and values-driven compliance programs are most likely to better support company-wide integrity.” Compliance needs to raise ethical awareness so colleagues understand “what acting ethically means in practice and how to always apply ethics checks and be self-reflective” in their roles.

4.  Compliance team impact

With regard to compliance team talent, remote work enables the recruitment of high-potential candidates from anywhere. The location-independent nature of our current work environment makes it easier to attract more qualified candidates—but makes it more difficult to retain them.

For the first time, many compliance leaders are needing to learn how to manage remote employees. Even teams that were geographically dispersed used to meet in person on a fairly regular basis. No face-to-face time brings challenges, as team issues can go underground and fester. Critical leadership skills include building trust, mastering conflict, achieving commitment, cultivating accountability, and focusing on results. Teams that did not possess these before the pandemic may find it more challenging to develop them in a remote environment.

With decreased visibility and the need for scheduling flexibility to accommodate personal demands, leaders are wisely focusing on communicating clear expectations for deliverables and timelines. Some CCOs are trying to find ways for employees to be motivated by one another and learn from one another when not in close proximity. The loss of interpersonal “peer-assist” and mentoring is being felt by some colleagues, whereas others say one-on-one communication has increased due to working from home.

Several colleagues emphasized the importance of managing work/life and the well-being of employees, expressing concern over the lack of office/home boundaries.

5.  Doing more with less

With some notable exceptions, most organizations are entering a down business cycle due to the impact of the pandemic. Economists predict that the effect will last for several years, requiring businesses to make staff and budget cuts.

The impact of this is sobering, yet familiar for us in compliance—the call to do more with less. As one survey respondent wrote, “I lost both my compliance staff.”

This role has always required nerves of steel and internal fortitude. Envision being a palm tree in a gale wind—deeply rooted, strong, and a survivor of the strongest storms. Dubar agrees that we will need to be even more resilient.

“The compliance professionals who will stand out are those who are flexible and manage to quickly adapt to the new ways of working and communicating,” he said, “and who show creativity—especially when dealing with budget constraints and remote teams.”

The good news is that the nature of our role has made us experts in partnering for change. Let’s come together and serve as champions for each other as we navigate this new world.