More focus needed on ethics and compliance during Covid-19
Growing risks stemming from the Covid-19 crisis have created the space for a heavier focus on ethics and compliance efforts in the US, according to a report from Nexdigm.
Reports from all over the world suggest that disruption caused by Covid-19 was almost an instant catalyst for regulatory breaches – either through lapses in compliance efforts or out of sheer mal-intent. The result is a business environment constantly engaged in balancing a complex array of risks.
In the US, the risk profile revolves largely around government intervention. Based on the annual Corruption Perceptions Index released by Transparency International, the US leans towards the less corrupt markets, although perceptions of public sector corruption in the country are higher than other key markets such as the UK, Germany, and Singapore. According to Nexdigm (SKP), a global risk advisory and management consulting firm, this leaves the country open to myriad risks as the government takes the drivers’ seat at a time of crisis. For one, the risk of illicit activity is on the rise, as more interaction with government officials leaves more space for bribery and fraud – not only from within a business but from third-party vendors.
Topping this off is the set of risks posed even by legitimate government involvement, as regulatory frameworks change in real time and become tighter by the day. “There will be litigations and charges against organizations/individuals misusing stimulus packages and floating regulatory norms,” explained Sundar Narayanan, director of forensics at Nexdigm.
For businesses, increased enforcement and prosecution means tremendous pressure, even if all efforts are being made to be compliant. Such is the nature of the crisis and its repercussions that the pursuit of business resilience in itself opens the door to regulatory breaches.
Since the pandemic took hold, businesses have been juggling several balls at once. The transition to remote working was the immediate concern, as lockdowns forced offices to close down. “In many cases, organizations were not able to seamlessly transition to remote working due to a lack of digitization,” said Narayanan.
“A gap in the technological infrastructure, along with the absence of mechanisms to effectively manage employees and monitor their productivity, significantly hampered the switch,” he added. Building these capabilities is a full-time pursuit, made harder by an unprecedented economic crisis that has halted spending and squeezed cash flows.
For businesses that managed to embrace remote working, a Pandora’s box of risks was thrown open, as key ‘control gaps’ emerged. A thinly spread IT network with less secure personal devices in the mix has created vulnerabilities to cyber attacks. A lack of interaction with employees is causing disconnect among colleagues and management.
Add to this the actions backed by mal-intent. “Oversight on employees loosens due to a remote situation, and compliance officers cannot monitor adherence to anti-corruption policies. This leads to bribery risk,” explained Narayanan.
What can businesses do?
So the risk profile is large and diverse, but there are measures that can be taken to navigate this landscape. The Nexdigm report, titled ‘Global Anti-Bribery and Corruption Insights’, lists some of these.
When it comes to fixing the control gap due to remote working, Nexdigm suggests a structured approach to monitoring risk. This starts with making a monitoring framework complete with key performance indicators and reporting protocols. Compliance concerns should be embedded within general control measures, and transactional anomalies should be reviewed on a regular basis. It's important to include professionals from finance, legal, and accounting in the control process to ensure compliance on all fronts.
The challenge here is that risks still exist from third-party breaches, which puts pressure on due diligence of vendors. Once again, a systematic approach is necessary to manage these risks, starting with selecting the right due diligence model and finding the right – and most cost-effective – service provider. Due diligence procedures should fall under oversight and governance frameworks, and anomalies should be given focused attention in real time.
Perhaps the central issue with most of these measures is that they still rely on staff members, who themselves are working remotely and disconnected from the organization. This is where the need for training becomes crucial. “Training not only helps in reflecting the organizational stand on ethics and compliance but also enables reiterating the expectations from the stakeholders,” said Narayanan. He suggests e-learning modules that can instill and reinforce ethical principles among the workforce.
Lastly, the report highlights that a compliance officer alone cannot manage changes of the scale described above, even if they have a direct line of communication with company leadership. What businesses need is for ethical considerations to be instilled across the entire stakeholder ecosystem – starting with various departments within the business and extending to the wide network of partners, board members, vendors, and stakeholders. Spurring this network into action is a company’s best shot at compliance in a challenging time.