[Click above to download full article as published in REVUE INTERNATIONALE DE LA COMPLIANCE ET DE L’ÉTHIQUE DES AFFAIRES – N° 4 – AOÛT 2020.]
The life-threatening pandemic, along with the global economic collapse, raise significant new risks for organizations everywhere. Ethics and compliance executives are challenged to deal with these new (ab)normal conditions, while facing considerable pressure to do “more with less.” This article explores these issues, and calls attention to how and where risk managers need to prioritize their time and activities in order to manage against a tsunami of increasing risks.
These are troubling times. A still surging life-threatening virus has brought the entire planet to its knees. Health systems and front-line warriors are completely overwhelmed and at risk. In our attempt to respond to COVID-19, by sheltering in place, we face a global economic collapse not seen since the Great Depression. People are waking up every day, stunned and dazed by a world turned upside down. Businesses have shuttered everywhere, resulting in massive unemployment worldwide. These conditions have exposed racial and economic divisions, all made worse by the spread of disinformation and hatred. And so many people are dying.
“Business-as-usual” no longer exists and is unlikely to ever return. Sales teams and traders working remotely pose special challenges. The virtual workplace for them creates significant control and surveillance issues, as well as confidentiality issues.
For ethics and compliance executives, this tsunami of bad news requires significant and additional vigilance, because of the new risks and the change of global business environment (I) with serious impact on the interactions with employee, stakeholders and third parties (II)
I – The change of the global business environment and new risks
Where to start – The starting point is to acknowledge the brutal truths that everyone is experiencing, and how it is impacting the way business is conducted. Clearly, a dynamic and continuous risk assessment process, one that considers the rapidly deteriorating and changing business conditions, is critical. “One-and-done” assessments are completely inadequate. In that regard, it is further essential that all risk managers operate in unison. Risk managers operating in silos do so at their own peril, and expose the enterprise to additional internal and external threats. Compliance, human resources, internal audit, legal, chief technology and information officers must coordinate and share data that monitors and measures emerging risks and trends across the enterprise.
Use of technology – On the issue of risk measurement and monitoring, it is more critical than ever that technology be deployed to follow for issues and trends. While some technology for ethics and compliance professionals has been developed in recent years, due to the investment necessary it has generally been slow to be implemented. The time is now. Technology can be a great enhancement in monitoring for risk. Unfortunately, given the global economic collapse, there are extraordinary pressures to contain expenses in most industries and all departments, including ethics and compliance departments. It would be foolish to consider any diminishment of resources in managing risk. At a time when risks are rising, as well as the expectations of enforcement authorities, this could expose companies to significantly greater risks. Regarding those companies that downsize risk management resources, I’ve seen this movie before (tech bubble crash, Great Recession, etc.), and it ends very badly.
Price gouging – Although generally not illegal, price gouging in some countries regarding specific items (e.g. food, medical equipment, health supplies, etc.) may be noticed. A perhaps bigger risk, however, to price gouging is reputation risk to the enterprise. “War profiteering” in this environment will be severely frowned upon by all stakeholders. Reputation risk today is at least as great as strategic, operating, and financial risk. All it takes is one incident gone viral, and it can destroy a firm’s reputation. How a company treats its customers, suppliers, and communities where they do business will forever define its brand.
Digital fraud – Ethics and compliance executives need to be on the alert for digital fraud, including fake websites, phishing, malware, and other schemes. Also, because more and more of the company’s business operations now happen online and/or from home, cyber risk by definition increases, including employees discussing or exchanging confidential information, or use of unauthorized chat applications. These risks can impact both individuals and organizations.
False claims risks – For companies involved in medical technology, pharmaceuticals, and other areas of healthcare, the potential for creating false claims rise. This is particularly true of those products and services especially important in addressing COVID-19 related issues (e.g. vaccines, treatment of the pathogen, protective equipment, ventilators, etc.). Making false claims for public corporations is particularly troublesome, as it creates opportunities for senior officials who are rewarded in stock, options, and other paper programs, for manipulation and self-dealing.
Aid programs – Across the globe massive amounts of government assistance programs have been enacted to financially support troubled companies and individuals through this crisis. As a result, it creates extraordinary potential for corruption and fraud. I have long said that wherever there is money, there is the potential for corruption. And wherever there is lots of money, there exists the potential for lots of corruption. Abuse and/or misuse of government support funds bears potentially heavy costs.
So, too, are the reputation risks for top executives of companies accessing government support, where they reduce staff while maintaining large compensation packages.
II- Interactions with employees, stakeholders and third parties
Fraud triangle – When economic bubbles burst, it exposes rot. This is an important time to be reminded and wary of the elements of the fraud triangle – pressure, opportunity, and rationalization. These elements may be particularly important when considering supply chains. For example, the European Union’s 5th AML Directive (anti-money laundering) imposes on member countries specific requirements regarding a beneficial ownership directory. From an anti-corruption and money laundering perspective, compliance officers have to identify the natural person(s) owner of third parties, vendors, and suppliers so as, among other things, to expose a hidden government official as a means to pay a bribe.
Import/export control issues – Addressing beneficial ownership also intends to addresses import/export control issues regarding Specially Designated Nations (SDN’s). Compliance officers must consider how many tiers of due diligence are necessary to uncover the true beneficial owners. In France, the enactment of SAPIN 2 law sharpened the focus of enforcement authorities regarding corruption, and the requirements for boards and top executives. This was further strengthened on June 1, 2020 when the French Ministry of Justice issued a memo to prosecutors outlining how it plans to investigate and prosecute illegal bribes paid by French companies to secure business in foreign countries.
Work environment – Among the biggest areas for risk for ethics and compliance executives should be employee concerns. It is important to recognize that so many people in the company workforce are suffering from fear and trauma. They are afraid for their lives due to the pandemic, as well as afraid for the potential loss of their jobs. Many will have either lost a friend or loved one, or know someone who did. And the prospects for a second wave, and maybe a third, remain high according to experts. For everyone, there is a deep anxiety, indeed, terror at the loss of a predictable future, even as we awaken from a self-induced economic coma and re-open for business. The psychological impact, and potential for depression and/or post-traumatic stress, will grow over time as this virus will be with us for a long time.
Given these circumstances, it is important to place employee safety as a top priority. How a company treats its workforce in this troubled time will forever define its culture. Creating a safe and healthy work environment is critical to employee performance, and organizational success. In an era of truth decay, leaders must be honest to engender the trust necessary to lead today and into the future. Trust, real trust, demands truth – they are two sides of the same coin. In an era of transparency, you cannot spin the truth. Building trust will contribute to a culture of employee accountability, increase traffic to the helpline and other methods to “speak up.” This is especially important in a socially-distant workplace. And as we encourage a “speak up” culture, so too, we must create channels for significant two-way communication. People need to feel part of a social system. It is fundamental to being human. Compliance executives need to strengthen their relationship with business and human resource leaders in this regard.
Similarly, senior executives who cut their salaries as a magnanimous gesture while furloughing or downsizing the workforce, but are rewarded with outsized equity grants, may suffer reputational conflicts down the road.
All crises follow a similar path. They have a beginning, middle, and, hopefully with COVID-19, an end. Clearly, the present isn’t what it was, and the future isn’t what it used to be. We stand at the end of an age, and the beginning of a time not yet defined. Uniquely, we have an opportunity to participate in defining it. Ethics and compliance executives have an extraordinary opportunity to provide leadership in defining a “new normal.”
There is a familiar refrain these days – “We are all in this together.” Clearly, we cannot get through this crisis alone. In the days ahead we will be challenged to find new ways to create interdependencies, and search for new ways to experience community where we live and work. It’s time we begin to plan for a future worthy of our children and grandchildren – one that is built upon a foundation of integrity, dignity, and human worth.
Keith Darcy is President of Darcy Partners Inc., a boutique consulting firm that works with boards and top executives on a wide variety of complex governance, ethics, compliance, and reputation risk challenges. Website: Darcy.Partners