As COVID-19 shifts the risk and compliance landscape for businesses, Deloitte’s Rob Biskup comments on the changing environment and offers guidance for CCOs as they strive to move forward
It can be said that when you strip the bark off a tree, it tends to expose the decay — and this metaphor may be particularly apt in the post-COVID-19 pandemic world that Chief Compliance Officers (CCOs) soon will inherit.
In the wake of prior challenging times, the rot of fraud, waste, corruption and abuse was too often exposed in various shapes, forms, schemes and scenarios. In some instances, fundamentally good people fell into doing bad things and succumbed to the familiar fraud triangle of pressure, opportunity and rationalization. These situations didn’t always end well for the companies and individuals involved. We saw how scandals led to high-profile investigations, prosecutions, tarnished reputations, destruction of shareholder value and — in some cases — corporate distress and insolvencies.
Helpfully for CCOs, during prior difficult times there was a concurrent evolution of compliance and regulatory guidance, offering greater clarity around leading practices for CCO roles and responsibilities, as well as the design and operation of corporate compliance programs. CCOs who previously had to divine meaning and direction from the no-frills U.S. Federal Sentencing Guidelines were enlightened and aided by invaluable and instructive guidance from multiple regulators in the U.S. and abroad. In short, the mystery of what constitutes an “effective” corporate compliance program was swept aside, and the pathway today is far more sure-footed.
In this emerging post-pandemic environment, companies again will be under enormous pressures, and the mettle of corporate compliance programs once more will be put to the test. As before, CCOs will be presented with challenges. Forward-looking CCOs might look at this as a rare opportunity for compliance departments to enter their zenith of influence and earn a seat at the C-Suite and boardroom tables, as compliance risk management quickly becomes a top corporate priority.
To this end, CCOs would be well-advised to consider, for starters, some thoughts on the following steps:
1. Let Dynamic Risk Assessment Become a Mantra
In the current environment, with new and unique compliance challenges on the horizon, it is important for CCOs to embed and operationalize the notion of “dynamic” risk assessments into the company’s DNA. In other words, risk assessments that are the antithesis of “one and done,” that are frequently refreshed and updated to avoid compliance blindsides and anticipate what is coming next around the corner. Equally important is for CCOs to proactively take a leadership role in helping guide the design and embedding of internal controls, business processes and IT systems to manage emerging risks and define corrective measures where appropriate.
2. Be Helpfully Omnipresent With the C-Suite and Board
Communication is key in all things compliance — especially at the top of the house. This is exponentially true in times of crisis, with corporate boards and management at battle stations on every front. CCOs have an opportunity to play an indispensable role in providing finger-on-the-pulse updates on the emerging risk management landscape. CCOs can provide invaluable assistance to management in proactively embedding new operational business processes, controls and systems to effectively manage emerging compliance risk. They also can serve as a critical communication bridge for regular information updates to the board to assist them in optimizing the execution of their fiduciary oversight duties. CCOs should consider increasing both the frequency and content of their communications with management and the board.
3. Extend the Eyes, Ears and Reach of Compliance
Given the disruption to global supply chains and corresponding compliance risk, CCOs also should consider their surge capacity needs from an operational perspective. To any compliance function, procedural delays in executing internal investigations and untimely marshalling of facts and remedial measures can be acutely debilitating to maintaining program effectiveness and employee trust. CCOs can mitigate this risk by proactively exploring variable cost external support, including “on-call” investigation support and capabilities designed for rapid deployment, technology-enabled delivery and predictable costs to augment in-house forensic accounting and investigations resources around the world. CCOs also might consider extending access to company hotlines and helplines to provide vendors and suppliers with a means to report potential irregularities.
4. Remain Vigilant for Financial Fraud
History tends to repeat itself. While new areas of compliance risk may occupy the attention of CCOs, they should continue to pay equal attention to the familiar landscape of fraud, waste and abuse that tends to reappear during times of organizational stress. This includes many familiar risk areas that CCOs have seen before: significant management estimates, contingent liability and other discretionary reserves, tangible and intangible asset valuations and impairments, revenue recognition and topside consolidation adjustments, management overrides of internal controls, employee/vendor conflicts of interest, expense account abuse, corrupt payments to foreign government officials and so on. In the current environment, astute CCOs should consider dialing-up monitoring, auditing and testing plans to more confidently face off against the likely increased risk of financial fraud.
5. Invest in Fail-Safe Systems and Controls
With unprecedented volumes of government money being poured into economies across the globe, it is the rare company that won’t be impacted by one or more forms of governmental assistance: government loans, government contracts and government aid programs, many of which will be implemented and processed through the global corporate and banking infrastructure.
With trillions at stake, it is unsurprising that governments — knowing well the susceptibility of these programs to fraud, waste and abuse — will be closely monitoring the administration and handling of monies accompanying these various programs. CCOs are well-advised to scour their organizations for any form of government monetary connectivity and, where such linkages exist, to implement reliable controls and IT systems, coupled with robust monitoring for fraud, waste, abuse, internal control gaps, accounting irregularities and regulatory exposure.
It may be an aphorism to observe in the current environment that the future is uncertain and the business risks unclear. But still, what better time for CCOs to showcase the capabilities and fundamental institutional value of a strong and enduring commitment to compliance? The hour is upon them. The formidable task is for CCOs to seize the opportunity. And if history is a reliable guide, progressive CCOs will rise to the challenge and help see this through.