No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

COVID-19: Rearchitecting for the New Compliance Risk Paradigm

4 Key Strategies to Implement Now

by Neha Gupta
May 27, 2020
in Featured, Risk
blueprint of building

Every organization’s risk profile has changed because of the current crisis. Companies that have not performed a risk assessment since the pandemic started are already behind the curve. True Office Learning CEO Neha Gupta offers recommendations for commanding control of new risks while preparing for the future.

The COVID-19 crisis has exacted a terrible human and economic toll in a short time. Compliance professionals must accept that the risk landscape will simply never be the same again.

Over the past few months, the workplace has changed significantly, and a new normal will soon emerge as companies identify their approach to returning employees to physical offices and facilities. Compliance teams have a unique opportunity to be proactive and prepare for what lies ahead, rather than try and wait out the crisis.

The compliance professional’s role during and after the COVID-19 crisis is threefold:

  1. Communicate with employees about how to stay compliant despite the pandemic-driven business shifts with easy-to-follow, prescriptive guidance.
  2. Recognize how risk has evolved because of the crisis and bring in a cross-functional team to address identified gaps and monitor new risks.
  3. Understand that this new reality may be permanent, and have a plan to re-architect a company’s approach to risk — now and in the future.

All three of these objectives should be on the compliance team’s radar in order to avoid playing catch-up with evolving risks. This pandemic will inevitably bring continued uncertainty. The more proactively teams can anticipate risks and remediate them, the more sustainably their business can grow and navigate these uncharted waters.

The Evolving Risk Landscape

The rise in remote work presents an obvious challenge: How can companies maintain a culture of compliance while mitigating risk when people aren’t in the same location? Moreover, many people have been thrust into temporary roles, making it difficult to ensure they understand the compliance requirements of their new tasks. As offices reopen, day-to-day logistical challenges and safety issues will continue to be paramount.

Additionally, performance pressure on businesses will be exceptionally high in the second half of the year. Employee morale and sentiment might be shaken due to layoffs, furloughs and personal events, yielding greater distraction and less focus on and commitment to the workplace.

Managing risk through the pandemic requires us to accept that the pandemic is fundamentally changing risk. No matter your industry, in order to successfully prepare for the increased risk of cybersecurity, operational, safety, regulatory and reputational issues, consider:

  • What policies and best practices must be implemented to keep employees safe — and avoid spreading the virus — in the workplace? What is the plan if someone falls ill? What should managers do if employees don’t comply?
  • Which groups are most likely to be under excessive performance pressure? What communication and awareness efforts are in place to make sure that company values stay top of mind?
  • What risks from new or revamped processes have emerged and must be addressed (e.g., data privacy risk of employee health information)?
  • How are investigations and escalations handled when everyone is remote?
  • How do we identify and report conduct or ethics issues effectively in this new, dispersed working environment? What strategy will the organization take to avoid bias or discrimination resulting from COVID-19?
  • Are company policies regarding sick leave, benefits, privacy, protective equipment and other COVID-19 concerns in line with updated government, industry, union and parent company regulations?
  • And most important of all: What is our plan to train and prepare the workforce for entry into this new normal? How will we determine whether or not they truly understand the changes and know how to apply them?

In this new landscape, data is more critical than ever before. Determining which key risk indicators and triggers must be added to the assessment process will be essential for staying ahead of the curve. Equally important is identifying internal stakeholders and departments that need to be aligned with along the way so employees are getting the same information from compliance and the business. People will have questions and concerns; compliance needs to be there to cohesively provide answers and allay fears.

Redefining and Restructuring Compliance and Risk

This pandemic is a crash course in change management. If your compliance department struggled with risk identification before, this crisis has likely forced a short-term reactive strategy, which isn’t sustainable or suitable for the long run. If you have a mature risk assessment process, you have an opportunity to enhance and re-architect it so that you are leading the change instead of following it.

This unique opportunity not only demonstrates how compliance addresses any future COVID-19 developments, but also shapes compliance’s role in the organization as a business impact driver. When new and evolving risk flares again — even outside of the pandemic — compliance departments can set a standard for surviving the crisis.

4 Strategies to Implement for Success

Working through the COVID-19 risk landscape and reimagining compliance and training processes on the other side may seem daunting when so much is in flux. These four recommendations offer a blueprint for commanding control of existing and new risk while preparing for and mastering the future:

1. Conduct Dynamic Risk Assessments

As already mentioned, compliance professionals must have an immediate idea of what has changed in their risk landscapes. This should include the obvious updates to laws and developments in cyber-risk, supply chain, fraud, and conduct risk, but it also should address concerns that were minor before but are now much bigger due to changes in how the organization will conduct business going forward.

2. Re-Prioritize

The business-as-usual approach to compliance should be void right now in the short term. Pre-pandemic plans and campaign calendars don’t matter in the new risk landscape. When resources are strained, employees’ attention spans are limited and conventional wisdom no longer applies, we as compliance professionals must change our approach.

Focus on sticking to the most critical messages — keep them short, relevant and human. Refocus on monitoring, surveillance and tracking the areas of risk that have increased since March, as well as establishing and strengthening relationships with departments that have been pulled into the risk profile. Everything else can wait.

3. Rewire for Remote

Prior to COVID-19, many organizations operated with compliance staffers or risk area owners monitoring employees who have high-risk functions and responsibility in real time, because it was easier to alert, adjust and educate on the spot. Any mechanisms associated with that strategy have all but evaporated in the remote and socially distanced work environment.

To compensate for this loss, compliance should amplify targeted training, humanize communications, home in on awareness for the top risks and identify the employees that perform risky tasks. More broadly, compliance needs to dispel the myths that remote operations are held to a different standard than on-site operations. The company’s day-to-day reality may have changed, but its values — especially in addressing risk — haven’t and shouldn’t.

4. Architect a Medium- and Long-Term Compliance Strategy

Some COVID-19 issues should take priority, because the world is a giant wildfire and compliance professionals are simply trying to get out of the woods. The fire will stop someday, and organizations will need to replant the forest.

Compliance departments should consider the future as well as the present so that instead of restarting the journey, they incorporate the next steps into what they’ve already achieved. Compliance professionals need to think of all the policies and their applications in a remote environment, because during the medium term, some percentage of your workforce will continue to operate in a nontraditional environment.

Encouraging Compliance

A comprehensive survey by Ethisphere of more than 585,000 employees worldwide found that workers are three to five times less likely to report actual or perceived corporate wrongdoing if they consider the company’s training and communication to be ineffective. In other words, if an organization isn’t serious about compliance training and communications — especially in a time of crisis — their employees also won’t be. The consequences can be disastrous.

Character is tested during times of duress. Even if a company dodges every risk bullet, the damage to its compliance culture will be steep — and possibly irreparable — if the tone at the top departs from a focus on values. This sets the stage for a progressively higher risk of violations over time.

Compliance benchmarking data shows that employees are significantly more likely to report violations to their managers than other channels. To encourage compliance, it’s more important than ever to make sure you train managers on how to respond to violations and escalate them to the appropriate channels. Risk-based, adaptive learning approaches or manager tool kits and job aids can make this easier, as well as maintain alignment with the latest DOJ guidance.

The COVID-19 crisis is a chance for compliance to step up — to choose whether it wants to be an empathetic, collaborative business driver or a cost center that will solve problems after they happen. With a plan to address the present and navigate into the emerging future, compliance professionals will be able to stay ahead of the curve, earn the respect of leadership and business stakeholders and avoid artificial hurdles that derail business recovery and growth.


Tags: COVID-19Crisis ManagementRisk AssessmentTone at the TopTraining
Previous Post

ICA to Host the BIGGEST Online Event for Compliance Professionals in 2020

Next Post

Banks Set to Accelerate Digital Transformation in Response to COVID-19

Neha Gupta

Neha Gupta

Neha Gupta is Chief Executive Officer at True Office Learning, where she is responsible for the product and technology vision, strategy and growth. Prior to her role as CEO, Neha served as Senior Director of Learning Solutions & Strategic Initiatives at NYSE Governance Services, leading all product strategy and development initiatives for the business. Neha has also served as Citigroup’s Chief of Staff for the Institutional Clients Group Technology organization, reporting directly to the CIO. In her time with Citigroup, Neha led a number of strategic change management efforts involving critical, multimillion-dollar initiatives across industries. Neha holds an MBA in Management and Business Strategy from Rutgers Business School and a BE in Computers and Electrical Engineering from the Honors College of Engineering at Rutgers.

Related Posts

uvalde crosses

Will 2023 Bring More ‘Permacrisis’ Culture?

by Lisa Schor Babin
January 4, 2023

While 2022 had no shortage of chaotic events, ethics columnist Lisa Schor Babin shares her hopes for 2023 — and...

classroom

When It Comes to Compliance, Should We Educate or Train?

by Calvin London
November 16, 2022

A Gallup survey last year found that among employees who had received training on ethics and compliance, fewer than one...

red flag warnings

Fostering Risk Transparency in the Organization

by Jim DeLoach
November 9, 2022

Serious risks to your company’s financial and reputational health probably aren’t going to walk up and introduce themselves. Protiviti’s Jim...

NAVEX regional whistleblowing hotline benchmark report_f

Navex 2022 Regional Whistleblowing Hotline Benchmark Report

by Corporate Compliance Insights
November 9, 2022

Explore benchmark data and regional comparisons for Europe, APAC, North America and South America. Regional Benchmark Report 2022 Regional Whistleblowing...

Next Post
illustration of internet banking, payment security

Banks Set to Accelerate Digital Transformation in Response to COVID-19

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT