BLOG POST BY OUR MEMBER FULCRUM
The impact of COVID-19 and the economic uncertainty that has also resulted, has forced businesses worldwide to adapt to new market conditions as they seek to ensure ongoing business survival.
A new compliance landscape with new regulatory changes poses numerous challenges for businesses worldwide and across all sectors. These businesses need to operate under significant obligations and additional pressures, at a time of increased scrutiny from government, regulators, and the general public as they consider whether businesses are responding ethically and responsibly to the current changing environment.
These challenges further add to the growing pressure upon businesses that are already trying to grapple with the consequences of how they will be affected by the UK’s Brexit deal and what this will mean for both business relations between the UK and the European Union, but also in respect of the UK’s bilateral relations with individual European countries.
In this current uncertain climate, it is therefore crucial for businesses to ensure that their compliance programmes are robust, resilient, and adaptable so that new and/or heightened risks resulting from new market conditions can be adequately mitigated by internal processes, policies, and controls. This will support business survival, reassuring investors that the business is operating ‘safely’ and is well prepared to respond to potential new risks, changing market conditions, and regulatory changes.
How can businesses navigate the new compliance landscape?
It is important that businesses monitor regularly the changing regulatory landscape and fully understand the risks to which they are exposed, and respond in a timely and comprehensive manner.
a. Identifying the key compliance risk areas to which they are exposed
As new guidance and legislation is implemented in response to the pandemic, companies must react in real time to a changing risk landscape. It is crucial that companies have a thorough understanding of the new risks posed in their business sector and respond accordingly. Some key risks are:
- Budgetary constraints and a reduced workforce– As businesses face economic pressure, they may find that their risk and compliance functions are operating with reduced budgets and resources, impacting upon their ability to conduct adequate compliance checks, monitoring, and screening across all business operations. It is important that companies guard against such risks and adapt practices to ensure that compliance is maintained at all times. This may mean, for example, using technology more to ensure effective communications and messaging, and considering whether responsibility for certain compliance matters can be shared with the business.
- Reduced mobility and travel restrictions– With government lockdowns and travel restrictions, businesses are less likely to be able to conduct on-site visits and maintain face-to-face contact with employees and third parties. So far as possible these practices will need to be undertaken remotely, presenting additional hurdles for businesses as they seek to monitor operations and investigate any allegations of potential misconduct.
- Supply chains– Supply chains have been, and are likely to continue to be, adversely affected by future lockdowns and travel restrictions, leaving businesses with little alternative but to on board new suppliers to ensure business operations and to safeguard business continuity. It may be that the urgency and pressures upon teams to ensure ongoing business continuity may lead individuals to bypass company processes and procedures when conducting due diligence, prioritising financial gain over compliance, and potentially exposing a business to new risks. It is important that companies guard against such risks, and continue to undertake risk assessments and remind employees of the importance of due diligence in all cases.
- Adjusted risk appetites– Companies in financial distress may become less risk averse so as to ensure business survival, however, they must continue to stay alert to how their risk appetites are evolving and the implications that such changes will have upon their business. Any adjustments must be communicated to staff to ensure that they are familiar with company practices and continue to adopt a compliance culture across business operations.
- Increased interaction with public bodies/officials– In response to the pandemic, governments and public bodies have provided, and continue to provide, emergency financial packages to support companies and individuals during the crisis. In such circumstances, companies must ensure that the funds are used appropriately and in accordance with government guidance to avoid any future allegation over the misuse of public funds.
- Corporate social responsibility (CSR) initiatives– With the increased social and ethical demand for companies to assist those in need in times of crisis, and to act urgently, there is a potential risk that company funds could be diverted for illegal and/or unethical purposes. Companies should continue to adopt appropriate due diligence on potential CSR initiatives to ensure that all CSR programmes and charitable donations comply with company policies, and to reinforce such policies and procedures with employees where necessary.
- Regulatory changes following Brexit – In addition to the above risks, businesses must consider further regulatory changes resulting from the UK’s exit from the European Union, as this may impact upon Spanish businesses operating in the UK and vice versa. This will require close attention to, and compliance with, both UK and EU regulations, particularly after 31 December 2020 which marks the end of the transition period. Businesses will need to adapt swiftly to a new regulatory framework and ensure that their compliance policies and procedures encompass any new requirements and obligations so as to avoid regulatory breaches and reputational damage.
b. Ensuring that internal policies, processes and controls are adequate to the risks identified
As new risks are identified, and new guidance and legislation is introduced, businesses need to ensure that they monitor and review internal policies, processes and controls to ensure that they are comprehensive, responsive to new market circumstances and regulatory changes, and reflect the changing risk landscape. This may require consideration of the following:
- Tone from the top – Senior management should be active in promoting a culture in which corruption and unethical conduct is not accepted, and that they continue to communicate their company’s commitment to carry out business fairly, honestly and openly.
- Communication – Companies must communicate any risk adjustments to employees promptly, ensuring that they have an appropriate understanding of their obligations and act accordingly. Companies must encourage employees to report any suspected or actual misconduct and have in place appropriate whistleblowing procedures that protect the whistle blower from repercussions, whilst ensuring that any suspicious or actual wrongdoing is addressed promptly and effectively.
- Due diligence–At a time when companies may need to use alternative business partners owing to travel restrictions or reduced budgets, companies must ensure that counterparty due diligence and other on-boarding procedures are not overlooked. This will involve: (i) conducting new risk assessments on third parties and partners; (ii) adjusting internal policies and controls to account for new or heightened risks; (iii) reminding employees of the importance of conducting thorough due diligence throughout business relationships; and (iv) monitoring the results of the due diligence.
- Monitoring and review– Companies must continue to monitor and review their policies, procedures and practices throughout the pandemic to ensure that they accord with all regulations and guidance and adapt to forthcoming changes in a prompt and timely manner.
COVID-19 has brought about new challenges, economic uncertainty, and regulatory changes for businesses, adding pressure to the existent concerns that have emerged from Brexit. Whilst COVID-19 restrictions and the current climate of uncertainty have a direct impact on business relationships between Spain and the UK, posing additional hurdles to business continuity for companies, businesses must adapt to these new market conditions in a way that ensures good compliance practices.
There is no COVID-19 defence for non-compliance so it is important that management and compliance teams continue to keep on top of their compliance agendas, regularly review and monitor the risks that their business face, and ensure that their business practices, policies and procedures respond appropriately to these risks.
Fulcrum is a highly specialised legal advisory and consultancy business comprising barristers, solicitors, investigators, and other high calibre professionals.
We have established ourselves as a market leading firm providing strategic legal advice, consultancy, and representation for governments, public bodies, corporates, and private individuals in the fields of financial crime, corporate governance, and risk and reputation protection.
Our work ranges from assisting with structural compliance tools, such as policies, procedures, training, compliance audit, through to conducting internal investigations, where there is a particular concern.
We have been involved in, and continue to be involved in, the most significant and high-profile international corporate criminal investigations and prosecutions of the past decade, whilst acting as the trusted advisers to many corporates and other organisations in related areas.
Follow Fulcrum‘s LinkedIn page
If you wish to download this article, please click here.