by Muel Kaptein
Since the corona crisis, the agenda of compliance officers has changed considerably. But what will the agenda of compliance officers look like when the (semi) lockdown is phased out and organizations start working on their recovery? The recovery phase brings all kinds of new issues and work with it for the compliance function. Below I briefly describe eleven new items for the compliance agenda after the lockdown. Are there items that you think are not addressed in this list or ones that you see differently? In random order, I see the following eleven new items for the compliance agenda.
Compliance function budget under pressure
Many organizations are financially stripped after the crisis. Cutbacks then are likely. The compliance function will not escape this. Or at least boards will ask whether things can be done with a lower budget. Reconsidering and benchmarking the compliance business case, governance, charter, staffing and planning are obviously part of this.
Maintaining a culture of compliance
The crisis already placed great demands on the compliance culture of organizations, but the period after that will probably do so even more. When all attention is focused on recovery, employees may feel compelled to disregard internal and external standards. And organizations that were in overproduction during the crisis period run the risk of employees collapsing. Maintaining a culture of compliance is a huge and necessary task for the compliance function.
New business partners
The crisis teaches the importance of spreading risks, for example with regard to where organizations buy, who they buy from and who they do business with. Organizations will therefore partly change business partners. This means that these new partners need to be screened for compliance risks, contracts with them need to be assessed for compliance, and compliance monitoring needs to be put in place. Saying goodbye to partners can also involve compliance issues, such as improper pressure, compensation orders, and improper exit arrangements.
Digitization of compliance activities
The crisis forces organizations to step up the use of digital resources, which will accelerate the digitization of work processes after the crisis. The compliance function will have to follow suit and work more on digitizing the compliance risk analysis, policy house, compliance monitoring and compliance training (for example, through a compliance dilemma app).
Code of conduct review
The crisis prompts many organizations to question whether pre-crisis organizational values and standards suffice for post-crisis use. Do they fit the new morals? Compliance officers can take the initiative to review the organization code because it touches on all kinds of compliance issues, such as privacy, competition and export controls.
Increased incident handling
A crisis is often accompanied by an increase in misbehavior, such as fraud, theft and unfair competition. The financial and performance pressure increases, as does the opportunity for misbehavior (due to, for example, less control). However, this can only become apparent after the crisis because employees then experience room again to report incidents and regulators will start investigating them (for example, whether government support was obtained lawfully). As a result, the compliance function is likely to have its hands full handling incident reports.
Catching up on compliance training
During the crisis, many employee compliance training courses were cancelled. If such training was necessary, there is now a catch-up effort to be made.
Reorganization risks
Because of the crisis, many organizations will reorganize internally. The reorganization process and the new organization entail all kinds of new compliance risks. For the compliance function, this means determining these new risks and then reassessing and testing the compliance controls.
Improving risk management
The crisis shows that there is connectivity between risks. Risks cannot be viewed in isolation, but only in relation to each other. For example, the distinction between financial and non-financial risks is inappropriate. This means that the compliance officer must work closely with other risk officers in the organization and critically review the current risk framework.
Robotization
In addition to digitization, the crisis will accelerate the robotization of work processes. For the compliance function, this involves all kinds of activities, such as determining the compliance risks of robotization, designing the ethics, rules and contract terms for it and monitoring their compliance.
Increasing legislation and supervision
An inherent characteristic of a major crisis is that society wants to learn from it in order to prevent any recurrence. This is accompanied by new legislation (just compare the torrent of legislation following the financial and economic crisis in 2008). In response to the current crisis, new or amended legislation, with subsequent monitoring, is to be expected in the areas of wildlife trade, climate change, privacy and human rights. New legislation and supervision mean extra work for the compliance function.
All in all, a whole list of new compliance topics for the compliance agenda. These topics are not equally relevant and new for every organization. And no doubt the above list is incomplete. For example, does social distancing belong on the compliance agenda while it is in force? That is why I am curious as to whether you identify other topics or have a different take on certain topics.
The author, Muel Kaptein is a Professor Business Ethics at RSM Erasmus University.