Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.
Sign up for our Compliance newsletter
You must correct or enter the following before you can sign up:
Thank You!
Law360 (April 14, 2020, 3:49 PM EDT) --
 |
| David Resnicoff |
 |
| Kelly Warner |
In the C-suite, chief financial officers were ascendant — essentially the first responders, ensuring economic viability in uncertain times. For good reason, budget and headcount reductions knew no limits. Compliance programs were not immune, essentially ending a seven-year expansion triggered by the WorldCom, Enron and Tyco International compliance debacles that marked the beginning of this century.
Across every industry, chief compliance officers, often in partnership with general counsel, were challenged to meet stakeholder compliance expectations with clipped budgets, reduced headcount, and even less appetite for compliance to have a real seat at the table.
The ultimate human and economic ramifications of the current COVID-19 crisis are yet to become clear. Perhaps the current economic contraction will be a quick detour. The view of most economists, however, is that the global economy will take anywhere from three to 12 months to begin rebooting.[1]
Even with inevitable multiple trillion-dollar bailout packages, for some period of time it is reasonable to expect most companies will repeat the cycle of 2007-09: severely reduced budgets, reductions in force, and dwindling bandwidth for compliance concerns.
Eventually, spring will come. Once the global economy begins to open for business, competition will be fierce to resurrect client relationships, land new business and expand frontiers. The pressure to execute rapidly will be severe, as will the emphasis on demonstrating immediate positive financial results. At the same time, private and government counterparties will have extraordinary leverage — and therefore extraordinary opportunity — to extract concessions in negotiations, both appropriate and inappropriate.
This dynamic inevitably changes decision-makers' risk-reward calculus. The perception of some may well be "it is better to ask for forgiveness than permission." There will be increased opportunity to short-circuit or skip altogether compliance processes, such as third-party due diligence. However risk materializes, the compliance challenge will be magnified.
But stakeholders will not have lower expectations, whether government regulators and enforcement authorities, shareholders, customers, local communities, or the press. Any sympathy or understanding of context that might exist at this moment will largely evaporate two years from now, which is invariably when compliance issues will be unearthed and examined.
Of course, compliance program expectations should be proportionate to available resources, but a significant compliance failure is still a significant compliance failure, and compliance officers and corporate counsel should not expect much in the way of mitigation. At the end of the day, the enforcement agencies will expect compliance programs proportionate to risk and enterprise scale, with little flexibility for economic conditions.
So, what's a poor compliance officer to do? Reflecting on experience from the Great Recession, here are a few recommendations to help lead compliance functions through uncertain times.
1. Proactively Inventory and Reprioritize
As business leaders, compliance officers ought to embrace the current business challenges and proactively self-identify how they can help reduce costs and increase efficiency within their own organizations without substantially changing their risk profile. Recognizing the difference between the essential and the discretionary will build capital and credibility as a business partner and help maintain a seat at the business table while maintaining program effectiveness.
For example, nothing beats a ground-up inventory of current compliance assets and ongoing projects, choosing between essential and discretionary activities.
What promises to be higher immediate impact for the expenditure of time and money? Distributor due diligence in Asia, the Middle East and Latin America, or code of conduct revision and live global rollout? A hardcore due diligence assessment of a potential joint venture partner in Russia, or embedding compliance factors in personnel evaluations? Retaining your subcontracted export control and sanctions specialist, or the subcontracted compliance trainer?
In this reprioritization, as always, consider your company's particular risks, both new and emerging, and where your program is in its life cycle. Factor in your ability to postpone initiatives to a future year rather than cut them altogether.
The important thing is to begin the evaluation process now, get ready to choose, and maintain control over your choices. Keep a list of where you have trimmed or put off, as there will be time in the future to tackle the deferred maintenance.
2. Maintain Operational Cadence
In a stressed corporate environment, it is even more essential to maintain scheduled participation in your board and C-suite calendar. Compliance officers should still brief their audit committees and their C-suite partners, with the same agendas, at precrisis frequencies. Compliance and whistleblower committees should meet as calendared.
Compliance should still be a feature on quarterly and annual sales and marketing meetings. The pressure to crowd these out will be real, but continuity is essential. These are the operational bones of any compliance program. They allow the voice of compliance to be heard. Once lost, they are hard to recreate.
3. Back to the Future: Deputize Across Functions
Headcount reductions among compliance department employees and legal departments are inevitable. In the era before robust compliance departments, compliance officers primarily relied on natural allies in other functions to serve as gatekeepers, counselors, trainers and implementors.
For example:
- Work with finance to ensure strong internal controls over the retention of third parties and vendors and corresponding payments. These are the backbones of any solid compliance program.
- Harness internal audit to include components of quantitative or qualitative compliance audits as they conduct their routine work. This could include inquiries in country-specific audits focusing on compliance governance and procedures, allegations of misconduct, or meals and entertainment with government officials.
- Task colleagues in legal with spotting and raising issues of particular importance to your business. Reinforce the need to be at the table early during joint venture and M&A discussions. Think of embedding compliance concerns in contract review checklists.
- Rely on HR professionals to serve as your eyes and ears on cultural issues that may emerge and be "leading indicators" of compliance issues, such as "no dissent" or retaliatory environments.
Consider also ramping outside resources up and down as needs require. A partial or rotating secondment from a trusted outside firm, for example. Or, outsourcing helpline triage, or an investigation, that would ordinarily be done in-house. Yes, they will involve outside counsel fees, but they are projects that can be turned on and off as needs require, unlike permanent employees.
4. Enlist Business Management in the Cause
As management calls for budget and headcount reductions, consider activating the most effective tool in the box: business leadership itself. More than training, more than compliance reminders, more than auditing and monitoring, employees respond to those who control their salaries, bonuses and professional opportunities.
Personally enlisting management at all levels of the company to drive compliance is a low-cost, high-impact technique to compensate for lost resources that will pay dividends in the future. Try providing them with simple techniques to employ in their team meetings, such as compliance talking points, a quick hypothetical, or 10 minutes on an agenda for a quick compliance presentation. Think easy and high impact.
5. Increase Visibility
It will never be more important than now to maintain and enhance your public profile within the company. Embrace your role as a corporate leader and personality. Consider short, snappy ways of remaining top of mind.
This could be through quick, YouTube-caliber compliance reminders, or short email blasts on what is most important to you and your company at this time. Let employees know the "corporate conscience" is still at work. Create the perception of omnipresence and scale, even as the resources for yours may be decreasing.
6. Take the Risk Out of RIFs
The sooner compliance officers have visibility into proposed RIFs, the greater their ability to minimize and manage attendant risk. It is critical to identify and address the impact of any RIF on employees who have raised ethics and compliance concerns, whether through the hotline or some other channel, and on employees who are witnesses in ongoing internal or government investigations. It is always a good idea to run a RIF list against your complaint or hotline database.
Prior to terminating a whistleblower or a witness, ensure you have obtained all of the facts and all of the cooperation you need and are able to obtain. If there is a potential or ongoing government investigation, consider whether the government will be frustrated you no longer have access to the witness and factor that into any cooperation decision.
It may be that there are good reasons for keeping an employee, at least for a period of time. If there are not, ensure the company has an independent and unrelated basis for including the employee on the RIF list. You can count on a retaliation allegation, if not a complaint, and you should build a record ahead of time.
Any RIF will generate its share of ethics and compliance complaints, ranging from behavioral to code of conduct to regulatory concerns. Ensure departing employees have an opportunity to voice such concerns. Missing or discounting a complaint raised during a RIF will be viewed as an aggravating factor by regulatory authorities.
Develop a formal process to log, triage and evaluate those concerns, as you would any whistleblower or employee complaint. Task HR to handle HR issues, and make sure legal and compliance have adequate time to handle compliance and regulatory concerns. Record and track efforts in this regard.
Open formal investigations where warranted and pursue until closure. Use technology to obtain initial interviews. Engage outside counsel to advise on, or perform, the investigation.
7. Economize, But Don't Short-Circuit, Investigations
There is nothing wrong with thinking hard about performing efficient investigations to reduce cost and time spent. But no regulatory or enforcement agency will have sympathy for complaints not run to ground, material issues missed, important witnesses not contacted, key documents not reviewed, and compliance gaps not fixed. The key to efficient and defensible investigations is being able to justify, in hindsight, why tactical choices were made and were reasonable under the circumstances.
For investigations handled internally, benchmarking with outside counsel can help craft defensible decisions and provide cover. For internal and outsourced investigations, documenting choices in an investigative plan is good practice. For all investigations, being able to demonstrate an earnest effort to unearth the facts remains an irreducible hallmark of a credible investigation.
8. Track Deferred Projects, and Plan a Post-Crisis Inventory and Risk Assessment
Keep track of foregone opportunity and lost resources. There will a time to reboot those projects and rebuild your team. When you eventually pull out that list, you may find your risk profile and priorities have changed.
When the dust settles, your company and your program will look different than it does now. At a point of greater stability and resources, a second program inventory and risk assessment will help you right-size and rebuild your program to align with that future state and growth. Hopefully you will still have a solid platform on which to build.
Conclusion
Ultimately, the economic pendulum will swing back toward the center, and compliance officers will see more resources coming their way. Until then, however, they will need to do more with less, which is possible with a bit of creativity and historical perspective.
David H. Resnicoff is a partner at Riley Safer Holmes & Cancila LLP. He is a former assistant U.S. attorney in the Eastern District of Pennsylvania and former vice president of compliance at Baxter International.
Kelly M. Warner is a partner at Riley Safer and a former assistant special prosecutor for Cook County, Illinois.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] "WSJ Survey: Coronavirus to Cause Deep U.S. Contraction, 13% Unemployment," Wall Street Journal (April 8, 2020).
For a reprint of this article, please contact reprints@law360.com.
