The Road Back To Business As Usual: 12 Steps For Cos.

By Mark Gidley, Michael Kendall, Kevin Bolan and Ira Raphaelson
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Competition newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (April 23, 2020, 3:56 PM EDT) --
Mark Gidley
Mark Gidley
Michael Kendall
Michael Kendall
Kevin Bolan
Kevin Bolan
Ira Raphaelson
Ira Raphaelson
The impact and duration of the COVID-19 pandemic — and government responses to it — might be impossible to fully assess now. But an easy prediction is that the return to business as usual or even a new normal will occur more quickly for some sectors and may not occur at all for others. The new normal also might permanently alter some business and educational processes (e.g., higher remote internet usage) and health practices (e.g., distancing and stricter stay-at-home policies for the sick).

But it is not too early for boards of directors, senior management, and in-house counsel and compliance personnel who advise them to start planning how best to return to as much business as usual as possible or even better business as usual in the future. For quick, initial guidance, we turn to the lessons learned from other commercial crises:

  • The savings and loan crisis of the 1980s (lesson: focus on asset valuation, appraisals);

  • The late 1990s' accounting scandals (lesson: promote transparency and reasonable, contemporaneous record-keeping);

  • The derivative-market collapse of 2008-09 (lesson: scrutinize selling, general and administrative expense matters); and

  • The Great Recession (lesson: "value" that lasts is complicated).

History can help us to shape a smoother return to as much business as usual as is achievable. To promote that universal goal and as a message of hope, we offer 12 things virtually all businesses should consider to manage what happens next — because there will be a next.

1. Dust off your last enterprise risk management report.

Yes, the environment in which all businesses now operate has changed because of these unprecedented and unpredictable times. But you already have the best thinking about business risks available: the last enterprise risk management, or ERM, report that management presented to your board of directors.[1]

Before the COVID‑19 pandemic, the U.S. Departments of Justice,[2] the U.S. Department of the Treasury,[3] the U.S. Securities and Exchange Commission,[4] and law enforcement authorities in the U.K.,[5] and France[6] all emphasized the importance of ERM exercises as part of establishing and operating effective compliance programs.

During the pandemic, closed businesses have limited risks to manage (e.g., debt covenants and physical plant security or safety). As we return to business as usual, it is unlikely that prosecutors will excuse compliance shortcomings that were identified in preexisting ERM exercises.

Indeed, the current crisis will likely only amplify these known risks, not change them. Companies that continue to promote the appropriate tone at the top, to actively and effectively apply their compliance policies, and to document those efforts (and, where appropriate, disclose them) will be best situated when, as in the aftermath of every financial crisis, law enforcement scrutiny increases.

2. Compete within the rules.

COVID‑19 has necessarily led to a rise in legitimate business collaborations. U.S. competition authorities have announced that they will expedite review of certain, time-limited collaborations focused on responding to the pandemic.[7]

The DOJ Antitrust Division has already approved two business review letters under its COVID‑19 seven‑day review process. While these two approvals were for health-related coalitions, the expedited review process is available to companies "in any sector of the economy that are responding to this national emergency."[8]

Corporations engaged in U.S. commerce to combat the coronavirus should also reacquaint themselves with novel defenses under the Defense Production Act and its regulatory predicates.[9]

It is likely that in the rush to get things done, however, some businesses may be tempted to cut some corners. The limited, potential relaxation of antitrust scrutiny should not make anyone complacent.

As in the aftermath of previous economic crises, scrutiny of business collaboration (even of legitimate COVID‑19 collaborations) will eventually return (and certainly by the class action bar). U.S. law enforcement is already sending the message that their scrutiny is not going away. The DOJ Antitrust Division and the Federal Trade Commission recently reaffirmed their commitment to promoting competition in labor markets, regardless of COVID‑19, including the use of criminal sanctions.[10]

3. Consider new customers with care.

There are two target groups as any business reopens: (1) existing and former customers to renew and (2) new customers. Both present a similar set of issues on restart: What do they want and in what order? What can you deliver? When? Can they pay? The pressure to find new customers as we emerge from the current crisis will be extraordinarily high.

But companies must also stick to fundamentals of compliance. When pursuing new customers, it is important to understand that the thrust of U.S. law, even when doing business abroad, promotes fair competition.

Antitrust laws target monopolies and cartels. Anti-corruption laws, including the U.S. Foreign Corrupt Practices Act, preclude bribery to further level the competitive playing field.

Anti-money-laundering regimes preclude concealing the proceeds of various anti-competitive and other unlawful actions. And other agencies and laws, such as the Office of Foreign Assets Control, the International Emergency Economic Powers Act,[11] and the Trading with the Enemy Act,[12] further govern where and with whom firms can do any business.

Companies best comply with all of these laws through the same types of predeal due diligence focused on identifying the real party and place of interest. As part of this scrutiny, companies must continue to ask all of the same questions that they asked in the pre‑COVID‑19 world.

Are these new customers located in a country that makes them high-risk or otherwise unsuitable? Will selling to those customers require you to do business with new third-party intermediaries (agents, consultants, contractors) that put your business at risk?

In the last 15 years — a period of renewed enforcement — a material fraction of FCPA proceedings involved third-party intermediaries.[13] In establishing new commercial relationships, knowing your customer will always be paramount.

4. Reevaluate your geographic reach.

U.S. law is only one source of risk that comes with the opportunities that new customers in new geographies present. In developing a business model, think of entry in practical terms and be mindful of critics of globalization (and they are everywhere): Will you be welcome there? Will the host country government and law enforcement treat you fairly?

Over the last decade, we have seen enforcement agencies for various sovereigns and multinational groups weaponize the enforcement of their competition, privacy and intellectual property laws. Sometimes those initiatives derive from the desire to protect "local" ventures (typically manifested by attacking allegedly "dominant" foreign competitors based in the US). In other instances, those initiatives derive from materially different legal values concerning competition, privacy and intellectual property.

The coronavirus crisis may create an additional, unfortunate risk of reciprocity: The higher that the pandemic causes the U.S. to raise the barriers to international trade and travel — even for good faith, public health reasons — the more difficult it will be (and the longer it might take) for U.S.-based companies to enter or reenter markets the U.S. has walled off (even if only temporarily). Good corporate citizenship and promoting environmental, social and governance, or ESG,[14] principles will become important tools in the private diplomacy channel.

5. Strengthen safety nets for production resources and your supply chain.

These are particularly important concepts where logistics, diplomacy and corporate philosophy intersect. During the pandemic, companies are facing many difficult choices across many issues. But production resources and supply chains are the circulatory systems of any international business.

The need for redundant sources of production and supply is a recurring lesson of every economic crisis. The global nature of this crisis may mean that this redundancy is of little help now, and may cause some companies to reconsider those relationships in the hope of reducing expenses.

But as certain geographies begin to emerge from the crisis (e.g., China), maintaining goodwill across the supply chain will be critical to returning to business as usual. In addition, the better that employees and business partners perceive that you treat them during challenging times, the more goodwill you will have built for the inevitable return.

The contours of the coronavirus pandemic may be novel, but there is precedent for how best to handle layoffs — and particularly in the context of organized labor and emergency situations.[15] These stakeholders will seek to punish missteps. For any perceived slight during the pandemic, you will first need to rebuild trust and guard against the risk of industrial sabotage before reengaging in business relationships with the same pre-pandemic tenor and returning to business as usual.

Finally, for many companies that have already committed to applying ESG principles, maintaining that commitment now can more quickly signal solidarity and establish affinities with prospective business partners down the road. For companies that have not yet embraced ESG principles, current planning for a return to business as usual should consider ESG and how to integrate those principles now, rather than trying to graft them onto business relationships midstream and in an ad hoc (and potentially inefficient) manner.

6. Revitalize the sales chain.

Production and supply chains are about buying. The sales chain is, obviously, about selling. Even in good economic times, there is pressure to achieve financial results that sometimes leads a firm's sales function astray in the view of government enforcement officials or the plaintiffs bar. On the road back to business as usual, those pressures will be greater to make up for lost time.

A few simple recommendations follow from the lessons learned from countless companies where, in the aftermath of economic crises, things went wrong: Sales people should be trained on how to deal with competition (and avoid unlawful coordination). Sales incentives should not be so ambitious that they promote bad behavior — bribery (the obvious kinds as well as the more subtle uses of promotional, educational and client entertainment budgets), kickbacks, the questionable use of cash, or even the generation of phantom customers.

7. Reassess, and potentially reset, financial controls.

The plain language of the FCPA's books-and-records and internal-control provisions focus on "accounting controls" and "books, records and accounts" — that is, on the controls imposed on recording "transactions."[16] More recently, however, the SEC has applied these financial controls provisions as imposing broader anti-corruption compliance controls.

We are not counseling that companies do more than the law requires. But a slowdown in the business as usual that generates all of these transactions should, conversely, promote internal checkups and increased hygiene concerning subsidiaries' practices for recording and reporting financial transactions.

It also provides a unique opportunity to examine the necessity of, and control over, each bank account used for expenditures. These exercises may prompt businesses to impose better-tailored discipline over expenditures upon emerging from the crisis, and may identify potential tax consequences that should be considered before proceeding.

The Internal Revenue Service has temporarily suspended many of its activities and has extended certain filing deadlines. What you do now will someday have to be reported to the IRS, so careful analysis is essential.

8. Continue to litigate strategically.

A downturn in transactions may allow more considered reflection on another critical source of risk — a company's litigation portfolio. In the COVID‑19 recovery, businesses should not pick needless fights with employees and supply chain business partners. But businesses still must protect and defend their brands, their intellectual property and board decision-making during crisis conditions.[17]

The legal department is an important partner to the business and finance departments as to what contracts can be negotiated, which get arbitrated, and which get litigated. We recommend not getting bogged down in renegotiations and disputes with suppliers or other business partners that are nonessential.

And in some circumstances, the legal department can become a revenue generator — e.g., by getting money in the door from insurers and anyone who should have paid, did not, but still can.

9. Enhance contracting precision and what you mean by "force majeure."

The coronavirus has required many companies to carefully reconsider what may have become boilerplate: force majeure clauses. Because parties often dispute precisely what constitutes force majeure, companies should consider that concept anew and in the current context.

There is also an important choice-of-law analysis companies should conduct in negotiating these terms to balance (1) the desire for the law of a company's home to apply, (2) what counterparties will accept, and (3) the need for consistent clauses to encompass entities at distant points along a supply chain.[18]

10. Plan for the next business interruption.

As insurers and insureds inevitably debate and litigate coverage for business interruption, boards should ask about the status and cost of future coverage. Just as with the creation of FCPA insurance or terrorist-event coverage after 9/11, one can expect the premium differentials to be part of future risk management exercises.

11. Communicate in plain language and with consistency.

A company can fully succeed in reclaiming lost ground and growing only through thoughtful, coordinated communications. Government relations, public relations, investor relations and even human relations function through messaging.

Consistency, tone from the top (again), and neither over‑ nor understating the facts is not only required for public companies but prudent in each instance. Here too, the legal department should be a partner at the table. Promises made should be ones that can be delivered.

12. Consider integrating interim pandemic responses into longer-term business practices.

The pandemic has already transformed how many large businesses work. These changes may persist even after the pandemic subsides — just as many business responses to 9/11 (e.g., increased office security) have persisted nearly 20 years later. Businesses need to plan how many aspects of how we are working now will become more common aspects of how we will work in the years to come.

First, white collar functions are operating remotely from wired home offices with the benefit of videoconferencing services. Many businesses are already troubleshooting the varying levels of security that videoconferencing services provide, making corresponding cybersecurity investments (e.g., providing secured laptops for home use to personnel who would never before have worked remotely), and cuing users to broader sets of confidentiality, privacy and discovery risks.

Lessons businesses are learning right now may cause many firms to recalibrate investments in IT and real estate as they emerge from the pandemic. These changes will also demand new thinking and planning for where people work and when.

Compliance functions also must account for the risk of inadvertent and potentially improper use of technology. Using this technology often creates metadata that, at a minimum, digitally records meeting dates and times. Some platforms may record full meetings, unbeknownst to participants but potentially within their possession, custody and control.

And there is the potential for meeting participants to deliberately, surreptitiously record remote meetings that would have occurred only in person and in strictest confidentiality before the pandemic. The more work that IT and compliance does now to vet these tools and set guidelines about their use (including technological controls), the better equipped litigation counsel will be should such records become subjects of discovery disputes in litigation.

Second, for those who work in jobs that they cannot do at home, businesses have focused on imposing health checks before office entry, acquiring appropriate personal protective equipment, and regulating the use of common spaces (from the shop floor to the common kitchen). Businesses will need to be thoughtful and reasonable as they self-regulate, and there is no question that self-regulation is a necessary step.

State and federal regulators may take time to act in this space. But plaintiffs lawyers will not wait, and will try to punish those firms that have put employee health and welfare at greatest risk. As a result, health insurance coverage may take on renewed importance in employee relations.


History has much to teach us. For many issues, returning to business as usual will demand the same focus and diligence that effective businesses applied before the current disruption. For others, businesses' current responses will dramatically shape what business as usual means when the coronavirus crisis ends.

And each firm, of course, will have risks and rewards particular to its business to identify and respond to. These dozen suggestions may provide food for thought for what we all hope will be a bright future to come.

J. Mark Gidley is a partner and chair of the global antitrust practice at White & Case LLP.

Michael Kendall is a partner at White & Case.

Kevin Bolan is a partner at the firm.

Ira Raphaelson is senior counsel at the firm.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

[1] Many businesses employed ERM processes before the early 2000s accounting crisis. The content of more expanded ERM process came to be defined by Committee of Sponsoring Organizations of the Treadway Commission in 2004, in part to remedy the controls shortcomings that crisis exposed. See generally Richard J. Anderson & Mark L. Frigo, Understanding and Implementing Enterprise Risk Management (Jan. 2020),

[2] U.S. Dep't of Justice, Evaluation of Corporate Compliance Programs at 2 (Apr. 2019),

The starting point for a prosecutor's evaluation of whether a company has a well-designed compliance program is to understand the company's business from a commercial perspective, how the company has identified, assessed, and defined its risk profile, and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.

[3] Whereas risk assessment leads DOJ's, management involvement leads the Treasury Department's Office of Foreign Asset Control, or OFAC, compliance advice: "Senior Management's commitment to, and support of, an organization's risk-based [sanctions compliance program] is one of the most important factors in determining its success." U.S. Dep't of Treasury, A Framework for OFAC Compliance Commitments at 2, 3 (May 2, 2019),

[4] E.g., Stephanie Avakian and Steen Peikin, Statement from Co‑Directors of the SEC's Division of Enforcement Regarding Market Integrity (Mar. 23, 2020), (emphasizing importance of corporate controls given potentially greater value of material nonpublic information during the coronavirus pandemic).

[5] Director of the U.K. Serious Fraud Office and the Director of U.K. Public Prosecutions, Bribery Act 2010: Joint Prosecution Guidance (Mar. 30, 2011),

[6] Agence Française Anticorruption, Guidelines to help private and public sector entities prevent and detect corruption, influence peddling, extortion by public officials, unlawful taking of interest, misappropriation of public funds and favouritism (Dec. 2017),

[7] U.S. Dep't of Justice & Fed. Trade Comm'n, Joint Antitrust Statement Regarding COVID-19 (Mar. 24 2020), ("Joint Statement"); see also White & Case, For COVID-19 Competitor Collaborations, DOJ Antitrust Division's "Business Review Letter" Offers Easy and Likely Effective Antitrust Protection (Apr. 2020); see also White & Case, CARES Act Provides No Relief From Antitrust Laws, But Deference On COVID-19-Related Coalitions From DOJ/FTC Will Be Fact-Specific (Mar. 2020),; White & Case, Global Merger Clearance: The First Week of the New Normal (Mar. 2020),

[8] Joint Statement; see also White & Case, For COVID-19 Competitor Collaborations, DOJ Antitrust Division's "Business Review Letter" Offers Easy and Likely Effective Antitrust Protection (Apr. 2020).

[9] White & Case, A Novel Antitrust Defense for COVID-19 Agreements: Section 708 of the Defense Production Act (Apr. 2020),

[10] U.S. Dep't of Justice and Fed. Trade Comm'n, Justice Department and Federal Trade Commission Jointly Issue Statement on COVID-19 and Competition in U.S. Labor Markets (Apr. 13, 2020), (stating that the division will carefully scrutinize conduct that disadvantages workers including by unlawfully exchanging competitively sensitive employee information like salary, wages, and benefits, and explicitly noting that "[c]ompanies and individuals who enter into naked wage-fixing and no-poach agreements may be criminally prosecuted").

[11] 50 U.S.C. §§1701 et seq.

[12] 50 U.S.C. §§4301 et seq.

[13] See, e.g., Stanford Law School, Foreign Corrupt Practices Act Clearinghouse: Third-Party Intermediaries (last accessed Apr. 2020), (chart identifying number of bribery schemes per year (based on public disclosures) relying on third-party intermediaries).

[14] See, e.g., Veena Ramani and Hannah Saltman, Running the Risks: How Corporate Boards Can Oversee Environmental, Social and Governance Issues, Harvard Law School Forum on Corporate Governance (Nov. 25, 2019),

[15] See, e.g., Peter B. Robb, Nat'l Labor Relations Bd. General Counsel, Case Summaries Pertaining to the Duty to Bargain in Emergency Situations, Mem. GC-20-04 (Mar. 27, 2020),

[16] 15 U.S.C. §§ 78m(b)(2)(A), (B).

[17] See, e.g., In re Caremark Int'l Derivative Litig ., 698 A.2d 959 (Del. Ch. 1996); Marchand v. Barnhill , 212 A.3d 805 (Del. Ch. 2019) (reversing order dismissing derivative complaint; concluding complaint alleged particularized facts arising from a "that support a reasonable inference that the Blue Bell board failed to implement any system to monitor Blue Bell's food safety performance or compliance").

[18] See, e.g., White & Case, Suspending contractual performance in response to the coronavirus outbreak (Feb. 18, 2020),; White & Case, COVID-19: managing force majeure risk in a construction project supply chain (Apr.13, 2020),

For a reprint of this article, please contact

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!