Reassessing Your Global Compliance Risk Profile

13 November 2020 Coronavirus Resource Center:Back to Business Blog
Authors: David W. Simon Andres Alvarez Jaime B. Guerrero David A. Hickerson Gregory Husisian Adrian L. Jensen Jenlain A. C. Scott Olivia S. Singelmann Christopher Swift John E. Turlais Rohan A. Virginkar Lewis Zirogiannis

The unprecedented challenges created by the COVID-19 pandemic and resulting government lockdowns could strain even the most robust compliance programs. Companies have been appropriately focused on business preservation during this time, which has led to appreciable changes in how many companies operate, whether temporarily or permanently, and has forced many companies to reprioritize their use of resources and personnel. These changes may create potential compliance gaps in existing controls and procedures, and could present new compliance risks, requiring adjustments to existing procedures and controls or the development of new processes altogether.

As 2020 comes to an end, now is an opportune time for companies to reevaluate their international compliance risk profiles and compliance programs. The U.S. Department of Justice and the Securities Exchange Commission have emphasized the need to conduct regular compliance risk assessments, particularly after events with the potential to significantly impact the business, such as the global COVID-19 pandemic. With year-end approaching, and SOX and financial audits on the horizon, companies should assess now how their compliance risk profile has changed as a result of the pandemic and associated lockdowns. This assessment should consider how current processes and controls have responded to newly created challenges and evaluate whether the existing compliance framework remains reasonably designed to detect and prevent violations of the law. Companies should use these findings to improve existing policies, procedures, and controls or, if necessary, devise new ones. 

As a starting point, compliance officers should ask these questions:

  • Changes to Business Operations: Did the company experience any COVID-19-related changes to business operations, such as closing facilities or offices, adjusting product lines, adopting new sales/marketing initiatives, revising procedures relating to internal investigations, targeting new customers or markets, or modifying or expanding supply chains/suppliers?
  • Government Funds or Loans: Did any of the operating companies, subsidiaries, or affiliates accept government funds or loans during the crisis? If so, the programs, terms and conditions, and any required certifications or representations should be closely reviewed to ensure compliance.
  • Third Party Intermediaries (TPIs): Did the company engage new agents, brokers, consultants, law firms, distributors, or other TPIs during the crisis and, if so, did the company ever bypass normal procedures based on pandemic-related exigencies? Any bypassed procedures may need to be run retroactively, and new high-risk TPI’s may need to be reexamined to ensure that any red flags in the due diligence and onboarding files can be resolved or addressed.
  • Inspections/Shutdowns: Did the company interact with foreign government officials in connection with shutdown orders, and were there any disputes regarding whether the business was “essential” in certain jurisdictions? 
  • Controls/Approvals: Did the company engage in any new contracts with vendors? Were normal approval processes for entering contracts or approving expense reimbursements followed? 
  • Compliance Reporting Channels/Hotline: Has there been a decrease in compliance hotline use? Consider a review of the hotline log to ensure that nothing was missed that should have been investigated. 
  • Charitable Donations: Was the company directed by any government officials to make a donation, particularly by any officials in positions where they could exert influence for the company? It is also key to ensure any charitable donation policies were followed and that any donation cash/consumer goods went to the charitable or government entity itself, versus any one individual official.

In conducting this assessment, companies should also consider:

  • Compliance Communications: Reintroduce company employees to key compliance functions, including training/resource materials and the confidential reporting hotline, in order to remind employees of their importance.
  • Personnel/Staffing: Assess layoffs/furloughs/terminations globally and identify whether key stakeholders (whether in the business or in the compliance and finance functions) are still in their seats. Assess how those functions are being performed under pandemic conditions to gauge any impact on the enterprise’s overall risk profile, and fill any identified gaps. Assess the current state of compliance resourcing and ensure it is adequate. Similarly, identify changes in other functions that may have become even more relevant during the pandemic (e.g., accounts payable and cash management), to check whether there is an adequate compliance focus to reflect any of those changes.
  • New Hires: Identify significant new hires made during the crisis. Review whether normal compliance onboarding processes have been followed. For executives, management, and personnel who have been assigned new responsibilities that might implicate compliance-related controls, contact them and introduce them to compliance.
  • Performance Metrics: Consider whether the criteria used to calculate performance metrics for the company, business units, and departments were revised by corporate or local management in response to economic stress, and whether such revisions could affect the company’s books and records. For example, consider whether revenue recognition criteria have been applied consistently during the pandemic. Consider also whether accruals based on management estimates have been recorded or released without bias and consistent with the company’s accounting policies. 
  • Trade Compliance: Review situations where the company acts as the importer of record to determine if the importer is appropriately paying all duties – based upon correct declarations of the country of origin, classification of the good, and entered value – paying special attention to any special duties such as the Section 232 duties on steel and aluminum and Section 301 duties on imports from China. 

Foley can help. Our experienced team of lawyers practicing in international government enforcement defense, investigations, and compliance are available to perform a COVID-19 “re-opening” risk assessment or, alternatively, guide companies through the process of conducting one themselves.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services