Nearly 10 percent of 365 compliance professionals who completed Compliance Week’s coronavirus survey said their companies were ill-prepared for the pandemic. For these 31 companies—representing industries including banking, business services, government, manufacturing/retail, aerospace, government, and real estate—the outbreak caught them flat-footed. More than two-thirds of these companies were on the larger side—between 1,000-10,000 employees—and had international corporate footprints.
This article is from FRA's sister company, Compliance Week.
Conducted from March 24-26, the anonymous survey captured a moment in time for the coronavirus pandemic, which began in December 2019 in Wuhan, China. Over those three days, 130,000 new coronavirus cases were discovered worldwide, according to the World Health Organization. The crisis was ebbing in China and South Korea, in full force in Italy, Iran, and Spain, and beginning to overwhelm the healthcare system of New York City. Hot spots were also developing elsewhere in the United States.
Respondents who said their companies weren’t prepared said leadership didn’t take the coronavirus threat seriously as it gained steam in China. Risk assessment failed to recognize that the pandemic would morph from a faraway, supply chain disruption issue into a complete business shutdown at home.
These compliance professionals reported their business continuity plans were not adequately developed or tested. When shutdowns began, many of these businesses said they scrambled to convert their office employees to remote workers.
Some banks and other heavily regulated industries reported numerous problems transitioning their workforce.
“It’s just not my company but overall 70 percent of [multinational corporations] and banks who’s into compliance won’t give work from home due to customer data and other constraints, but now they are facing a really tough time due to it,” one survey respondent wrote. “Also, many compliance projects have been given for associates to work from home.”
Companies that had problems responding to the pandemic also reported communication issues, stemming from the company’s leaders having not adequately assessed its effect on their business and not having a fully formed plan. As a result, the companies said they were slow to relay vital information to their employees at a time of heightened uncertainty and anxiety.
“I think one of the lessons here is that there is a clear distinction between pro forma compliance and truly meaningful compliance that encompasses risk management and business continuity,” said Christopher Michaelson, a professor in the Department of Ethics and Business Law at the University of St. Thomas. “Not everything is necessarily bad news. We are learning new ways to cope with business challenges, to keep it going.”
The compliance profession has an opportunity to permanently expand itself beyond the “narrow focus” of regulatory compliance and tackle risk management and business continuity planning on a daily basis, said Carrie Penman, chief compliance officer at NAVEX Global.
“This is really a moment for the industry to shine,” she said.
Of those compliance professionals who rated their companies’ performance as “poor” or “very poor,” 80 percent reported not having a business continuity plan in place, compared to 44 percent of all respondents. Among compliance professionals who said their companies did perform well, having a tested, vetted business continuity plan in place was crucial.
“You can be strategic, or you can be reactive,” said Fabiana Lacerca-Allen, senior vice president compliance for Aimmune Therapeutics in Brisbane, Calif. “The idea is to get ahead of the curve.”
Culture conversation
Another marker of success is a robust company culture. If company leadership does not have a good rapport with its employees during normal times, it is not trusted to convey a hard truth in times of trouble.
“Companies with strong cultures are seeing employees rise to the challenge. They’re making good decisions and are being transparent,” said Penman.
“You’ve got to have your own culture in place,” said Keith Darcy, a compliance consultant with clients like Deloitte, and oil and gas companies. “Not just to save the business, but to keep the business’ reputation going, so that in the future you’ve got something to build on.”