3 Ways to Increase Business Continuity During COVID-19
Companies have been moving at breakneck speed to respond to the COVID-19 pandemic. As a compliance professional, you’ve been there: from work-from-home and planning to go back to work, to layoffs and furloughs, to sales downturns, supplier SNAFUs and CEO talks.
But there is no reason to think that enforcement will ease. Reporting to local, state and federal agencies has been upended; there are new regulations to deal with, like the California Consumer Privacy Act (CCPA); and through it all, regulatory enforcement didn’t suddenly stop with COVID-19.
The risk of threats to the company’s bottom line and good name, due to inadvertent violations of laws, standards, or codes of conduct, has never been higher. But with management likely preoccupied with business matters, the compliance program may be under pressure to let things slide. This “perfect storm” of high-risk circumstances means risk and compliance professionals are central to business success in the new world; compliance isn’t optional.
Here are three ways for compliance to step up and be the department that shines during this difficult period for business.
Perform a compliance risk assessment to develop a baseline
Assess all regulations, standards and rules to discover what has changed. Perform a compliance risk assessment, to understand the highest-impact risks.
A risk assessment may include strategic, operational, financial, and compliance risks; risks that could impact the organization’s ability to achieve its strategic objectives; and risks to cash flow and operations.
Many regulatory bodies are relaxing certain rules and requirements to unburden businesses and their employees impacted by COVID-19, so be sure to check each requirement that impacts your business and see if anything has changed recently. Given the many other business concerns, it’s easy to make a mistake and get slapped with a violation, a fine or both.
Another reason to conduct a compliance risk assessment is to check in with regulations that apply to people and today’s hot topic, data privacy. Regulations applicable to the workforce or privacy like CCPA should receive special attention.
CCPA enforcement action starts on July 1, 2020. Go ahead and treat CCPA as in effect with stiff penalties for non-compliance.
Create new policies and revisit requirements for a new normal
Given its global impact, COVID-19 could usher in a new normal. Millions have accepted wearing a mask, avoiding crowds and washing hands throughout the day. The custom of shaking hands in business may well be a relic of the past. Working remotely from home was a national experiment of sorts, but it’s looking permanent for many companies.
Return to work will require new policies and compliance requirements. This represents a high-profile opportunity for the corporate compliance program. Together with the HR team, write a communications plan for new policy roll-out and training. Collaborate with IT on backend processing needed for employee communications, policy attestations and more. You may need a new Code of Conduct specific to COVID-19.
Such was the case with The Mountaineers, an alpine club serving the state of Washington and founded in 1906. In response to COVID-19, The Mountaineers created a new COVID-19 Code of Conduct in accordance with the Safe Start Washington phased re-opening plan. Individuals who refuse to comply with the Mountaineers code of conduct will be removed from the roster and asked to leave the trip.
It can be hard to gain acceptance from employees to follow recommendations without the need for a reprimand for non-compliance that could hurt culture, community, or stir up political debates. Get employee buy-in by borrowing from the manager’s toolbox: articulate a vision, model by example, cater to people’s strengths, follow up regularly and address resistance quickly.
Create a compliance-lead business continuity program
COVID-19 has been a wakeup call to all types of disruptions, from natural disasters and telecom outages to cybercrime. Organizations are shifting from disaster recovery to business continuity, to manage risk and build resiliency to operational disruptions. Compliance should have a leadership role on the company’s business continuity team. Compliance is most qualified to develop policies, meet requirements and interpret guidance. Experience with regulatory change is a nice prerequisite for applying lessons from business continuity testing.
Both compliance and business continuity stress documentation, tracking and reporting on progress and delivering results. Given business continuity programs often represent a new initiative and attract the best and brightest from across the organization, compliance should be present and accounted for.
The COVID-19 pandemic has been a business disrupter of the highest sort. It’s dramatically changing the way we live and work:. “The line that separates work life and personal life has faded.” Compliance is in the perfect position for the COVID-19 response period and whatever comes after. The key is to transcend the day’s challenges and get proactive with three action steps: perform a compliance risk assessment, embrace the new normal and take the lead on business continuity.
Change is in the air. Make the most of it. Learn more about Lockpath Business Continuity Management.
COVID-19 has pushed several risk disciplines into the spotlight, including business continuity, third party risk, cybersecurity, and data privacy. We’ll explore each one and deliver advice and guidance.
In many ways, global supply chains are in the crosshairs of the global pandemic. We share three strategies you can pursue now to be ready for when business starts to recover.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.