With the government’s singular focus on beating Covid-19, thousands of businesses in a state of induced coma, and the understanding attitude taken by regulators, it is quite likely that many compliance infringements went unnoticed over the past four months. But for how much longer? At which point might the regulators give a wake-up call to businesses, which have gone slack after months of inaction? What will compliance look like in the new normal?
Businesses should be asking themselves these and other questions, and working out ways of re-engaging their employees with their compliance imperatives, whether the employees are working from home or returning to your office now.
In doing so, it’s essential to start with an assessment of where you are with compliance management.
- How good is your staff’s awareness of the regulations that apply to your business?
- How good is their understanding of compliance procedures?
- Do they understand who to turn to for questions and support?
- Is the responsibility for compliance devolved to heads of departments?
- Do you have systems and controls to flag up potential breaches, and conduct audits and investigations?
- How well have you tracked the regulatory change affecting your business over the past year?
Ultimately, every act of compliance, or the breach, of regulations or your policies and procedures, is committed by an individual.
The answers to these questions will determine what kind of shape your business is in, and what actions you need to take to get back to normality.
Turn the crisis into an opportunity
The best-run businesses will go further and take this opportunity to strengthen their compliance management with the necessary checks and controls that have been missing in the past. Consider a few examples.
Do you have documentary evidence of your staff have read and attested your corporate policies? That’s a cornerstone of your compliance. If they’ve not done so, now is a great time to get that attestation.
Do you record all the gifts and hospitality is that your employees offer or receive? That’s essential for your compliance with bribery and corruption laws. Implementing a register for tracking any gifts and hospitality now would not only help you to track and evidence such items, but also send a strong message of ethics and compliance to your staff.
Are your systems up to standards for protecting personal data and delivering on individual rights? For data protection, you should be considering a systems audit that includes penetration testing. Individual rights require you to provide access to all data that you hold on an individual at short notice, make updates/corrections to that personal data, and erase the personal data if it is no longer required or if the individual makes a valid request. This can be difficult if your customer and employee personal data is spread over multiple systems with no single point of reference. So, this is an excellent time to rethink and make necessary changes to your systems and procedures.
Ultimately, every act of compliance, or the breach, of regulations or your policies and procedures, is committed by an individual. Therefore, considering the psychology and behaviour of individuals is essential to ensure compliance.
The pillars of your ethics and compliance programme should be tone from the top, culture, risk awareness, and monitoring. Are the messages from your senior management striking the right balance between reassuring your staff, who might be anxious in these uncertain times, and being vigilant to potential breaches? Are your employees trusted to do the right thing, or are they being micro-managed, potentially increasing the likelihood of lapses?
Maslow’s motivational theory of psychology provides an approach for engaging with staff for peak performance in testing times. Start with physiological needs for safety and personal security. Work up through the levels, e.g. consider how you’ll stay positive, provide meaning for others during the disruption. Create a sense of personal and organisational well-being. Look at how you react during times of business disruption. Ask your staff what challenges, obstacles and changes in pressure or impetus they are facing. Look for tendencies to cut corners when employees under extreme stress or pressure. Are some employees becoming disheartened and jaded? Consider the impact that the action certain non-compliant employees and any subsequent disciplinary actions may have on the rest of your staff.
Do you study past compliance issues or near-misses to understand what people factors contributed to those incidents? Business functions with a high turnover or units experiencing repeated problems can indicate poor management practices. You should identify people or departments that may be especially vulnerable at times of disruption. This requires supervisors to have an understanding of compliance personas of each of their team member – to know who is habitually compliant, wilfully or accidentally non-compliant. They need to understand how to manage the opportunists who may phone in sick when nothing is wrong or the overly conscientious staff who put others at risk by refusing to stay home when they are sick.
You need to provide adequate supervision for new hires or people working remotely, including those in quarantine. Make sure they know the rules and your expectations, provide regular support and reassurance (especially with new hires) and urge them to seek advice if they’re unsure of what to do
Finally, it’s never too late to prepare your team to cope with known and emerging risks with training and awareness programmes. Digital learning can enable you to get around restrictions on travel or meetings. Your dispersed staff can attest to policies, improve their understanding of procedures and rehearse their response to situations, on their laptops and mobiles anytime, anywhere. With less than usual distractions and pressures, this could even be an ideal time to catch up on training!