You think horror movies are scary? Try reading this article from Nate Dvorak at Gallup. He presents...
4 minute read ·
COVID-19 and compliance: how to respond to the coronavirus as a compliance team
Oh, hey: we’re now officially in a global pandemic. Fun.
The City of Dallas has canceled events and Broadcat has gone fully remote (so if we have a call, I hope you like my dog's piercing shrieks, because she's a schnauzer/poodle/banshee mix), and on Friday we announced a couple practical things we're doing to pitch in to the broader effort:
1. We made a donation of $5,000 to the CDC Foundation's emergency campaign (here's a link to donate yourself).
Because we got in on this early—the same day it launched—we were, for a few brief, glorious moments, on the top page of the donations leaderboard. (Not anymore, which is a good thing!)
2. We will donate an additional $2,500 to this emergency campaign for each new Compliance Design Club Member who joins between now and April 12. (Because, like, then we'll have more money to donate.)
We're looking at what else we can do.
Because basically, while my initial instinct was to hunker down and play defense, I don't really want to have fear be the narrative of my life. So we are going on the offense and will help wherever we can. We are prepared for trouble, but will be motivated by love instead of fear.
That's us. What should your response be as a compliance team?
Because no matter where you work, or what industry you are in, two things are true at the same time:
We’re all going to feel pressure to streamline business operations and protect revenue—maybe a lot, maybe a little depending on our line of business. Either way, compliance is a business operation, and you want to be a team player.
That same pressure increases the risk of misconduct (here’s a link to a nice article from Rebecca Rohr, in-house compliance at HP, on that and tactical tips on responding)—it’s the role of compliance to prevent that stuff from happening.
Yeah, tricky stuff. And there are basically two ways you can respond to this as a compliance team charged with preventing misconduct.
(There’s also stuff you can do that’s coronavirus-specific, but that’s going to be really company-specific as you negotiate handoffs with your health and safety team; for this post we’re just talking about your regular compliance job.)
The bad way: reactive retreat
First, and most tempting, is to simply tread water until this all passes. Put all your regular compliance projects on hold, freeze your budget, and wait for someone from above to tell you that it’s OK to proceed. Basically just respond to the hotline and that’s it.
The reason this is most tempting is because it feels safe. You aren’t doing anything, so it feels like you can’t get in trouble for doing the wrong thing.
Except … that’s not true. You are still doing stuff; deciding to do nothing is still a decision. And unless you and your entire team decide to stop collecting a salary and benefits, you’re still incurring costs; you’re just no longer providing any value.
Moreover, you’re setting yourself—and your business—up for failure by retreating at the moment when there’s even more opportunity for things to go wrong. You are basically retreating from adding value at the moment where your job is even more critical.
Reactively retreating is a response based in fear—and like most responses based in fear, it gives you the illusion of safety while placing you and the businesspeople you’re supposed to be protecting in even more danger.
The good way: proactive prioritization
Alternatively, you can take control of the situation—use this as a moment to figure out what’s really important to your business and double-down on that stuff, proactively prioritizing your work so you are helping to prevent misconduct in an efficient way.
To be clear, this isn’t just doing the same stuff you were already doing and pretending nothing has changed.
Because if we’re honest with ourselves, we’ll admit that even the best compliance programs are probably doing a bunch of stuff with somewhat fuzzy value, but the craziness of day-to-day work often makes it hard for us to get the time to look at things critically.
When crisis brings downward pressure, though, it’s time for focus. And that means taking a look at what you are doing and ruthlessly reorganizing your priorities, proactively, around this question:
How will [this thing we’re doing] help [this type of employee] stay compliant?
This is the basic question that should drive every compliance activity, but it’s easy to forget it.
You answer it by mapping out the steps involved from the compliance work to the right employee behavior. The more steps that are involved, the more likely it is that you should pause the activity; this is the time to focus on how your salespeople close deals, for example, not for all-employee Code of Conduct awareness.
(Basically, this is “operationalization”—if you want a walkthrough of that, check out this all-time classic post that uses the plot of Return of the Living Dead to explain how it works.)
And to be clear: you will not win any compliance awards for doing this stuff. No one will ask you to present on this at a conference. You will not get on the cover of a magazine for this.
I’m not knocking promoting yourself—trust me, I make stupid videos featuring myself all the time—I’m just pointing out that those accolades usually come from projects that make compliance front-and-center. There is a time and a place for that; it’s just like, not now.
Because ultimately, compliance is not a front-and-center activity; it’s something that supports what the business substantively does, and this is the time to have a very determined focus on that stuff.
Doing this proactively—going to your leadership and saying “for the next 60 days, we’re going to push pause on our interactive Code of Conduct rollout and instead focus on reminders for our salespeople, because we want to support them in keeping the business going”—will help you emerge from this crisis as an even more trusted business partner.