The coronavirus pandemic is testing the business continuity planning of governments and businesses alike. However, as most companies activate their plans to get back to business as usual, there is an emerging risk of gaps developing in staff compliance.
Starting with corporate culture
Corporate culture has generally be defined as “how people behave in groups” or “what people do when there is nobody watching.”
Today, corporate culture matters now more than ever. That’s because your team may be working at irregular times, in different locations, i.e. self-isolating. They may be away from their usual support mechanisms, such as trusted colleagues, and out of sight of a watchful reassuring watchful manager.
In a crisis, you can’t sit at their shoulder or catch them as they fall. That’s why your culture needs to be empowering.
What is culture?
Culture is shared values, attitude, spirit and mindset. But it should also be meaningful and underpin everything you and your employees do. So, wherever they are working and whatever the disruption faced, your culture should be precisely the same.
We reached out to several compliance experts to establish what businesses should be doing now to ensure compliance continuity management (CCM):
1. Keeping on top of regulations
Often, compliance is seen as some remote unit that’s detached from the rest of the business. In reality, there’s no “them” and “us”. We are one. Compliance is not a varnish that we only apply when the work’s done.
What’s more, the regulators are looking closely at what firms are doing. For example, the FCA issued a statement recently, stating that it is examining the contingency plans of a wide range of firms. With such a close focus on activities by the regulators, compliance functions need to ensure that regulatory expectations continue to be met.
Of course, expectations and operational requirements converge as in many areas businesses and regulators want the same thing. They want customers to be served, staff to be kept safe and well, and operational risks to be managed effectively.
Nevertheless, there are specific regulatory requirements that compliance teams need to be aware of, ensuring they do not slip down the priority list.
2. Effective comms and trust
At times of disruption and crisis, people need to know who they can trust. Compliance issues put trust firmly in the spotlight.
Whether it’s trust in your motivations, in the company to continuing to deliver or the team meeting deadlines.
Regulators too seek assurances and trust that as a company and compliance professional, you’ve got everything covered. Sometimes, disruptive events and crises – e.g. cyber attack – may also shine an uncomfortable light on a company. Stakeholders expect reassurance at these times too, not least confirmation that you’ve “got this”.
Most firms will be able to tap into existing communications tools (email, intranet, etc.), but additional platforms (e.g. collaboration apps and tools), dedicated groups and channels (e.g. between the board and any specialists) may well need to be activated.
Think too about how you’re going to pump out any direct emergency communications (e.g. SMS alert lines) and urge people now to update their contact details.
Your business continuity plan should have everything you need, primed and ready to go.
3.Working from home and compliance
Working from home is convenient in the wake of this crisis, but needs due consideration. ‘Internet savvy’ companies pride themselves on having business continuity plans that allow staff to work as usual because of their sophisticated tech enablement strategies.
Often the business continuity strategies are designed to deal with short term disruption. The focus is to ensure that delivery deadlines are met and that the front line can continue with selling. But what about compliance? A meeting is a meeting whether in a room or online, surely?
One important aspect of compliance culture is how groups socially interact and what behaviour the group promotes and discourages. Companies that are well versed in having a home working employee population will have their compliance strategy developed with that lack of social interaction in mind.
COVID-19’s spread has prompted radical changes to curb infection and to maintain revenue.
There’s a risk that isolated employees may circumvent a compliance process more so than those in group situations. This should be considered when developing a business continuity plan, especially if it needs to ensure business continuity for a more extended period.
4. Creating a robust checklist to prepare for discontinuity
Life can be so unpredictable. Most people would say they anticipated the implementation of their business resilience plans to come following a flood, electrical failure in the office or at worst, a terrorist attack.
But did compliance officers give serious consideration to the resilience of their staff compliance in the face of a deadly epidemic? Have we considered the impact of and tested the implications of long term, enforced business resilience that includes at its heart a prolonged period of staff working from home? We suspect that the answer is no.
Maybe now we should start thinking about all risks carrying equal weight. Plenty of experts predict that the current epidemic is, in fact, the precursor to something even more disruptive.
Sign up to our newsletter to get the latest from Business Advice.