Coronavirus Poses an Array of New Legal Risks for Companies
The coronavirus pandemic has created a veritable legal minefield for companies.
Major disruptions have forced compliance officers and human resource personnel to vet new suppliers and retool internal safeguards, while travel restrictions and remote working have complicated investigations and increased exposure to cyberattacks.
Here’s a look at some of the biggest challenges compliance officers face—and how they are dealing with them.
Quality compliance programs are deeply integrated into a company’s business. But a remote workforce can make it difficult for compliance personnel to maintain a clear line of sight into a company’s operations.
Touching base via phone or Zoom isn’t always adequate, says G. Scott Hulsey, a partner at law firm Kobre & Kim LLP and a former chief compliance officer.
“When I was a compliance officer…there was something to be said about the fact that I could walk down the hall to the head of our supply function, have a conversation, and look over the materials they had developed,” he says. “It facilitated a more seamless effort to monitor what was going on in the company.”
To maintain their presence inside the business, compliance officers are getting creative. In a training video that it recently sent to employees, in-flight entertainment company Panasonic Avionics Corp. recast its compliance staff as cartoon characters.
The video featured employees working from home. The compliance staff appeared when employees had to make tough decisions. The video was meant to convey that, “while where we worked may have changed, how we work hasn’t,” says Catherine Razzano, the company’s chief compliance officer.
The timing of outreach and communications is also key. As business and travel ramp up,
compliance officers are thinking about how they can remind employees about important
policies and procedures—including those prohibiting bribes—that employees may
overlook or be tempted to ignore in the face of the sales pressures created by the
The inability to travel also creates a challenge, especially in the area of internal investigations, which are critical to understanding the depth of any allegations of wrongdoing.
In regular times, the most sensitive investigations and interviews often involve sending
in-house investigators or outside lawyers to far-flung jurisdictions for in-person meetings and document collection.
Now, amid the pandemic, companies and law firms have shifted to conducting most interviews via videoconferencing. This has, for the most part, allowed investigations to continue, but the new processes often take more time, and investigators may be unable to adequately read body language or easily display documents and other evidence—making them a poor option for particularly sensitive conversations.
What’s more, if a company’s offices abroad remain closed, key documents may simply be out of reach for now.
“It’s just wait and see,” says Nathaniel Edmonds, a partner at the Paul Hastings LLP law firm. “You tell the regulator or government authority: ‘This is what we’re doing to try to come up with [the documents]. We’ll let you know when the local restrictions are eased.’ ”
The pandemic has caused companies to make big changes to their operations and supply chains. Some
auto makers, for instance, have shifted portions of their production to make masks, ventilators and
other medical equipment.
But new business lines mean new business partners and suppliers. And compliance oﬃcers are charged
with conducting due diligence on third parties to ensure they aren’t on sanctions blacklists or
don’t have other attributes—such as ties to a foreign government—that would put the company in
jeopardy of violating antibribery laws.
“Companies that are in the middle of a vaccine push or have an urgent need to deliver medicine or
maintain a crucial supply chain, they are just under incredible pressure with their compliance
risks,” says Gary Giampetruzzi, a lawyer at Paul Hastings LLP who previously served as head of
investigations for Pﬁzer Inc.
Donations, too, are a compliance concern. Funds or equipment given to state-run hospitals or
governments must be reviewed by compliance staﬀ to ensure they don’t create conﬂicts of interest
and that they comply with antibribery laws such as the U.S. Foreign Corrupt Practices Act.
The pandemic has sapped revenue at many companies, forcing them to cut costs across the enterprise
to ride out the downturn.
Compliance teams—whose responsibilities have grown along with increased regulatory demands over the
past decade—haven’t been spared. Some have been asked to trim budgets and head count while taking
on pandemic-related compliance demands, creating the potential for compliance failures that allow
misconduct to go undetected or unaddressed.
The situation is occurring at a time when employees across the business are facing additional
workloads and growing pressure to meet goals during a ﬁnancially diﬃcult time, increasing the risk
of corruption and fraud.
Compliance oﬃcers are being asked to do more with less, says Alejandra Montenegro Almonte, a lawyer
at Miller & Chevalier Chartered and a former corporate general counsel. “That’s a tale that’s all
too familiar to compliance in the best of times,” she says. “It’s 10-fold now.”
The ﬁnancial pressure is forcing compliance oﬃcers to look for ways where they can be more
eﬃcient—including through the use of technology. Some have invested in tools that allow them to
streamline workﬂow and approval processes, decreasing the workload for compliance and for employees
across the business.
Access to data is another focus. By tapping into a company’s ﬁnancial systems and bringing together
other corporate data sources, compliance oﬃcers can respond more quickly to legal risks. Some
companies have begun to harness data analytics, machine learning and artiﬁcial intelligence to
automatically ﬂag suspect transactions or risky third-party relationships, such as entities with
ties to government oﬃcials.
Government stimulus programs, such as the $670 billion Paycheck Protection Program, can also pose
new legal risks. Banks participating in the program were under enormous pressure this year to
disburse loans to struggling businesses quickly while still doing an appropriate amount of due
diligence on applicants.
Compliance oﬃcers must help their institutions navigate the complex requirements of these loans,
and take steps to ensure they are protected from liability further down the road. Emergency funds
and other federal initiatives are already being scrutinized by federal prosecutors for fraud,
Justice Department oﬃcials have said. The scrutiny applies to applicants and lenders.
“Whenever there is lending like this, there is always a high likelihood or high possibility of bank
fraud and other types of fraud,” then-Assistant Attorney General Brian Benczkowski
said in May. Mr. Benczkowski left the agency in July.
The public, too, has scrutinized recipients—an outcry over PPP loans arose after disbursements
appeared to favor larger businesses, causing some companies to return the funds. And while the
priority is currently getting money out the door as soon as possible, there is the risk that later
on—when the amount of fraud that occurred becomes clearer—politicians, law-enforcement oﬃcials and
the public will see banks’ eﬀorts to quickly disburse loans in a diﬀerent light.
Documenting decision-making is key, says Jeﬀrey Naimon, a partner at law ﬁrm Buckley LLP. “You try
to make sure the decision was reasonable and appropriate to begin with,” he says. “You record the
steps you went through, so that even if someone second-guesses you later, you can say, ‘Well, we
met with the right constituencies.…We were trying to do the right thing.’ ”
The Small Business Administration, which administers the PPP program, has said banks must only
conduct a good-faith review of loan applications. But many are doing more, including by asking for
tax forms and other documentation that could help them spot fraud.
The Return To The Oﬃce
Depending on the nature of a company’s business, the health and safety of employees may be a daily
concern for compliance oﬃcers. Many companies who sent employees to work from home in the spring
are also plotting how to safely bring employees back to the workplace. Compliance oﬃcers should be
part of those discussions, says Allen Chiu, a chief compliance oﬃcer at Genesys Telecommunications Laboratories Inc., a call-center-software company.
“Compliance oﬃcers have to have a role because there are regulatory challenges, both on the labor
and employment front of a rapidly changing work from home structure,” he says. The key is being
adaptable, reacting quickly as the situation changes and collaborating with leaders across the
company, Mr. Chiu says.
Privacy- and employment-law concerns are likely to arise as companies take steps—such as imposing
daily temperature checks, contact tracing and in-oﬃce social distancing—to ensure an outbreak of
the virus doesn’t occur.
Employees may be asked to disclose medical and other personal information about themselves and
their family members. Companies will need to balance the obligation to provide a safe workplace
with privacy and other regulatory issues.
“It ends up being an all-hands-on-deck eﬀort because there is just a lot to deal with in the Covid
environment,” says Michael Leiter, a partner at the law ﬁrm Skadden Arps Slate Meagher & Flom LLP.
Compliance chiefs’ involvement on issues like health and safety, which may not normally fall under
their purview, underscores one of the upsides of the pandemic from their point of view—a chance to
prove their value to the larger organization.
“It’s really an opportunity for the compliance role, as part of a larger leadership team, to rely
on some soft skills—to deploy empathy, and to really engage with employees world- wide,” says Mr.
Chiu. “Whether it’s things about diversity and inclusion, the work-from- home challenges, or
physical safety—[we need to] put all of those things together and look for smarter ways to tackle those challenges.”
From: The WSJ
Compliance chiefs and HR directors must also help businesses navigate the risks and complex
requirements of relief programs and the mechanics of an eventual return to the office—allwhile continuing to meet the ever-shifting expectations of regulators and law-enforcement agencies.
Investigations, risk assessments and employee training have become, for the most part, fully remote, and many companies are looking to technology to make their compliance programs more durable and efficient in the long term.
The goal now, they say, is continuing to maintain a presence within the organization from afar—at a time when a return to normalcy is difficult to predict.