Five compliance pandemic lessons that are here to stay

By Rachel Barack and Ben Kimberley

Rachel Barack (rachel.barack@clorox.com) is the VP – Compliance & Associate General Counsel for The Clorox Company in Los Angeles, California, USA. Ben Kimberley (ben.kimberley@clorox.com) is the Director, Legal, for The Clorox Company in Oakland, California, USA.

The global COVID-19 pandemic continues to leave a lasting impact on nearly every facet of our society and likely will for years to come. It is an agent of disruption and change that has touched nearly everyone in some manner. For many companies, it has produced new opportunities, challenges, and risks, including for compliance and ethics programs.

The pandemic has required that compliance professionals adapt their programs to fit new ways of working. While this has been a challenge, it can also be viewed as a positive opportunity for continuous improvement. We look at five key lessons learned from the pandemic for compliance programs.

1. Continue to consider employee health and well-being

Compliance policies, processes, and procedures are important, but employees exercising judgment in an ethical manner is perhaps the most important pillar of an effective compliance program. Stated another way, the collective judgment of a company’s employees represents its culture and is vital to the health of the compliance program.

COVID-19 has strained employees in countless ways—physically, emotionally, and mentally—both inside and outside the office. For this reason, one of the most important lessons of the pandemic wasn’t really a compliance lesson—it was a human one. The best way for companies to help their employees do the right thing during this challenging time came in the form of companies doing the right thing for employees. By providing employees with empathy, understanding, flexibility, and trust during one of the most challenging times of their lives, employees could feel that they were supported by an employer that was involved and caring. When employees feel healthy, well, and supported by a company, they are more likely to exercise ethical judgment and not fall into an “us or them” mentality. This pandemic reminded us that people are at the center of any compliance program and that we, as compliance professionals, need to craft programs for the people, not impose programs on them.

2. Keep flexible real-time risk assessments

In addition to altering the compliance risks faced by many companies, the pandemic also changed how many companies approached risk assessments. Most companies conduct periodic risk assessments, but few have the opportunity—or need—to undergo such activity in real time on a nearly constant basis; by altering every function of a business from manufacturing and shipping to human resources, the pandemic gave companies the chance to do just that. It pressure-tested compliance programs for all companies in one way or another. And for those that haven’t taken time to check in on their post-pandemic risk, it might be time.

Assessment of risk is fundamental to developing and maintaining a strong compliance program and is a factor that regulators will evaluate in assessing a company’s program. From an operational standpoint, risk assessments are fundamental to provide the blueprint to guide employees toward certain standards of conduct and resources toward higher-risk activity.

In the short term, all companies have faced new or increased risks (whether commercial or compliance) during the COVID-19 pandemic. For some, it might have been pressure to deliver numbers during a challenging sales environment. For others, it could have been global supply and logistics challenges. For all, it was fast-moving and unanticipated in its breadth and presented employees with difficult choices on a near-daily basis. For compliance professionals, it provided transparency into the fact that internal risk assessments are happening on a constant basis, and without strong guiding principles and an evolved corporate culture, the results aren’t always pretty.

From a longer-term perspective, the pandemic altered the future trajectory and business objectives for many companies, which has led or will lead to changes in the fundamental risks associated with those new or revised objectives. For this reason, companies should evaluate their external risk assessment timing and determine whether it should be accelerated. While companies cannot prevent all risks, particularly those associated with once-in-a-lifetime events like COVID-19, a post-pandemic risk assessment can provide insights from what has been a pandemic-driven program “stress test” to help strengthen the program for future compliance challenges, whatever the cause.

This document is only available to members. Please log in or become a member.
Become a Member Login


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings