- Customer Success
- Case Studies
- About Us
Compliance at the best of times is often met with sighs and feelings of burden and “we need to do it because we’ve been told to” attitude. In a COVID-19 world, there is an even greater chance of this reaction when we consider there are so many more important things to do and worry about. Yet compliance is one of the most critical functions when it comes to managing and defeating COVID-19.
Compliance means conforming to “rules”. The rules applying to an organisation are referred to as “Compliance Obligations” and consist of two main types:
Rules that an organisation has to comply with being:
We refer to these as “Compliance Requirements”.
Rules that an organisation chooses to comply with, which consist of:
We refer to these as “Compliance Commitments”.
So what are these compliance obligations for?
Fundamentally, compliance obligations are there to ensure human and organisational behaviour stays within the risk appetite of the jurisdictions we operate in (regulatory obligations), within the risk appetite of parties who we are transacting with (legal compliance) and within the risk appetite of the organisation itself (compliance commitments).
It is critical organisations do not drop the compliance ball during this difficult period.
Compliance-based compliance focusses solely on compliance requirements – things we have to comply with. We do the minimum to comply and that’s it. Our focus is meeting the rules.
In the COVID-19 world, we are seeing this based on peoples’ behaviour that follows what latest government rules are put in place. These people are the last ones to have a drink before the bars are shut down. The comply because of the rule, not because of the reason for the rule. This behaviour reflects no concept of why we have compliance requirements. We are having social compliance requirements put upon us in order to manage the infection risk of COVID-19 and to ensure we operate within what is deemed to be society’s (manifested through government views) risk appetite.
Ethics-based compliance focusses on rules that reflect our personal and organisation values where these exceed the compliance requirements. This demonstrates that we fully understand the reason for compliance obligations, for the management of risk within risk appetite.
As a family based in Sydney, Australia, we decided to substantially isolate 8-10 days prior to being ordered to by our government including taking our kids out of school, mainly to ensure we were not part of the infection chain. We were lucky we could work from home and substantially isolate with our children.
This is ethical compliance, based on our own internal rules (that were not that popular with our kids in the initial period!). We have friends who are doing as much as they can for as long as they can based on government rules – this is compliance-based compliance. And then sadly there are those that choose not to comply with the government’s compliance requirements and arrests and fines are the result.
Initially, as did many other governments, the Australian Government gave recommendations for behaviour. This was on the hope that the majority of the Australian public would apply their own “ethical” compliance and “do the right” thing.
Unfortunately, the level of ethical compliance for many was woefully lacking and social distancing was not being respected. This then lead to compliance requirements being imposed with the force of law and threat of fine and imprisonment.
The whole purpose of this is to ensure minimum controls over COVID-19 infection risk are in place and working. Compliance is there to protect us!
We have seen a number of regulators deferring the implementation of new regulatory regimes in response to COVID-19 in order to give relief in these difficult times, something they should be commended for! These are for compliance requirements that are of less importance than the current crisis. We need to change our compliance projects to defer the work for more important matters.
We are seeing a raft of new compliance requirements being imposed almost on a daily basis, primarily around social distancing and isolation. Also, in financial services, we are seeing a range of government-led compliance changes to relieve financial suffering to customers. In the home rental space we are seeing new compliance requirements to protect renters from being evicted.
COVID-19 has increased the risks of non-compliance in many areas. For example:
Here is a checklist of compliance-related matters you need to consider in the current COVID-19 climate:
All of this adds another layer of effort on already stretched compliance resources. Managing compliance and related compliance risks is no easy task and is made harder in the current environment. It is critical organisations do not "drop the ball" during this difficult period as the repercussions will only exacerbate the impact of the current situation.
Don’t take your eye off the compliance ball!
Feel free to speak with us if you need assistance in managing your compliance in this COVID-19 world.
We have scheduled two new live webinars on May 12th, one for APAC and one for UK & Europe, so you can join the session more convenient for you. Save your spot to learn how Protecht.ERM can help you redefine you compliance management.
Author of 'A Short Guide to Operational Risk', David Tattam is an internationally recognised specialist in all facets of risk management, particularly at the enterprise level. His career includes many years working with PwC, as well as two Australian banks. His achievements include the creation of the Middle Office (Risk Management Department) for The Industrial Bank of Japan in Australia and the complete implementation of all Australian operations, systems, procedures and controls for Westdeutsche Landesbank (WestLB).