Within the space of weeks Australian businesses found themselves in unchartered territory with borders closed, mandatory quarantining, social distancing measures and large numbers of the workforce working from home. COVID-19 has forced organisations to work differently and placed them under significant financial stress. Crisis management has dominated.
For some, COVID-19 presents an opportunity to develop new products such as new vaccines and treatments for coronavirus. However, for most, the current restrictions mean cutting costs and limited opportunities to develop new business – they are under pressure simply to remain viable. How businesses respond to the pressure to meet targets in the short term, and then make up for lost time as we move through the crisis, stabilisation and recovery phases, will inevitably change the non-financial risk profile for organisations.
Whether a business is trying to survive or racing to meet a demand for new products, cutting corners or bending the rules may seem appealing. But legal obligations regulating consumer protection, safety and environmental protection and prohibiting unlawful commercial and/or trading activity do not cease to apply where businesses face extreme operating difficulties.
And social distancing measures, especially employees working in isolation, will inevitably present challenges to fostering a compliance culture and place a strain on existing (pre-COVID-19) internal controls.
Notwithstanding the current challenges, the impact of decisions and actions taken now and into the future will be scrutinised by stakeholders such as investors, regulators and customers. When assessed with the benefit of hindsight, reliance on a ‘COVID-19 defence’ to justify actions that fall short of regulatory requirements and community expectations will inevitably lead to material financial, legal and reputational consequences for these organisations. ASIC’s Corporate Governance Taskforce Report made clear that it expects corporate Australia to review its governance of operational, compliance and conduct (non-financial) risks.
While ASIC’s regulatory focus has temporarily shifted to challenges created by the COVID-19 pandemic, it will also prioritise matters where there is a significant risk of consumer harm, serious breaches of the law, risks to market integrity and time-critical matters. Clearly, businesses must maintain focus on non-financial risk across a range of areas, including human capital, OH&S, products, governance and supply chains and adapt their risk management to the changed risk profile in this new operating environment.
These suggested actions may assist organisations avoid future problems:
1. Identify whether strategic objectives have changed in response to the crisis. If so, has the businesses risk appetite across key areas such as credit risk, employee safety or suppliers changed or been negatively impacted? Organisations should revisit their risk assessments to identify changed or new operational, compliance and conduct risks and management must then be given clear parameters within which to operate.
2. Ensure messaging from senior management about responding to intense short-term business pressures also reinforces business values and its code of conduct (i.e. these values should not be sacrificed for short-term gain) so as to safeguard the organisation’s reputation, product quality and safety, protect employees and supply chain workers and consumers. In other words, ensure messaging does not inadvertently incentivise or condone the wrong behaviours.
3. Use zero tolerance messaging to reinforce a prohibition on illegal or risky conduct or conduct that is inconsistent with business values and the code of conduct.
4. Reinforce key compliance policies through targeted and regular communications to employee groups who may potentially expose the organisation to increased compliance or conduct risks, for example, sales and business development teams.
5. Consider revising internal policies for approving payments or transactions and the use of some third parties by lowering approval thresholds or revisiting how you identify activities or places that expose the organisation to corruption risk or modern slavery risk.
6. Compliance is a key contributor to a resilient organisation and a strong compliance culture will ultimately safeguard the organisation’s long-term viability. When conduct and compliance risks are elevated it is appropriate to focus on internal whistleblowing mechanisms and sophisticated trend analysis of misconduct reports and investigation outcomes.
As organisations shift from crisis management into stabilisation, they will begin to identify longer lasting changes to operating environments. Changes to supply and demand patterns may increase existing risks or present new risks. Investors in particular will want to see how businesses will identify and mitigate risks, take advantage of opportunities and preserve value.
A proactive and transparent approach to communicating these strategies to key stakeholders, including investors, regulators, customers and suppliers, will inevitably build confidence.
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.