As Australia looks ahead towards life after coronavirus, in-house teams will have to be aware of the myriad compliance challenges on the horizon.
According to Ashurst partner Rani John, there are a number of compliance hurdles that in-house legal teams will have to overcome if they are to successfully steer their businesses and organisations into a post-pandemic world.
When businesses look to return to the office post-pandemic, it will “fall on in-house legal and compliance teams, working with HR, to establish suitable training and guidelines to ensure the business is compliant with applicable workplace health and safety laws (which in this environment, may change on a weekly or even daily basis),” Ms John said.
“Not only will this require changes to the physical workplace (such as mandating social distancing measures and implementing hygiene control measures), it will also require suitable education and training be rolled out to staff.”
There may also be ongoing effects, she said, from the impact of workforce changes made in the immediate face of the COVID-19 crisis, including but not limited to redundancies, stand-downs and salary reductions, on which the business will need advice.
Privacy and cyber concerns while WFH
As businesses have transitioned to remote working arrangements, Ms John continued, it is very likely employees have taken confidential documents from the office with them.
“It is also likely that employees are increasingly relying on personal devices to conduct their work, potentially resulting in sensitive communications being stored on personal devices without suitable cyber security firewalls,” she said.
“Given that ‘business as usual’ remains some time away yet, and even a transition to that state will likely see a number of staff continuing to work from home, in-house teams should act now to ensure suitable data privacy systems and protections are in place to protect confidential documents and communications in this remote working environment.
“Further, company policies that specifically address the risks of remote working (if not already in existence) should be prepared. In-house lawyers could also look to run online workshops to educate employees on cyber security risks in the remote working environment.”
Finally, as businesses return to the office, “there should be a concerted effort made to ensure employees bring all physical documents and files back to the office with them”, Ms John added.
A transition to business as usual presents an opportunity, Ms Rani explained, for boards and senior management to reflect on “lessons learned” from the COVID-19 crisis, “and to assess whether existing risk frameworks, crisis management and business continuity plans, and company policies generally, are fit for purpose”.
“In-house teams have a key role to play in conducting such assessments and updating frameworks and policies appropriately,” she posited.
Shifting regulatory priorities
In the immediate face of the COVID-19 health crisis, Ms John continued, “We saw regulators recalibrate enforcement priorities and temporarily relax certain regulatory requirements (for example, permitting competitor collaboration in certain circumstances)”.
“With the transition to business as usual, in-house teams should be on the lookout for corresponding shifts in regulatory approaches, as well as keeping closely informed on evolving government measures and directives related directly to management of the COVID-19 crisis,” she said.
Heightened bribery risks
Ms John said anti-bribery and corruption policies are likely to have been tested in the time of the pandemic.
“The changes brought about by the pandemic significantly increase a company’s exposure to bribery and anti-corruption risks. For example, as the pandemic has changed the face of businesses across the globe, many companies with global operations may find themselves ‘operational’ in one jurisdiction, but ‘shut out’ or non-essential in another, and facing extreme economic challenges,” she said.
“Coupled with that is the significant disruption to supply chains, which may have led to previously vetted suppliers being unable to perform their obligations, or urgency in securing supply being perceived to trump ordinary due diligence [is] applied to third-party suppliers.
“In this environment, there is a heightened risk that employees will skip the processes usually used to manage bribery and corruption risk, or even engage in such conduct themselves (for example, ‘convincing’ an official in a foreign jurisdiction that their business is ‘essential’).
“Reinforcing anti-bribery and corruption awareness and training, and providing practical guidance to manage situations of heightened corruption risk, will be key.”
Navigating the issues
Addressing these new challenges may be difficult, Ms John mused, given that many businesses will be looking to cut costs, “potentially making a focus on additional compliance initiatives a hard sell”.
“These issues can be managed in a combination of ways. The most fruitful is likely to be aligning the need for these compliance measures with the adaptations being made by the business generally to transition to a post-lockdown world (focusing on immediate concerns for key business functions and inputs, such as worker safety, supply chain issues and the like), as well as capturing the benefit of lessons learned from the COVID-19 crisis,” she advised.
“Shifting priorities away from initiatives which have lost primacy due to the pandemic, and leveraging existing relationships with external law firms can also assist.”
Further to this, there will be a “range of ways” in which external law firms can assist in-house teams to deal with these issues, Ms John suggested.
This can include “identification of or brainstorming priority areas and topics on which to focus compliance efforts; advice on targeted issues and topics (from workplace safety issues, to revised regulatory requirements, to review of company policies); and training in relation to new legal and compliance issues brought to the forefront by COVID-19,” she said.
Moreover, there will be inherent opportunities for in-house teams who are able to stay on top of such compliance issues in this time, Ms John noted.
“To the extent a business establishes robust and effective policies and guidelines for post-pandemic ‘worker safety’, it is likely to speed up the firm’s return to ‘business as usual’,” she said.
“Businesses which are able to establish robust and effective policies to address remote working arrangements will not only limit potential risks in the immediate term, but also stand to be rewarded in the medium to long-term.
There are a number of reports suggesting that following COVID-19 working from home will become the 'new normal'. Businesses can prepare themselves for this new world of work by ensuring they have policies, procedures and security mechanisms which make remote working safe and viable, Ms John continued.
“There is [also] an opportunity for in-house teams to work closely with the board and management to help them use lessons learned from the pandemic to shape the company’s risk and governance frameworks and compliance policies as well as the future direction of the business.”