Whatever your business looked like as you saw in the New Year, it will now look very different. Our workplaces, practices and ethos have changed and many of those changes are here to stay. With so much going on it’s easy to overlook the basics, but if ever there was a moment to reassess and manage the risks to your business, this is it.
Why does it matter?
Anti-bribery measures aren’t flexible and there is unlikely to be any dispensation for a business which has (however understandably) been pre-occupied in making it through this pandemic. On the contrary, organisations such as Transparency International UK warn against increased risks of fraud and bribery at this time, as indeed does the Serious Fraud Office (which remains very much open for business).
Where do I start?
Step one must to be get a good grasp on what has changed. There will be obvious changes, eg new products or services, changes to supply chains, an increased online presence etc. There are also changes to the workforce with more remote working or employees subject to furlough, pay freezes etc. Other changes, such as employee attitudes and behaviour and changing market pressures, are there but are perhaps harder to map.
What impact might these changes have on risk management?
Every change to your organisation, whether to structure, workforce, supply chain, customer base, or working practices etc, will impact on the nature and extent of the risks your organisation faces. Whether as a consequence of one significant change or a number of smaller ones, your organisation’s risk profile will be altered, and possibly overnight.
What do I need to do?
Even the most “risk-robust” business would be well advised to review its existing provisions against the new landscape. For instance, corporate hospitality may (at least for now) decline, but with more emphasis on conducting business remotely, you might worry about losing visibility on how contracts are being secured and negotiated. Add to that a myriad of businesses competing for survival, or an employee who sees their commission payments plummet, and a new dimension of risk is added.
You may not want to undertake a wholesale review of your policies and procedures at this point but, at the very least, it is worth ensuring that:
- Existing policies (which may include expenses, gifts, conflicts of interest, due diligence, whistleblowing etc) are circulated
- Critical elements of your IT systems, such as invoice and commission approvals, stock records and due diligence processes are locked down
- Processes for payments, due diligence checks or contract signatures aren’t flouted, even where there might be logistical issues in obtaining paperwork
- Proper steps are taken to verify documents (eg invoices, due diligence documents) received electronically, even if only by telephone or Facetime/Skype
- Existing practices for “spot checks” or audits on financial transactions are maintained even where time or access is limited
- Line managers monitor for “red flags” such as employees talking of financial pressures or individuals keenly guarding existing relationships
- Any commission payments are monitored for spikes in performance which buck the trend.
If your organisation has historically monitored its risk effectively, this isn’t about doing something altogether new. You may already be making changes to how your organisation runs its day to day business in the long term, but it is vital to ensure your risk management processes remain fit for purpose. In many respects the pandemic has created a perfect storm for those out to secure an advantage. The repercussions of that are likely to be felt for a long time to come and the risks that brings must be recognised.
This article does not constitute legal advice. Specific legal advice should be taken before acting on any of the issues covered.