The coronavirus plague is ushering in a host of new compliance vulnerabilities. Workplaces are going virtual, strict quarantine measures are being imposed, and business closures have been mandated. Organizations are responding with a dizzying array of process and policy changes.
Companies that operated without well-defined controls are scrambling to keep up with constantly evolving recommendations and requirements. Even those with extensive crisis plans are being pushed to the limit given the magnitude of the current situation. As compliance teams look for a path forward, sustainability and financial resilience will be top priorities.
Here are 8 key areas that compliance teams should focus on now:
- Keep up with regulatory status. While numerous regulations have been informally relaxed, little concrete guidance has been officially issued. In short, don’t assume you’ll get a free pass just because regulatory agencies are experiencing their own hurdles in adjusting to this new environment. Compliance mandates still exist, and companies still need to conduct business accordingly.
- Be mindful of geographic inconsistencies. Companies must cope with coronavirus-related requirements at the federal and state levels, as well as regional and local levels. With no coordinated national response, what is deemed an essential business in one place, may not be in another – even within the same state.
- Define new work rules. If your organization didn’t have a work-from-home policy before, you probably have one now. According to a recent Gartner poll, 88% of organizations have encouraged or required employees to work from home due to coronavirus. Employers everywhere are hurrying to replace arbitrary, discretionary practices with companywide, objective WFH policies that specify what jobs can be done remotely, under what conditions, and what the expectations are.
- Tighten cybersecurity. With droves of employees now working from home, it’s more important than ever to have strict guidelines and controls to ensure equipment and work-related documents are protected. While most people are using their secure home Wi-Fi networks, many companies are adding security protocols like multifactor identification for newly installed collaboration platforms and other WFH tools – which is especially critical if employees are using their own personal devices for work tasks. This guide from NIST provides considerations and recommendations for securing remote access.
- Map the spread of COVID-19. Track the real-time migration of the coronavirus in relation to your business assets so you can identify emerging high-risk locations and direct additional resources and support to alleviate pressure points.
- Understand any provisional regulations. With the deployment of the Defense Protection Act, along with voluntary efforts to pivot business models to produce hand sanitizer, ventilators, PPE, and other products critical to fighting COVID-19, unfamiliar regulations could come into play. Does the current crisis offer protection against product liability, for instance? What about patent infringement?
- Reexamine paid leave policies. Numerous new and updated regulations around paid sick and family leaves have been enacted in recent weeks in a push to get sick employees to stay home. The Families First Coronavirus Response Act mandates certain employers provide paid sick leave or expanded family and medical leave for reasons related to the coronavirus through year end. Guidance also has been issued around the coronavirus and FMLA.
- Prioritize safety. Essential businesses with physical locations that remain open during the crisis need to be extra vigilant about complying with health and safety rules. While there are no new legal regulations per se, OSHA has issued a host of recommendations regarding social distancing, environmental cleaning, and so forth aimed at preventing the spread of the virus in the workplace. Federal and state agencies are reporting a huge influx of workplace safety complaints. Organizations are urged to create exposure-related control plans, as COVID-19 is considered a recordable illness by OSHA.
Companies will likely face continuing compliance challenges as the situation evolves. Some compliance teams may become consumed with new work like navigating government bailout offers or the temporary Families First Coronavirus Response Act. And other controls may be needed if temporary measures, such as the work-from-home experiment, lead to lasting change in the way we work.