The COVID-19 pandemic has ensured that working from home is here to stay across the APAC region. However, this has also led to an increase in risk for white-collar crime, and lawyers say that companies need to be extra vigilant when it comes to compliance, and intensify their due diligence and training accordingly.
Flexible working was becoming a trend in the Asia-Pacific region even before the pandemic struck, and COVID-19 has ensured that it’s here to stay: A survey by interior designer M Moser & Associates in November last year found that more than half of respondent companies were “most likely” to adopt flexible working arrangements beyond the pandemic. At the same time, the slowing economic growth has resulted in the potential of white-collar crime spiking, with companies at risk of losing hundreds of thousands, if not millions of dollars.
The combination of these two trends means that business need to be hyper-vigilant about compliance going forward. Donna Wacker, a Hong Kong-based partner at Clifford Chance, says that “unfortunately the COVID situation is conducive to the commission of certain types of white-collar crime. “First there is fraud and corruption, especially in the healthcare sector,” she notes. “For example, the Council of Europe’s Group of States against Corruption published guidelines in April 2020 to its member states on the increased corruption risks, and echoed the OECD's views on the heightened risks in light of the surges in demand for medical supplies and the simplification of procurement rules. There have also been reports of abuses of governmental support packages across the world.”
Second, she highlights market abuse. “The pandemic has led to unprecedented market volatility and drastic economic events,” says Wacker. “Market disruptions mean that material non-public information (MNPI) ‘may hold even greater value than under normal circumstances’ and that ‘greater number of people may have access to MNPI than in less challenging times,’ as an SEC statement put it. The situation is exacerbated by remote working, which sees family members and others sharing workspace with people who may have access to MNPI. Not every company has put in place sufficient controls around the WFH arrangements.”
Like most companies, Wacker notes. the enforcement agencies have also been impacted and have been working remotely. “As such, we have seen a slowdown in some aspects of white-collar crime investigations, in particular at the early stage of the pandemic. That may have contributed to some delay in the detection of white-collar crime,” she says.
CYBER, SUPPLY CHAIN RISKS
Mini vandePol, Asia-Pacific head of Baker McKenzie’s compliance and investigations group, says that her firm has observed some increases in certain types of white-collar crime. “For example, we have seen increased instances of cyber-fraud against both companies and employees. The occurrence of cyber-fraud was already on the rise before the pandemic, but it seems to have increased significantly in the past year. There are a number of factors that contribute to this spike, including less oversight by management or finance team; varying degrees of internet security lapses, again due to the increase in remote working; and more interaction by email instead of face-to-face or by phone, leading to the increased ability for fraudsters to impersonate company leaders such as the CEO or CFO and other employees.”
vandePol says that instances of supply chain fraud and corruption have also increased, particularly in the APAC region and in certain industries where companies rely on parts or products manufactured internationally. “There are a number of factors which contributed to this spike, including tightening and greater complexity of import and export controls; companies having to shift their supply chains to alternative locations and suppliers less affected by the pandemic; and increase in requests for additional fees or – even bribes/kickbacks – to get product cross-border or obtain the necessary licenses.”
She adds that the firm also expects to see more instances of falsified books and records across the region, as employees and teams struggled to meet sales targets and investor expectations. “However, these issues have a lag time and as a result we have not seen a significant increase in this type of conduct as yet. Of course, reduced budgets and cost control may also ameliorate this avenue for misconduct,” says vandePol.
WHAT COMPANIES CAN DO
Lawyers feel that there is a critical role that companies, and their in-house counsel, can take in this scenario to mitigate risks. Wacker at Clifford Chance lists four key steps. “First, provide extra training to employees on new compliance risks arising from COVID,” she says. “Second, provide support for employees to create a suitable WFH environment – such as proper communication hardware to avoid information leakage, additional IT equipment to minimise the use of personal devices. Third, adopt and use technology in continuous monitoring to ensure adherence to policies and standards. And finally, ensure accessible reporting channels are in place, so that instances of suspected misconduct can be detected and escalated.”
vandePol at Baker McKenzie believes that companies need to make sure that their existing compliance policies and procedures address the "new normal" framework in which their employees are operating. “This includes not only reviewing and refreshing their policies, but making sure they are actively maintaining their existing program,” she notes.
There are five key areas that vandePol feels companies can focus on. The first is communication. “Communicate to all employees and third parties that compliance continues to be a key priority for the business,” she says. “To add weight, this message should come from middle/senior management directly. This communication should include the particular compliance challenges associated with the pandemic and how to deal with these challenges; the company’s continued commitment to a culture of ethics and compliance and that it has zero tolerance for any misconduct no matter the circumstances; and the importance of abiding by the company’s strict accounting controls and that long-term business sustainability and risk management take precedence over short-term profitability.”
“Continue to exercise oversight over all employees and third parties and monitor adherence to the relevant compliance policies, standards and controls,” says vandePol. “Compliance personnel should be responsible for this oversight, in close coordination with internal audit, finance, and other business functions.”
—Mini vandePol, Baker McKenzie
Then, there is oversight and monitoring. “Continue to exercise oversight over all employees and third parties and monitor adherence to the relevant compliance policies, standards and controls,” says vandePol. “Compliance personnel should be responsible for this oversight, in close coordination with internal audit, finance, and other business functions. Due to the travel restrictions in place, it is more important than ever to ensure that accessible and effective whistle-blowing hotlines are in place to encourage employees and third parties to report any knowledge or suspicion of misconduct to regional or global compliance functions.”
The third area is technology. “Make use of technological alternatives, such as video conferencing and e-discovery/review software, to quickly and proactively respond to any compliance issues identified,” says vandePol. “It is particularly important for companies that have recently opened a new investigation or are conducting an ongoing investigation to avoid delays which can allow compliance breaches to worsen and give perpetrators time to destroy evidence.”
Then, companies need to focus on government announcements and rules. “Closely follow-up on the latest legislative developments and new rules issued by local authorities related to the COVID-19 outbreak,” she says. “Compliance personnel should be proactive in alerting business units of regulatory requirements including their application to targeted subsidiaries, resumption of work, employment establishment, employee termination and work condition protection.”
Finally, it’s important to focus on supply chain and third parties. “If the company has or is looking to relocate its supply chain, it should try to use previously vetted and trusted suppliers that can meet production and sourcing needs,” says vandePol. “If this is not possible, companies should always ensure that procurement processes are followed. and diligence is conducted on any new third parties before they are engaged. As it may be cost- and time-prohibitive to run comprehensive background checks, companies should take a risk-based approach and allocate resources to this task depending on the specific risks faced. For example, priority should be given to conducting diligence on a third party who frequently interacts with government entities and officials, on a supplier who is subject to additional customs and import/export regulations, or on a supplier based in a country in which slave or child labour are common. After these checks are completed, companies should incorporate corresponding compliance covenants into the relevant contracts, require the third party to sign a standalone compliance certification form and implement periodic monitoring processes.”
To contact the editorial team, please email ALBEditor@thomsonreuters.com.