knowledge 22 May 2020 |

COVID-19: Safe Returns for Compliant Business

Here, we look at actions which stakeholders across all sectors can take to provide assurance of compliance with COVID-19 related regulation and requirements and, ensure that any non-compliance is identified and rectified promptly, with associated risks effectively managed.       

Compliance Framework

Companies should review and adapt current compliance frameworks to allow for the impact of COVID-19 related regulation and requirements and ensure that composition, reporting, positioning and resourcing of those frameworks are appropriate. Industry groups such as the Construction Industry Federation and the Royal Institute of Architects have published detailed construction-specific guidance available here and here to help employers to develop and implement safe work practices and compliance frameworks.

The Government, in conjunction with the Health and Safety Authority and the HSE, has published a Return to Work Safely Protocol (the “Protocol”) here advising on clear steps for an employer to take, both before a workplace reopens and while it continues to operate.

Although the extent of the changes required more generally will depend upon the scale and the nature of the business, COVID-19 related regulation and requirements on which most businesses will need to focus will include health and safety, privacy and data protection. Further details of requirements applicable to all businesses are available here and here.

Compliance Function

An effective compliance programme can help ensure that the business complies and manages any risk associated with COVID-19 related regulation and requirements. Further, as a control and advisory function, compliance is a vital part of the risk management framework of a business and generally works in tandem with other oversight and governance functions. An existing member of the business’s compliance function could therefore be well positioned to monitor compliance risk and the controls required to ensure compliance with COVID-19 related regulation and requirements.

Sectoral guidance for construction already advises the appointment of one or more COVID-19 compliance officers on-site. One of the key obligations on employers under the Protocol is to appoint a worker representative and the representative(s) must ensure that COVID-19 measures are strictly adhered to in their place of work. Each representative must receive training and be provided with a framework to assist them in carrying out their functions. Employers should also communicate with safety representatives selected or appointed under existing health and safety legislation and consult with workers on safety measures to be implemented.

The benefit of having a COVID-19 compliance officer and appointing that officer from within the compliance function is clear. An existing compliance officer is likely to be in a position to:

• ensure that the business has correct policies and procedures in place so that the business can operate in a compliant manner;

• evaluate existing compliance programmes across areas such as health and safety and privacy in light of the COVID-19 related regulation and requirements;

• proactively identify and access upcoming COVID-19 related regulation and requirements; and

• update and deliver compliance and risk reports to management on a regular basis.   

Interaction with Regulatory Authorities

An existing compliance officer within the organisation should also have the advantage of:

•  understanding the business;

• a detailed knowledge of the existing regulation (for example, in areas of health and safety or data protection);

• already having an insight into the relevant regulator / authority’s expectations;

• a relationship of trust with a relevant regulator / authority so that, for example, a co-operative approach could be taken to regulatory visits thus avoiding an overly obtrusive supervision processes and avoidable enforcement action; and

• an existing relationship with other components of the governance and oversight functions of the organisation including the board, the audit committee, management and internal audit.   

Compliance Programme

A compliance programme is a key component of the framework for legal risk management and will require drafting and / or review in the context of COVID-19 related regulation and requirements as the essence of a compliance programme is “a set of mechanisms designed to ensure that a business is conducted within the law”. Many companies already have compliance programmes in relation to matters such as environmental law, health and safety regulations, competition law and legislation which is specific to their particular industries but these will need to be reviewed and kept under review as COVID-19 related regulation and requirements develop and change.  

The programme should set out the company’s planned activities such as the implementation of and review of specific policies and procedures, legal risk assessment and management compliance testing and educating staff on legal and compliance matters to include COVID-19 related regulation and requirements. Adapting the compliance programme in this way is an effective and beneficial mechanism for ensuring that risks associated with non-compliance are effectively minimised. The personal liability of senior management for legal non-compliance is a significant consideration, particularly in the areas of health and safety, data protection and privacy so that it is imperative that they take ultimate responsibility for risk management, including legal risk.

Formulation

An essential step in the formulation of the updated compliance programme is to have the exercise approved at the highest management level in the company. This is needed to secure the necessary focus and resources. Obtaining the informed support of senior management may necessitate detailed explanations of the possible impact of the COVID-19 related requirements and regulation on the business.  

To be effective, the compliance programme must be tailored to the specific needs of the particular business concerned and implemented. Thereafter, monitoring and maintenance of the programme is required to ensure it remains up to date with developments in COVID-19 related regulation and requirements and remains effective as these evolve.

Implementation

The format of the compliance programme and how that will change to include COVID-19 related restrictions and regulation will vary from company to company. In most cases, it will involve the circulation of written guidelines and instructions to relevant personnel, often supplemented by presentations and discussions, which can be conducted remotely for as long as is necessary. The essential requirement is that the revised compliance policy is communicated effectively to the relevant personnel. Provided it is done safely, the means of communication is of less importance.

Training

It is essential that any COVID-19 related changes to the company’s compliance programme should be explained to the relevant personnel and in the current circumstances this should be done by remote technological means. The size of the company will determine, to a large extent, the format for such a presentation. In a small company, it may be appropriate for the relevant personnel to attend an online external seminar and have this supplemented by a remote meeting with the company’s external lawyers. In the case of a large company, it may be important to involve a wide range of executives and to ensure that they fully understand the company’s policy in relation to the COVID-19 related requirements and regulation. Discussion of situations that employees will have to face on a day-to-day basis should be encouraged and certain likely scenarios anticipated.   

Importance of a Compliance Programme

A compliance programme encompassing COVID-19 guidance and requirements greatly reduces the risk of infringements occurring through inadvertence or negligence, and thus helps to avoid the risk to the health and safety of employees and stakeholders such as customers and suppliers as well as the costs and disruption which would otherwise occur both as a result of infringements but also of not keeping COVID-19 at bay. It also helps to ensure an understanding of the importance of these legal and regulatory requirements throughout the business and thereby cultivates attitudes and behaviour which are likely to render the business more compliant and safer and therefore more sustainable or profitable on a long-term basis.

Conclusion

An effective compliance programme incorporating the COVID-19 related requirements and regulation, tailored to the specific needs of a particular business, is necessary to avoid having a reactive approach to problems as they arise. It enables management to take decisions regarding the company’s commercial objectives and behaviour, confident that these conform to relevant legal and regulatory requirements to include COVID-19 related regulation and requirements and are therefore unlikely to be challenged either by relevant authorities or third parties and importantly, minimise the risk of COVID-19 to employees and stakeholders.