The coming weeks and months will be incredibly challenging for all as COVID-19 does not respect national boundaries, races, religions or another other construct people have created to differentiate themselves from each other. The same will be true for businesses of all stripes across the globe. This week, I have focused my writings on some of the things a Chief Compliance Officer (CCO) or compliance practitioner can do right now, in the midst of this crisis, and what we might need to consider as we prepare to come out of the crisis, hopefully in the weeks and months ahead. I have also started a podcast Compliance and Coronavirus, which is designed to bring some much-needed clarity and sanity to the compliance practitioner. Today, I want to provide some final thoughts for the compliance professional from what I have learned in researching and writing this week.

Time Horizons

In an upcoming podcast on Compliance and Coronavirus, I visit with Tricia Cornell, Principal and Head of Creative Services at ReThink Compliance. One of the things which she said was that you have to reconsider and indeed rethink your time horizons. While right now, you may be in pure survival mode and cannot think past one week, you also need to consider how you will operationalize compliance in the next 30 and 60 days. This concept was echoed by Jeffrey Hazylett, founder of C-Suite Networks, who said you should focus on the next 60 days and getting through that time frame.

What are some of the things you can do? Keep your customers in focus. For compliance professionals this means your employees. What can you do to not simply assist the business operations but help make your business processes even more efficient during this time so that the company will come out of it stronger and even more profitable? Keep your compliance team focused. For the next two or three weeks check in with your team daily to find out what they are working on and what they have accomplished. Rethink your compliance training library for the risks you are facing right now.

Internal Controls

Who is watching your internal controls? Jonathan Marks, writing in his blog Board and Fraud in a piece entitled Fraud, Compliance & Integrity Risk During a Crisis and a Downturn, cautioned “A crisis situation can and often does increase the pressure on senior management and of course salespeople to meet their sales targets! Deviant behavior, like overriding or circumventing controls “just one time”, is easily justified.  So it should go without saying that companies and their boards need to recalibrate and in most cases increase their oversight today and subsequent to the crisis until things stabilize.”

This time of health crisis and economic downturn could certainly add to the pressure prong of the Fraud Triangle. This is a foreseeable risk that you should incorporate into your risk profile. But compliance and financial controls need human oversight. Do not assume that SAP, Oracle or any other ERP system your company may employ will give you auto notices that someone has evaded, over-ridden or simply circumvented your controls. Be ever vigilant.

Vince Walden, Managing Director at Alverez and Marsal Holdings, LLC, says to look more closely at your “payment stream, post contract.” Now could be a very good time to monitor your outgoing payments after a contract is signed. I often say the most critical step in the five-step lifecycle of third-party relationships is managing the relationship after the contract is signed. Now expand that concept into corporate financial outgoings in a large international contract and all expenses that are charged to it. With several Foreign Corrupt Practices Act (FCPA) enforcement actions involving customers in on the bribery scheme, now might be a very propitious time to review those streams.

Corruption Enforcement Never Sleeps

In a FCPA Blog post, Kevin Abikoff and Mike Huneke said, “There is no COVID-19 Defense to Corruption”. That is such a powerful statement they titled their piece with it. Just as fraud never sleeps, enforcement will not either and two, three or four years down the road when you find out your internal controls were over-ridden or circumvented and you will remind the regulators that this was during the height of the coronavirus health crisis, it will not matter one iota. They stated, “As with many things relating to compliance, the real audience is always a hypothetical, and likely hostile, regulator who—many years in the future—is asking your company about a prior relationship while under an assumption that the relationship allowed illegal conduct to occur. In these circumstances, the current pandemic that is so affecting our lives and our way of working will be either entirely forgotten, or at best, severely under-appreciated.”

I hope you have found this series helpful. For the next couple of months, I hope you will check out my latest podcast series Compliance and Coronavirus, available on a wide variety of sites including The Compliance Podcast Network and iTunes. It will post three days per week, each Tuesday, Wednesday and Thursday at 9 AM CST. It will bring you some of the best thought leadership and practical tips for navigating what Mike Cherkasky, Executive Chairman and Head of Exiger Government Services, told me was perhaps the greatest health and economic crisis since World War II.

 This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at


© Thomas R. Fox, 2020