While the world watches in horror as the invasion of Ukraine continues at a pace, it is up to us in compliance to help our companies and our employees through the innumerable challenges the situation brings from a compliance perspective.
I co-hosted the “This Week in FCPA” podcast with Tom Fox on Thursday. The stories we covered were entirely related to Ukraine from the viewpoint of bribery, corruption, sanctions, and other compliance-related topics.
How to Respond to the Ukrainian Crisis
The experience got me thinking about what compliance officers can do now to respond to the Ukrainian crisis. I’ve put together a checklist of activities…
- Update Your Risk Assessment
- Have Sanctions Counsel on Speed Dial
- Review the Settings on Your Sanctions Screening Software
- Plan for Employees in the Affected States
- Review Insurance Policies for Acts of War Exclusions
- Communicate with Employees Regarding External Communication
- Prepare a Plan for a Customer or Third-Party becoming a Sanctioned Party
Let’s go through how you can use these activities to overcome the challenges that might come up because of the crisis…
Update Your Risk Assessment
Begin by updating your risk assessment to reflect the challenges brought by the war. Review the business to see where you have exposure in Russia, Ukraine, and Belarus with questions like…
- Do you have operations in any of those countries?
- What about employees?
- Parts of your supply chain? Customers?
- What new threats are coming toward the business?
- Which threats are exacerbated?
Re-rank your risks, consider current mitigation and plan for more mitigation where necessary.
Consider presenting the updated risk assessment to senior leadership and/or the Board so they are prepared to act.
Have Sanctions Counsel on Speed Dial
It’s always important to start relationships with law firms and great lawyers before you need them.
If you’ve done that, make sure you stay in close contact with your sanctions counsel. If you haven’t, develop a relationship with a sanctions expert now.
At the very least, call or email law firms to get on their client alert email list so you can be notified of any changes in the sanctioning instruments.
Review the Settings on Your Sanctions Screening Software
Sanctions screening software typically has two settings that can be moved to reflect risk appetite.
- The filter for fuzzy matches. Fuzzy matches can be set so that red flags are only applied if the person or company being screened has the exact same name as the sanctioned person or entity. Fuzzy match settings can also be expanded so that similar but not exact names are also flagged. Consider loosening your setting so that more alerts are generated.
- The cadence at which screened parties are re-screened. Some systems have daily monitoring, but most allow the user to choose the timeframe for when the re-review of previously screened third parties should occur. Check your settings to ensure you’re getting frequent reviews.
Plan for Employees in the Affected States
Work with your leaders to plan for the employees in affected states.
Consider whether your company will be able to lend support, supplies, money, or even removal from the country. Contact organizations that may be able to help and have backup plans for staying in contact.
Review Insurance Policies for Acts of War Exclusions
Many insurance policies, especially those relating to compliance areas such as cybersecurity, have exclusions for times of war or acts of war. It’s helpful to be prepared.
It’s useful to understand the limits of the company’s compliance-related insurance policies and to plan for what to do if the policy doesn’t cover an adverse event.
Communicate with Employees Regarding External Communication
It is likely that at some point your employees will be asked about the involvement of your company with potentially sanctioned parties. Proactively remind employees not to guess at the answers to these types of questions, but instead to refer the questions to the Compliance department.
Remind employees of the social media policies at the company. Tell them not to speak on the record to anyone in the press unless they are designated and approved to speak on behalf of the company.
Prepare a Plan for a Customer or Third-Party becoming a Sanctioned Party
Create a working group to plan for what will happen if a customer or third party becomes a sanctioned party.
Use your updated risk assessment to consider who should be a part of this group. Likely candidates include legal, finance, sales, and communications.
Having a plan, and potentially drafting internal and external communications can be critical in responding to any business disruption caused by a newly sanctioned individual or company.
While we all hope the situation in Ukraine resolves peacefully and quickly, there is a high likelihood of a continuing crisis for some time.
Use this checklist to make sure you’re as prepared as you can be for what’s to come.
For a more in-depth discussion of what compliance officers can do to respond to the crisis in Ukraine, listen to Tom and me on the “This Week in FCPA” podcast, which can be found here.