Compliance in times of COVID-19

Diego Abeo Sabogal, director of penal law and compliance at Estudio Olaechea in Lima, identifies and analyses the principal risks created by the COVID-19 pandemic, and the measures companies should adopt to prevent and/or mitigate them.

Diego AbeoThe global crisis created by the COVID-19 pandemic has caused a severe impact on businesses and especially on the state, from a labour, fiscal and economic points of view, and amid this uncertain scenario it is essential that we keep in mind risk prevention systems and compliance programs.

Although business activity has decreased considerably, this does not imply the absence or reduction of risk in questions of compliance. On the contrary, the implementation of remoteworking and the on-going supply of goods and services considerably increases the existence of both criminal and non-criminal risks, making it necessary to strengthen a company’s internal policies and procedures.

Peru is currently acquiring infection-prevention equipment, such as face masks, and personal protective equipment for medical personnel, but, regrettably, such acquisitions have not been free of irregularities, with products in some cases overvalued, or collusion between employees and public officials to obtain illicit benefits.

A number of irregularities have also been observed in the procurement and distribution of foodstuffs to the most vulnerable communities in the country. Such procurement and distribution was carried out by local authorities with the authorization of the state through an emergency decree (No. 033-2020), however, taking advantage of the emergency and in order to obtain economic benefits, local authorities purchased foodstuffs without using the full amount of money provided by the government, and some even affirmed that food had been distributed when deliveries had not been carried out.

A risk of corruption also exists in the budget transfers to the Ministry of Environment, authorised by the Ministry of Economy to acquire goods and services to meet the needs of people travelling from Lima to other regions of the country. The direct contracting for the acquisition of products had a very low level of control.

Another situation that has been occurring during the current health emergency are acts of bribery, with payoffs to the police by citizens seeking to violate the lockdown.

Greater risk is also to be expected in remote financial operations and online purchases of goods and services, which may be seized to commit fraud or cybercrimes.

Given the current high rate of unemployment, former employees with valuable company information could try to sell it, for example. There also are criminal risks in the area of health and safety at work. Companies that fail to comply with the health measures imposed, or whose employees become infected with COVID-19 as a result of their failure to comply with the lockdown requirements could be subject to a criminal investigation as a liable third party.

There are already investigations under way by the National Prosecutor’s Office and the Labour Authority (SUNAFIL) into companies that are operating without permission, and company directors can be implicated in the crime of violation of health measures regulated in Article 292 of the Criminal Code.

There exists a clear need for companies to review the controls they have implemented and redefine them by applying due diligence in risk prevention to avoid incurring in actions that could affect them from a criminal, economic, operational and reputational point of view.

How can companies prevent/mitigate the risks in times of a pandemic?

• Review financial controls (for example: Invoices should reflect actual service or purchase, increase review of payment approval, etc.) and non-financial controls implemented by businesses, and adapt them to current needs

• Modify the “know your supplier” and “know your customer” policies to adjust them to the current needs

• Review policies for dealing with public officials • Allow the compliance officer remote access to information and maintain constant communication between the compliance officer and the company’s senior management

• Establish anticorruption and anti-money laundering clauses in contracts with public and private entities

• Establish information protection mechanisms and toughen internal sanctions in the event of improper use of company data

• Implement policies that regulate conflict of interest • Provide online training to all the company employees on the prevention of corruption and money laundering

Encourage the use of reporting procedures, noting that despite the health emergency, complaints will be investigated

• Inform the company’s employees and suppliers about the health prevention measures that have been implemented, ensuring documentary evidence of these measures through confirmation by e-mail or other mechanisms

• Define (if applicable) an organisational structure that develops the functions and responsibilities in each area of the company.