Assessing Risk to Bolster Compliance: Key Questions to Ask

3 minute read | January.23.2023

An effective compliance program evolves with risk, and changes in the market are an important part of assessing risk. Given the unprecedented, rapid changes in the business landscape – internal and external – companies should assess their risk profiles and compliance programs often. Here are key questions to ask when doing that in light of these recent, rapid changes:

Layoffs and/or Attrition

Has the company reduced its workforce or lost significant numbers of employees to attrition?
Have losses affected gatekeeper functions like compliance, legal, finance and HR?
Have you lost gatekeepers in markets with outsized compliance risk?
- Changes to internal teams and organization can affect a program’s operations and effectiveness. Having the right gatekeepers in place – and empowering them – is a key part of a successful compliance program.

Staffing & Operations

Has your workforce changed from the previous staffing model? For example, have any business functions moved to remote work?
If so, does this affect gatekeepers’ “eyes on the ground” in risky markets?

ERPs and Other Systems

How automated are your financial controls?
How much visibility do gatekeepers have to ongoing financial transactions, particularly if gatekeepers sit outside a risky market?

Products & Development

Has your approach changed to product development? To the product pipeline?
Have you released new products?
Have you accounted for regulatory requirements associated with new products?

Customer and User Interactions

Do you interact with customers in a new way?
If so, do you use new tools or systems? Have you assessed the regulatory risks this presents?

Markets

Has the company entered or exited markets? Where? What’s the risk profile?

Geopolitical Risk

How has the company accounted for geopolitical risk?
Does the company have a presence in Russia or Ukraine? Did it?

Vendors & Suppliers

Has the company onboarded new vendors and suppliers to address supply chain challenges?
Did those vendors complete and pass compliance due diligence?
Were vendors high-risk? Have they been audited?

Partners & Ventures

Have you entered new partnerships, launched ventures, started a subsidiary or organized a new entity?
Has compliance or audit followed up to assess whether compliance integration has been successful?

Regulatory Changes

Have regulatory changes affected your operations?

Enforcement Actions

Have authorities investigated or taken enforcement actions against your competitors or industry or in the places you operate?
Has the company considered any lessons from investigations or enforcement actions? For example, authorities have increased their focus on investigations related to COVID-19 relief programs.

Once you go through the risk assessment process, compare the answers to existing compliance controls and evaluate whether to add or enhance any controls.

Asking and answering these questions, and adjusting, when necessary, is important to build an effective compliance program in a world of frequent change.

Authors

David Rhinesmith Partner, Government Investigations and Enforcement Actions, False Claims Act

Washington, D.C.

See my bio

Practice:

Government Investigations and Enforcement Actions
False Claims Act
White Collar, Investigations, Securities Litigation & Compliance
White Collar Criminal Defense
FCPA & Anti–Corruption
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

David Rhinesmith Partner

Washington, D.C.

David has represented clients in matters involving state and federal false claims acts, the Anti-Kickback Statute, federal securities laws, the Foreign Corrupt Practices Act (FCPA), anti-money laundering laws, and the Food, Drug, & Cosmetic Act. He has played a lead role in high-stakes federal investigations, complex civil cases, and criminal matters. His litigation experience includes oral argument before the First Circuit, briefing in federal and state courts, and deposing senior government officials. And he draws on this experience to advise clients on potential enforcement risks and regulatory issues.

David served as Global Investigations & Compliance Counsel (on secondment) at one of the world's leading medical device companies, immediately following one of the industry's largest mergers. In this role he led multiple internal investigations and helped the company develop a new investigations and corporate compliance function.

David previously worked as an Assistant Attorney General in the Appeals Division of the Massachusetts Attorney General’s Office (as part of a one-year fellowship), serving as lead counsel in more than a dozen criminal and civil matters at all levels of federal and state court. David was also an associate in the Chicago and Washington, D.C. offices of another international law firm.

In 2017, 2018, 2019, and 2020 David was selected to the Washington, D.C. Super Lawyers Rising Stars list.