Office Return Is (Another) Good Time to Think About Compliance
With many companies adopting return to work policies after the decline of the latest COVID-19 wave in the United States, now is a good time for government contractors to assess, update, and train on ethics and compliance policies. Return to work, especially with the advent of wide-spread adoption of hybrid models, presents unique challenges to be addressed as part of your overall compliance framework. For example, your existing (pre-COVID) policies and practices may not adequately address record retention or data security issues that result from employees, documents and computer hardware moving routinely from place to place as employees split time between work and home. Your dispersed workforce may also have record decentralization issues that result in delays and increase auditor scrutiny, or be in need of additional timekeeping training as work-from-home continues to blur the boundaries of the “work day.”
The Government, too, is returning to work in force and renewing its focus on enforcement under the Biden Administration. The U.S. Department of Labor, for example, has been increasing its hiring of investigators for audits of compliance with Service Contract Act, Equal Opportunity, Pay Equity, and other labor requirements. The U.S. Department of Justice has also established a number of compliance task forces, such as the Civil Cyber-Fraud Initiative, and the Special Inspector General for Pandemic Recovery (SIGPR) is investigating pandemic-related waste, fraud, and abuse. The first step in navigating any forthcoming audits and investigations is getting ahead of any issues with an effective compliance program.
The essential elements of an effective compliance program are leadership, risk assessment, controls, training, and monitoring. Developing and reviewing your compliance benchmarks and metrics—such as financial and budgetary, training and responses from employees, ethics reminders/communications, performance evaluation issues, misconduct/mistake trends—is important to keep your compliance program up-to-date and to ensure that your efforts are not being wasted. It is equally important to recognize that not all risks can be identified, quantified, or mitigated ahead of time, and that processes in place to respond quickly and effectively to auditors and investigators can be invaluable.
Federal Acquisition Regulation (FAR) 52.203-13, even if not included in any of your company’s Government contracts, is a useful starting point to understand the elements of a successful compliance program. The clause prescribes an “ongoing business ethics awareness and compliance program” that includes communication to employees and effective training, and an internal control system that facilitates “timely discovery of improper conduct in connection with Government contracts; and . . . . ensure corrective measures are promptly instituted and carried out.”
FAR 52.203-13 further prescribes minimum internal controls to include “adequate resources” for compliance, reasonable efforts for due diligence, period internal reviews, an internal anonymous hotline, disciplinary actions for improper behavior, and a mechanism for timely disclosures when there is credible evidence of a violation of certain laws, including the civil False Claims Act.
Critical to a successful program is a Code of Conduct that has buy-in from upper management, who sets the tone for the company. Effective compliance starts with the company’s risk culture and tolerances, and its willingness to spend money not only on robust compliance, but also on reviewing its compliance program to ensure it is up to date with the constantly changing federal marketplace requirements, efficiently uses both human and capital resources, and is cost-effective. For companies that offer goods and services to both commercial and Government customers, it is important to understand how each side of the house can be leveraged while limiting exposure to government regulatory risks.
Wiley can help your company create a compliance program from scratch, help kick the tires on your existing program, and everything in between.
