The global COVID-19 pandemic has presented employers and employees with unprecedented challenges. Among them are the challenges posed by remote work. As US offices begin to reopen, many businesses are embracing the concept of the hybrid workforce, and while many employees will return to their offices, others who worked remotely during the COVID-19 pandemic will continue to do so—at least for a portion of the work week.
Companies embracing the concept of a hybrid workforce should consider whether this significant change in the workforce landscape will create additional risks for violations of the Foreign Corrupt Practices Act (FCPA) or other anti-corruption statutes. Further, companies should consider whether this change will create challenges for conducting internal investigations and, if a government investigation is initiated, for complying with government requests.
When either of these considerations are in play, prudent companies should aim to implement additional policies and procedures to mitigate those risks and consider ways to meet the new challenges that could be posed by internal and government investigations and move forward in a productive and efficient way.
This exercise is particularly important today due to the increased emphasis on rooting out corruption:
- In a June 2021 memorandum, the Biden Administration noted that “by effectively preventing and countering corruption and demonstrating the advantages of transparent and accountable governance, we can secure a critical advantage for the United States and other democracies.”
- Further, the passage of the National Defense Authorization Act for Fiscal Year 2021, which contains the Anti-Money Laundering of 2020 (the AML Act), resulted in significant legislative reforms to the anti-money laundering and counterterrorism financing laws in the United States.
- Additionally, the Financial Crimes Enforcement Network (FinCEN) has issued priorities pursuant to the AML Act which include investigating corruption, cybercrime, and fraud.
The below questions may help your company assess whether a hybrid workforce may create FCPA, corruption or fraud risks, and whether your company has the bandwidth to conduct investigations and respond to government demands.
- Have new employees been onboarded remotely during the COVID-19 pandemic?
If so, ensure that these employees understand and have attended trainings on the FCPA, other anti-corruption statutes, and compliance practices and protocols. Keep records of attendance at such trainings and receipt of procedures and protocols.
- Are employees required to log their time and work location daily?
If not, consider whether imposing this requirement could foster a greater sense of accountability and increase transparency. Additionally, for employees traveling, ensure that procedures for expenses and reimbursements are the same as the procedures for those employees working traditional schedules.
- Have manuals containing policies and procedures been updated to reflect a hybrid workforce and outline policies and procedures employees must follow when working remotely?
If not, consider doing so as soon as possible and ensure that all employees have reviewed and certified that they are familiar with the updated policies.
- Have compliance programs been updated since this year’s enactment of the AML Act?
If not, it is crucial to do so immediately. Compliance personnel should familiarize themselves with updated guidance following the AML Act and training and procedures should be updated accordingly.
- Are employees in the compliance and internal audit departments well versed in the technological issues and risks that can arise due to employees working remotely?
If not, these employees must be trained. At least one observer believes that “remote workers” will be “the number one attack vector for exploitation in 2021.” Cybersecurity breaches are increasingly prevalent and severe and, with employees working remotely, bad actors may “exploit common home devices that can be used to compromise an individual and allow for lateral access into a business.” A further concern is that it may take longer to detect and identify data breaches on devices that operate outside of the office environment.
Assessing capacity to respond
- Has there been turnover in compliance and internal audit departments?
If so, make sure that all positions are filled. Without a properly staffed compliance and internal audit department, it may be difficult to appropriately conduct investigations and respond to government demands.
- Have employees in the compliance and internal audit departments of your company worked efficiently during the COVID-19 pandemic while working remotely?
If not, consider whether those employees should be required to work in the office, or consider additional ways to increase engagement and efficiency, such as holding more meetings or requiring regular check-ins.
- Have internal audit teams found that they can conduct effective and productive interviews via videoconference?
If not, consider whether in-person interviews should be required when they can be safely conducted.
To learn more about compliance issues arising from your hybrid workforce, please contact any of the authors or your usual DLA Piper attorney.
 See 15 U.S.C. §§ 78dd-1, 78m.
 The Internet Crime Complaint Center (IC3) received a record 791,790 complaints in 2020, a 69 percent increase in complaints from 2019. See Internet Crime Report 2020, Federal Bureau of Investigation (2020), https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf. Accessed July 25, 2021. Additionally, 3,950 data breaches were confirmed in 2020. See Rob Sobers, 98 Must-Know Data Breach Statistics for 2021, Varonis (April 16, 2021), https://www.varonis.com/blog/data-breach-statistics/. Accessed July 25, 2021.
 See Ayers, supra note 5.