Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Hernan Huwyler How to Adjust the Compliance Program in Response to Coronavirus
1. Prof. Hernan Huwyler, MBA CPA
Director of the Upper Program in Compliance
IE Law School
A stronger compliance
program to respond to
the coronavirus pandemic
2. How do I adjust
the compliance
program to
respond to the
coronavirus crisis?
3. New roles for the
compliance officer
#1 Contribute significantly toward the
customers' and other stakeholders'
perceptions on the organizational
capabilities to manage emergencies
4. New roles for the
compliance officer
#2 Coordinate and escalate actions done by
the emergency response team to protect
stakeholders´ interests, in particular
operationalizing business continuity plans
5. The major challenge of
suppression will need to be
maintained until a vaccine
becomes available potentially
18 months or more
Imperial College COVID-19 Response Team
https://doi.org/10.25561/77482
10. In the storm, the time
for planning is gone
It is now the time to
mobilize resources
11. Your ability to identify and
manage compliance risks is
now fully obvious
You cannot update force majeure
clauses or escalate preparedness
issues back in time
12. Time to capitalize on
your past
recommendations
for the contingency
plans
13. Coronavirus is not
a black swan
2002 SARS
2009 H1N1 influenza
2014 Ebola
It won’t be the last pandemic
14. Having a strong crisis
management plan
was always the
overarching
contingency control
for compliance risks
15. Ensure compliance with the
coronavirus measures and guidance
requested by governments and health
organizations
16. Protect employees and contractors
Communicate new hygiene
protocols and monitor
compliance
Inspect sites
17. Protect employees and contractors
Ensure the designation of
response leaders in
operative sites to
coordinate with local
authorities
18. Protect employees and contractors
Ensure privacy and GDPR
compliance in identifying
employees, subcontractors and
cohabitants with coronavirus
symptoms, exposure history or
underlying health conditions
19. Protect employees and contractors
Facilitate the identification
of critical employees,
contractors and
subcontractors to comply
with key controls and
requirements
20. Protect employees and contractors
Ensure the reinforcement
of data protection
measures during
teleworking
21. Protect employees and contractors
Monitor the inventory
updates for computers,
equipment and data to
maintain personal and
critical information under
control
22. Protect employees and contractors
Communicate the
responsible use of
bandwidth and Internet
connections
23. Protect employees and contractors
Monitor the traceability and
security of physical documents
during the operational changes
and work-from-home
situations focusing on
consultants and top executives
24. Protect employees and contractors
Monitor the cross-training
and the segregation of
duties in dealing with high
absenteeism
25. Ensure the communication
of response activities and
their
implications to employees
and contractors
Create a channel to address
questions
26. Protect the value chain
Facilitate the identification
of critical suppliers and other
third parties to address
compliance with regulations
and contract commitments
27. Protect the value chain
Request suppliers and
other third parties to
report the actions,
materialized issues and
risks during their
response activities
29. Ensure the monitoring
of vendor default risks
to find alternative
providers
Protect the value chain
30. Ensure the adjustment of the
delegation of authority
matrix and the authorized
signatories to accommodate
to the new conditions
Protect the value chain
31. Protect the future
Facilitate the
prioritization of clients,
contracts and tenders
with the current and
future operational
constrains
33. Protect the future
Ensure the
communication of
contractual and
operational risks to
clients including the
response actions
34. Protect the future
Control that offers of
alternative services or
products to customers
weigh up additional costs
with potential penalties
35. Protect the future
Facilitate the analysis of
contractual clauses and
applicable legislation to
assess the coverage with
insurance and surety
policies
38. No more excuses to avoid adding
business continuity requirements to the
compliance program
ISOs 22301 and 22313
39. Strong demand to provide
decision-makers with better
techniques to assess
contractual risks
Monte Carlo simulations and other
quantitative techniques
Decision tree for contractual clauses
Scenario planning
40. Need for better due diligence
and ongoing due diligence
procedures to assess
capabilities of third parties to
manage business
interruptions and
emergencies, including
solvency monitoring