With much of the world still in differing stages of lockdown because of the coronavirus pandemic, it is easy to feel like much of the business world is on pause. People are working remotely, they are not as connected as they usually are and it can be hard to see the bigger picture when people are concentrating on keeping families safes and just getting through the working day.
But that bigger picture still includes a highly complex and demanding regulatory compliance landscape. For the last decade or more we have been in an era which has seen more compliance requirements than ever before. Organisations have invested in compliance software, risk management software and integrated IT GRC tools to manage all of the requirements, but there has been no firm sign that any requirements will be loosened as a result of the current pandemic, despite media reports that they might.
Despite the enormous impact of coronavirus, data privacy regulation such as GDPR, and other more industry-specific regulations have not been paused. Many organisations could be putting themselves at risk by mistakenly believing that regulators could be about to loosen requirements.
Don’t believe the media hype
Among the countless newspaper articles focused on the pandemic, there have been many that have looked at the possibility of regulators relaxing regulations as a result of the crisis. There have been suggestions that regulators do not intend to pursue minor infringements, and in some cases, may even look at the offsetting of fines.
This is really just media gossip, or hype, and should not be believed. There has been nothing to think that regulators will not pursue non-compliance just as much as they did before – a number of these have in fact issued statements to reiterate this.
Compliance officers and GRC teams must therefore not rest on their laurels and be complacent about what is required of them. The penalties for non-compliance have become greater and more impactful over recent years, and with businesses facing many other pressures resulting from coronavirus, a significant fine would be particularly unwelcome at this current time.
Regulatory deadline extensions
What may have contributed to some of the confusion around regulatory compliance issues, is the fact that some national and pan-European regulators have moved back some forthcoming compliance deadlines in certain areas. For example, the European Securities and Markets Authority, the EU financial markets watchdog, has postponed until July the start date for compliance with its securities financing transactions regulations.
Several national financial regulators across the EU are also considering options to delay new regulations coming into force. What is important to consider though, is that despite any potential deadline extensions, no FS regulator has said it will relax enforcement of rules. Similarly, it would be a very dangerous assumption for any organisation to make about potential reductions of penalties for non-compliance.
It’s a very similar situation when it comes to data protection and privacy regulation, such as GDPR. Many national regulators have issued statements that amount to ‘business as usual’ regarding data privacy. While some Data Protection Authorities (DPA) have said that they might conduct fewer investigations and that more time could be granted to carry out remedial action after a data breach, the requirement to report a data breach within 72 hours is most definitely still in place.
The role of compliance software
This potential confusion about the relaxation of regulatory requirements only heightens the need for compliance software that allows organisations to stay on top of the changing and evolving requirements. Non-compliance with regulation is most definitely something that should fall into a broader risk management strategy, and many organisations might approach this via an IT GRC tool or enterprise risk management software.
The technology is of huge importance and Oxial’s sGRC solution is a proven example of risk management software that really delivers for organisations keen to stay on top of the regulatory compliance requirements. But of equal importance – especially for mid-market organisations that perhaps lack the resources of their bigger counterparts – is that sGRC is a highly affordable GRC software solution and that it comes with the additional benefit of Oxial’s network of partners.
We work with a range of compliance and risk experts, all of which are among the most knowledgeable consultants in the sector. They know in minute detail precisely what requirements are and when they change. When any organisation uses Oxial’s enterprise risk management software they get the benefit of this network of expertise and experience, providing additional reassurance that compliance requirements will not be missed.
There is no reason yet to think that regulatory bodies will relax compliance requirements because of coronavirus, but organisations must be constantly aware of when things do change. If your company could benefit from that knowledge and know-how, please get in touch with us here.