Years ago — no, wait, it was last Wednesday — I planned to have a post today about the SEC enforcement action against Baxter International. We all know what happened next, and after that, what compliance professional can focus on internal controls right now?
Since Vladimir Putin invaded Ukraine last week, I’ve been trying to think of a useful compliance analysis for the horror unfolding in that part of the world. Perhaps in the fullness of time those angles will emerge: how to implement the new sanctions unleashed by the West, how to factor expanded export controls into your global sales efforts, what new risks to disclose in the 10-Q. At least some voices in the compliance world have already published resources along those lines, and I’ll append them to this post further down.
Still, as much as I appreciate those efforts, corporations have bigger immediate concerns. This crisis, wholly created by Putin, feels to me like one of those moments people will remember for the rest of their lives. It evokes very human responses of fear, outrage, admiration (for Volodymyr Zelenskyy and so many others in Ukraine), uncertainty, and exhaustion.
Until the crisis passes — and we have no idea when that will be, or what form that resolution will take — it will transform how people think, feel, and behave, every day. Corporate leaders need to think about the profound effect this moment is having on their workforce, and how they want their organizations to respond to it.
I suppose one blunt issue is that companies must choose a side: the Western values of democracy and rule of law; or the amoral pursuit of profit even in Putin’s malignant shadow.
So far, Western businesses are breaking in favor of the West. One business after another — airlines, shipping services, banks, and more — is racing to cut all ties with Russia. That’s no surprise, and certainly the pressure and exhortations from Western governments make the choice an easy one for most businesses.
But it matters. Customers, employees, and business partners all need to see that institutions larger than they are taking a stand against Putin’s aggression — even though that might hurt profits; even though those CEOs have scarcely a better sense of how this frightening period will end any more than of the rest of us. Because we, individual people, are terrified of where Putin might take the world next, and need the assurance that comes from institutions larger than ourselves.
So when we see those institutions take action that aligns with our moral instinct, that matters. Even if you take those actions simply to satisfy looming regulatory compliance obligations, the “why” doesn’t matter to the human psyche. The doing of it does. That’s what makes people feel like they’re not alone. That’s what gives us resolve.
* * *
Some other thoughts, in no particular order…
I don’t know about you, but since Putin’s invasion began I’ve had a low-grade knot in my stomach. My appetite has diminished. I haven’t slept terribly well, or had the focus to exercise as I usually do.
Earlier today I realized when I last felt like this: March 2020, when the pandemic lockdowns began and everyone quietly worried whether the world was about to unravel. So I’ve been thinking about the ethics and compliance challenges that emerged then, and what that moment can tell us about the ethics and compliance challenges that might emerge now.
For example, in those first few weeks of lockdown, employee calls to ethics and compliance hotlines actually rose, somewhat sharply. Why? Because, compliance hotline managers told me, employees were scared for their futures. Would they get sick at work? Would the company try to preserve their jobs, even if business dried up? What were they supposed to do next?
The specific questions today might be different, but I suspect a lot of people are again scared for their futures — especially those in Ukraine and Russia, but even we in the rest of the world who might suffer considerable economic hardship. They’ll be looking for institutions larger than themselves for guidance.
* * *
I also have several compliance officer friends in both Russia and Ukraine. In the last few days I reached out to all of them, to say that I hope they are well and can stay safe.
To the Russians in particular I stress: Americans know the Russian people are not our enemy. I have no idea how far that message might travel once it reaches Russian ears, but I believe it’s important for all of us in the West to say it as often as we can. (For the record, the Russians who have replied to me so far have, to a person, expressed deep shame and horror at what Putin has done, and fear for the future of their country.)
The Ukrainians I’ve reached have all said they are safe so far. I pray for them every night. Reaching out to them from our perch in the West isn’t much, but we should all do the same.
* * *
I promised a list of more practical resources about sanctions. Here are some.
Two updates from the Office of Foreign Assets Control: one from Thursday, Feb. 24; and another from Friday, Feb. 25. (I would also suggest compliance officers check OFAC’s list of recent actions daily for fresh updates.)
CISA, the top U.S. cybersecurity agency, issued a bulletin last week on steps companies should take immediately to prepare for possible cyber attacks from Russia.
United Kingdom’s main page for information on U.K. sanctions against Russia.
And if you are wondering what you, personally, can do to help Ukrainians in this crisis, you can’t go wrong supporting Chef José Andrés and the World Central Kitchen. It is already on the ground (even in Ukraine) providing hot meals to refugees.