Published: 02 April 2020
Analyst(s): Legal and Compliance Research Team
In response to COVID-19, governments are rapidly announcing new policies or updating guidance on existing law. Legal and compliance leaders can learn how to effectively track coronavirus-related regulations and government stimulus benefits.
Coronavirus has mobilized governments at the local, regional and national level to act, often suddenly, announcing new policies (e.g., travel restrictions or closure of non-essential businesses), publishing timely guidance on existing law (e.g., on data privacy or health and safety) or providing opportunities for relief to industries (e.g., the U.S. CARES Act.)
Legal and compliance functions must track and operationalize regulatory information to support informed, rapid decision-making. To understand changing expectations, comply with regulatory mandates and protect the health and safety of workers, take these steps:
For organizations that don’t have an independent government affairs unit, we outline the process to follow for tracking regulations and government relief efforts in this fast-moving environment.
For those large enough to have an independent government affairs unit, Figure 1 and Table 1 will provide helpful context specific to COVID-19, as will the section below on “How to Find the Right Owners.”
Divide up jurisdictions in which legal and compliance leaders operate and identify a source of regulatory truth in each. The sources on your “reliable” list must be comprehensive, up-to-date and authoritative.
Companies most frequently rely on internal subject matter expertise and external industry publications for regulatory tracking (see Figure 1). Industry groups, trade associations and law firms are other helpful sources of information, on both regulatory requirements and relief to impacted industries.
To jump-start your monitoring of COVID-related changes, use this list of government resources (see Table 1). Organizations with an industry-specific regulator (e.g., state insurance departments or the federal Department of Transportation) should also consult them for information, including any relief offered to the industry.
In addition, many law firms publish memos on specific legal risks related to COVID-19. These may include the firms you already use. We’ve compiled a sample of COVID-related memos from the largest law firms with dedicated compliance practices.
Legal and compliance leaders must also collate, update and prioritize regulatory information so that the small changes can be managed and the large changes can inform strategic business decisions.
Legal should assign an owner to each jurisdiction and subject matter on which regulations need to be tracked (though the same person may own multiple terrains.) The terrain owner should identify changes in the relevant jurisdiction or subject matter, decide which function or business partner should oversee compliance, and determine whether the proposed compliance plan is sufficient.
Terrain ownership should align to day-to-day responsibilities and expertise. In ordinary times business partners would be reasonable candidates, because of their experience navigating existing regulations and the impact that a regulatory change has on their responsibilities.
Now, however, with the business focused on continuing operations, legal is taking a more proactive role in regulatory tracking. (Just 18% of legal and compliance officers found their business partners to be helpful in tracking COVID-19 related regulations. By contrast, 60% of legal and compliance officers found legal subject matter experts helpful.)
While taking on a proactive role, the terrain owner should still solicit input from subject matter experts in other functions, who will understand how regulations impact particular business practices, even without a lawyer’s expertise in the area of law. (For example, an HR expert can deeply understand the effects of employment law without being a lawyer.)
A data and analytics company told us during the financial crisis about using the following set of questions to determine the right owners for regulatory tracking.
An enterprise or country-wide regulatory tracking database may support better corporate decision-making. If possible, the tracking system should provide a single repository for all new regulations and corresponding documents. It should be secure, easily accessible and permit authorized users to track changes and rank the top risks. With strong version control and availability of information, legal and compliance leaders can avoid distractions and focus on summarizing information for decision makers.
For example,an energy company empowered its business liaisons and process owners during the financial crisis to input new regulatory information into a tracker and rank the risks. Compliance then generated a report on the top regulatory concerns and presented the results to stakeholders.
To assess the impact of the regulatory change, terrain owners should think about how many people need to be involved in the ensuing decision(s). For a small issue, the terrain owner can independently evaluate compliance impact, identify the affected departments and inform relevant stakeholders. Large changes may merit a broader group or executive consideration. (For more on how legal can advise on strategy, see.)
Many vendors provide regulatory tracking services for a fee. Those on the list below offer services associated with regulatory change management, such as email notifications and advisory support (see Table 3). This collection is illustrative; Gartner has not confirmed that they offer COVID-19 specific support, nor is this an all-inclusive list or ranking.If your organization is already using GRC (Governance, Risk management and Compliance) software, consider asking your vendor about when or whether COVID-19 related regulatory updates will be available. If not, the vendors may offer COVID-19 specific services (or may start offering them soon) but it is generally too time-consuming to implement a GRC system during a crisis.
If you do choose to use a commercial provider, it is important to check that it covers regulations specific to your industry and geography, to ask whether or not it monitors government benefits like the CARES Act and to determine whether updates are frequent enough to keep up with the pace of the COVID-19 crisis. If you do not use a commercial vendor, create an internal system to aggregate information from law firms and information service providers like LexisNexis, WestLaw or Wolters Kluwer.
Read this research to see Gartner’s rankings of different products in the risk management solutions market.
Security and risk management leaders should seek CCO solutions that enable a cross-enterprise approach to compliance activities that most affect the regulatory oversight of corporate governance.
Use this tool to assess and communicate the strategic impact of a legal or regulatory development on your organization’s business model.
This report highlights key contributions general counsel can make at each step of the corporate strategic planning process.
Read this research to learn the best approach to tracking and managing regulatory developments. Track changes using a centralized system, designate and assign clear owners and responsibilities for tracking regulations, and evaluate regulatory change.
©2020 Gartner, Inc. and/or its affiliates.
All rights reserved.
Gartner is a registered trademark of Gartner, Inc. and its affiliates.
This publication may not be reproduced or distributed in any form without Gartner’s prior written permission.
It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact.
While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information.
Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such.
Your access and use of this publication are governed by Gartner’s Usage Policy.
Gartner prides itself on its reputation for independence and objectivity.
Its research is produced independently by its research organization without input or influence from any third party.
For further information, see
Guiding Principles on Independence and Objectivity.