A formal process for emergencies, that still requires a post-merge review to meet compliance.
Decide who can bypass review directly in PullApprove. Authors will know exactly who to ask.
If a merge happens in GitHub before PullApprove is successful, that also counts as a bypass.
Periodically review the bypassed pull requests ensuring every PR is still getting some kind of review.