There is nothing new in the notion that companies are required to effectively manage and disclose risks so that investors can make informed investment decisions. Guidance on recognition and management of risk for listed Australian companies is contained in the ASX Corporate Governance Principles (the Principles).

In 2014, the Principles were amended to include a recommendation that ‘a listed entity should disclose whether it has any material exposure to economic, environmental and social sustainability risks and, if it does, how it manages or intends to manage those risks.’ This addition to the Principles reflects the increasing importance of managing environmental and social risks faced by large companies, particularly those operating across multiple countries with disparate regulatory requirements. 2015 was the first year that these risks were expected to be addressed in Corporate Governance Statements.

Looking overseas, where management of environmental risks has developed more rapidly, there are many examples of environmental and social sustainability risks that have come to a head in the past year.

Notably, in November 2015 ExxonMobil confirmed that it had been served by the attorney general of New York with a subpoena to produce documents relating to climate change. This suggests the possibility that a regulatory investigation on ExxonMobil’s climate change disclosures is underway and, if so, enforcement action and shareholder litigation could well follow.

Some media reports suggest that ExxonMobil was aware of climate change risk as early as the 1970s. Given the fiercely contested nature of findings in climate change science, and ExxonMobil’s duty to its shareholders to generate profit, when should climate change disclosures have been made? What information should the disclosures have contained about the risk? Moreover, what disclosure about how that risk would be managed should have been included, and how could ExxonMobil’s commercial interests have been protected in the course of making those disclosures?

These questions, which just scratch the surface, demonstrate the complexities that companies face in reporting environmental and similar risks.

Companies are obliged to disclose a risk and how that risk will be managed if there is a real possibility that the entity’s ability to create or preserve value could be substantively impacted if the risk eventuates. The Principles suggest that companies are not required to publish a sustainability report, although many already do, and doing so will likely become standard practice. Applying the Principles and preparing reports will be challenging for boards, and failure to adequately disclose environmental and like risks could have serious implications for directors.

Aside from the risk of a securities class action, company directors and officers face the risk of regulatory enforcement action and potential criminal prosecutions. Liability for those risks may not be covered by standard directors and officers (D&O) insurance policies and directors may face exposure to personal liability. Because environmental liabilities are normally criminal offences, they often either do not fall within D&O policy coverage, are subject to an environmental or pollution policy exclusion, or are excluded pursuant to a standard criminal offence exclusion.

While pollution and environmental damage are commonly excluded by D&O policies, in some D&O policies the exclusion is not triggered if the claim is a shareholder class action. Similarly, some D&O policies may contain a defence costs extension for shareholder class actions for liability resulting from environmental or pollution based claims.

Ultimately, whether a director will be personally liable for environmental liabilities, and whether their D&O insurance policy will respond, will depend on the nature of the offence and the terms of the policy/policies. There are three primary types of liability relevant to environmental offences alleged against directors.

The first – direct liability – is only likely to be relevant for small scale businesses where a director has operational involvement and direct knowledge of any environmental risks. The second – accessorial liability – is where, by virtue of acts or omissions, a director is liable as an accessory to an environmental infringement. The third – deemed or derivative liability – arises where a director is liable due to their management position in the company.

Unsurprisingly, directors are most likely to be subject to deemed or derivative liability for offences committed by the company, unless they had knowledge or some form of involvement likely to give rise to direct or accessorial liability.

When it comes to quantifying the claimed loss, it can be notoriously difficult to quantify an appropriate amount, particularly where environmental or social sustainability issues arise with unknown future consequences. For example, in the case of failure to disclose a company’s material risk of causing an oil spill in the ocean, what would be an appropriate measure of compensation for shareholders? What loss, if any, should be recoverable by shareholders for loss of future profits due to increased compliance requirements or reputational harm? Should shareholders be able to seek recovery of fines issued to the company or its directors for committing environmental offences? Or would those costs be a, preferably avoided, but necessary business cost? These complexities would need to be considered in the context of different layers of coverage and the potential application of different policy wording in multiple layer policies. Further, different arms of a D&O policy respond if there is coverage under side-A or side-B, depending on the nature of the legal action.

It will be interesting to see how the potential environmental breaches that have come to light in the past year will be dealt with through regulatory action and shareholder litigation, as well as how insurers will respond to the increasing economic, environmental and social sustainability risks that companies and directors must disclose.

In our view, companies are more likely to face regulatory action and shareholder litigation for making late or shallow disclosure of environmental risks. The downfalls of not disclosing risks, particularly risks with genesis in commonly understood phenomena such as climate change, are unlikely to outweigh the disadvantages of disclosing them. However, companies should be careful to only commit to feasible risk management strategies when addressing how to manage a risk. If companies disclose an overly ambitious risk management strategy, shareholders could sue for loss that arises from failure to implement the protective measures.

Similarly, directors and officers should bear in mind that even if they have minimal exposure from environmental risks, they can be pursued for environment-related non­disclosures through various legal avenues. Personal liability for claims may vary depending on the particular legal path taken, and the wording of different D&O policies. Therefore, care should be taken when arranging cover to avoid any shortfalls in coverage, especially by those in high-risk environmental industries.