Today’s companies and their Boards face a myriad of potential corporate crises or major incidents.
If an organisation encounters a technology breach or outage, workplace or environmental incident, is subject to aggressive regulatory action or finds itself caught up in a terrorist attack or natural disaster, the digital news era leaves no room for error. The risks and consequences underpin the critical importance of preventative measures and advance crisis planning. Failure to respond swiftly and confidently can have a devastating impact on a company’s reputation and viability. An ineffective response to a major incident will almost certainly see stakeholders question the Board’s ability to provide effective oversight and governance.
These external pressures come on top of directors’ personal liability for the performance of their functions. Combined, they make it vital for directors and senior executives to consider their own legal obligations, and the company’s legal and public responses, in building a robust crisis management plan.
Are companies ready?
A majority of respondents (53.9%) to KWM’s 2019 Directions Survey considered their organisation ‘well prepared’ to effectively mobilise and respond to an incident, but acknowledged they could do better - less than 4% described themselves as ‘fully prepared’. Just under 30% were unsure, while 15% felt they were not very, or not at all prepared.
How prepared is your organisation to effectively respond to a crisis?
What kinds of crises do directors fear?
Interestingly, the picture changes dramatically when asked how prepared organisations are regarding specific crisis risks, such as climate or cyber issues – 61.0% believe cyber attacks are likely to have a high reputational impact - making them the number one crisis concern.
Major safety incident was the next most widely-held fear – an area of concern for 44% of our survey respondents. Environmental/contamination incident was 4th on the list, an issue for 32% of respondents, behind a change of law and policy (41%).
Thinking about major incidents likely to have a high reputational impact, which areas are of concern?
This article focuses on directors’ preparedness in the context of two of the high ranking issues – workplace, and environmental incidents.
Recent prosecutions and significant legislative changes (including the introduction or proposed introduction of industrial manslaughter laws in many States) make it imperative that directors and senior executives are abreast of developments in relation to their personal obligations in respect of workplace safety.
Several successful prosecutions under WHS laws in the past 12-24 months indicate an apparent increased willingness to target directors and officers, meaning in any regulatory investigation, directors and officers should expect close scrutiny of their roles:
- a Victorian director personally fined $100,000 (reduced to $50,000 on appeal) even though no worker was injured;
- the imposition of custodial sentences in several cases involving workplace fatalities; and
- several successful prosecutions of directors and officers breaching their due diligence obligations in NSW.
To ensure they can positively demonstrate compliance, directors must ensure they have well-developed & documented systems in place. Without documentary evidence to establish what steps have been taken, a director is exposed to personal prosecution.
Can insurance cover you?
Potentially more significant are proposed amendments to New South Wales WHS laws, which would make it an offence for a person to enter into, provide, or benefit from insurance or indemnity arrangements for liability for a monetary penalty for a WHS offence. Directors and officers of a body corporate will be liable for offences committed by the body corporate.
The legality of insurance for WHS offences has long been questioned, given the widely accepted view that insurance policies purporting to indemnify against criminal conduct are void against public policy. However, to date, insurers have continued to offer insurance policies covering this risk.
While the changes will be retrospective – insurance cover for incidents occurring before the commencement of this legislation is not unlawful – it will be important to ensure that no new contracts of insurance or other grants of indemnity are made. Directors must be aware it will also be unlawful to seek indemnity under an existing policy for an incident that occurred after the changes commence.
The NSW reforms follow recommendations made in the national review into model WHS laws. So far, NSW is the first State moving to ban insurance and indemnity arrangements for WHS offences. Will others follow suit?
Environmental incidents – new laws focus on general environmental duties.
Directors and senior executives ought be aware that recent reforms to environmental law in several Australian jurisdictions have created new director and officer liability provisions, including criminal and civil liability, and positive obligations to exercise due diligence.
In the last year, Victoria, Western Australia and the Northern Territory have reformed environmental protection legislation. The changes require directors and officers of companies with potential environmental risk exposure to have comprehensive risk management systems, and ensure that compliance registers and management systems are keeping pace with these legislative reforms. The reforms in Victoria bring environmental protection legislation into line with WHS legislation, creating a new general environmental duty and other duties which require companies, and directors and officers, to be proactive in managing environmental risks.
The Commonwealth Environment Protection and Biodiversity Conservation Act 1999 is also subject to an independent review which commenced at the end of October this year. Some provisions of both State environmental legislation and the EPBC Act create executive officer criminal liability, if the regulator can prove the following elements (including a mental element). The list of factors outlined below provides good insight for directors and officers wanting to understand regulators’ expectations regarding environmental due diligence. For example, s.495 EPBC Act:
- the executive officer knew that, or was reckless or negligent as to whether the contravention would occur; and
- the officer was in a position to influence the conduct of the corporation; and
- the officer failed to take all reasonable steps to prevent the contravention.
To determine what amounts to ‘reasonable steps’, the Court will ask:
- Does the company arrange regular professional assessments of compliance with the Act and regulations?
- Does the company implement any appropriate recommendations arising from such an assessment?
- Does the company have an appropriate system for managing the effects of the company’s activities on the environment?
- Do the company’s employees, agents and contractors have a reasonable knowledge and understanding of the requirements to comply with the Act and the regulations? And;
- What action (if any) did the officer take when he or she became aware that the company was contravening the Act and regulations?
Questions for the board
Regardless of how well-prepared they feel, directors and officers can take steps to mitigate all types of crisis risks (and potential consequences) by answering some basic questions:
- Has the company tried to predict the types of crises it might encounter?
- Does the company have a crisis management plan?
- A crisis management plan should cover:
- allocation of responsibilities, including contingencies for non-availability of key personnel;
- decision making and escalation protocols;
- a communications plan which allocates responsibility for communications with key stakeholders (victims and their families, employees, customers, shareholders, government, business partners and the public), and covers all channels.
- Do all participants involved in a crisis response know about the crisis management plan, their roles and the approval processes that are in place?
- Has the company identified the external advisors that they will use? Are arrangements in place with them so they are able to be move quickly if required?
- How often does the board participate in exercises using realistic crisis scenarios? (For example, communications firm Burson-Marsteller is famous for creating imaginary towns in which clients operated major facilities, and tested their responses to various scenarios, including environmental and industrial accidents).
- If a crisis were to hit today, how prepared is the company to react swiftly, accurately and confidently?
- How will you capture what you have learnt to respond to the next crisis?