Businesses may face special challenges and responsibilities when confronted with pandemics and civil emergencies. This factsheet looks at the legal and practical issues involved and how companies can plan for and mitigate the effects of such crises.
The current outbreak of coronavirus Covid-19 should prompt companies to revisit their business resilience and continuity strategies, although the risks of more common events such as fire and IT disasters should not be ignored.
While businesses cannot necessarily anticipate pandemics or civil emergencies, they can alleviate their impact by implementing business continuity and disaster recovery plans. Such planning is sometimes mandated by companies' insurers or government bodies, but all businesses should be undertaking such planning to ensure operations continue during any serious incident or pandemic.
Business continuity plans should start by identifying what is critical to a business's operations, including key processes, people and resources. The plan should then assess the risk that various incidents pose to these critical business elements and suggest measures to reduce this risk (e.g. installing fire detectors and alarms to reduce the risk of fire). It should also set out how the business will cover the loss of impairment of any critical resources, should the risk reduction measures fail.
It is important that any business continuity plan identifies who within the organisation is responsible for implementing which part of the plan, including who has responsibility for deciding when an event requires its enactment.
A key aspect of business continuity plans is disaster recovery, which involves the restoration of vital support systems such as IT, communications and other technology systems should they fail. Common elements of disaster recovery plans include data back-up/replication, using cloud computing solutions, system mirrors, surge protectors and robust anti-virus protection.
It is also vital for businesses to rehearse their plans regularly to aid familiarity and identify any weaknesses or gaps, or to identify any emerging threats. Research conducted by Crises Control and the Continuity Forum has found that while 88% of SMEs have some sort of business continuity planning in place, 44% of these had never tested their plans.
Companies should regularly review their plans to ensure that critical business resources are kept up-to-date and that new threats are accounted for when they arise.
Implementing well-designed business continuity plans not only help companies to minimise losses caused by unforeseen events, but can also maintain and improve a company's reputation with customers and suppliers, particularly when compared to unprepared competitors.
While there are many online resources with business continuity guides, it is not possible to provide standard plans and templates, and companies must carry out their own detailed assessments and construct their own plans in response to their own individual circumstances. However, there are steps that most business continuity plans will include:
- Pinpoint business-critical processes, people and resources
- Identify who will enact and take responsibility for the plan
- Assess risks and take preventative action
- Set out disaster recovery steps
- Rehearse and fine-tune the plan
- Regularly review plan
Assessments of risks to strategic or operational considerations are likely to vary considerably from company to company, but there are key risk areas that most organisations are likely to face when confronted with a pandemic or other crisis. These include:
- Employee risks
- Commercial risks
- Insurance risks
Employers have several responsibilities to employees during a crisis, with a duty to protect their health and safety paramount. There are a number of steps they can take to do this:
- Implement a system allowing employees to keep updated on the latest official government advice.
- Ensure communication systems are robust, including an emergency system should normal methods be unavailable.
- In instances of pandemic, make sure that cleaning and hygiene systems are adequate, and encourage staff to take steps to maintain their own health through hand-washing and other preventative measures.
- Monitor travel risks for employees and communicate these effectively so that staff avoid unnecessarily risky travel.
- Check insurance policies cover staff travel to high-risk areas, and that local care is suitable should employees fall ill.
- Special attention should be paid to absence from work in times of crisis.
Staff absence during a pandemic may cause particular issues for companies that must balance the need to keep sick (and potentially sick) staff away from work and the need to maintain business operations.
Government restrictions on travel or infrastructure damage might make employee attendance impossible, but in less definitive circumstances companies might need to consider whether they need to change their staff attendance policies and procedures.
Companies that have a culture of employees forcing themselves into work when they are ill should relax this approach and make it clear to employees that if they are ill they should stay at home. This standpoint will both help to avoid the spread of the disease and to limit the risks of claims of breach of contract from employees.
It is advisable that companies take a more lenient approach to attendance by employees who feel ill, and that they also relax return-to-work procedures such as provision of doctors' notes or other medical evidence.
Making changes such as these should not only reduce the risk of the infection spreading, but also reassure other staff members that the workplace is a safe environment.
It might also be necessary for companies to review their remote working policies to make it easier for staff to work from home in such situations. This means ensuring that not only are the company's IT systems properly equipped to facilitate working from home, but also that there is the requisite hardware and knowhow to allow key personnel to work remotely.
Severe disruption caused by a major incident can impact a company's commercial operations in a number of ways, but can also affect its suppliers and customers, which can have a knock-on effect along the supply chain.
Inability to fulfil contracts
Pandemics or other civil crises might also cause external commercial problems for companies. Such events might leave a company unable to fulfil its contracts, or at risk of substantial losses because suppliers cannot fulfil theirs.
Under normal circumstances, this would usually result in a claim for breach of contract, but if the breaches were caused by a national civil crisis, such a claim might not be possible. However, companies should not presume that they can casually break contracts during times of civil crisis, and include measures to avoid breaching contracts in any continuity plan.
Companies should also take the time to regularly review their contracts, and to include force majeure clauses where possible to lessen the chance of breach of contract suits.
As force majeure has no recognised meaning in English law, it varies from contract to contract, so businesses should not presume any individual crisis is included and ensure that clauses cover any intended situation. Companies must make sure that each crisis is covered within the wording of each force majeure clause, but even so its application will depend on the exact drafting of the clause and the intention of the parties involved (and the extent to which this can be proven).
For instance, force majeure clauses mandating that an event "prevents" performance is far stricter than words such as "hamper" or "interrupt", so companies should carefully review the wording of any such clauses and specifically name events such as pandemics to ensure they are covered.
Companies must also show they have taken steps to mitigate the effects of any triggering event and its impact on their contractual obligations, underlining the importance of proper business continuity planning.
IoD members can ask the Information and Advisory Service to provide Practical Law's template force majeure clause and its Practice Note on the subject:
Request PL resources on Force Majeure
Companies need to ensure that they are properly covered in the event that a significant crisis impacts on their ability to continue to operate in their usual manner.
Business Interruption Insurance
While many businesses are likely to have some commercial insurance to cover themselves in the event of certain situations (business interruption or income insurance), this rarely covers situations such as pandemic and is usually focused on situations where business operations are interrupted by property damage.
Insurance that covers a wider range of interruptions is available, but it is more expensive and companies would need to weigh up the likelihood of these rare events occurring and whether the extra cost is worthwhile.
Business Travel Insurance
Companies can fall foul of business travel insurance policies by being both overcautious and incautious. Cancellations prompted by concerns on the part of the company or employee, and not as a result of decisions by airlines or government advice, might not be covered by policies. Conversely, if employees travel to affected areas against official government advice, they might void any cover they would normally enjoy.
Companies should review all their insurance policies regularly and consider including extra provisions to cover losses not currently included if available and cost-effective. This can be done in conjunction with a company's regular review of its business continuity plan and identification of emerging risks.
Companies will not be able to foresee and plan for all eventualities, but a well-designed and executed business continuity plan will maximise the chances that they have sufficient systems in place to ensure the continuation of operations during a crisis and the rapid recovery of any systems that fail as a result.
© Institute of Directors. All rights reserved.