How Did We Get Here?
Business leaders are grappling with challenges which are unprecedented and which have not been witnessed on such a global scale previously. As COVID-19 spreads across the world, governments reacted by imposing restrictions on movement of people and goods. Where implemented robustly, these lockdowns and stay-at-home orders were effective in slowing down the spread of the virus and, no doubt, averted loss of more lives.
Although COVID-19 is firstly and foremostly a human tragedy where we have seen suffering across the world, the impact on local, national and international economies will be no less severe. Despite rapid government intervention, we are already seeing drastic contraction of GDPs, rapid shoot up of unemployment numbers and the growth in corporate failures.
As the lockdown restrictions ease and we step back into our economic landscapes, the wreckage of COVID-19 is all too obvious, even if the long-term impacts are not fully understood. It is in this backdrop that business leaders have to look at legal and operational risk and try to navigate across the rubble that has been left behind the Coronavirus tsunami.
It is not all doom and gloom. In fact, it is amazing how, within a matter of weeks, companies and organisations who were wedded to their brick and mortar operations had transitioned to the couches and dining tables of their staff. The same companies who had found endless reasons for not adopting flexible business models were forced to jump into remote working without any protocols, pilot testing or safety nets. By and large, the experience has worked in sectors where physical contact was not necessary for businesses to operate.
At what risk?
This rapid digital transformation has not come without risk. Corporates have had to move quickly to ensure continuity of business. Digital platforms which had not been tested for robustness had to be adopted in the hope that they would continue to operate adequately. There was little time to negotiate new supplier arrangements or to transition to online tools in an orderly fashion. Terms and conditions of usage (especially one-sided limitation of liability provisions) were simply accepted and new business risks were assumed to ensure operations continued. As a result, unsurprisingly, there have been a number of teething issues and security breaches. Some digital platforms were exposed as having underinvested in core safety and security features, whilst others were incapable of adapting to the scale and variety of use, as end users went online for a myriad of reasons beyond the contemplation of the product engineers who devised these platforms.
There has also been a mushrooming of cybercrime as criminals realised that companies have never before been so exposed to attacks. Companies who had invested huge amounts of time and resources into their online security were left vulnerable to unsecure Wi-Fi connections and staff devices which were much more susceptible to viruses, ransomware and malware. Corporate security was only as good as the measures that their employees could take. Even if IT security was maintained, in the new norm of making decisions from laptops in isolation, the probability of making mistakes and not fully understanding every red-flag has plagued many an employee.
Data is new gold. Like gold, data has to be protected carefully. Unfortunately, there have been many data privacy breaches since the onset of the pandemic. Many companies have seen that protocols regarding data security were not easy to transition to out of office environments. There have been real concerns around access to work systems, use and destruction of confidential data and managing of digital crises. What happens to the confidential documents which employees print from home? Also, who is handling, storing, processing and disseminating your data and what are the duties upon you from a data protection perspective? Transferring parts of your processing to a cloud-based service may make business sense but what additional issues does it give rise to from a regulatory perspective?
In this new casual era of virtual meetings and video calls, it is all too easy to forget that the pre-COVID-19 regulatory framework has not been suspended. There are strict requirements around record keeping in many regulated sectors. Physical documentation is required to be obtained for certain transactions. Messaging and chat apps often do not create permanent records and, as such, mandatory documentation retention rules may cause issues. Processes to prevent unlawful use of confidential information in the context of, for example, insider trading or tipping off, are harder to police in this new norm. It is also easy to forget that legally binding contracts may be formed through a casual exchange of messages or emails. What processes are in place to prevent an overly zealous business development professional from unintentionally committing the company to unacceptable terms of business? It is the duty of employers to provide a safe work environment for their employees. How are companies ensuring this is the case in a work from home context? Do companies have protocols which provide guidance to employees about the new challenges that they may face and how they may overcome them? Are there adequate support networks to deal with the proved additional stress and anxiety levels that have been witnessed by many employees?
Similarly, as employers are being told by governments that it may be safe to return to their offices, what risk assessments have companies carried out to see whether it is appropriate to request their staff to come back? The thinking around what constitutes a safe working environment is not clear and there is a massive overload of, often contradictory, advice from experts and governments about what employers should be doing. This makes it extremely challenging for business leaders as they try to balance the need of their businesses to return to normality against the requirement to avoid further spread of infection and ill-health to their staff and visitors. There is also the issue of who bears the cost of the personal protective equipment and deep-cleaning that will be a part of the new norm as offices open.
What are likely sources of litigation risk?
The nature and likelihood of legal risk to business operations is difficult to predict with certainty at the moment. However, there are some areas where we can see choppy waters ahead.
Immediately after the onset of the pandemic, businesses ran to dust-off their contracts to see if there were opportunities to utilise provisions to their benefit in order to prevent business disruption or losses from mounting. Force majeure clauses were carefully considered and companies tried to adopt interpretations which would most assist them. However, despite advising on a number of these provisions, we have seen that oftentimes relying upon a force majeure or a material adverse change clause did not provide durable long term solutions to businesses wanting to continue to trade with each other. A more nuanced approach, based around understanding the global nature of the disruptions caused by the coronavirus, proved more successful. This does not, however, eliminate the risk of major litigation around the implications of supply chain failures in the future.
There has been an emergence of class actions in some jurisdictions for reimbursement of deposits, advance payments and fees for unused services. This can be seen in the travel industry (for refund on holiday payments), the education sector (for tuition and accommodation fees) and in connection with cancellation of events. It is likely that companies engaged in these and other sectors directly impacted by the lockdowns will continue to face pressure from consumers and regulators.
Companies should ensure that they take adequate protection to safeguard against risk associated with the spread of the virus. Employees, visitors, business partners and customers may also pose risk of litigation if a company opens its offices too early or does not implement adequate measures to protect the health and safety of these stakeholders.
Management of companies may also be personally susceptible to action by investors or regulators in situations where they have been negligent in putting into place reasonable measures to prevent spread of infection, failed to provide appropriate oversight to actions being taken to protect people or to make adequate internal and external reporting around the impact of COVID-19 on the business.
We anticipate an increase in the number of cases being brought against medical professionals, especially those involved in the running of nursing and care homes where the outbreak has been particularly severe. Doctors’ surgeries and hospitals will need to ensure that they maintain the highest level of care and cleanliness.
As companies realise that they do not need expensive offices to operate, we anticipate an increase in litigation around break clauses in commercial leases. There is likely to be push back from landlords and this may end in disputes. There is also litigation risk around attribution and allocation of responsibility around the spread of the virus. Who is responsible for the cost incurred by a tenant due to the closure of a building by the landlord as a result of an outbreak of the virus at the premises of another tenant?
Claims around insurance policies are currently a major area of growth. As companies carefully pore over the small print to see if they have coverage for losses sustained, insurance companies are bracing themselves for a barrage of litigation. It is unusual for business interruption insurance policies to cover the impact of a virus as the loss is unlikely to occur due to a direct loss or damage to the building where the business is being carried out. Companies should also check their policies to see if they cover liability to employees and visitors to their premises in the event that they contract the virus. Also, terms of cyber-policies should be checked to ensure that they cover claims arising out of issues caused by devices which are owned by employees (and not the insured employer).
A proliferation of insolvencies will also bring huge risk of litigation to businesses. Management will have to ensure that they carefully monitor the operations and prospects of their business to avoid claims around wrongful trading or failing to take appropriate steps to minimise losses to investors, creditors and other stakeholders. Many governments have introduced financial support measures to assist companies during the current turbulence. Management will need to ensure they navigate around the various aide measures carefully to avoid increasing risk for the enterprises.
In summary, the new normal is still evolving and it is hard to put a frame around this at the moment. However, there are number of drivers which are likely to determine the landscape that businesses will have to get accustomed to. These are based around the need to be resilient to unexpected events (including further break-outs of the virus), the importance of being agile and flexible so as to adopt latest thinking around what is good corporate behaviour (such as implementing measured return to office programs) and the drive towards meeting customer expectations in a changing world. All of these act as a catalyst for change and with this comes unexpected business and legal risks. The businesses that will come out the best will be those which remain focused on the business opportunities whilst not ignoring the changing risk landscape.