Business Continuity and Executive Liability

I am having a terrific time in preparing for the upcoming American Bar Association (ABA), Tort Trail and Insurance Practice Section (TIPS) teleconference on Disaster Preparedness and Response.  The session I will be participating on is scheduled for September 16 and is titled: “September 11, 2001 Terrorist Attacks: Duties of Corporate Directors and Officers in the Preparation and Execution of Disaster Avoidance and Recovery” – wow, that’s a darn long title!

I have been asked to participate on this panel to give a practitioner’s point of view on what is typically included in a corporation’s Disaster Preparedness Program (and, please, let’s not get hung up on the terminology being used here –see my blog post below) before the lawyers get into talking about possible executive liability and the implications of traditional insurance coverages used as a means for transferring risk.

One of the interesting things that has transpired in our conversations, that may or may not end up being discussed in the teleconference itself, is the different potential legal implications in lawsuits that may follow a company’s response to a disaster and how that ties into the typical planning methodology. 

We have differentiated between disasters in which the corporation played a contributing factor in the event, such as: the BP Oil Spoil in the Gulf of Mexico; the Exxon Valdez oil spill; or, the Union Carbide incident in Bhopal, India and those in which the companies were simply in the way of a tragedy that impacted them, such as: the earthquake and tsunami in Japan; Hurricane Katrina; and the events of 9/11.  And then, after further discussion, we broke up the last category in events that might be expected versus those that could not be foreseen.  It all has potential interesting implications should the companies be sued as a result of their ability or inability to effectively respond to the event and/or protect those around them impacted by the event.

Certainly, it is easy to see the liabilities if the company itself caused the disaster.  But, what about events in which the company is truly the victim?  I suggest there might be some difference if it is something they should have known to prepare for.  This ties directly to the business continuity planner’s findings from a Risk Analysis.  If the Risk Analysis identifies critical facilities on an earthquake fault, or in tornado alley, or in common Hurricane zones – you should plan accordingly.  If your Risk Analysis identifies potential threats from nearby nuclear power plants or hazardous material sites – you should plan accordingly.  And so on.

But, it was also noted that plenty of firms are sued for events they could not reasonably foresee.  I suggest that even if you could not plan to prevent or mitigate a particular scenario, you still can make horrendous mistakes and be negligent in how you react and respond to the unpredictable.  Although I think it is important for companies to have specific response plans for known risks, it is also important to have generic response plans based on impacts of unforeseeable events.  For example, plans to evacuate regardless of why you are evacuating.  Plans for shelter in place, regardless of the outside threat.  Plans to continue operations in alternate facilities, regardless of what rendered the targeted facility inaccessible.  Etc.

Our session will then go on to discuss the role Directors and Officers should be playing in the development, implementation and activation of these plans and the possible liability they may be held to should things go wrong.

I haven’t often had the opportunity to discuss these topics with a group of litigation lawyers and I am fascinated with the synergies we are experiencing in educating one another.  I am looking forward to a fun and rewarding teleconference on September 16 and in continuing the discussion and association with these folks after this event to explore these topics in greater depth.

Thank you for your input.