Tightening labour markets, fluctuations in oil prices and exchange rates, natural disasters, and technological revolutions changing the way we share data, continually combine to ensure an unpredictable business environment.
Risk management activities are fundamental to help maximise the probability of success and reduce the possibility of failure of organisations in the face of such instability. Risk management has been perceived as senior management responsibility; however, the responsibility landscape is shifting and company directors are an important emerging influence in managing organisational risk. The Enron and WorldCom collapses in the United States are key examples of how company directors failed to exercise their legal ‘duty of care’ and, closer to home, the receivership of Bridgecorp and the case concerning Stresscrete question the limit of directors’ responsibility on corporate performance and risk management.
Receivers, liquidators and other third parties may look to the past activities of directors to ascertain if they have incurred liabilities/obligations unreasonably. The Companies Act 1993 has not only widened the definition of ‘director’, it has also defined the duties owed by him/her. It is now easier to enforce directors’ responsibilities, and courts will interpret them in accordance with the nature and business endeavours of organisations, as well as the nature of positions undertaken by directors. Importantly, directors need to be aware that their liability in the eyes of the law is unlimited and personal, and directors cannot contract out of this liability.
Risk management concerns in New Zealand have been growing and changing with local and global influences. few years ago, businesses appeared most concerned with the increase of competition and non-compliance with legal and contractual obligations. Today, however, competition and cost of compliance is less worrying compared with the risk of losing data and key staff members, as well as loss associated with major incidents, for example.
We are currently witnessing more organisations taking proactive approach to mitigating these risks, with some firms employing risk management officer and implementing formal risk reviews throughout the year. More importantly, there is growing perception that company directors may have role in monitoring and guiding the risk management process. Consequently, an important question for directors is whether they can be held legally responsible for failure to carry out such an obligation. According to the following, courts could interpret the law to include such responsibility.
Directors’ Duties
Directors’ legal responsibilities are defined by the company constitution, and if there is not one, by the provisions contained in the Companies Act 1993. Gone are the days of ‘sleeping’ or ‘silent’ directors. Directors are now considered trusted agents, who owe duty of good faith to the company and shareholders, and who consider the interests of employees.
The courts have been busy helping to define the extent of director’s responsibility. From decisions like Global Print Strategies Limited (in Liquidation): Mason v Lewis the duties can include “taking reasonable steps to put themselves in position not only to guide but to monitor the management of company”. In this case the judge did not find it acceptable that the directors simply allowed the affairs of the company to repose in the hands of manager, who, in this instance, turned out to be crook. The directors had not paid enough attention to the financial concerns of the firm.
Although this case does not concern risk management decisions, we can see that courts are willing to consider arguments that director may not have taken the reasonable steps he/she ought to have taken in the situation. The important principle is that directors need to be informed of the company affairs and make necessary inquiry.
Steps for Directors
The increasing regulation and clarification of duties for directors has caused greater concern about their personal liability. It is important that directors make themselves aware of the potential risks facing their organisation and ensure they understand their role with respect to guiding and monitoring the processes/systems to mitigate those risks.
In addition, insurance may be essential for both directors and the company. This insurance could be specific to directors and officers in the case of litigation, or it could be insurance for organisations to cover specific risk. Both would help safeguard the personal assets of directors, as well as help organisations continue to operate until the risk issue is resolved.
Cecilia Farrow is the managing director of risk advisory firm TripleJump. www.triplejump.co.nz