Many people in the business continuity world suggest that directors have certain responsibilities in respect of business continuity (BC), but can’t really articulate what those responsibilities actually are, or what the penalties for ignoring them could be.
Until quite recently, directors’ duties were based upon an expectation that they would always act in the company’s best interests, and the judgement of whether they had became a matter of opinion for lawyers and judges. Previously directors had a duty to act “in good faith and in the best interests of the company”
But the Companies Act 2006 includes new legislation (which came into force on 1st October 2007) regarding directors’ duties apply a level of diligence in line with their higher level of expertise, and whilst there isn’t any specific wording about business continuity in the act, it is nonetheless now a criminal offence for any director NOT to exercise reasonable care, skill and diligence in respect of the whole company, not just his or her department or division.
Whilst business continuity and its management does benefit from a certain amount of skill, knowledge and experience, the risks that it should be there to mitigate are not particularly specialised and in most organisations a director would be reasonably expected to aware of such risks. So to simply assume that someone else is taking care of what happens if a major incident occurs or, worse, to assume that nothing could ever go wrong because it hasn’t before, can only be regarded as negligent.
As far as penalties are concerned, again many directors are somewhat in the dark – many thinking that the worst that could happen to them is to be disqualified to act as a director.
However, this is not the case! Although the Companies Act 2006 does not include any penalties for failing to undertake directors’ duties correctly, enforcement of the Act would be by way of an action against the director in question for breach of duty.
Whilst such an action can only be brought by the company (which would usually require the other directors to support the action) or by the liquidator (should things go that badly), there is now new legislation that allows an individual shareholder to bring a Derivative Action.
The spirit of the Act is that each director should use their knowledge and skill in the best interests of the company and it is therefore not really acceptable for any director to pretend that they couldn’t have known about the existence of fairly obvious business interruption risks, and more importantly the lack of any arrangements to mitigate them.
Ultimately, negligence and failure to act appropriately would be dealt with by the common law, but the key point is that individual directors can face personal liability and are not necessarily protected by the limited company.
To find out more about how good business continuity arrangements can help to protect directors, as well as the company, register for a free 15-min consultancy surgery or contact us on 0845 070 1750 or by email to firstname.lastname@example.org.