The latest Directors’ and Officers’ Survey from WTW in collaboration with Clyde & Co LLP allows us to drill down into the responses from directors and officers (D&Os) of companies in India. The D&Os rate the risks faced by them on the basis of financial and/or reputational repercussions.
India, with the dream of becoming the world’s factory, has not only been an attractive destination for foreign manufacturing companies but is now also the third-largest startup ecosystem globally. While India provides a myriad of opportunities, D&Os also face a multitude of challenges and liability risks including statutory liability under Income Tax Act, 1961, Companies Act, 2013, Negotiable Instruments Act, 1881, Factories Act, 1948, etc., that can significantly impact their business operations.
In the survey, the top three business operation risks in India for D&Os are health and safety (93%) closely followed pertaining to bribery and corruption (90%) and pollution (90%). Helath and safety as the top concern is a paradigm shift since concern about cyber-attacks has consistently been the top-rated risk for D&Os across the globe over the previous years. While cyber-attacks still stand as the highest concern for D&Os in finance and insurance companies across the globe, it stands at the second highest concern for the D&Os around the world.
In India, the federal structure provides that central and state government are both competent to pass legislation on ‘labour’. In order to regulate the occupational safety, health, and working conditions in establishments, the parliament has passed the occupational safety, health and working conditions code, 2020 (“the code”) which, once implemented, will subsume and replace 13 labour laws. The code provides duties of every employer which includes, providing a risk-free work environment, complying with safety and health standards, ensuring disposal of hazardous and toxic waste, providing safety protocols for the employees, etc.
In recent years, India has witnessed multiple incidents caused by negligence and human error such as chemical factory blasts, fire break outs, gas leaks in manufacturing plant, incidents at construction sites, etc. affecting the health and safety of workers as well as the surrounding environment. The code mandates an employer to inform relevant authorities in cases of accident, dangerous occurrences, or certain diseases at the workplace. The code provides for penalty provision whereby certain contraventions under the code are punishable by imprisonment as well.
While the Constitution of India, 1950 does not expressly recognize right to health as fundamental right, however, it has been read into the fundamental right to life and personal liberty through judicial interpretation. The Courts in India have repeatedly recognised that right to life means a life with human dignity and not mere survival or animal existence. This would include providing humane conditions of work to workers, hygienic workplace, medical aid, etc. Considering the direct relation and impact on productivity and economic and social development, the Indian government is committed to regulating all economic activities for management of safety and health risks at workplaces and for providing robust measures so as to ensure safe and healthy working conditions for every working person in the nation.
Further, the Companies Act, 2013 also provide for wide spectrum of duties to be discharged by a director of a company including duty to exercise due care and diligence, duty to comply with law, fiduciary duty, etc., and also imposes liability for violation of such duties.
Interestingly, bribery and corruption has been rated as the second highest risk for D&Os in India as compared to its sixth position globally. This may due to the fact that in the recent report released by Transparency International, India dropped from 85th rank in 2022 to 93rd rank out of 180 countries on the Corruption Perceptions Index.
In 2018, the Prevention of Corruption Act, 1988 (PCA) was amended to introduce the concept of corporate criminal liability for acts of bribery. Any act of bribery is an offence under the PCA and if a person associated with a commercial organisation commits the offence the organisation can also be held liable. Further, if such an act has been committed with the consent or connivance of any director, manager, secretary or other officer, they would be guilty of the offence which is punishable with imprisonment.
The investigative agencies in India such as Central Vigilance Commission, Central Bureau of Investigation, Serious Fraud Investigation Office, etc. have taken proactive action to monitor and increase the pace of investigation in corruption cases. Further even the regulatory bodies in India have imposed disclosure obligations on companies including for cross-border transactions in light of the financial frauds and scams and provide for criminal liability including imprisonment in cases of non-compliance.
India has witnessed numerous scams where directors are arraigned as accused even where there is no evidence on record to show their active knowledge of the incident or their involvement. However, this has resulted in litigations initiated by such directors to clear their name. The Survey responses indicate towards an increased awareness of such risk not only for the D&Os but on the growth and goodwill of the business as well.
India was recently ranked 7th in the 2023 Climate Change Performance Index out of 63 countries excluding EU countries and has remained among the highest performers. However, it is also ranked 8th in the list of the world’s top 10 polluted countries in the World Air Quality Report 2022. With the increasing impact of climate change and movements by environmentalists, the business operations of a company are facing heightened scrutiny by regulators as well as the public.
As an extension of the principle of absolute liability, Indian courts have been upholding the ‘polluter pays’ principle in various judgments. While the absolute liability principle is invoked irrespective of whether the person took reasonable care, the polluter pays principle extends it to include the cost of repairing damage to the environment. Hence, the polluter will be liable to pay the cost of individual sufferers and the cost of reversing the damage done to the society. India has also established a specialised forum called National Green Tribunal (NGT) for effective and speedy disposal of cases pertaining to environmental protection and the conversation of natural resources. The NGT has the power to impose fine or imprisonment in cases any person fails to comply with an order or award passed by the NGT.
In recent years, there has been a growing incidents where pollution liability has been imposed against companies and its officers by way of fines/penalties for damage to the environment, increased pollution levels due to the use of old machinery and equipment and non-adoption of sustainable practices, etc. These not only leads to loss of business and reputation in the market but also increases the chances of litigation.
Surprisingly, while the global D&Os have rated cyber-attacks as the second highest risk, India’s D&Os have not considered it within the top 7 risks. Cyber-attack has been one of the top concerns globally since 2018. The absence of this risk from India’s top risk list may be on account of lack of liability imposed on directors or officers of a company in the current legal regime governing cyber-attacks. This is noted from the fact that the recently enacted Data Protection and Data Privacy Act, 2023 (DPDP Act) does not provide for any personal liability of directors or officers of an organisation which may be a data fiduciary. However, due to the increasing cyber incidents in India, the DPDP Act provides for penalties up to c. USD 30 million against the companies in case of breach of obligations as provided under the provisions of the DPDP Act such as observing reasonable security safeguards, seeking necessary consent, etc.
According to recent reports, India has been listed amongst the top five most targeted countries in the world. Indian companies have realised that with the expansion of the digital revolution, cyber risk is no longer merely an IT risk. Considering the major impact on operations and day to day functioning, it has now become a business risk which requires due consideration by the entire organisation and not merely the IT team. This further highlights the risk of ‘Sufficient cyber expertise at board level’ which is ranked 5th as the top risk in India. We have recently observed that companies in India have started actively working towards spreading awareness amongst their employees, ensuring endpoint protection, maintaining backup, and updating and upgrading their software. Companies have also started conducting penetration testing and vulnerability assessments to identify and mitigate cybersecurity threats and associated risks to the organisation’s system.
The overall trend worldwide (65%), including in India (80%), shows that the companies and its directors heavily rely on in-house risk managers to keep a vigilant eye on emerging risks. This approach reflects a proactive stance, ensuring that dedicated professionals are tasked with identifying and assessing potential threats throughout the organisation. In India, apart from risk managers, more reliance is placed on engaging professional organizations (43%) and accountants (43%) as a matter of strategy in order to engage expertise to identify and assess emerging risks considering the intertwined nature of risk management and its impact on company’s finances. These affiliations with professional organisations also provide valuable network and resources for staying abreast of industry specific as well as regional risk landscape. Further, studies and reports from such professional organisations could be of assistance to an organisation to take preventive steps to avoid any potential liability.
The responses from the D&Os in India showcase the difference in the regulatory landscape of the country as compared to other countries. While ‘cyber-attack’ and ‘data loss’ have been one of the major risks globally, the risk arising from the same has not been considered with similar gravity by Indian D&Os. This would also be the case where ‘bribery and corruption’ and ‘pollution’ have been one of the top risks faced by Indian D&Os, however, they appear low in the ranking globally. The Survey provides a meaningful insight for insurers on the major concerns for D&Os in light of the changing business environment of India. It puts forth a comprehensive outlook for adopting strategies for managing the emerging risks while ensuring a balanced approach.
