. 38
( 131 .)


rates that reflect extent of compliance with construction codes).

Communication with the wider public
All forms of natural and manmade hazards legitimately generate significant
public concern. We believe that the most appropriate approach to greater pub-
lic understanding of the risks and costs associated with hazards, and the insti-
tutional decisions that might need to be taken to mitigate or ˜deal with™ hazards,
is openness of information and analytical processes. BGS is moving forwards in
that direction and welcomes collaboration with, and comment from, interested

How crisis leads to liability
In order to properly prepare for an EHS crisis, it is important to understand
why and how companies can be subject to both public relations nightmares and
legal liability in the event that such an unfortunate accident occurs. First and
foremost, a company that is unprepared to deal with an EHS crisis, say a chem-
ical spill or industrial accident, will very likely not be in a position to contain
the spill or minimise the consequences of the accident. Obviously, to the extent
the problem gets worse, the more expensive the clean-up bill becomes the
higher the agency penalties and claims in third party law suits will be.
In addition, there are myriad requirements under environmental, health
and safety laws to immediately report a spill, release or an accident. For example,
both the Comprehensive Environmental Response, Compensation and Liability
Act (CERCLA) and the Emergency Preparedness and Community Right to
Know Act (EPCRA or SARA Title III) contain provisions for immediate report-
ing of chemical releases, which a company knew, or should have known, are in
excess of reportable quantities set out in the regulations. EPA has taken the
position that, reporting such a chemical release more than 15 minutes after the
release occurs is a per se violation of law subject to the imposition of penalties.
In fact, the reporting requirements of these statutes require that the caller pro-
vide details such as the type and quantity of the released chemical and its
health effects, as well as exposure and precautionary information. In order for
a company to comply with that requirement, it must have a sophisticated record
keeping and reporting protocol in place before a spill occurs. A company that
is unprepared to appropriately respond to such a release will undoubtedly
incur significant penalties from an agency.
Moreover, history has shown that EHS crises inevitably lead to additional,
and sometimes far-reaching, government regulation. Consider the track record.
In the 1970s, flaming rivers led to the enactment of the Clean Water Act. Love
Chapter 8 “ Business interruption and risk management 183

Canal led to the enactment of CERCLA in 1980. More recently, major air releases
in Bhopal, India, and Institute, West Virginia, led to the enactment of SARA Title
III, as well as a number of provisions in the Clean Air Act requiring companies
to provide significant volumes of information to the public, as well as increased
record keeping requirements. Finally, the Exxon Valdez oil spill directly led to
the Oil Pollution Act, which required additional planning and which contained
many new requirements for the prevention of releases of oil to waters.

The public relations trap
Often, public relations issues feed the legal liability problems after a spill or an
industrial accident. Naturally, an injured party, or someone who believes they
are injured, is more likely to bring a lawsuit when they perceive that the situ-
ation was not handled properly. A good public relations strategy is key to alter-
ing that perception. Simply responding to an EHS crisis is not enough. One
must manage the crisis.
A company that is not prepared to deal with the public and that does not
have senior management responding in a way that assures the public the com-
pany has things under control is more likely to become the subject of intense
scrutiny. That scrutiny can come in the form of government enforcement,
including criminal investigations and prosecution, as well as third party suits
such as toxic tort and citizen suits.

The crisis management plan
Some companies have invested considerable sums developing EHS crisis man-
agement plans with the assistance of able public relations firms and lawyers.
However, too many of them merely take the plan and put it on the shelf, satis-
fying them that it is there when needed. This is a mistake. A crisis is no time to
test a plan for the first or even second time. Moreover, during a crisis, there is
simply no time to consult a plan, particularly a voluminous one, with which
you are not already thoroughly familiar. Crisis management requires almost
instantaneous reaction by companies, both plant personnel on the scene and
senior management, wherever on the globe they happen to be.
Everyone involved in managing an EHS crisis, from the second shift
process operator to the CEO, must be familiar with both the contents of the plan
and, more importantly, their role in the crisis management process. The kind of
organisation required to effectively manage an EHS crisis is something that
requires careful thought, planning, testing, practice and updating.

Updating plans
For many reasons, it is very important to make sure that the EHS crisis manage-
ment plan, once developed, undergoes frequent periodic review and updating.
As discussed previously, there is the growing public expectation that companies
Part B “ Overview of the Economic Aspects of Business Risks

will not miss a step during a crisis. Therefore, periodic review and updating of
plans will assure that they are both correct and familiar to those who are tasked
with the responsibility to execute them. Outdated data, such as contact or
health effects information, can cause serious delays and either over- or under-
reporting of information to agencies and the public. Even sophisticated organ-
isations with well-prepared crisis management plans end up with serious
liability due to outdated data. In one such case, the material safety data sheet (a
form required to be maintained by both OSHA and EPA) for a new process
chemical had not made its way into the plan. This led to an incomplete report
to EPA during a process release and a significant penalty. It could have been
worse, however. Had the release drifted to the nearby neighbourhood, the out-
dated information could have led to far more devastating consequences.
In addition, in these days of frequent corporate mergers and takeovers, EHS
managers are often faced with responsibility for entirely new facilities and divis-
ions. Because of personnel changes and other reasons, EHS accidents are more
likely to occur during such transition periods. Ironically, most EHS managers
are simply too overwhelmed by the integration of day-to-day EHS functions to
focus on integrating crisis management plans, which can unfortunately lead to
serious problems in the wake of EHS accidents.
Finally, there are many new federal, state and local laws, regulations and
policies that can come into play in any EHS crisis. While most companies track
new EHS requirements and incorporate them into operations, many forget to
make sure those new requirements are integrated into updated crisis manage-
ment plans and systems.

The lawyer™s role in EHS crisis management
As stated earlier, an effective crisis management plan is the work product of a
variety of professionals bringing their particular expertise to bear on the process.
The experienced environmental/OSHA lawyer, particularly one that knows
your business, should be an important member of the development team. In
most cases, use of specialised outside environmental/OSHA counsel for this
task makes sense regardless of the in-house legal structure of the organisation.
Even though many companies have specialised in-house EHS counsel, many
are already overwhelmed with day-to-day regulatory issues, briefing manage-
ment on significant issues, overseeing litigation and reviewing EHS issues in
transactions. Despite their best intentions, consistent participation of these
individuals in EHS crisis management planning is simply not feasible. Moreover,
many in-house lawyers spend significant time on the road. Therefore, even
assuming they are immediately reachable during a crisis, they may be unavail-
able to effectively participate in the necessary efforts.
Because of the many legal issues and requirements involved in a crisis, the
expertise of a lawyer is necessary in both planning and during a crisis. For
example, an EHS lawyer can help assess the extent of a crisis and the applic-
able legal reporting requirements (including reporting to insurance compa-
nies). In addition, the lawyer can assist in (although not participate directly in)
Chapter 8 “ Business interruption and risk management 185

the dissemination of information during a crisis, and help prepare statements
by the company to the public and regulatory agencies. Also, the lawyer can
assist in the event inquiries lead to criminal investigations. A lawyer can also
assist in, and potentially protect through privilege, internal investigations of
root causes and can begin to develop a record for use later. Finally, to the extent
the lawyer was involved in the planning and response, he or she can be invalu-
able in responding to the host of government inquiries in the days following
the event.

Ongoing considerations
EHS crisis management is extremely important, particularly in these days
of immediate and prolonged media coverage. Involvement of an experi-
enced team of professionals, including outside environmental/OSHA
lawyers, in both planning and during an actual crisis, can have payoffs far
beyond the costs involved. History has shown that few managers look back
on a crisis and wish they had prepared less.

Encouraging business continuity management
In the US, business continuity management has been driven forward as an
unexpected consequence of the expansion of corporate governance legislation.
The 2002 Sarbanes-Oxley Act, introduced in the wake of corporate accounting
scandals such as Enron, includes a requirement that organisations must under-
stand the risks that may impact their financial reporting processes and requires
them to put in place proper controls. According to the US Disaster Recovery
Journal (2004):
Compliance requires companies to establish an infrastructure designed to protect and
preserve records from destruction, loss, unauthorised alteration or other misuse.

The consequences of this legislation have been to force senior executives to
examine the issue more closely (in order to avoid hefty fines), to prompt organ-
isations to regularly test their contingency plans ahead of annual compliance
reporting to the US Securities and Exchange Commission, and to increase busi-
ness continuity management budgets (Disaster Recovery Journal, 2004).
However, the legislation only applies to companies of a certain size and turnover.
There are limitations, however, to how successful or desirable such legis-
lation would be in the UK. Increasing the regulatory and reporting burden on
UK businesses beyond current levels would not be supported by the business
community. Also, any legislation is likely either to have a detrimental effect on
small businesses in terms of creating additional burdens because it is too severe
or to provide the stimulus to action needed because it cannot be applied to
small and very small enterprises.
Part B “ Overview of the Economic Aspects of Business Risks

Given that the most commonly cited reasons given by SME managers for
not having a contingency plan are that they lack the time and money to do it
effectively, it seems contradictory to attempt to encourage contingency plan-
ning by increasing the costs on businesses. Instead, business continuity man-
agement among smaller businesses is more likely to be encouraged by
incentives, such as tax breaks, rather than compulsion and regulation.
The LCCI has previously called for a nationwide ˜buddy scheme™ in which
larger companies partner up with smaller businesses to help develop their con-
tingency plan. The DTI should offer financial incentives, such as a continuity
management tax credit, to encourage contingency planning by businesses. For
smaller firms these incentives could cover the initial cost of setting up a contin-
gency plan while larger firms could be rewarded if they form continuity part-
nerships to offer assistance with business continuity management to smaller
businesses from within their supply chain or in their local area. These partner-
ships could range from help and advice in developing a contingency plan to
agreements to share premises, facilities or resources in the event of a disaster or
terror attack.

The US
Prior to 9/11 the US did not experience terrorism at home on the same
scale as Britain in the 1970s, 1980s and early 1990s. However, the Federal
government moved quickly to take measures to counter the ongoing threat
and has undertaken wide-ranging legislative and organisational changes to
safeguard national security.
Machinery of government
One of the most significant aspects of the US™s efforts to combat terrorism
on American soil is that the Federal government has been restructured to
provide focus at the highest levels. On 20 September 2001, just nine days
after the 9/11 attacks on New York and Washington, the US government
announced the creation of the Office for Homeland Security (OHS) to coord-
inate immediate homeland security efforts. In November 2002 the OHS
was expanded into a full government department, the Department of
Homeland Security (DHS), led by a cabinet-level Secretary of Homeland
Security. This represented the largest restructuring of the US government
in contemporary history. The DHS has responsibility for border and trans-
port security, emergency response and preparedness, immigration and
customs, and brings together 22 subordinate agencies which previously
reported to 10 different government departments. These agencies include
the Federal Emergency Management Agency (FEMA), the US Customs
Service, the Immigration and Naturalisation Service (INS), the Coast
Guard and the US Secret Service. The department™s financial year 2006“07
discretionary budget is $35.4 billion, and accounts for approximately one
in 12 federal civilian employees (Department of Homeland Security,
Budget-in-Brief Fiscal Year 2007, www.dhs.gov 2006).
Chapter 8 “ Business interruption and risk management 187

The LCCI believes that the creation of the DHS in the US should serve
as a model for the UK. Combating terrorism involves tackling a number of
issues that are currently the responsibility of a number of different depart-
ments of the UK government, including the Cabinet Office, the Home
Office, the Department for Communities and Local Government (DCLG),
the Department of Health (DoH) and even the Department for Environment,
Food and Rural Affairs (DEFRA). For example, the police, fire and ambu-
lance services each report to different government departments. In order to
provide strong leadership and joined-up government it is important that
there is a single Whitehall department, led by a cabinet-level Minister for
Homeland Security, with overall charge of domestic security and contin-
gency plans. The US Department of Homeland Security is successful in
coordinating a wide range of regulations and in ensuring that the develop-
ment of policies to combat terrorism is consistent.
The US has also been successful in strengthening security at its bor-
ders and in imposing much more rigorous entry controls at airports and
ports. In October 2002 the US Immigration and Naturalisation Service
(INS), part of the DHS, enforced stricter immigration procedures on vis-
itors from countries regarded as containing a threat to the US. They now
have to register with the government and be photographed and finger-
printed. Passengers who visited those countries, including Saudi Arabia,
and who cannot provide an adequate explanation for their visit, are also
required to register.


. 38
( 131 .)