Disaster Recovery Journal

To what degree is senior management liable for any decisions and actions made regarding business continuation planning? The answer has not been clearly defined in the courts. However, many extant regulations and statues establish business continuation planning as being within the executive's purview. Some examples:

• Banking Circular 177 requires that banks have written disaster plans.
• The Foreign Corrupt Practices Act, Section 13 (b) (2) could be interpreted as requiring public companies to preserve computer records.
• The Securities Exchange Commission (SEC) requires that companies not make false or misleading statements about their operation that would mislead buyers or sellers of a company's stock.

In addition to these regulations, common law standards, such as the "Prudent Man Rule," may require directors to execute their duties in the manner that an ordinary, prudent person would in a similar situation.

Several scenarios can be imagined where senior management, in making a decision regarding business continuation planning, may be the object of litigation against a company:

A brokerage firm, heavily reliant upon computers, opts for hot site recovery versus mirrored computer systems. A fire in the firm's computer room knocks out one of its mainframes, causing an inability to complete transactions. The hot site recovery plan does not accomplish recovery in the required time frame, resulting in financial losses for clients. The clients file a suit alleging mismanagement against the directors of the firm.

A health care company in California does not maintain adequate backups of their clients' medical records. An earthquake destroys the building in which many of the records are kept, making it virtually impossible to obtain records for clients requiring urgent medical attention. Angry clients file suit against senior management.

A major manufacturing company suffers a disaster that significantly affects its production capacity. This information is not conveyed in reports to the SEC. Subsequent reports reveal lower product output, and after investigation the financial implications of the disaster are discovered. The SEC, as well as shareholders, file suit against the company for fraud.


Principles Governing Directors and Officers (D&o)

The principles governing the actions taken by senior management in running a company are embodied in the three basic duties of loyalty, obedience, and diligence.

• The duty of loyalty requires directors and officers to refrain from engaging in personal activities that would injure or take advantage of the corporation.

• The duty of obedience requires directors and officers to perform their duties in accordance with applicable statutes and terms of the corporate charter.
• The duty of diligence requires directors and officers to exercise good faith. Their actions should resemble those of a "reasonably prudent person," and they should act in the best interest of the corporation.

If some action of senior management is legally challenged, the court presumes that senior management acted in good faith. The burden of proof remains on the claimant to prove that the defendant was motivated by self-interest.

D&O Lawsuits'An Overview

Senior management obviously attempts to apply prudent business judgment when developing and implementing a business continuation plan. However, if that plan does not perform as expected, the wisdom of the decisions may be questioned and ultimately may result in a lawsuit against the firm's directors and officers. Such suits can have a significant negative effect on the company's balance sheet, especially if the allegations are judged by a court of law to be valid; then judgments'as well as defense costs'may be millions of dollars.

D&O lawsuits can affect almost any industry, including financial services, utilities, manufacturing, merchandising, high technology, construction, real estate, petroleum, mining, transportation, agriculture, and communications. Non-profit corporations are also at risk from D&O lawsuits.

D&O lawsuits can spring from many different sources'from shareholders, customers, employees, competitors, and government organizations. D&O lawsuits brought by shareholders usually involve business issues such as inadequate or inaccurate disclosures, divestiture or spin-off, takeover, merger, acquisition, gross mismanagement, misrepresentation, financial performance, bankruptcy, financial reporting, conflict of interest, and dishonesty or fraud. Customers may bring D&O lawsuits over extension or refusal of credit, contract dispute, dishonesty or fraud, deceptive trade practices, or cost or quality of the firm's product or service, among other causes. Finally, government agencies, such as the SEC, can allege violation of government regulations.

A Company's Defense: D&O
Liability Inurance

How can a company protect itself? One effective defense measure is by purchasing D&O liability insurance.

Various forms of D&O liability insurance are available in the market, and each may differ in definition of terms, coverage, and exclusions. Generally speaking, however, if a lawsuit against a company's directors and officers is decided against the company, in most cases the company's D&O insurance would pay on behalf of the directors or officers the amount of loss arising from the claim. Or the insurance would pay on behalf of the company if it indemnified its directors and officers for such losses.

In most D&O policies, the definition of a claim includes written demands for monetary damages, civil suits (including class action suits), criminal suits commenced by return of an indictment, or formal administrative or regulatory proceedings.

A definition of loss typically does not include items absolved from payment, punitive and multiple damages, items uninsurable by law or public policy, or investigative costs or evaluation costs associated with a claim. Insurance for punitive and multiple damages may be available by endorsement, depending on the insurer and the legal jurisdiction.

Most D&O policies specifically exclude coverage for losses arising out of Y2K problems, bodily injury, property damage, personal profit, deliberate fraud or willful violation of statute, pollution, or pending or prior litigation. Most also exclude coverage for lawsuits brought against one named insured by another.

Business continuation plans can be critical to the proper functioning of a company during or after a catastrophe or crisis. Help protect your firm with a well-considered business continuation plan, but keep in mind the potential risk it poses to senior management'and the need for D&O liability insurance as a backstop for your balance sheet.