1. Osler Hoskin & Harcourt LLP
March 2017
Proactive Crisis Management:
Expecting the Unexpected
Lawrence Ritchie, Partner, Osler
Alan Stewart, Partner, Deloitte
2. 2
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Lawrence Ritchie
Partner, Osler
Chair of Crisis Response &
Risk Management Group
Alan Stewart
Partner,
Deloitte Forensic
3. How do directors’ feel about crisis?
*Research from our Crisis Management Survey with the Institute of Corporate Directors
https://www.osler.com/en/resources/critical-situations/2016/the-board-of-directors-role-in-crisis-management
8. 8
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Summary
• Importance of board oversight of corporate reputation building & crisis
management
• Key risks flagged by directors are reputational, ethical, financial reporting, cyber-
security but not social media
• Directors believe their organizations are ready for a crisis and management
teams have the necessary skills
• But shouldn’t they be more confident respecting the organization’s enterprise
risk management system and succession planning?
• Directors expect to use existing company advisors for advice in a crisis, for advice
both to the company and the board
• More diligence required to protect board members
12. 12
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Proactively Manage Fallout
The Spark: Crisis
Minimize risk by:
o Instituting centralized oversight and decision-making, and
o Preparing a crisis response plan before a crisis hits
The Slow Burn: Ongoing Activity
Minimize risk by:
o Identifying potentially affected stakeholders, and
o Prioritize strategies to reduce harm
Extensive internal & external communications strategies are key
14. Building Blocks to a Best in Class Crisis Response Plan
14
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Identify your team
Develop internal & external communication plan
Conduct internal investigation
Engage with regulator - voluntary
Engage with regulator - search & seizure
Anticipate & manage other fallout
Up-the-ladder reporting
15. 15
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Assemble your Team
Protocol in place
Business point person
Legal point person
Internal communications point
External communications point
Consider early retention of outside advisors (legal, communications,
forensics/experts)
16. 16
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Example of Multifunctional Team
Team Manager
Subject Matter ExpertsLegal Communications
Role of the Team
• Support the Emergency Response Effort
• Ensure response priorities are addressed: people, env’t, assets, reputation
• Set strategic objectives and policy for the proactive management of the crisis
• Manage the communication strategy
• Minimize impact to co./organization
17. 17
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Assessing the Incident
Purpose: defines what we’re dealing with
• Scale
• Characteristics
• What we do/don’t know
When: immediately following briefing
Why / Value:
• Reinforces response priorities
• Prompts discussion
• ID’s areas requiring clarification
• Focuses actions
Regular assessments
should be completed to
identify actual/potential
new issues as the
incident/crisis evolves
18. 18
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
The Needs of the Board during a crisis
Regular and timely reporting
Clear understanding of PR strategy and
their role
Quantification of exposure
One point of contact
Separate legal representation
(if applicable)
A clear statement of the questions
they need to decide
Outcomes:
• Consistent PR strategy –
top to bottom of
organization benefitting
from the board’s guidance
19. 19
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
The Role of Legal during a crisis
Monitor the process – What went
well?
Determine facts and root causes of the
event
Is this our incident?
Internal policy duties, compliance and
insurance
Legal – privilege, records management,
regulatory matters, contractual
obligations
Review and input on communications
Outcomes:
• Prepare report
• Share learnings
• Determine corrective
actions
• Determine responsibility
and assess risk
20. Building Blocks to a Best in Class Crisis Response Plan
20
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Identify your team
Develop internal & external communication plan
Conduct internal investigation
Engage with regulator - voluntary
Engage with regulator - search & seizure
Anticipate & manage other fallout
Up-the-ladder reporting
22. 22
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
1. Develop a Culture of Compliance
Key characteristics of a healthy compliance program:
Comprehensive procedures to prevent and detect illegal activity
Mandatory training about consequences of noncompliance
Reporting system providing management with timely and accurate information
Adequate resources for staff to audit, document, analyze and use the results of
compliance efforts
Continuous improvement: Periodic testing and review
Appropriate incentives and disciplinary measures
Confidential reporting and internal investigation
23. 23
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Best Practices for a Healthy Compliance Program
Role of legal
group
•Education
•Support business in dealing with a regulator
•Identify industry issues before regulator gets on them
Enforcement by
management
•Exercise reasonable oversight
•Promote and enforce consistently
•Never tacitly encourage or pressure employees to engage in misconduct to achieve business
objectives
•Take disciplinary action against past violators
Employees
responsible &
rewarded for
compliance
behaviour
•Consistently self-report to Compliance Managers
•Bring to Compliance Managers’ attention both individual and systemic issues
•When unsure, ask Compliance Managers questions
•Err on the side of over-reporting to Compliance Managers
24. 24
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
2. Develop a Culture of Preparedness
Systematic
approach
De-escalate
Timely
decisions
Clear thinking
In
extraordinary
conditions
25. 25
BRIEF THE BOARD: PLANNING FOR THE UNEXPECTED
Best practices
Test your Crisis
Response Plan
Review the
Results
Before we talk about you company’s plan, lets look at the anatomy of a crisis and how it can impact your business.
Why be proactive:
Reduce business vulnerability
See risks that are not apparent
Provide insights and support to key decision makers and responsible persons
Frame regulatory issues
Get credit for cooperation
Better class-action defence
Building Block 1
Fact/Legal Knowledge
Is this our incident?
Where – location, country
Who – employees, contractors, workers
Nature of the activity – o&g activity
Ownership of goods – transfer of title, beneficial ownership/interest
Ownership of transportation vehicle
Accountability for transfer of risk – contract terms, regulatory provisions
Insurance: coverage, who placed it, who is the insured
Internal policies: LTI data, investigation requirements
Issues of negligence & willful disregard
Acts of god
How to minimize these costs to business? Essentially the best practices section
Why? What’s its impact? (i.e. what’s the business result/benefit to the business?)
What does this look like?
Should be something about communication on here.
If you are prepared, you are able to do the above… resulting in the benefits measured on the next slide
So, how do you do that?