Are general counsel in India ready for the post-pandemic world?

General counsel have faced increasing demands since the onset of the COVID-19 pandemic. They have had to navigate their organisations through myriad issues, ranging from employee and customer safety and contract negotiations with third-party vendors to digitising data and cyber security. In India, general counsel have sought to adapt to a constantly changing pandemic environment, including new laws, regulations, and guidance from the state and central governments, some of which are not aligned given that legislation issued by different jurisdictions can vary significantly.

To better respond to the pandemic, general counsel have had to develop new areas of expertise, particularly around employee health and safety protocols and data security. One area where general counsel are seeing an expansion of responsibilities is environmental, social and governance (ESG) issues, which have come under greater scrutiny during the crisis. 

The rise of ESG 

Organisations are under pressure to demonstrate they can engage with stakeholders on a host of ESG issues in a constructive manner. It is not enough for organisations to be compliant; they also need to future-proof themselves, with a view to retaining value. By behaving in an ethical way that is aligned with their corporate values, organisations will be well positioned for a sustained recovery post-pandemic.

General counsel are compelled to address pressing ESG issues brought on by the pandemic despite their limited time and resources, and the challenge for organisations is to find a right balance between risks and opportunities, even as they comply with regulations, fulfil voluntary commitments, and meet stakeholders’ expectations. These imperatives are no less relevant in India, where general counsel have focused on ESG considerations during and after the pandemic, especially those concerning the health and safety of employees, contractors, and suppliers.

Recently, Control Risks was engaged by a prominent French apparel brand that outsources its manufacturing to suppliers in India. The company faced its greatest challenge to date during the pandemic – ethical monitoring of sourcing – as the firm significantly reduced physical audits at its factories. This prompted whistleblower complaints about factory owners not adhering to basic safety and security protocols implemented by the state and central governments in the country. Our investigations revealed that factory owners were not vigilant and that there were serious quality and control lapses at the plants. To make matters worse, certain factory owners were found to have offered bribes to the apparel company's procurement team to look past these lapses and to maintain business relationships. 

To cite another example, a social-media post highlighted health and safety violations at one of the suppliers of a European precision manufacturer in India. When local regulators raided a factory of the supplier, they found several lapses concerning safe-distancing requirements, the use of face masks, and the number of employees at its premises exceeding the permissible limit. As the company could not conduct its own investigations due to pandemic-linked travel restrictions, we were commissioned to carry out discreet on-the-ground enquiries. We found less-than-optimal working conditions at the factory: workers were not equipped with appropriate safety and security gear, their wages were below the prescribed daily wage, and COVID-19 guidelines were not followed. The client acted against the supplier based on the findings of our investigation. 

Role of technology

Technology adoption has accelerated at a faster clip during the pandemic. Lockdowns and movement restrictions, and increased network traffic and e-commerce and online banking transactions have spurred organisations to quicken cloud adoption. While organisations that have invested substantial resources to stay ahead of the competition have remained relatively unscathed, others have struggled to keep pace with developments. 

Third-party risks associated with the loss of customer data present significant challenges to companies. Data breaches, for example, can give rise to phishing and online scams that cause considerable reputational damage and erode the trust of customers, investors, and regulators. In India, some large technology companies, including e-commerce firms, have faced cyber-attacks during the pandemic. Even public-sector infrastructure companies are vulnerable, as shown by the power-supply interruptions caused by India’s creaky power grid. 
While general counsel traditionally do not oversee cyber security, today’s rapidly evolving regulatory landscape and the pandemic require that they keep abreast of technological advancements both locally and globally. Failing to do so could make them liable for flouting data protection or privacy laws. 

To better manage the above-mentioned issues, we have advised our clients to: 

• Assess and explore defensive measures that can be implemented across various jurisdictions 
• Review insurance coverage for cyber incidents 
• Identify and evaluate insider threats 
• Conduct cyber due diligence 
• Create a dedicated cyber legal role 
• Increase data-protection obligations

As organisations start thinking about an eventual return to the office, it behoves them to create a safe working environment for their employees, factoring in the new normal regarding working from home, cybersecurity, data security, and other health and safety requirements.