Businesses reopening after the COVID-19 shutdowns are returning to a vastly different environment than what they were used to. Aside from the well-known risks such as health protocols to avoid the spread of disease, they will have to contend with other risks that may not be as obvious.
Gary Pearce (pictured), chief risk architect at Aclaimant, identified three categories of risk that businesses must be aware of as they begin operating again. The first category, he said, are less-evident sources of high-cost litigation, including litigation with the potential to become a class action.
“This includes lawsuits arising from injury to employees, which may overcome the normal ‘exclusive remedy’ protections of the workers’ compensation system in the event of employer indifference to COVID-19-related risk management,” Pearce said.
“States and municipalities are piling on more mandates related to leave, benefits, and worker protections. Employers need to understand their responsibilities under such regulations in order to avoid getting sued for non-compliance.”
The category also includes wage-hour risk associated with COVID-19-related activity mandates such as daily check-ins, and the blurring of the distinction between work and leisure time caused by expanded remote working.
The next category is human resources and employee relationship issues. According to Pearce, aside from foreseeable issues such as inappropriate testing, disparate impacts in downsizing, or failure to provide reasonable accommodations particular to COVID-19, this can include more subtle matters such as the lost productivity of the disengaged or distracted employee, obsolete job descriptions due to COVID-19-prompted changes in the nature of work, or practice changes that unintentionally bring about a less-diverse candidate pool.
The third category is technology, process, and strategy risk. To identify these risks in light of new activities that have become necessary to manage COVID-19, Pearce advised businesses to ask the following questions:
- Are we being as efficient as we can be, or are we putting our organization at a competitive disadvantage?
- Is the heightened level of cyber risk, arising from a distributed workforce being managed?
- Are we putting technology to use to keep people safe to ensure a consistently high standard of practice, and to promote collaboration?
- Have we fully assessed the impact of COVID-19 on the organization’s competitive environment?
The last question is of particular importance, Pearce said, as business strategy tends to be the greatest source of risk for most organizations.
In order to mitigate these risks, Pearce argued that consistency is key.
“The ways in which things can go wrong are many, and has consequences for how risk must be managed,” he said “You could pick a handful of key issues to focus upon, but your main focus needs to be on consistent application and enforcement of enlightened standards across a broad spectrum of business practices throughout the organization. Standardization of practices, consistent enforcement, and securing the tools and technologies to have visibility and insight into these many risk areas are all necessary for effective risk mitigation.”
Furthermore, the lessons learned from COVID-19 must be kept, even after the pandemic has been eradicated.
“Don’t look upon the risk management changes brought about by COVID-19 as either temporary or the ‘new normal.’ These changes are long-lasting and will still be necessary even on that longed-for day when COVID-19 is a mere memory,” he said. “The social environment will keep evolving and new technologies will bring about new risks, so the practice of risk management needs to continuously adapt as well. The only ‘new normal’ will be the necessity of ongoing change.”