Risky business – how directors and officers can navigate today’s challenging operating environment

The Delta variant of COVID-19 has impacted New Zealand in ways we could not have imagined. Living with uncertainty has become part of the status quo and changed the environment in which businesses operate.

Time to read: 6 mins

As the people responsible for making major financial decisions, setting policy and governance of a business, directors are ultimately liable for any failures to comply with the law. However, the risk environment for directors and officers (D&Os) has also increased as a result of COVID-19, legislative change and other factors.

In this environment, it’s not surprising to hear concerns about fewer people wanting to be on boards of directors, and that premiums for D&O liability insurance are rising. To encourage as many talented people as possible to become directors and officers, it would be great to see New Zealand establish a D&O “WOF” system with regular checkups that ensure board members are armed with the right tools to navigate today’s fast-evolving operating environment. This would not only help avoid litigation and give more potential board members the confidence to put themselves forward, it would also support safe and healthy workplaces and save many businesses from mistakes that cost them and their customers.

In the meantime, these are the most common risks discussed around the boardroom table – and what directors and officers can do to help minimise their exposure.


On 23 February 2021, Hon Michael Wood, Minister Workplace Relations and Safety, announced the Government would accept 22 recommendations to the Holidays Act 2003 which are designed to make it easier to implement and comply with.

These recommendations have yet to go through the full parliamentary process, but they are likely to come into force in 2023.

While the recommendations remove a lot of the ambiguity of the current Act, the practical implementation of these changes could have significant financial impacts for business including the removal of pay as you go (PAYG) holiday pay for fixed term employees and new calculation methods for annual leave.

The employer (and ultimately the directors) is responsible for maintaining the accuracy of payroll calculations, and amid heightened scrutiny around payments, prudent employers are reviewing their payroll processes and budgeting for the financial impacts of the new legislation. The Employment Relations Authority has the authority to levy fines of $10,000 or more for non-compliance.

Cyber Risk

One recent global survey by insurance broker Willis Towers Watson named cyber risk as the number one concern for directors and officers, and there are many reasons why.

As working from home has now become an increasingly permanent feature for businesses, the risk of cyber attacks is also increasing. The rise in the number of people accessing work system on their home networks and computers raises exposure to cyber attacks and increases the risk of sensitive information being inadvertently given to criminals exploiting weaker security. New Zealand cybersecurity agency CERT reported a 37% increase in unauthorised access reports and a 30% increase in direct financial losses resulting from cyber crime in the second quarter of 2021, compared with the previous quarter.

This kind of crime can obviously have significant financial and reputational impacts for businesses, but directors and officers themselves have an increased responsibility to ensure their operations protect sensitive data. In September 2021, the Office of the Privacy Commissioner issued the Reserve Bank with a compliance notice relating to its December 2020 data breach. This cited RBNZ’s responsibility under the new Privacy Act to “ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse or disclosure of personal information”, threatening a fine of $10,000. This is a major driver of increasing premiums for not only business insurance, but directors and officer’s insurance policies.

Best practice for managing this risk is not just to delegate it to the IT Manager. The board should implement a framework for managing cyber risk and ensure that risks are properly identified with the appropriate risk mitigation strategies, from cyber insurance to technology investments, risk audits, a clear strategy on how breaches should be notified and communicated within and beyond the organisation, and regular employee training to identify threats.

Health & Safety

As we learn to live with COVID-19, health and safety is a risk which evolves almost daily. The challenge currently front of mind for employers regards vaccinations in the workplace.

Businesses have been required to conduct a risk assessment and assess the risk to all staff of having unvaccinated employees in the workplace. This does not however preclude unvaccinated employees bringing claims against their employers on a number of grounds, including discrimination. 

The good news for directors is that whilst this may result in personal grievance claims, it is unlikely to result in successful claims against the directors for breach of their duties under the Companies Act, as they are in fact acting in the best interests of the company.

ESG factors

A proposed change to Section 131 of the Companies Act advises that directors may consider environmental, social and governance (ESG) factors when determining what is in the best interests of the company. Some of the factors which could be considered are noted below (not an exhaustive list).

(a) recognising the principles of the Treaty of Waitangi (Te Tiriti o Waitangi);
(b) reducing adverse environmental impacts;
(c) upholding high standards of ethical behaviour;
(d) following fair and equitable employment practices; and
(e) recognising the interests of the wider community.

The consensus from legal professionals so far is that it is unlikely to create further opportunity for litigation. Notably, the amendment says the director may consider and not must consider. However, it’s important for directors to consider all the above factors when it comes to making decisions, which will support reduced reputation risk and risk of employee litigation – not to mention the associated costs.

Documentation of ESG considerations should become a standing agenda item in board meetings.


Although businesses still have access to COVID-19 resurgence payments from the IRD, depending on its operating margins, this could still result in losses being incurred whilst lockdown restrictions are in place. If the business is funded primarily by debt, then the restrictions could place significant pressure on the ability of the company to stay solvent.

Special attention should therefore be paid to how directors can comply with their duties under Section 135 (Reckless trading) and Section 136 (Duty in relation to obligations) of the Companies Act. Any decisions which could result in a substantial risk of serious loss to creditors could increase the chance of liability. Strategic investment is crucial to the success of a business. However, in the current climate this must be balanced against the working capital needs of the business.

Should you become a company director?

Although the risks faced by directors are constantly evolving, the mere presence of these risks should not be a deciding factor in people’s decision to accept an appointment. In the absence of a formal WOF system, directors should ensure that they have the appropriate risk identification and mitigation frameworks in place and that the management of these risks is regularly reported to the board.

Directors and Officers Insurance provides an additional layer of protection to help fund the costs of defending a claim. While premiums have increased in recent years, the cost of funding even a relatively small claim can be significant and it’s worth the peace of mind.

For more information on best practice for D&Os, contact Asheel Bharos.

DISCLAIMER: No liability is assumed by Baker Tilly Staples Rodway for any losses suffered by any person relying directly or indirectly upon any article within this website. It is recommended that you consult your advisor before acting on this information.

Sign up to our newsletter

Thanks for signing up!