Key Points
- The COVID-19 crisis poses new challenges for companies seeking to manage ESG risks during a period of significant business disruption.
- Employers need creative solutions to protect their remote and limited workforces while continuing to meet demand.
- A firm grasp of operational safety and environmental obligations (and exemptions) and continued access to all pertinent records will minimize the impact of the disruption.
- Good governance practices—including tailored risk assessments, frequent engagement with regulators and lawmakers and appropriate management of cyber risks—will lead companies through the crisis.
As the COVID-19 pandemic forces companies across the economy to allocate scarce resources among myriad pressing issues, environmental, social and governance (ESG) programs can play a core role in reducing corporate risk and enhancing the private sector’s response to the crisis. The pandemic is amplifying recognized ESG issues, while presenting new challenges that require creative solutions from managers grappling with remote—and, in some cases, limited—workforces. In this alert, we focus on ESG activities that warrant immediate attention: supporting the workforce, managing operational safety and environmental obligations and initiatives, and implementing good governance practices.
Supporting the Workforce
Going Remote
To combat the spread of COVID-19, many companies are shifting to a remote workforce (either voluntarily, or based on government orders). Remote work raises a number of challenges for employers and employees alike. Companies moving to a work-from-home model should take care to do so in a legally compliant manner.
First, to the extent work-from-home is offered to only a subset of the workforce, employers should ensure that flexible workplace policies are administered in a consistent, nondiscriminatory manner; to the extent that any employees are treated differently, there must be legitimate, nondiscriminatory business reasons. Second, employers who wish to monitor employees’ communications (to monitor their productivity, for example) should consult their established policies and act consistently with those policies and applicable law. Third, employers must ensure that employees continue to be compensated appropriately for time working from home. While remote work may interrupt typical “clock-in” and “clock-out” procedures, employers remain legally obligated to record accurately (and pay) all time worked by nonexempt employees, including time spent on phone calls and emails. While strict timekeeping is not required for exempt employees, such employees generally must receive full salary for any week in which they perform work.
Employers also should be mindful of obligations to provide reasonable accommodations to employees with disabilities, even when they work-from-home. Such accommodations may include, for example, providing ergonomic computer equipment and accessories to employees who would otherwise be provided such accommodations in an office setting. For further information about legal issues employers should consider when going remote, please see our Work-From-Home Legal Issues Checklist and Frequently Asked Questions by Employers.
Ensuring Safe Working Conditions
Employers remain obligated to provide their employees with a safe and healthy working environment during the COVID-19 pandemic. Federal and state occupational health and safety regulations require employers to record instances of work-related injuries and illnesses and to report to the U.S. Occupational Safety and Health Administration (OSHA), or applicable state agency, all work-related fatalities and in-patient hospitalizations, among other events. Although the common cold and seasonal flu are excepted from recordkeeping requirements, COVID-19 is not. Determining whether exposure to COVID-19 was work-related and reporting work-related illnesses within the required timeframe may prove increasingly difficult the more widespread COVID-19 becomes. For further information regarding OSHA obligations and COVID-19, please see Akin Gump’s prior coverage of this topic.
Exploring Creative Solutions
While companies grapple with unprecedented business challenges, many continue to devote resources to assist employees and communities in coping with the disruption caused by COVID-19. Ultimately, these ESG-active companies may reduce risks, improve employee satisfaction and differentiate their brand from competitors. Examples include:
- Implementing expanded leave policies to provide continued compensation to employees unable to work due to COVID-19.1
- Dedicating funds to support employees and business partners facing financial distress due to the impacts of COVID-19.
- Continuing to pay contractors, vendors and other service providers who normally support businesses despite decreased demand for their services.
- Providing temporary hourly pay increases for warehouse and delivery workers for online retailers.
- Offering mental health resources for workers.
- Donating excess food to community organizations.
- Donating supplies and equipment to health care facilities.
- Staggering business hours at essential retail locations to allow at-risk populations to shop in a lower density setting.
Keeping Up with Operational Safety and Environmental Obligations and Initiatives
Although facilities from New York to California are scaling back operations significantly or shutting down, it is important to maintain compliance with operational and monitoring requirements. These include reporting and recordkeeping obligations imposed by state and federal laws and operating permits and those assumed through voluntary frameworks.2 Managers should maintain a firm grasp of all applicable obligations (whether mandated or voluntary) and take steps to ensure all pertinent records for the duration of the COVID-19 disruption are accessible,. In particular, companies of all sizes should prepare by implementing the following practices:
- Review, update and modify crisis management plans, as needed, and ensure that employees follow these plans during the duration of the pandemic. In particular, ensure that all response team members are still able to effectively participate in emergency procedures as outlined, even while working remotely and with limited resources, or take steps to make appropriate substitutions.
- Establish adequate virtual access to key records, including those related to air emissions, water quality, management of waste and hazardous substances and emergency responses.
- Make all appropriate efforts to comply with operational and monitoring requirements imposed by law, permit conditions and consent orders, or if there is an inability to do so, properly document the reasons and engage early with regulators.
- Maintain a schedule of all applicable reporting deadlines imposed by permits, consent orders and law, as well as quarterly, semi-annual and annual reporting guidelines through third-party initiatives. Include any deadlines applicable to renewals of existing permits.
- To the extent necessary, stay abreast of good-cause or discretionary exemptions or extensions to operational or reporting obligations provided by regulatory agencies, such as the U.S. Environmental Protection Agency (EPA) or state regulators. EPA made a formal announcement to exercise enforcement discretion during the crisis, which covers a range of potential civil violations.3 Meanwhile, companies subject to consent decrees or settlements with regulators may be able to rely on force majeure or similar provisions to obtain extensions to deadlines based on delays attributable to COVID-19. Companies seeking to rely on these exemptions should educate themselves on any applicable conditions and limitations. For example, EPA’s March 26, 2020, enforcement discretion policy does not provide protection at this time for enforcement of regulations pursuant to the Comprehensive Environmental Response, Compensation and Liability Act (CERCLA, or Superfund) and most requirements of the Resource Conservation Recovery Act (RCRA).4 This policy also requires entities to take steps to document noncompliance attributable to the COVID-19 crisis and sets notification requirements for particular instances of noncompliance.5
- Communicate regularly and frequently (e.g., through daily, weekly or biweekly check-ins) with key compliance personnel, such as facility-level staff; environmental, health and safety managers; in-house and outside counsel; and consultants who prepare regulatory submissions and ESG reports. Smaller firms with less formal document management systems should ensure key employees have access to and/or knowledge about critical records and recordkeeping requirements.
- Review any notice, reporting and recordkeeping requirements triggered by temporary or permanent facility closures or significant operational changes.6 Consider how these closures impact firmwide or business unit-specific ESG goals.
- Confirm that emergency and security protocols remain in place for shuttered facilities or those operating with reduced staff to ensure the health and safety of employees remaining on site and the nearby community at large.
Maintaining Good Governance
Material Risk Assessment During a Crisis
The unprecedented, quickly evolving nature of the COVID-19 crisis is forcing companies to respond to new and ever-changing risks. Between facility shutdowns, supply chain disruptions, transitioning workforces and decreased demand for many goods and services, companies must be prepared to assess the materiality of ESG risks on a near-daily basis. This risk assessment will not only inform disclosures to investors, stakeholders and regulators, but also form the basis for assessments of an individual company’s response to the particular challenges posed by the crisis. As always, the key focus should be on material issues, that is, those issues that are reasonably likely to impact the financial condition or operating performance of a given company.7 To address these risks and reduce uncertainty, companies can rely on the traditional earmarks of an effective ESG program—such as target setting, road-map implementation, data collection and reporting—with a critical eye toward the unique and financially material issues this pandemic presents.
Increased Attention to Government Responses
Furthermore, good governance during an extended crisis requires increased attention to and early engagement with regulators and other government authorities as they exercise emergency powers to respond to the pandemic. The rapid government response we have seen in recent weeks reiterates the need for immediate and consistent discourse with authorities to secure safeguards through relief legislation and executive initiatives. Companies should look to work together with industry and trade associations and to engage on an individual, targeted basis to communicate pressing regulatory needs. Many groups, such as the American Petroleum Institute, have already initiated outreach, but the opportunity remains for continued engagement on both coordinated and individual bases.8 In addition, and as discussed above, agencies have already begun to provide flexibility through relaxed compliance deadlines and the use of enforcement discretion. Companies should therefore monitor announcements made through agency websites (such as EPA’s and states’ coronavirus-specific webpages), press releases and social media feeds.
Protecting Cybersecurity and Privacy
Because the United States does not have a federal equivalent to the European Union’s General Data Protection Regulation (GDPR), data security has become a key governance issue within the ESG framework for many American companies, particularly those with European operations. In short, well-governed companies are more likely to have a better understanding of the cyber risks they face, particularly when robust cyber risk management is not legally required.
As we have discussed in greater detail, on March 12, 2020, the United Kingdom’s data protection authority published guidance for data controllers on their data protection compliance obligations during the COVID-19 pandemic.
First and foremost, even in these exceptional times, the data controller and processor must ensure the protection of personal data. Still, proportionality remains the guidepost: “[I]f something feels excessive from the public’s point of view, then it probably is.” While even if not directly applicable, the guidance is instructive for bringing clarity to how companies can assist health authorities in slowing the outbreak’s spread and minimizing their own economic losses, while also protecting personal data:
- Health authorities may mandate additional collection and sharing of personal data to protect against serious threats to public health, as in the current pandemic.
- Companies should consider adopting the same kind of security measures for working from home that would be used under normal circumstances.
- Companies can and should continue to keep their employees informed about cases of COVID-19 among their workforce. However, data controllers must be prudent not to name individuals or to provide more information to colleagues than strictly necessary.
- Companies must ensure that they do not collect more data than they need and that any data collected in connection with the pandemic is treated with the appropriate safeguards. Examples of reasonable data collection may include asking employees (and/or outside visitors) whether they visited a particular country or whether they are experiencing COVID-19 symptoms.
1 As federal, state and local governments enact new measures to protect workers affected by COVID-19, some employers may be legally required to provide additional paid time off. See our prior coverage of this issue available here: https://www.akingump.com/en/experience/industries/national-security/covid-19-resource-center/house-passes-families-first-coronavirus-response-act-impacting-employee-leave.html. See also https://www.akingump.com/en/news-insights/employer-obligations-under-new-federal-and-new-york-sick-leave-laws-related-to-covid-19.html.
2 Companies reporting through voluntary frameworks such as CDP, the Global Reporting Initiative or the Sustainability Accounting Standards Board should continue to make efforts to monitor and collect reporting data during the pandemic, to the extent feasible.
3 See Memorandum from Susan Parker Bodine, U.S. Envtl. Protection Agency, to All Governmental and Private Sector Partners (Mar. 26, 2020), https://www.epa.gov/sites/production/files/2020-03/documents/oecamemooncovid19implications.pdf (informing the public of EPA’s decision to limit enforcement of some categories of noncompliance, while requiring—among other things—documentation of reasons for noncompliance).
4 Id. at 2.
5 Id. at 5.
6 For example, closings or layoffs may trigger employee notice requirements under applicable law. See our prior coverage of this topic.
7 See Sustainability Accounting Standards Board, “Why is Financial Materiality important?” (2018), https://www.sasb.org/standards-overview/materiality-map/ (defining financial materiality in the context of financially-related ESG decisions).
8 Letter from the American Petroleum Institute to President Donald J. Trump (Mar. 20, 2020), available at https://www.api.org/~/media/Files/News/Letters-Comments/2020/3202020-API-Letter-to-President-Trump.pdf.