All aboard, but where will the directors' guidance end up?

New guidance on how directors and boards should tackle safety and health at work may be as good as it gets in the absence of statutory duties.

On this page:
The guidance
Planning OSH policy
Delivering OSH
Monitoring OSH
Reviewing OSH
Individual liability
Manslaughter
What difference will it make?
The elephant in the room

The Institute of Directors (IoD) and the HSC have issued the final version of their jointly badged guidance1 on how directors and boards should tackle safety and health at work. The 12-page booklet replaces HSC guidance from 2001 (external website) and is supported by online material. It is aimed at directors and governors, trustees, officers and equivalents in organisations of all sizes in all sectors. An IoD plan to produce a separate guide for small and medium-sized enterprises (SMEs) was scuppered over the summer by the HSE, which argued for a “one-size fits all” approach (contrary to the way it is addressing SMEs elsewhere with bespoke guidance and assistance).

The IoD-led draft guidance underwent a six-week period of public consultation, ending on 22 June, which resulted in improvements to the detail and readability, but few changes to the substance (see box 1). Nevertheless, we are again reviewing the guidance in detail in HSB to highlight the changes that have been made and because the guidance is likely to have a high profile. The coming months will see concerted HSE and IoD activity to publicise the guidance, with the IoD sending each of its 53,000 members a print version of the guidance. Other organisations, such as the Institute of Chartered Secretaries and Administrators, the CBI, the NHS Confederation, the Federation of Small Businesses, the Royal Society for the Prevention of Accidents and trade associations, are also helping to publicise the guidance. The initiative has also received enthusiastic ministerial backing, with the parliamentary under-secretary of state for health and safety, Lord McKenzie, warning directors at the launch of the guidance on 29 October that they had “to make the guidance work”, and that this involved exceeding the basic requirements.

And while the guidance does not have the legal standing of regulations or an approved code of practice, it could still prove important in some health and safety, and manslaughter, prosecutions. The text advises that while “following the guidance is not in itself obligatory”, directors who do so “will normally be doing enough” to help their organisations meet their health and safety duties, and, in a corporate manslaughter trial, the guidance “could be a relevant consideration for a jury” (see below).

The guidance

The substance of the guidance, as with the draft, is a four-point action “agenda” for what boards and directors should be doing in terms of planning, delivering, monitoring and reviewing occupational safety and health (OSH) (see below). For each of these areas, the guidance sets out:

  • a standard of “core actions” for boards and directors that concern the legal duties of an organisation; and
  • good-practice guidelines for how boards might realise the core actions.

The agenda is supported by:

  • three “essential principles” for boards (see box 2) - although these are unchanged from the draft text, the need for effective communication has been made more explicit;
  • summaries of the legal responsibilities of employers, including the new offence of corporate manslaughter, and of the legal liability of individual directors for failures under OSH law (see below);
  • information on the costs of health and safety at work that - regrettably - remains couched in general, all-employment terms rather than pitched at the level of individual businesses (statistics such as “£30 billion cost to society” are unlikely to engage individual directors) (see box 3);
  • four named case studies illustrating how organisations have made gains as a result of a proactive approach to OSH - North Staffordshire Combined Healthcare NHS Trust, British Sugar, Mid and West Wales Fire and Rescue Service and Sainsbury’s (the case studies had been anonymised in the draft text). These are supplemented by a new section entitled “When leadership falls short”, which offers three anonymised examples. Finally, the guidance offers quotes from anonymous “health and safety leaders in the public and private sectors” (a fourth quote has been added to the draft); and
  • a list of key resources, expanded from the draft to include additionally the IoD, HSE Northern Ireland, the Royal Society for the Prevention of Accidents and Business Link. The draft listed the HSE, the Institution of Occupational Safety and Health, the European Agency for Safety and Health at Work, the TUC and the HSE’s small business site (only the latter has not made it into the final guidance).

Planning OSH policy

The first agenda action involves planning the direction for OSH policy. The most immediate change is that the final version advises that the board, rather than the chair or the chief executive officer (CEO) of the draft text, should “set the direction for effective” OSH management. Board members should also:

  • establish an OSH policy that is “much more than a document” and an “integral” part of an organisation’s culture, values and performance standards; and
  • “take the lead” in ensuring the communication of OSH duties and benefits throughout the organisation (the draft recommended the more onerous action that directors be seen to be taking a lead in communication).

As in the draft, executive members must develop policies to avoid OSH problems and respond quickly to difficulties or new risks; non-executive directors must ensure that OSH is properly addressed.

Core actions comprise agreeing a policy that sets out the role of the board and its members, by which they are “leading” their organisation’s OSH approach. The board should “own and understand the key issues involved” and “decide how best to communicate, promote and champion” OSH. The final text here is an improvement on the draft, having dispensed with details around written policies and specific triggers for review; it also benefits from an obvious but necessary addition that boards will first “need to ensure they are aware of the significant risks faced by their organisation”.

The suggested good practice includes the same four points as in the draft, although only the first - the regular appearance of OSH on board agendas - is couched as mandatory. The other three merely point out the benefits that can arise from: having an OSH “champion” on the board (in addition to leadership from the CEO); having a non-executive director acting as a scrutineer to make sure that there are “robust” processes to support boards that are facing significant risks; and the presence on the board of an OSH director, which “can be a strong signal that the issue is being taken seriously and that its strategic importance is understood”. (The 2001 guidance recommended that organisations appoint an OSH director, who could be the chair or chief executive, so that there would be a “board member who can ensure” that the board and wider organisation address OSH issues properly.) The final version has added a fifth point, which advises that setting targets “helps define what the board is seeking to achieve”.

The draft and final versions of the guidance also point out that the Turnbull guidance on the Combined code on corporate governance requires companies to have robust systems of control that cover OSH risks and not just narrow financial risks. The 2001 guidance had similarly positioned the management of corporate risk within effective corporate governance, referring to the Turnbull recommendation for an annual review of the systems of control. The draft text of the guidance had advised boards of large organisations to integrate OSH into the main corporate governance structures and that, in some cases, it might be appropriate to create an OSH subcommittee to sit alongside those on risk, remuneration and audit. The final version of the text amends this in two ways so that the advice on corporate governance now:

  • applies to “many”, not just “large”, organisations (probably reflecting the rejection of separate SME guidance); and
  • omits the reference to a separate OSH subcommittee. This omission seemingly has the effect of integrating OSH within mainstream governance issues, rather than pigeonholing it in a subcommittee but, somewhat confusingly, a separate subcommittee remains in the second, “delivery” stage of the agenda.

Delivering OSH

“Delivery”, explains the guidance, depends on effective management systems. Ensuring that OSH is handled subject to reasonable practicability, and echoing the HSE’s work around “sensible risk management principles”, the guidance adds that risks should be “dealt with sensibly, responsibly and proportionately”.

Core board actions for delivering OSH require it to ensure adequate resources for OSH arrangements and that appropriate risk assessments are carried out. The board should consult competent OSH advisers and also ensure the involvement of employees and their representatives when making decisions affecting their OSH. Boards should also consider the OSH implications of new technology, new ways of working and take decisions “in the context” of the OSH policy. The guidance omits one core action that was in the draft - that the board ensure that OSH “is a factor when deciding senior management appointments”. This has shifted to “good practice”, but requires only that it is considered.

Other good practice includes: “visible” OSH leadership and personal adherence to safe practice; a procurement standard for equipment and services (posited in terms of preventing “the introduction of expensive health and safety hazards”); assessing the OSH performance of suppliers and contractors; establishing a board committee on risk management or OSH that is chaired by a senior executive; providing OSH training to some, or all, of the board; and involving workers beyond an employer’s legal duty to do so.

Monitoring OSH

Monitoring and reporting, advises the guidance, are “vital parts” of an OSH culture. Core monitoring involves the board: giving “appropriate weight” to preventive information (for example, training) and incident data (for example, accident rates); ensuring periodic audits of the effectiveness of management structures and risk controls; receiving a rapid report on any failures or the impact of change; and ensuring that there are procedures to implement new legislative requirements and other “external developments”.

Good practice would comprise: effective monitoring of sickness absence and workplace health; the collection of OSH data for benchmarking; appraisals of senior management that assess their contribution to OSH performance; and regular reports to the board on the OSH performance of contractors. The guidance adds a fifth suggestion - involving workers in monitoring.

Reviewing OSH

A review - at least once a year - will allow the board to check that the principles are embedded in the organisation and that the risk management system is effective. The “core” aspects of the review should consider whether the OSH policy reflects the organisation’s priorities, plans and targets, and whether the risk management and OSH systems are providing effective reports to the board. Other core actions require the review to: report OSH shortcomings and the effect of all board decisions on OSH; result in actions to address weaknesses; and ensure there is a system to monitor their implementation. Consultation resulted in a new “core action” recommending immediate reviews are considered where there have been “major shortcomings or events”.

The good-practice review elements are unchanged and envisage: the inclusion of OSH performance in annual reports to investors and stakeholders; “extra” visits by board members to the shop floor to gather information for the formal review; and “celebration” of good OSH performance at central and local level. The guidance emphasises that larger organisations need to have formal procedures for auditing and reporting OSH performance, and that the board should ensure that an audit is “perceived as a positive management and boardroom tool”. The board should also have “unrestricted access” to external and internal auditors.

Individual liability

The guidance, like the draft, summarises the main legal responsibilities of employers under health and safety law (OSH policy, risk assessment, preventive and control measures, access to competent advice and consulting with employees). It then adds: “Failure to comply with these requirements can have serious consequences - for both organisations and individuals. Sanctions include fines, imprisonment and disqualification.” This is incorrect in so far as it applies to individuals because none of these requirements carries a prison term under health and safety law (jail is generally reserved for breaches of prohibition notices and licensing requirements).

The guidance is more accurate five pages later in a section on individual liability of directors, which is significantly expanded from that in the draft. Both, like the HSC’s 2001 guidance, restate s.37(1) of the HSW Act, ie that directors can be prosecuted where an organisation’s offence has been committed with their consent or connivance or is attributable to their neglect. The draft guidance went further to spell out the sanctions for failure - usually a fine, although it also advised that prison is an option for a small number of offences. It also flagged up the possibility of disqualification under s.2(1) of the Company Directors Disqualification Act 1986.

The final version of the guidance retains the draft advice on sanctions and then amplifies it by advising that “recent case law has confirmed that directors cannot avoid a charge of neglect under s.37 by arranging their organisation’s business so as to leave them ignorant of circumstances which would trigger their obligation to address health and safety issues.”

Manslaughter

It is not clear, although it is likely, that the “recent case law” to which the guidance refers is the imprisonment of Timothy Dighton, managing director of the Concrete Company, who was jailed in July for the manslaughter of an employee. (The HSE similarly highlights the case on its website, although it should be noted that this was not a s.37(1) case.) As HSB noted at the time, the verdict was notable because Dighton’s negligence “centred on the fact that he should have known about his company’s shortcomings, even though there was no evidence that he actually was aware of them”.

Dighton was convicted of the common law offence of manslaughter and it is to the credit of the final version of the guidance that it rectifies one of the omissions that HSB highlighted at consultation stage, ie the continuing ability to prosecute a director for common law manslaughter - a possibility that seemed to almost have been forgotten amid the publicity around the new offence of corporate manslaughter. The guidance is unequivocal that: “Individual directors are also potentially liable for other related offences, such as the common law offence of gross negligence manslaughter. Under the common law, gross negligence manslaughter is proved when individual officers of a company (directors or business owners) by their own grossly negligent behaviour cause death. This offence is punishable by a maximum of life imprisonment.”

The guidance also has additional wording on the Corporate Manslaughter and Corporate Homicide Act 2007, which received royal assent between the draft and final versions of the guidance. This highlights the “gross negligence” element of the offence and the penalties (fines and publicity orders). More importantly, it advises that juries “may have consideration” to health and safety guidance, which includes this publication, when considering an organisation’s liability under the Act.

What difference will it make?

The fact that the guidance has been produced by an IoD-led group is not without difficulties, not least that a body that represents the interests of directors is likely to err in the direction of its members’ interests. The most obvious manifestation of this is that the guidance is neither particularly challenging nor demanding of directors, although this is as much attributable to the absence of any specific duties for directors.

The constitution of the group - with union, academic and safety practitioner representation - has also helped offset this reservation, providing the guidance with greater legitimacy and balance. In any case, the advantage of the IoD leading on the guidance more than outweighs any reservations: the IoD badge will facilitate access to directors, and make it more likely that directors will understand the need for action and actually pay attention to the guidance.

And while the group contained some safety expertise, the fact that it drew a majority of its members from the world beyond OSH has helped it produce a document that, according to Lord Mackenzie, has been “written by directors for directors in language they understand”. This is particularly noticeable in the prioritisation of the issues that the board should address and the distinction between what a board should do and, by implication, what it should leave to management. It should also be noted, however, that the HSE’s 2001 guidance was hardly impenetrable or complex and covered much the same ground (see box 4).

Further cause for optimism arises from the increasing recognition by boards and directors of the business and ethical significance of the corporate responsibility agenda and the role of OSH within it (although it still lags far behind environmental and other issues). On top of this, the new offence of corporate manslaughter has stoked the interest of boards in OSH, and the guidance has not shied away from reminding directors of the sanctioning side of ignoring OSH (under health and safety and corporate manslaughter legislation).

The elephant in the room

The guidance is, however, going to have to persuade directors and boards to address OSH in the absence of OSH duties on directors. The HSC put directors’ duties on hold in May 2006, deciding instead to pursue the development of guidance. The HSC said it would return to the issue at a subsequent meeting “once wider developments, notably on corporate manslaughter, penalties and directors’ duties under company law are clearer and the implications for director responsibility for health and safety better understood”. In a paper presented to the HSC in September, the HSE reported that “preparatory work was under way to enable a future HSC discussion to be informed by an up-to-date assessment of enforcement under the current regime and recent wider legislative developments”.

The HSE will evaluate the impact of the directors’ guidance in two stages by asking the Health and Safety Laboratory to assess:

  • after six months, the extent to which the guidance has reached its target audience and of its initial impact (whether or not it was read, considered relevant and triggered initial action by directors); and
  • after 18 months, the impact of the guidance on board members, using as a baseline three biennial surveys undertaken between 2001 and 2005 (external website).

Judith Hackitt, the HSC’s new chair, said at the launch of the guidance that she “continue[s] to be confounded by the number of people who see OSH as a barrier”. The HSE would, she said, ensure that inspectors use the guidance as a tool; they had already been provided with “further” advice on directors’ responsibilities and prosecutions; and the HSE would also look at the impact of wider changes such as corporate manslaughter. “If any of these three elements does not deliver,” she warned, “we will need to revisit the legal situation.”

It is hard to resist the feeling that, come 2009 or 2010, the HSC will indeed be revisiting directors’ duties. If directors have to meet statutory requirements in most areas of running an organisation, why should the lives of their workers be any different? Bud Hudspith, who represented the unions on the IoD group, said that while he gave the guidance a “cautious welcome” and promised that his union, Unite, would use it, he nonetheless feared that “no matter how good it is, it will not make a huge difference” without OSH duties for directors. He is most likely correct; the only issue will be the definition of, and genuine desire for, “huge” progress.

1 “Leading health and safety at work: leadership actions for directors and board members”, Institute of Directors (external website) and HSC (external website).

Howard Fidderman is a freelance journalist and editor of HSB.

Box 1: Consultation changes

The Institute of Directors (IoD) reports that the overall tenor of the 175 responses to the consultation was “supportive”. The main changes between the draft and final versions of the guidance are:

  • the language now emphasises the context of leadership and corporate governance;
  • the checklist has been made more applicable to directors, rather than managers;
  • some of the core actions for directors have been clarified;
  • the case studies illustrate more clearly the benefits of boards taking action, as well as the consequences of failure (the former are now also named rather than anonymised);
  • the “Key resources” section has been expanded, including a reference to the HSE’s seminal HSG65, Successful health and safety management;
  • the inclusion of an explanation that directors are still subject individually to the common law offence of manslaughter;
  • expanded advice on the liability of directors under health and safety law;
  • the importance of occupational safety and health (OSH) considerations when appointing directors has been downgraded; and
  • the setting of targets by the board has been included as good practice.

Consultation also raised two issues that the steering group felt unable to include:

  • the need for directors’ OSH duties - the IoD group insisted, correctly, that this was not a matter for the group;
  • greater prominence for the US Chemical Safety Board’s report on the BP Texas City failures, which highlighted better than any other event the catastrophic consequences of a board getting things wrong. The IoD group considered a case study, but felt “this risked unnecessarily singling out the company”, and instead opted for three anonymised case studies.

Box 2: Board principles

The Institute of Directors/HSE guidance sets out three principles for how boards should address HSE:

  • “strong and active leadership from the top”, comprising visible and active board commitment, downward communication and the integration of good occupational safety and health management with business decisions;
  • worker involvement, covering promotion of safe and healthy working conditions, upward communication and training; and
  • assessment and review, involving risk identification and management, accessing and following competent advice, and monitoring, reporting and reviewing performance.

Box 3: Not such a “compelling” case?

There is a slight shift in emphasis between the draft and final versions of the guidance in the reasons why a board should address occupational safety and health (OSH) issues. The final version again insists that: “Failure to include health and safety as a key business risk in board decisions can have catastrophic results.” Interestingly, however, it omits the draft version’s insistence that: “The business case for championing health and safety is compelling.” This may have the (unintentional) effect of concentrating on the outcomes of failure, rather than the business benefits that the HSE has long argued accrue from investing in OSH. The guidance does, however, retain a box listing the “benefits of good health and safety” (for example, reductions in costs from ill health, injuries and absence, improved standing and reputation, and increased productivity).

Box 4: The 2001 action points

The earlier HSC guidance set out five action points:

  • The board needs to accept formally and publicly its collective role in providing occupational safety and health (OSH) leadership in its organisation.
  • Each member of the board needs to accept their individual role in providing OSH leadership for their organisation.
  • The board needs to ensure that all board decisions reflect its OSH intentions, as stated in the policy.
  • The board needs to recognise its role in engaging the active participation of workers in improving OSH.
  • The board needs to ensure that it is kept informed of, and alert to, relevant OSH risk management issues. And: “The HSC recommends that boards appoint one of their number to be the health and safety director.”