As professional service providers, tax consultants hold a crucial role in advising clients on various matters, including potential tax liabilities and tax minimalisation. They're privy to a significant amount of sensitive client information and are often presented with confidential data from various sources. This means that upholding confidentiality is paramount to the trust that underscores these relationships. Any breach of this trust can result in severe reputational damage, legal liability, and significant Professional Indemnity (PI) issues. This is precisely what happened in the recent case involving PwC, one of the world's largest professional services firms, demonstrating the complexities of managing PI risks in the tax and broader consultancy sector.
How Did We Get Here?
In a 2015 email, PwC's tax consultant Peter Collins is alleged to have breached the confidentiality agreements by sharing Government information with his PwC colleagues, who later used them to help clients and generate revenue. This breach of trust resulted in high-profile resignations, criminal investigations, and threats to future Government contracts worth hundreds of millions of dollars for PwC.
Breach of Contract & PI Insurance
The incident highlights the significant legal liabilities that can arise from a breach of contract, which in the case of PwC, are specific to confidentiality agreements and conflicts of interest.
Depending on the nature of the breach, this can invite civil liability claims, involving both the individual(s) and entity. This is where PI insurance plays a critical role because it covers the legal expenses involved in defending against such claims, including any compensation that may be payable to the plaintiff. In the case of PwC, it is unlikely that the Australian Government will issue a civil liability claim. Instead, they are likely to discontinue working with PwC. However, not all professional service firms will experience the same fate in the event of contractual breaches.
The PwC scandal also raises several questions regarding how PI insurance interacts with cases of deliberate or fraudulent activity. Typically, deliberate breaches or acts of fraudulent dishonesty are excluded from PI cover. However, most policies will defend the individual until final adjudication when a decision is made. In the same way that the court views the defendant as innocent until proven guilty, so too does the insurer. However, if the individual is found guilty, those defence costs must be reimbursed.
Notwithstanding the potential cover available, the reputational impact of a scandal like this is not something that can be easily restored, so the onus is on the consultancy businesses to manage these risks internally. Consequently, several key lessons can be drawn from this event regarding how to manage PI risks effectively:
- Implementing Robust Risk Management Policies: Regular risk assessments should be carried out to identify potential vulnerabilities and inform risk management strategies. In the PwC case, a breach was possible due to inadequate risk assessment.
- Upholding Data Confidentiality: Strong data management policies are crucial, as shown by the PwC case. Firms should implement comprehensive data protection measures and provide regular employee training in data security and confidentiality.
- Adherence to Legal Obligations: Consulting firms should ensure strict adherence to legal obligations, particularly concerning confidentiality agreements. Legal expertise should be engaged to ensure these agreements are sound and comprehensive, reducing the risk of breaches.
- Tailoring PI Insurance Coverage: Insurance brokers must work closely with consulting firms to ensure their PI policies are appropriately tailored to their business operations. Regular reviews of the policy are necessary to ensure it reflects changes in operations or the broader risk environment.
- Post-Breach Response Strategy: Even with strong preventative measures, breaches can still occur. Firms should have a response plan in place to mitigate the damage caused by any breach. In PwC's case, this involved a series of high-profile resignations and an independent review of practices.
- Encouraging Transparency and Accountability: A culture of transparency and accountability should be cultivated within firms. This involves the clear communication of rules and expectations, proactive engagement with regulatory bodies, and honest self-evaluation of internal practices. PwC’s initial response was to claim those directly involved in the breach had already left the company. However, maintaining trust and transparency required more significant action, leading to the resignation of their chief executive and other top executives.
- Enhancing Oversight: Firms should boost their oversight mechanisms to identify and address potential breaches promptly. This might involve investing in advanced data security systems, engaging external auditors, and strengthening whistle-blower protection mechanisms.
- Rebuilding Trust: While challenging, rebuilding trust after a breach is essential. This might involve publicly acknowledging the breach, demonstrating accountability (as seen by the high-profile resignations in PwC), and outlining clear plans to avoid future breaches.
The PwC case serves as a compelling call to action for the professional services sector to re-evaluate its approach to confidentiality, integrity, and overall risk management. This not only involves rethinking internal controls, data management policies, and professional practices but also reviewing the broader regulatory landscape and accountability mechanisms in place.
PI issues arising from breaches of contract, specifically confidentiality agreements and conflicts of interest are complex and multifaceted. Such issues require a holistic approach to risk management that combines robust internal controls, comprehensive PI insurance coverage, and an unwavering commitment to professional ethics. As insurance brokers, we are committed to supporting our clients in navigating this challenging landscape, ensuring that they are fully equipped to manage.
Chief Operating Officer – Honan