Ensuring compliance with regulatory requirements is critical to your client’s business. But crisis and business continuity planning – often mandated by law – shouldn’t be a box-ticking exercise. Unfortunately, too many of your clients fall into the trap. What risks do they face treating crisis preparedness as a compliance-first practice?
First things first: regulatory mandates following crises are ubiquitous – that’s been the case far before the onset of the COVID-19 crisis. In the U.S., for instance, employers with more than ten workers must have written emergency action plans that specify what workers and others at the workplace should do in the event of an emergency.
That particular requirement, an extension of the broader duty-of-care obligation, is common around the advanced world. And your compliance-minded clients know better than to ignore it.
But while your clients must achieve compliance through the development of crisis management plans, the plans themselves shouldn’t be undertaken through the prism of compliance. Why? A compliance-first posture only gives your clients license to leapfrog over the vital risk assessment phase of crisis planning – i.e. identifying and analysing the most-likely hazards to occur at their workplace – and proceed right to copying and pasting popular crisis plan templates.
Of course, there’s nothing wrong with working off of a pre-set template. After all, many of those templates represent industry best practices. However, the evidence shows that carefully customizing crisis plans (even your prefab templates) to your client’s specific crisis risk factors better prepares them for crisis.
On the other hand, simply copying a plan might get the job done in the short term, but at a cost. The price being it leaves your clients uninterested and uninvested in the resulting plan. More often than not, that plan ends up getting shelved, only to be recovered, untested, when crisis strikes – where have we heard that before?
And that’s not the only pitfall of taking a compliance-first approach to crisis planning. There’s the opposite: creating lengthy, overly-detailed plans that address every possible crisis contingency – no matter how unlikely.
Sure, those plans satisfy statutory requirements – and then some. However, overly prescriptive plans are simply not actionable. In fact, they often frustrate the people tasked with executing them. Like prefab templates, they end up getting shelved.
So, what’s the answer? Well, instead of developing plans simply to meet regulatory requirements, your clients should strive to create flexible modules, playbooks that can dynamically adapt to fast-changing crisis situations. Those plans will be comprehensive in scope without being laborious.
What’s more, your client’s crisis plans, even comprehensive, best-practice plans, can’t be treated as static documents. They have to be living documents, constantly revisited through routine training exercises. Those exercises help surface flawed assumptions before it’s too late. And re-testing the plan also helps your clients prepare for new crisis triggers, as company risk factors change.
The moral of the story. Regulation always impacts planning – how could it not? But your client’s crisis preparedness is a strategic business function, not a mere matter of compliance. To better prepare your clients for every stage of the crisis management lifecycle, start by conducting a careful risk assessment. For more tips on how to avoid planning pitfalls and develop robust, dynamic plans, download our crisis planning guide.