This precise scenario unfolded recently in the case involving PwC, one of the world's largest professional services firms, underscoring the intricacies involved in managing PI risks within the tax and broader consultancy sector.

How did Events Unfold?

‍

According to allegations, in an email dated 2015, PwC's tax consultant Peter Collins violated confidentiality agreements by sharing government information with his PwC colleagues, who subsequently used it to assist clients and generate revenue. This breach of trust resulted in high-profile resignations, criminal investigations, and the potential loss of future government contracts worth hundreds of millions of dollars.

Professional Indemnity and Breach of Contract Insurance

‍

This incident highlights the considerable legal liabilities that can arise from a breach of contract, particularly with regard to confidentiality agreements and conflicts of interest in PwC's case.

‍

Depending on the nature of the breach, civil liability claims can be pursued against both the individuals involved and the organisation. This is where PI insurance plays a critical role, as it covers the legal expenses associated with defending against such claims, including potential compensation to be paid to the plaintiff. While it seems unlikely that the Australian Government will file a civil liability claim against PwC, they are likely to sever ties with the firm. However, it is important to note that not all professional service firms will avoid facing the music in a court of law in the event of similar contractual breaches.

‍

The PwC scandal also raises pertinent questions regarding the role of PI insurance in cases involving deliberate or fraudulent activities. Generally, intentional breaches or acts of fraudulent dishonesty are excluded from PI coverage. Nevertheless, most policies offer defence for the individual until a final decision is reached. Similar to the legal principle of "innocent until proven guilty," insurers maintain the same stance. However, if the individual is found guilty, the defence costs must be reimbursed.

‍

Despite the potential coverage provided by PI insurance, the reputational impact of a scandal like this is not easily restored, making it imperative for consultancy businesses to proactively manage these risks internally. Consequently, several valuable lessons can be gleaned from this incident on how to effectively manage PI risks:

‍

• Implementing Robust Risk Management Policies: Regular risk assessments should be conducted to identify potential vulnerabilities and inform risk management strategies. In the case of PwC, the breach could have been prevented with a more thorough risk assessment.

‍

• Upholding Data Confidentiality: Strong data management policies are pivotal, as demonstrated by the PwC case. Firms should implement comprehensive data protection measures and regularly train employees on data security and confidentiality.

‍

• Adherence to Legal Obligations: Consulting firms must ensure strict compliance with legal obligations, particularly regarding confidentiality agreements. Engaging legal expertise can help establish robust and comprehensive agreements, thereby reducing the risk of breaches.

‍

• Tailoring PI Insurance Coverage: Insurance brokers should work closely with consulting firms to ensure their PI policies align with their specific business operations. Regular policy reviews are necessary to accommodate changes in operations or the broader risk landscape.

‍

• Post-Breach Response Strategy: Despite robust preventative measures, breaches can still occur. Firms should have a well-defined response plan in place to mitigate the damage caused by any breach. In the case of PwC, this involved high-profile resignations and an independent review of practices.

‍

• Encouraging Transparency and Accountability: Fostering a culture of transparency and accountability should be a fundamental objective within firms. This necessitates the clear communication of rules and expectations, proactive engagement with regulatory bodies, and honest self-assessment of internal practices. Initially, PwC's response was to assert that those directly involved in the breach had already departed from the company. However, in order to maintain trust and transparency, more significant actions were required, resulting in the resignation of their chief executive and other top executives.

‍

• Enhancing Oversight: To promptly identify and address potential breaches, firms should strengthen their oversight mechanisms. This may entail investing in advanced data security systems, involving external auditors, and fortifying whistle-blower protection mechanisms.

‍

• Rebuilding Trust: Rebuilding trust after a breach is undeniably challenging, yet crucial. This involves publicly acknowledging the breach, demonstrating accountability (as exemplified by the high-profile resignations at PwC), and outlining clear plans to prevent future breaches.

The PwC case serves as a compelling catalyst for the professional services sector to reassess its approach to confidentiality, integrity, and overall risk management. This entails not only re-evaluating internal controls, data management policies, and professional practices but also reviewing the wider regulatory landscape and accountability mechanisms in place.

Laurence Basell is Chief Operating Officer at Honan, Australia’s fastest-growing insurance broker, where he oversees corporate services including finance, strategy, information technology, legal, HR, marketing, and risk and compliance. His experience includes over ten years as a management consultant at PwC, leading a fast-growing start-up and overseeing strategy and operations for Dairy Australia.