Due Diligence, Standards and The Law
If the duty to exercise due diligence is fulfilled, you will have a better hand in court proceedings. But who sets the standards for due diligence?
The ISO sets the standards for diligence and compliance in many fields, but still has yet to define what is due diligence absent a subject field.
Service provision to the state of the art in connection with the accepted level of due diligence is a familiar path through legal matters. Actions relating to compliance refers to both to the company as a legal entity as well as the management such as Directors or CEO’s and the employees. This is also a moving target as both law, technology, and the understanding of new threats is understood. What used to be regarded as due diligence some years ago, could be insufficient today. If a good or service is not provided due to a lack of due diligence, the company will be threatened with considerable damage claims on the part of the client.
Once an ISO Standard is published, it will often be used as a scale for expert opinions before the court. The same will be true for due diligence standards when published.
What relationship to ISO Standards do you see ?
To get to the heart of it: If it is regarded as being state of the art to apply standardized information to products and processes, compliance with the corresponding ISO Standard will be reviewed in the event of damage. ISO Standards are based on good practices that have been defined and agreed to worldwide. As soon as an ISO Standard has been published, it will be very probable this standard will be used as the scale for competency and effort by court experts. All management in a given field will have to keep themselves informed according to ISO Standards and legal requirements. In the areas for which there are ISO Standards, general management will have to ensure the company is working at least to this level.
What are the advantages of ISO certification for legal matters?
On the one hand, ISO Standards require top management’s knowledge of the standards and related law. On the other hand, verification is required in order to document that top management and the employees are complying with the standards. In short not only does one require on going knowledge of the relevant ISO Standards but also certification that a given company is operating with in compliance for these standards. Certifications demonstrate ability, independent certification demonstrates that the organization is working according to the standards. The independent certification of compliance with ISO standards can be considered and represented ads a sufficient level of due diligence, mind you there is no true safe harbor.
Further, from time to time, it may also make sense to integrate ISO Standards in contracts. The standards create an agreed upon international standards for performance required by all parties to an agreement.
If there is certification, is the company not at fault even if there are failures?
Compliance with ISO Standards make it much easier to demonstrate on diligence in their performance of their due diligence. If failures do occur in spite of all precautions, the company can argue that they are not at fault or at least not negligent so that there principally is no liability for damages. It is a sound argument. Inclusion of the ISO stands again set the expectations of all parties very clearly. The company and its customers / companies will profit as customers can be more certain they will obtain without failures and companies will minimize liability exposure when providing their services as they can demonstrate more easily the exercision of due diligence to an internationally accepted standard.
What advantages are ISO Standards yield for internal controls from a legal perspective?
Such rules as Sarbanes Oxley or the 8th EU Directive require an internal control systems be in place and functioning. In connection with product liability, an internal control system is not required explicitly but is becoming more and more important in practice. With issues such as sanctions, FCPA, UK Anti Bribery Act, and the strict liability many face for lack of internal control in a host of product liability matters – operation up to and or beyond IOS Standards is an excellent standard both for a competitive advantage but also as a legal defense should such an unfortunate event occur that many raise the issue of liability.
As the legal requirements of duty of care and diligence is further codified by law – usually from cases where management really screwed up – , ISO Standards and its required documentation, testing and independent certification of compliance with those standards means that a company has demonstrably fulfilled their duty to exercise due diligence up to an agreed upon international standard.
While no level of due diligence will ever provide a safe harbor – this does provide counsel with an excellent argument – with independent documentation.
We are aware that the International Due Diligence Association is working on standards and we expect some of these standards to be published with in the coming months.