In our February newsletter we cover a number of current issues directly impacting the retail market.

We consider a new case regarding modern slavery in supply chains, provide some practical tips when helping your businesses plan for their cyber security priorities, and review the key takeaways for retail and consumer businesses from the recent Supreme Court Judgement in the test case brought by the FCA in relation to coverage under certain business interruption insurance policies.

Modern Slavery in supply chains: Turn a blind eye at your peril

Large businesses have been reporting on what they are doing to prevent modern slavery in their supply chains for nearly 5 years. During that time, modern slavery has increased in importance at board level, and several brands have come under public scrutiny for their failure to prevent exploitative behaviour by their suppliers. 

Blunt tool

Despite that, the supply chain transparency requirements in the Modern Slavery Act 2015 are considered by many to be a blunt tool. While businesses must report on what they are doing, they are not under a legal obligation actually to prevent slavery and trafficking taking place in their supply chains, or to take any particular steps to prevent it. 

There is no specific penalty for failure to publish a statement and no mandatory requirements as to what a statement should contain. 

Developing case law

With that in mind, a new case being brought against the waste and recycling firm Biffa may – if successful – have significant consequences. 

In 2019, eight people were jailed for their roles in a trafficking gang, following an investigation by West Midlands police. 

The gang is thought to have trafficked around 400 people from Poland who were put to work in farms, poultry factories and recycling centres in the UK. 

The victims, who were placed into work via recruitment agencies, received none or only a small fraction of their true wages and were housed in squalid accommodation. Additionally, it is alleged that they were subject to threats and intimidation. 

Three of those victims now are bringing proceedings against Biffa and Smart Solutions (the particular recruitment agency in question). 

Specifically, it is alleged that Biffa and Smart Solutions had a duty to prevent the forced labour to which the claimants were subjected. In addition, it is alleged that those companies are vicariously liable for the actions of one of the criminal gang members. 

Strengthening the Modern Slavery Act 2015

Changes to the Modern Slavery Act 2015 to strengthen the obligation to publish a supply chain transparency statement are due this year. 

Businesses will soon be required to report on specific areas in their statements, and face penalties for failure to publish a statement. 

Fuelled by increased remote working and more customer data than ever stored due to a reliance on online transactions cyber-attacks are on the rise.

Cyber Security Priorities

In planning for your year ahead it is worth factoring in what part you will play in challenging your business to test your cyber resilience. Understanding your own threat landscape by engaging with stakeholders across your business on a regular basis is essential. Some ideas to consider factoring into your planning include:-

• Customer account security – simple steps like proactively encouraging customers to change passwords and rely on third party tech like Apple Keychain could make a massive difference.
• Supply chain audits - auditing your supply chain to verify whether anything has changed since contracts were put in place – suppliers are a key risk area with hackers looking for gaps to exploit. Key areas we have seen are attacks on payment card provider tech. 
• Limiting data sharing to third parties in your supply chain which may have crept over time will minimise your risk. 
• Internal processes to manage ransomware attacks  - these attacks can be disastrous in any part of your supply chain. More businesses are willing to pay hackers – consider having an internal process to quickly manage decisions and press releases.   
• Training and awareness - Human error causes the vast majority of breaches – engaging on proactive training and running mock breaches to test systems is worthwhile. Email spear phishing (emails sent to appear legitimate) continue to impact businesses and are more sophisticated than ever – have you recently done any training in this area for your team?

Business Interruption Insurance Test Case – Supreme Court Judgment

The Supreme Court handed down Judgment on 15 January 2021 in the test case brought by the FCA in relation to coverage under certain business interruption insurance policies. A detailed review of the Judgment is available here. Key points for retail and consumer clients include:

• The Judgment was positive for policyholders, finding in favour of the FCA on all the points appealed by it and the insurers and giving broader coverage than the first instance Judgment as a result.
• The Supreme Court interpreted phrases such as 'restrictions imposed' by relevant authorities in prevention of access clauses more broadly that the High Court meaning, for example, in some instances it may be possible to claim for losses arising from reduced footfall rather than just orders to close.
• Trends clauses and pre-trigger losses: when considering the turnover of the impacted business, the only appropriate adjustment is for circumstances unconnected with the pandemic. For example, reduced sales as a result of the public following instructions to stay at home in the period immediately prior to closure should not be used to suggest a downward trend in the business and consequently lower insurance recovery.
• The Supreme Court's view that each instance of COVID-19 is an 'occurrence' means aggregation (i.e. how many excesses and/or limits of liability apply) is a live issue for those with multiple business premises / locations.
• Occurrence 'at the premises' wordings were not specifically considered, but the Supreme Court's reasoning on causation means coverage decisions on these policies should be revisited – see here for more.

Covid-19 testing in the community and increased measures for workplaces

Non-essential retail remains closed in the UK, and a month into 'Lockdown 3.0' in England whilst there are signs that infections are reducing, hospital occupancy and death statistics (which are lagging indicators) remain stubbornly high. The vaccine roll-out appears to be going well despite tensions with and within the EU, but we do not now expect the current lockdown rules to be relaxed until 8 March at the earliest (and then only for some re-opening of schools). If anything we expect the Government to delay re-opening of non-essential retail until at least April and of restaurants and bars until at least May and these dates are optimistic according to some commentators.

When relaxations are considered current suggestions are that social distancing rules will now be with us throughout 2021 (absent evidence that vaccination not only protects the individual but also reduces transmissibility) which will have obvious implications for the ability to trade and the pace of economic recovery. The Health and Safety Executive is reported to have signed contracts with commercial third parties to add to its 'spot-check' abilities for workplaces and may refresh and even strengthen its sector guidance on 'COVID-secure' workplaces. Some Trade Unions are lobbying the Government to go back to the drawing board to look at the adequacy of the current control measures in the face of the new virus strains and their transmissibility. There is renewed emphasis on staying at home and working from home, with increasing initiatives to provide at-work testing for those who cannot work from home now being actively piloted across many local authority areas. The short-term "hit" to businesses which discover asymptomatic cases who have to self-isolate (along with close contacts, now more widely defined) is said to be offset by the prevention of larger outbreaks in workplaces or districts.

More specifically

• USDAW has urged retailers to reinstate and reinforce necessary safety measures in shops, as implemented during the first lockdown, and for customers to follow the "rules". As an immediate priority, the union wants retailers to revisit their risk assessments (see here). The major supermarkets have already taken steps in this direction voluntarily but collectively. Control of numbers in-store, shopping alone and stricter enforcement of wearing face coverings have all been refreshed during January 
• Part of this effort may well involve vaccination as a tool, especially if the current pace of the roll-out can be maintained. Retailers cannot impose having a vaccination, or wearing a face covering, as a condition of the continued employment of its staff and threatening dismissal (as one supermarket allegedly has) for refusal to do so is almost certainly unlawful because of the Equality Act 2020 but retailers should probably use active encouragement to staff and effective communication to deliver key messages. Preparing a vaccination policy is also recommended. For most working in retail (particularly supermarket staff) the risk is to them not because of them
• In December John Lewis began introducing rapid Covid-19 testing for employees. The retailer has rolled out testing facilities to 40 locations across England through a link-up with the Department of Health and Social Care. During January more local authorities joined a pilot scheme to offer mass testing in workplaces where remote working is not possible as referenced above

We encourage you to share your experiences with us so we can curate how best to manage the current outbreak for all clients as an adjunct to their internal programmes. The greater the evidence available for submission to the Government, the better.