NORWAY Law and Practice Contributed by: Elisabeth Roscher, Tine Vigmostad, Geir Sviggum and Kristin Nordland Brattli, Wikborg Rein Advokatfirma AS
existing plans varies from sector to sector – how- ever, the main elements of the plan are to clarify responsibilities in the event of a crisis, establish notification and reporting routines, and facilitate co-operation between relevant stakeholders in the event of an emergency. 2.9 Inter-Agency Co-Operation During a crisis, different government entities usu- ally co-ordinate efforts based on their respective areas of responsibility. For instance, the Ministry of Finance has an overall responsibility for crisis management in the event of a crisis within the financial sector. However, certain responsibilities may be delegated to subordinated agencies – for example, the Financial Supervisory Authority. The Ministry of Justice and Public Security has a co-ordinating role for preparedness and emer- gency response in the area of public security; in 2017, the Ministry established an instruction for the ministries’ work on public security in order to ensure effective inter-agency collaboration (FOR-2017-09-09-01-1349). 3. Corporate Crisis Management 3.1 Crisis Management Plans Large international companies in Norway will commonly have a crisis management set-up and structure similar to international players in the USA, UK and continental Europe. Small to medium-sized companies in Norway will typical- ly have a more narrow set-up tailored to the rel- evant sector and national regulatory exposure. In general, the key components of an effective crisis management strategy would include the following. • A risk assessment, which takes into consid- eration key risks of whether a crisis would
occur and in what areas (including regulatory exposure, where regulated entities would, for instance, require certain types of internal controls and reporting requirements). • A crisis management strategy and team, including designating roles and responsibili- ties to follow up on a potential crisis. • A communication plan, including roles and responsibilities for the various types of crisis situations. • A contingency plan, setting out a detailed step-by-step plan for the various types of crisis situations. • External and internal reporting requirements, as well as key stakeholders. In this context, it should be noted that certain types of inci- dents would have a firm reporting deadline – for instance, with respect to a data breach or potential risks of money laundering for obliged entities. • Training and awareness in contingency plans to ensure active preparedness. Nevertheless, the content and scope of crisis management plans naturally vary based on (inter alia) the sector, the size of the company and what types of risks the company is exposed to. In some cases, public authorities are also author- ised to establish crisis management plans for private companies – if so, the content of the plan is usually regulated by law (see, for example, Section 20-6 of the Financial Institutions Act). 3.2 Internal Governance It is advisable and common to have commit- tees responsible for certain types of crises. The composition of the committee would depend on the type of crisis. For instance, a regulatory breach would commonly be led by the general counsel or another member of the legal team, while a security breach would commonly be
117 CHAMBERS.COM
Powered by FlippingBook