Coupon Accepted Successfully!


Introduction to Management Practices and Law

As a general rule, directors, managers and officers of the company are responsible for ensuring compliance with various applicable laws. Managerial conduct, that is, the actions, statements and conduct of a company’s senior management, officers, employees and representatives can have significant legal implications for the company. For example, statements by the chairman of DLF in its AGM, its annual reports and its prospectus were key pieces of evidence for the Competition Commission of India, when it arrived at the conclusion that DLF held a dominant position in the real estate market (the CCI imposed a penalty of INR 630 crores on DLF in that case).

Note:See Belaire Owner’s Association v.HUDA Department of Town and Country Planning, 12th August 2011 here

It is possible for the company to regulate the behaviour of its managers and employees through various internal policy documents and managerial processes, which can ensure that legal risks are minimized. Businessmen, lawyers and consultants do not have the opportunity to learn about these policies systematically – typically, they learn about them through experience, or by observing the manner in which competitors or market-leaders operate. This module discusses certain key internal policies which a company can adopt for minimization of legal risk (and losses from unexpected events) in a systematic manner. Some policies are even useful for employee welfare.

Internal policies must be designed keeping in mind the commercial interests that are sought to be protected, the specific nature of the company’s business and the legal framework that applies to that company. Implementing these policies with the help of managerial and technological processes can go a long way towards minimizing legal risks.

As the volume of regulation surrounding various industries has increased, it has become extremely important for entrepreneurs to themselves be aware of the importance of having these policies – in many situations they may have to prepare working drafts themselves. Lawyers and consultants can add immense value to a business if they are able to guide an entrepreneur on the specific internal practices and policies that can be adopted by a company, keeping in mind its business model. Entrepreneurs are likely to benefit greatly from this kind of assistance, as they may not always have the time to personally deliberate upon and draft internal policies in detail.

This module should be read in conjunction with the discussion on Liabilities of Directors in Module 3 and on Employment Contracts in Module 5.


Relevance of company policies

As discussed in the chapter on Liabilities of Directors in Module 3, punishment for violation of applicable provisions of regulatory and tax laws is usually a fine on the corporate entity and its directors, managers, secretary or another officer who was in charge of the operations of the business at that point in time. These officers of the company may also be personally responsible for imprisonment.

At a broad level, company policies help in minimizing different kinds of legal risks. Typically, in any business which is funded by an investor, the investor has the right to be indemnified in relation to any loss incurred by the company due to a breach of applicable law (through various representations, warranties and covenants that are taken from the founders and the company). Losses caused by breach of these warranties or covenants may lead to claims of indemnification by investors. Serious violations could also potentially lead to investor’s invoking the material adverse change clause under the shareholders agreement and demanding pre-mature exit. Risk of inadvertent errors due to activities of employees and other representatives remains high even in businesses which have no third party investors.

Why have internal company policies?

If an officer is accused of being responsible for a statutory violation, he will be responsible for establishing that the violation took place without his knowledge, or that he was not ‘negligent’, and had exercised ‘due diligence’ or ‘due care’ while discharging his duties towards the company. The decision as to his negligence will be taken by a regulatory authority or court based on the evidence presented. Having certain internal policies and checks at a departmental level for various operational aspects of the business can be extremely useful in establishing that the concerned officer (and the company) had exercised due diligence.

Apart from resulting in legal liability for different statutory or regulatory violations, the manner in which ‘internal’ matters are regulated can affect the company’s interest. For example, they could have a bearing on the company’s reputation in the market. In the 1990s, Apple Computers’ employees and managers were free to talk to the press, as Apple did not have a specific media communications policy.

Managerial staff had developed a habit of passing on confidential details about the company to the press, if they are criticised or their suggestions were not appreciated. Of course, these disclosures were made on an anonymous basis, which made it difficult to identify the source and attribute responsibility, particularly as the company had grown very large. While this did not result in legal liability for the company, it was against the strategic interests of Apple, as it was harmful to its reputation and leaked out valuable details to the public domain. This was during the period Steve Jobs had been fired from the company – when he was hired for a second stint, one of the first changes he introduced was to prohibit employees from speaking with media representatives.

If internal affairs are not regulated at all, the possibility of various events which might result in liability of the company to other stakeholders in society is higher.

For example, a defamatory remark by an employee about a competitor’s product may make the company liable to pay damages if the competitor initiates a legal proceeding. Similarly, a statement exaggerating the features of a particular product of the company could be treated as a misrepresentation to customers. For an expanding business, these risks extend to several aspects of its operations.

The connection between management practices and law has been overlooked

Customarily, issues related to company policies are left to a company to regulate internally. Entrepreneurs seldom have the resources to worry about this – as a result, few early stage businesses have internal policies, and most fail to adequately address various risks and protect their commercial interest.

Some companies merely observe certain codes and practices, a lot of which are not documented. They may set up unsystematic managerial processes to implement the policies – based on oral rules and ‘office culture’, which may not be documented. Others devise written codes as they expand or if they have had unexpected or bitter experiences.

Most lawyers and law firms do not look at the internal functioning of the company. There is no statute which provides guidance on what policies a company should have. The reason is simple, for the most part, law prohibits what cannot be done, and the business is free to pursue any activity so long as it is not prohibited. Therefore, businesses are left free to tailor-make internal processes depending on requirements.

In fact, large corporations and multinationals are known to hire leading management firms such as Boston Consultancy Group or McKinsey to optimize managerial processes and minimize risk, as part of their ‘enterprise risk management’ services – these firms treat legal risks arising from managerial process (either qualitatively or quantitatively) as a sub-component of enterprise risk. It may even be quantified through use of sophisticated mathematical formulae and statistics.

Sometimes, founders may ignore reducing the policies to writing because it is a cumbersome task and the core team may prefer to work on the business of the company instead of handling such processes, so these issues may be ignored for a longer period of time.

In this module, we shall discuss certain key aspects that must be covered by internal company policies. However, note that legal risk management does not exist in isolation – it should be backed by effective management processes, and even technological aids to implement the policies. These processes may require appropriate testing and measurement to determine whether they are effective.

Key interests sought to be protected by internal policies

In general, internal policies minimize the risk of legal liability against the company (and sometimes its senior management) related to negligence, misrepresentation, fraud, or from violation of applicable law. 

Having internal policies usually serves the following functions:

1. As already explained, internal policies can be extremely useful in:


a) preventing penal liability arising from breach of regulatory provisions,


b) minimizing risk of legal liability or breach of duties towards stakeholders, and


c) minimizing the risk of an indemnity claim/ MAC provision being invoked under investment agreements (if any).


Example 1


Consider a situation where proceedings have been initiated against a company for non-payment of income tax – it is found that the company has significant income from certain investments and bank deposits which has not been disclosed in its income tax returns. It is found that this is due to some kind of fraudulent activity by a senior manager of the finance team.

In such a situation, the company and its key officers who are responsible for ensuring compliance with law can be susceptible to penalties and even criminal prosecution. However, if it is demonstrated that the company had sufficiently detailed policies which laid out processes for reporting and payment of income tax, and allocated responsibility for the same, the company may not be prosecuted for concealment of tax since a high level of care had been taken to ensure that income from different sources is adequately monitored and tax is paid on time.


Example 2


Imagine that a patient who underwent treatment at a reputed hospital files a consumer complaint against a hospital on the ground that the billing department has acted negligently, has charged him far in excess of the initial tariffs and estimates provided by the hospital. In such situations, if the consumer forum finds the hospital to have provided deficient services, it may award lower compensation if it is found that the hospital had an elaborate manual and code of conduct for the staff (including the billing department) and implemented a rigourous program training them on how to conduct themselves with patients and customers.


2. Internal policies help in allocation of responsibility amongst different officers of the company


As we saw in module 3 on Liability of Directors, the responsibility for a statutory violation either lies on the directors or the officer of the company who was specifically allocated the responsibility for such compliance, or an officer with whose knowledge the violation was committed. Framing internal policies helps a business in allocating responsibility on specific officers of the company. Note that for certain business functions, such allocation of responsibility to a specific person may also be required to be notified to a regulatory authority.




A company manufacturing biscuits or other packaged items is required to comply with labelling requirements and make prescribed disclosures on the packaging as per the Legal Metrology Act, 2009. The act permits a company to designate specific directors or officers who will have the responsibility of compliance with its provisions. Such designation must also be intimated to a legal metrology officer. A company which has multiple offices also has the ability to allocate responsibility to different persons for the different offices. In case of breach of provisions, the company and the designated person will be liable. 

If there has been no such nomination, every person who was in charge of the business of the company (irrespective of whether he was responsible for the specific operation where a violation was committed) will be guilty of the violation. The violation is punishable with a monetary fine of up to INR 50,000 (for the first two convictions) and imprisonment of up to 1 year for a subsequent violation. In addition, the court can also order publication of the name of the company and the director who has committed the offence in a newspaper. This implies that the director will have to personally pay the fine as well. He also risks the possibility of his name being published in a newspaper as an offender, if the court directs.



3. Sometimes, framing internal policies may be necessary to comply with law.

For example, a company which collects sensitive personal data of customers will be required to have certain policies in place for data protection so that it can establish that it has taken ‘reasonable security practices and procedures’ under the Information Technology Act. This is a mandatory requirement as per the rules passed under the Information Technology Act (see Module 7).


At the same time, a policy cannot always be framed in isolation. The obligations under applicable statutes have to be borne in mind, else the policy will be illegal. For example, a policy for salary / wages and bonus of employees must be in compliance with applicable labour legislations – such as the Minimum Wages Act, Payment of Bonus Act, etc.


4. Some policies may help the business in generating goodwill amongst various stakeholders


Internal policies can be useful measures for employee-welfare, as they may contain beneficial provisions for employees, and may also instil a feeling of transparency in administration of the affairs by senior management. A corporate social responsibility policy will qualify under this category. A policy stating that employees are free to dedicate 20 percent of their working time to a personal project (which could potentially benefit the company if it is found acceptable by the senior management) is another example.


5. By informing employees on how to deal with certain situations and what not to do, internal policies can prevent several potentially embarrassing situations from arising.


Coupled with managerial processes, they can also be helpful in minimizing commercial risk for the company.


For example, having a precise external communications policy or a blogging policy may reduce the risk of an employee disclosing information which is strategically harmful for the business to a third party (including the media). The policy could also prohibit certain categories of employees from communicating with media representatives.


What kinds of situations are addressed by internal policies?

Several examples of situations that could be governed by internal policies have been discussed before. An indicative list of questions addressed by internal policies and processes are listed below, which are examined in greater detail in the next part of this module.

Legal basis of internal policies and measures for breach

Are company policies valid vis-à-vis employees? What is the source of their validity?

The policies have a contractual basis – usually the employment contract requires employees to comply with policies the made by the company. By referring to the policies, the employment agreement incorporates them into the contract. Breach of the provisions of policies can entitle the company to take disciplinary action against employees for misconduct (or even termination of employment).

Some policies are implemented to provide a sense of transparency in to administrative processes or as a welfare measure - e.g. a policy for reimbursement of costs incurred by employees in the course of employment, medical policy, etc. Non-compliance with such policies could amount to a breach of responsibility on part of the employer, if these policies are also incorporated into the contract by reference. Employment contracts may not typically include provisions specifying the consequences of such a breach by the employer. However, employees may consider negotiating better terms (e.g. shorter notice period, etc.) in such cases, so that they can terminate employment or obtain compensation for the employer’s conduct.


Test Your Skills Now!
Take a Quiz now
Reviewer Name