How do I remain compliant and cover any risk?

With the exception of the Covid-19 Corporate Financing Facility (see below), there was initially little dedicated financial assistance for medium-sized and larger businesses affected by the coronavirus outbreak (the so-called “stranded middle”); however, from 20 April 2020 such businesses (with a turnover above £45 million) have been able to access finance via the Coronavirus Large Business Interruption Loan Scheme (“CLBILS“).

CLBILS operates in a similar manner to CBILS except that a lender can provide:

• up to £25 million to businesses with turnover from £45 million up to £250 million; and
• up to £50 million to businesses for those with a turnover of over £250 million.

Finance is available in the form of:

• term loans
• revolving credit facilities (including overdrafts)
• invoice finance and
• asset finance,

in each case available on repayment terms of up to three years.

Several changes to CLBILS took effect from 26 May 2020. The maximum amount available through CLBILS to a borrower and its group increased from £50m to £200m. Term loans and revolving credit facilities over £50m will be offered by CLBILS lenders which have secured additional accreditation. The maximum size for invoice finance and asset finance facilities remains at £50m. Companies borrowing more than £50m through CLBILS will be subject to further restrictions on dividend payments, senior pay and share buy-backs during the period of the loan. Further information on the most recent changes, including new provisions on seniority of CLBILS facilities, can be found on the CLBILS page on the British Business Bank website. There is also an in-depth FAQs section for businesses, which has the full details of the changes to the scheme.

Unlike CBILS, the UK government will not make payments to cover the interest and any lender-levied fees in the first 12 months of any facility so these larger businesses will not benefit from the no upfront costs and lower initial repayments that smaller businesses eligible for CBILS benefit from. The other key provisions of CLBILS, such as the eligibility criteria, the 80% government-backed guarantee and security, are similar to those of CBILS.

Eligibility is similar to CBILS and businesses must:

• Be UK-based in its business activity
• Have an annual turnover of more than £45 million
• Have a borrowing proposal which the lender would consider viable, were it not for the current pandemic, and for which the lender believes the provision of finance will enable the business to trade out of any short-term to medium-term difficulty
• Self-certify that it has been adversely impacted by the coronavirus (COVID-19)
• Not have received a facility under the Bank of England’s Covid Corporate Financing Facility.

Businesses from any sector can apply, except the following:

• Credit institutions (falling within the remit of the Bank Recovery and Resolution Directive), insurers and reinsurers (but not insurance brokers)
• Building Societies
• Public-sector bodies
• Further-education establishments, if they are grant-funded
• State-funded primary and secondary schools

All lending decisions remain fully delegated to the accredited lenders.

The CMA sees only limited circumstances in which a full refund would not be given. The CMA accepts that where public health measures prevent a business from providing a service or the consumer from receiving it, the business may be able to deduct a contribution to the costs it has already incurred in relation to the specific contract in question.

This view reflects a relatively complex area of law under which parties are released from obligations under a contract if performance of that contract becomes impossible or illegal. This is called “frustration” of the contract. Under a law passed during World War II, a party to a contract that is frustrated who has incurred expenses is permitted, if the court thinks fit, to retain an amount up to the value of those expenses out of any money they have been paid by the other party.

The CMA’s view, however, is that this will not happen often, and that deductions from deposits will be limited.

Employers will be collecting and sharing health information. Health information is sensitive and higher data protection standards apply. Here are a few key pointers.

• Update privacy notices to cover the new collection and sharing of employees’ information and provide these to the workforce. Be transparent and fair.
• Identify the legal basis and condition for use of this information and put any required paperwork in place. The ICO guidance will help. For some conditions such as the employment condition, an Appropriate Policy Document (APD) will be required. The ICO has an APD template.
• Only use the information for the purpose of managing the workforce during the pandemic.
• Only collect or share information if it’s necessary – if it’s a targeted and proportionate way of achieving your purpose.
• Make sure any health information collected and shared is accurate – there may be serious consequences if it’s not.
• Work out how long the information must be kept for. Keep a record of that period and act on it at the appropriate time.
• Security is very important – there may be malicious actors trying to trick employers and employees. Make sure employees know how to identify a genuine NHS Test and Trace contact. Keep the information secure. Use the ICO’s data sharing checklists** and keep a record of the disclosures made and why. Control external disclosures – only certain authorised members of staff should make them.
• Make sure individuals can still exercise their data protection rights – that’s also very important. Keep data protection records up-to-date and ensure any exports of personal information outside the UK are compliant.
• Before introducing employer-led testing like taking temperatures, thermal imaging or other potentially intrusive tests, work out if a data protection impact assessment (DPIA) is required. It will be if the intended processing is ‘high risk’. If it is, then carry out a full DPIA. It will help address the issues systematically and mitigate risks.
• All this demonstrates ‘accountability’ – it shows affected individuals and the ICO that the employer is complying with data protection requirements.

If you need further help, please visit the ICO’s data protection and coronavirus information hub or ask our data protection team.

** Please note that this link is to the ICO’s existing checklists and data sharing code of practice. We will update the link to the ICO’s new checklists after they are published.

The definition of a relevant establishment is a question of fact for an Employment Tribunal. Guidance from case law says that ‘establishment’ should be interpreted very broadly (so as to avoid employers escaping the need to collectively consult), and may consist of:

• A distinct entity
• With a certain degree of permanence and stability
• Which is assigned to perform one or more tasks
• Which has a workforce, technical means and a certain organisational structure to allow it to do so

However, there is no need for it to have the following:

• Legal, economic, financial, administrative or technological autonomy
• A management which can independently effect collective redundancies
• Geographical separation from the other units and facilities of the undertaking

• The Pensions Regulator has published regularly-updated guidance for employers.
• It will take “a proportionate and risk-based approach towards enforcement decisions … with the aim of supporting both employers and savers”. In other words, the law remains the same, but the Regulator will show restraint in enforcement against breaches.