What this risk is, and why it matters
Harassment and sexual assault and harassment (SASH) exposure has moved from HR concern to board-level liability. Mandatory disclosure regimes, regulator-driven cultural audits and class-action litigation now treat harassment failures as governance failures, with personal liability for senior officers who knew or should have known. Insurance pricing reflects the shift; carriers now demand evidence of programme quality rather than declarations of policy.
Legal and regulatory framework
Statutory regimes (Title VII, the UK Worker Protection Act 2023, equivalents) impose proactive duties to prevent harassment, mandatory training, reporting obligations and protection against retaliation. Financial-services regulators (FCA, FINRA) treat harassment as a fitness-and-propriety issue. Listed-company disclosure regimes require quantitative reporting on complaint volume and outcomes. Regulator audits increasingly inspect culture and tone, not just policy.
Typical scenarios and impact
Documented enforcement has produced eight- and nine-figure settlements (entertainment, finance, tech), regulator-imposed reforms, executive resignations, listed-company share-price impact, and personal claims against directors. Class actions on systemic harassment have produced pattern-and-practice consent decrees. Insurance cost increases for firms with weak programmes routinely exceed the cost of building a strong programme.
Mitigation framework and when to engage an expert
Run a programme that combines mandatory training, multiple safe reporting channels, independent investigation capability, anti-retaliation enforcement, and quarterly board-level reporting on complaint volume and outcomes. Audit programme quality annually using an external firm. Engage employment counsel for investigation oversight; engage external investigators for complaints involving senior officers; engage a culture-audit specialist for whole-system assessment.