- within Employment and HR topic(s)
- in United States
- with readers working within the Accounting & Consultancy industries
- within Consumer Protection, Insolvency/Bankruptcy/Re-Structuring and Insurance topic(s)
It has been a year since the preventative duty to take reasonable steps to prevent sexual harassment took effect. For employers, this is not a compliance box-tick exercise but a rolling risk management obligation. Now is the right time to step back, interrogate the last 12 months' data, and reset your approach for year two.
Take a risk-lead lens to the last 12 months
Start with your risk assessment. The technical guidance is clear that failing to assess risk is likely to be non compliant. Your review should be evidence-led and specific to your organisation's profile, operations, and culture. Examine where incidents occurred, who was affected and involved, when they took place, and the contexts that increased exposure, including offsite socials, travel, hybrid working, client entertainment, and alcohol. Identify hot spots, power imbalances, and repeat patterns, even where allegations were unsubstantiated. Do not overlook third-party risk from customers, clients, contractors, and the public.
Turn incident data into a prevention strategy
Treat every concern raised, whether formal or informal, as a valuable input. Map incidents and near-misses, resolution times, and outcomes. Track whether training correlated with fewer issues, whether particular teams or locations drive higher reports, and whether prior recommendations were implemented and effective. Whether outcomes were contested or not, capture the lessons learned and close the loop into revised processes, communications, and controls.
Refresh the control environment where the risk is
Policies and training must evolve with the risk picture. Update your dignity at work framework and make sure it is understood in practice, not only on paper. Target interventions where exposure is highest: tailored briefings for managers and HR, scenario-based training for front-line teams, clear expectations for events and alcohol, and visible escalation routes that are trusted and trauma-informed. Where employees interact with third parties, set behavioural standards up front, embed them in contracts and pre-event communications, and be ready to act swiftly if boundaries are crossed.
Governance, accountability and demonstrable oversight
Ensure your board or senior leadership receives structured reporting on harassment risks, incidents, trends, and the effectiveness of "reasonable steps". Maintain an audit trail of decisions, rationale, and improvements, as this will support both regulatory expectations and the "all reasonable steps" defence in litigation, while reinforcing a speak up culture. In regulated sectors, align your approach with conduct expectations and fitness and propriety standards.
A practical two year checklist
- Re-evaluate and document your risk assessment, with clear ownership and timelines for mitigations.
- Test the effectiveness of training, reporting channels, and investigations; close any gaps promptly.
- Tighten third-party controls and communications if the last year has shown that more steps need to be taken.
- Calibrate event protocols ahead of year-end social season; set and enforce behavioural standards.
- Embed "lessons learned" from investigations into
policy, training, and controls.
Refresh communications from leadership, reinforcing zero tolerance and psychological safety.
The preventative duty is dynamic. Treat it as an operational risk you measure, mitigate, and monitor continuously. A focused, data-driven refresh now will reduce harm, protect your people, and materially lower legal, regulatory, and reputational exposure in the year ahead.
Subscribing to our global Employment blog
From cross-border perspective pieces such as our U.S./UK comparison on religious expression in the workplace, to our EU-wide analyses of the revised EWC Directive and focused briefings on domestic reforms like the UK Employment Rights Bill, our global Employment blog brings the full breadth of our network directly to your inbox. Each post is clearly titled with the relevant jurisdictions, allowing you to identify at a glance the updates most critical to your organisation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
