In November 2019, fast-food giant McDonald’s fired its chief executive Steve Easterbrook for violating company policy by having a consensual relationship with an employee. Not only did this affect Easterbrook (days later he resigned from the board of Walmart), it also resulted in an overnight loss of US$4bn off the market value of the company.
In June 2017, Uber CEO Travis Kalanick resigned following months of bad press regarding the culture within the business (specifically incidents of harassment, discrimination and bullying). Dashcam footage emerged showing Kalanick losing his temper with a driver. The clip proved particularly damaging to a company already facing reputational issues – it resulted in Kalanick making a public apology.
In 2015, senior BlackRock director Jonathan Burrows was handed a lifetime sector ban from the FCA for dodging train fares over a five-year period.
More recently, in February 2020, a senior bond trader was suspended by Citigroup after being accused of stealing food from the office canteen.
Bad news travels fast
Misconduct cases attracting press headlines is nothing new, but 24-hour TV and social media mean when someone steps out of line the whole world hears about it quickly. Advances in technology have also made it easier to transgress – in certain areas at least.
Twenty years ago, offensive texts, obscene emails, photos, videos and misjudged, late-night, social media posts were uncommon since the technology it relied on was in its infancy. While codes of conduct existed 20 years ago, they did not have to deal with social media indiscretions. Nowadays, smartphones make it all too easy to post or forward material or comments that are unsuitable or unprofessional. There was no company policy on social media use, either – Facebook was launched in 2004 and Twitter in 2006, with an influx of other companies after this. Easy-to-trace digital footprints mean colleagues and, more importantly, bosses can see what employees have posted on their social channels.
Defining and regulating misconductClearly, non-financial misconduct can come in many forms – from petty theft, fare dodging, workplace bullying and gender discrimination to drink driving and extremist political group affiliation. Definitions vary depending on the cultural values in a particular country.
Measures that could or should be in place to deal with misconduct will vary between countries/cultures, specific industries and individual companies. Over the past decade we have seen changes in what is in place to protect workers and punish wrongdoers. In the UK in 2013, the Senior Managers and Certification Regime (SMCR) replaced the Approved Persons Regime, changing how people working in financial services are regulated. The introduction of SMCR was largely in response to the 2008 banking crisis and significant conduct failings, such as the manipulation of LIBOR.
SMCR insists that firms take more responsibility for employees being fit and proper (possessing adequate knowledge, skills and experience to understand the firm's activities), and that there be better standards of conduct at all levels. The CISI has produced a Conduct Rules toolkit to help individuals gain a better understanding of the FCA's Individual Conduct Rules. The short video below explains how to use it.
In the US, the Financial Stability Oversight Council was set up post-financial crisis to promote market discipline and identify emerging risks to the stability of the US financial system. In 2010, the EU introduced the European System of Financial Supervision which, like the UK’s SMCR, includes a ‘fit and proper’ test – in this instance for senior directors at larger banks.
These efforts to improve supervision and levels of competency were specifically aimed at the financial services sector but there followed broader initiatives to deal with misconduct across multiple sectors.
In 2014, the EU introduced a directive on non-financial reporting. Under Directive 2014/95/EU, large companies (with 500+ employees) must publish reports on the policies they implement concerning environmental protection, social responsibility and treatment of employees, respect for human rights, anti-corruption and bribery as well as diversity on company boards (in terms of age, gender, educational and professional background).
The way companies handle non-financial misconduct throughout the organisation is indicative of a firm’s cultureFor the first time, these companies found themselves having to focus reports not just on the balance sheet and order book, but on the values and good practices they adhere to. Issues that would previously have been dealt with by human resources (HR) or a disciplinary hearing now have a regulatory aspect to them. In addition to EU directives, sector bodies are increasingly setting out codes of conduct. For instance, in the UK, the FCA has stated that the way companies handle non-financial misconduct throughout the organisation is indicative of a firm’s culture.
In January 2020, the FCA published a ‘Dear CEO’ letter addressing non-financial misconduct in wholesale general insurance firms. It reads: “We view both lack of diversity and inclusion, and non-financial misconduct as obstacles to creating an environment in which it is safe to speak up, the best talent is retained, the best business choices are made, and the best risk decisions are taken.”
Corporate affairs
By protecting workers and punishing wrongdoers appropriately and even-handedly, companies send a clear message about their culture and values both internally and externally.
Protecting workers means having a system in place that encourages employees to come forward and report instances of bullying, discrimination, harassment or unprofessional behaviour. Punishing wrongdoers appropriately means identifying where clearly defined codes of conduct have been breached and ensuring action is taken. In the example of the CEO of McDonald’s, the company has a policy that forbids dating or sexual relationships between employees who have a “direct or indirect reporting relationship”.
McDonald’s is not the only major US corporation to take such a hard-line stance. Many companies in the US require individuals to avoid or at least disclose relationships that create a conflict of interest, according to an article by Professor Didier Cossin and Abraham Hongze Lu for IMD .
So-called ‘love contracts’ to regulate or prohibit workplace relationships have so far gained little traction outside of the US. The logic behind such contracts for US companies is to avoid the potential damages awarded in a sexual harassment case after an affair breaks down, particularly one between a senior and junior colleague. There might also be concerns from an employer’s perspective that, for instance, a couple working in client accounts could collude in releasing funds – resulting in potential scandal and loss of reputation. But Ben Willmott, head of public policy at the Chartered Institute of Personnel and Development in the UK, argues that any policy in this area would need to strike a balance between an employee’s right to a private life and an employer’s right to protect its business interest. “Under the Human Rights Act, employees have a right to a private life and family life and this includes their personal relationships. Any policy that has the effect of imposing on that right would be problematic.” So-called ‘love contracts’ to regulate or prohibit workplace relationships have so far gained little traction outside of the US
Rather than a prescriptive ‘no workplace relationships’ policy, Ben suggests employers have clear standards of behaviour and clear policies and processes for tackling inappropriate behaviour.
“The top line is it’s about the behaviours organisations expect all their employees to demonstrate, and those should apply regardless of people’s relationships.” He added that standard policies on dignity and respect at work – setting out a zero-tolerance approach to any form of sexual harassment or bullying – should be the priority.
In its Code of business conduct, Coca Cola states it will not tolerate any form of discrimination or harassment based on race, sex, colour, national or social origin, religion, age, disability, sexual orientation or political opinion.
Regarding the use of social media, it says: “Use social media wisely. If the subject of our company comes up while you are on social media, make it clear in your postings that you are a company employee, and your views are your own – you are not speaking for the company. Never disclose confidential information about the company, our customers, suppliers, competitors or other business partners, and never post anything that might constitute a threat, intimidation, harassment or bullying.”
Putting things down on paper
Whatever standards of behaviour a business expects from its employees, a written code of conduct should make them clear.
But written policies need to be fit for purpose. That is, they must not be undermined by conflicts of interest or a business environment that makes whistleblowing difficult.
In addition to whistleblowing, clear sector standards should encourage honesty and transparency from those who transgress. For instance, the CISI encourages members to self-report in a timely manner of anything (eg, commencement of a disciplinary investigation by their employer, or conviction of a criminal offence), which may impact their suitability to remain a member. This can work effectively so long as the individual is assured that the disciplinary proceedings they will subsequently face are fair, commensurate and consistent. The CISI disciplinary procedure follows seven steps, outlined in detail on the website, that result in a final decision, with the findings either upheld, amended or overturned.
"Non-financial misconduct has the potential to undermine trust, damage reputations and adversely affect individuals, firms and businesses"Frank Moxon, Chartered FCSI, chair of the CISI Disciplinary Committee, says that the CISI has “long championed the importance of ethical behaviour” and has more recently recommended that members apply the same standards to their conduct outside of the office. “The public mood has also moved in this direction with bankers, business people and politicians all being held up to higher standards of scrutiny both at work and in their private lives. Increasingly, non-financial and other out-of-office misconduct has the potential to undermine trust, damage reputations and adversely affect individuals, firms and businesses,” he says.
Such is the nature of professionalism that a life of 24-hour acceptable behaviour should not require significant lifestyle changes, says Frank. “However, it is sometimes not obvious where ethical boundaries lie, in part because of changing social mores, advances in technology and international and cultural variations.” The CISI’s work in developing and setting ethical standards therefore includes the publication of articles (such as the Review Grey Matters ethical dilemmas), booklets and other materials (elearning modules, events and interactive workshops) offering relevant ethical guidance to its members.
View the CISI Integrity Matters product suite
Clarity and consistency in messaging from those who monitor a sector, as well as those companies that operate within it, is fundamental. Brooke Kenyon, managing director at financial services PR specialist Orchard, explains: “Written policies are a good place to start and need to be in place to ensure everyone knows how they should be treated and how to treat their colleagues. Creating a process for staff so they feel they can call out any boardroom bullies, and will be listened to, will shape the right workplace culture.”
Culture is on the regulator’s agenda, too. In March 2020, the FCA published a discussion paper titled Transforming culture in financial services. In the introduction, Jonathan Davidson, executive director of supervision – retail and authorisations, encourages leaders to reflect on their firms’ cultures and continue, or start, taking action.
CISI Annual Integrity event
But sometimes the workplace culture can be extremely challenging, as highlighted in the CISI debate, 'Outside the 9 to 5', held on 12 February 2020.
Attendees heard a fictional case study (published in the Review as a Grey Matters ethical dilemma) of a family-run investment manager Footes & Co. The role of CEO becomes vacant and the chair, John Footes, is approached by his son Mike, managing director of a rival investment firm. Mike’s cousin Richard, head of HR, hires Mike as CEO. Mike has a reputation for dominating meetings and complaints are made about his behaviour – being verbally abusive to staff at meetings. Team morale is shaken, and some employees decide to leave. One of them raises specific complaints about Mike but wants her comments to remain confidential.
Mike’s behaviour would appear to contravene the company’s defined core values of respect and integrity. However, attendees at the CISI debate concluded that written codes of conduct and core values only go so far and that to ensure impartiality, any further investigation should be independent. The verdict delivered on the aforementioned Grey Matters article agrees with this: “Richard could suggest that John recuse himself from investigating his own son’s conduct, not only because if he were involved it may further damage their relationship, but because appointing someone else (ideally, someone outside of the Footes family) to oversee the process would ensure impartiality and fairness.”
Being family members, the chair and head of HR have conflicts of interest. Also, it was stressed at the debate that staff members need not go on record in the event of a potential misconduct claim against another.
The potential damage to the business as a result of misconduct is severe. A point made at the CISI debate was that team morale had been eroded and the departure of staff had made future recruitment difficult, with word of mouth and social media making the company’s problems common knowledge. The company’s reputation is at stake and this may impact performance and profits.
Social media policy
Another case study at the CISI debate, and also the subject of a Review Grey Matters article, involves a WhatsApp message seen on a manager’s phone at an after-work drinks gathering. A new member of staff (who is not part of the WhatsApp group) sees a message relating to his likelihood of quitting when the pressure becomes too much. Delegates at the CISI debate took the view that while WhatsApp is widely used within companies (and to some good effect), there should be ground rules on what is acceptable – in terms of areas suitable for discussion that should not bring individuals or the company into disrepute. In this instance, there is danger of an irreparable breakdown in trust between a line manager and a new recruit. The inevitable question is ‘does the company have a social media policy?’ and if it does, is it in need of a review?
CISI delegates made the argument that technology can often move faster than a company can write policy, highlighting the importance of a greater focus on improved communication alongside policy updates. Delegates agreed that there should be ground rules on social media usage in company policies and they voted on possible solutions. The winning course of action, with 42% of the votes, was that the new member of staff should report the group to HR, using the photo he took of the phone as evidence.
The CISI’s published verdict on this issue says: “A key principle to remember is that office gossip and banter about other colleagues in any form is unprofessional and can cause significant damage in the workplace. In this case, Freddie has been unfairly targeted and put in a difficult situation by his manager and others’ poor behaviour.” The CISI’s recommended solution differs from that of delegates at the debate: the new member of staff should encourage his manager to tell HR about the group, as it’s clearly unacceptable. “This would enable Sam, the new manager, to do the right thing to rebuild Freddie’s trust and to appreciate the importance of not allowing office banter and gossip to exist in the workplace by having an appropriate discussion with HR.”
Context is everything – one person’s idea of ‘office banter’ could be another’s idea of low-level bullying. This is why good communication and clear parameters are so important.
Reputational damage
Creating a positive culture also requires buy-in from the top down, with higher standards expected of senior and/or public-facing employees. As Mike Sunier, managing director at financial services PR firm Crystal stresses: “The owners or senior management should lead by example and also make sure the firm’s beliefs as a business are effectively communicated to employees.”
But if, despite best efforts, misconduct sees the company in the headlines for the wrong reasons – what is the best course of action? Rather than going on the defensive, Mike supports a response of honesty and integrity. “In reputational terms, firms naturally want to avoid an issue becoming public and effective policies and internal communications can help.
“But if it does reach the public domain, the emphasis should be on admitting where there have been failings, without reference to any individuals, and how the firm is tackling it, so it is not repeated.”