Background
Chris is a young compliance officer who has recently joined XTB, a mid size international bank, where he is involved in overseeing compliance of their international operations department.
Because of the location of his office, Chris travels to and from work on the train surrounded by people some of whom are employed in his bank, but also many similar organisations and other financial services firms. There is much general chatter on the train, particularly telephone calls about work and Chris is surprised at the extent to which some people treat the train as an extension of their office, seemingly oblivious to their fellow passengers.
Chris is unsurprised therefore when on his way back from a meeting in the City, he sits next to two men having an earnest conversation but when he hears the words regulator, legal department and fine, he begins to listen more intently. The pair talk animatedly about maintaining the integrity of customer data in the face of an apparent data loss some time previously and Chris understands from what is said that the firm has not yet reported the matter to the regulator and there is an internal argument about whether to do so. Although the problem has now been resolved, based upon a recent case involving a major international bank, there is a strong possibility of the regulator levying a substantial fine if they do own up and this will significantly affect profitability and thus bonuses.
As one of the pair comments, “if no one in our organisation picked it up, the chances of anyone from the regulator doing so must be remote and anyway, no customer has been affected and no one has done anything illegal”
Chris is still intrigued about whom and what they could have been talking when, that evening, on his way home, the lift makes a stop several floors below where he works and he is surprised to see one of the pair whom he had overheard on the train, getting into the lift and using a Staff security pass to leave the building.
That evening, Chris tells his partner about what he had heard at work and she says that as he is still on probation at XTB, he must not interfere and this is none of his business. He agrees that is probably sensible and determines to put it to the back of his mind. However his resolution wavers when he encounters the same person entering the lift as he saw the previous evening. His uncomfortable feeling returns that, having become aware of what is happening, or rather not happening, probably he should do something; but what?
Should Chris have said something at this point?
Although new to XTB, Chris, as a compliance officer was in a position to report what he had heard to a more senior, or even the most senior, person in compliance, who would be in a position to decide what, if anything to do. Chris should have been able to do this, without being drawn into the underlying issue, which seemed to be his main concern.
Convincing himself that he had heard nothing of significance would not have been the right thing to do.
The next day
Arriving at his desk, Chris’s concerns are rapidly pushed to the back of his mind
when Louise, his boss, calls him over to tell him that the firm has been told to prepare for a visit from the regulator and that a major theme will be to look at the integration of the business of Vertigo Bank which XTB had bought three years previously.
On learning this, Chris felt that he should say something to Louise about what he heard on the train and related what he could recall, particularly that one of the pair which he had overheard, he had seen in XTB’s building and so assumed that the bank which the pair was talking about was actually XTB. Chris is concerned that they seemed to be engaging in a high level cover up, although he is not aware of the exact details.
Louise tells Chris that it is not something about which he should concern himself, but she will make some tactful enquiries with a colleague in International Wealth Management, which is located on the floor identified by Chris. If she discovers anything, she will let him know what it is all about, although she considers it unlikely that XTB would be a party to anything dubious. Chris returns to his desk and prepares for the regulatory visit but notices that Louise is away from her desk for some time.
Is Louise doing the right thing?
At this stage, Louise has received nothing more than hearsay, but she has responded positively, whereas she could have just said that one frequently hears gossip on the train and Chris should treat what he heard as just that.
Late that day, Louise returns to her desk and in due course calls Chris over. She tells him that she had been gone so long because, on going to speak to her colleague Martin in International Wealth Management, she had been drawn into a highly political debate regarding the matter which Chris had overheard on the train. It appeared that there was disagreement amongst XTB’s senior executives within Wealth Management about how the bank should most appropriately deal with the matter, in order to comply with its obligations to the FSA and at the same time maintain the confidence of the clients of Wealth Management.
Although Louise did not contribute to this discussion, she told Chris that when she had told Martin what Chris had heard on the train and that subsequently he had identified at least one of those involved as working inXTB, Martin had become extremely alarmed and said that they must go and see the Head of Compliance at once. Louise had then been made aware of the underlying problem, which had arisen following the takeover of Vertigo, when a decision had been taken to outsource client data processing to an overseas centre, which system was still in operation. As a result of a recent visit to the overseas data centre by a specialist of XTB’s internal audit team, it had been learned that a few months after the off-shoring process began, in the course of physically transferring data between two of the processing/storages facilities, the company vehicle had been involved in a road accident resulting in a fire which damaged some of the storage tapes. It now transpires that in accounting for the damaged tapes there is an inconsistency between the number of tapes which was recorded as being in the vehicle and the number which was recovered, the assumption having been made that the difference was accounted for by some tapes being destroyed in the fire.
Furthermore, there is uncertainty whether the tapes, which contained personal details of many of XTB’s wealthy international customers had been encrypted and, although the assumption was that the data had been, there was no evidence one way or another. This incident had not been reported at the time to XTB in London.
The resolution
The Head of Compliance was furious on learning this and immediately asked to see the Wealth Management executives, telling them that she was amazed and incensed by what she had just learnt. She then told them in no uncertain terms that XTB’s duty was urgently to report the matter to the regulatory bodies involved, indicating what actions had been taken to remediate the situation, hoping that this would positively influence any regulatory sanction. She added that if they did not agree, she would take it upon herself to report the matter, quoting both the financial regulator’s rules and principles but also the Data Protection Act requirements.
Following this, the Head of Compliance had then said to Martin and Louise that senior members of staff had been highly irresponsible in discussing a sensitive matter in a public place and that had it become public knowledge without the regulator being made aware, the impact on XTB could have been catastrophic. Accordingly, the opportunity must be taken to remind all staff of the dangers of holding discussions about work, taking or making phone calls, or using computers in public places where they could be overheard or observed.
Nevertheless her decision that the regulators must be advised was not influenced at all by learning that members of staff had been overheard discussing the matter in public, but rather that trying to suppress the incident was highly unethical and could have set a dangerous precedent within the firm and, since inevitably it would have come out, it would be highly damaging to the company’s reputation.
PS
Subsequently Louise asked Chris what he would have done if he had learned that XTB intended not to report their problems to the regulator. He replied that although he knew that he should then report the matter to the regulator, perhaps via the “whistleblowing” hotline, he remained uncertain that he would actually have done so, for fear of the consequences for himself and all his colleagues at XTB.
Further reading