Conduct risk threat rising
April 3, 20173 April 2017
Banking giant Wells Fargo fires 5,300 employees for opening fake accounts, which would later cost the CEO his job. Stadium caterer Centerplate fires its CEO after elevator video surfaces showing him kicking a dog, but not before the matter is painfully stretched out over days amid much second-guessing and threats of food boycotts. Soccer giant FIFA finds itself embroiled in bribery allegations over the World Cup. The Russian Olympic federation engages in mass doping.
What do these seemingly disparate scandals have in common? At the centre of their storm is some form of alleged bad conduct by key actors in the organization, showing critical ethical lapses that exposed their organizations to risk.
“Conduct risk” is quickly emerging as a leading threat in-house counsel and their C-level executives must manage. It comes at a time when regulators, legislators and a grumpy public are aiming their arrows at what seems to be a growing phenomenon of bad behaviour across both corporate and public institutions.
Maryse Bertrand has seen firsthand the impact bad conduct can wreak on an organization. Bertrand was General Counsel at CBC when star broadcaster, Jian Ghomeshi, became embroiled in sexual assault allegations and complaints that the Q radio host breached CBC’s workplace policies.
“Everybody has a Ghomeshi,” warns Bertrand. “You’ve got to realize it and address it.”
By that, she means beware of the star factor and managing a workplace where big egos dominate the culture. It’s not simply the media business. Every industry has its challenge, whether it involves high-performing salespeople, rainmaking consultants, or highly skilled surgeons, lawyers, investment bankers or engineers.
Bertrand is now a full-time Director, sitting on the boards of Caisse de dépôt et placement du Québec, National Bank Financial Group and Metro Inc.
Prior to her Caisse appointment, she wrote in Borden Ladner Gervais LLP’s publication, Top 10 Legal Risks for Business in 2017, that conduct risk is an “increasing threat” companies face. She cites four key factors driving the risk:
The pressure to meet high-performance targets in a low-growth economic environment will lead to higher incidences of unethical or illegal conduct;
An increasing regulatory burden is putting added strain on “already constrained corporate resources” when it comes to operational and compliance functions;
Social media, which is “amplifying” public scrutiny; and
A decrease in the public’s level of trust and tolerance for business missteps.
The threat that the conduct of one—or many—will expose companies to financial and reputational loss is at its highest point ever, she concludes.
Daniel Marion agrees. “It’s something that will not go away and will even increase over time,” says the Vice-President of Legal and Contracts for Thales Group, which designs and builds electrical systems, and provides services for the aerospace, defence, transportation and security markets. “There is always an incident somewhere, especially if you have a global reach.”
Indeed, the threats can come from any direction. Maybe it’s a rogue employee or an agent engaged in anti-corrupt behaviour involving bids or sales contracts overseas. It might manifest itself by an employee posting what he or she thinks are harmless comments on social media, which then draw widespread public attention.
It can also arise through no fault of anyone within your organization. For example, the questionable conduct could relate to a supplier and your company is suddenly caught up in a scandal by mere association. Maybe that multi-million-dollar sponsorship investment blows up because the celebrity, athlete or sporting event that your company invested in is at the centre of a public storm.
Both the recent FIFA bribe scandal and the Russian Olympic doping scandal have sponsors revisiting their contracts and probing deeper into their sport investments, experts say.
“In almost 20 years of practice, I am being asked about the IOC’s [International Olympic Committee’s] reputation,” says Jolan Storch, a lawyer and former professional volleyball player who focuses on sponsorship and sports marketing.
A former General Counsel and Business Advisor to the Canadian Olympic Committee, Storch says Olympic sponsors at both the domestic and international levels are taking a harder line and putting forward additional clauses they would like to see in their contracts to protect their investment. “I think that all companies that participate in sponsorship are aware that something like that could happen.”
Because the threat of conduct risk is so far reaching and can manifest itself in so many different scenarios, it’s almost impossible to bulletproof your organization, the experts say. However, in-house counsel still need to be prepared for the inevitable. So where do you start?
Here are five must-dos for corporate legal departments concerned about their organization’s conduct risk exposure.
1. Stakeholder relations matter
Do you have a stakeholder relations strategy that properly encompasses the community in which you operate and is it effective? Stakeholders can be your biggest ally or worst thorn in a conduct crisis, warns Sinziana Dorobantu, Assistant Professor at the Leonard N. Stern School of Business at New York University, who researches stakeholder relations. Her research shows that how a community views a corporation goes a long way to surviving a “critical event.”
In a recent paper, Dorobantu and her co-authors examined 51,000 media-reported events involving 2,300 political, social and economic stakeholders, and 19 publicly traded gold mining firms. The study found that stakeholders’ prior beliefs about an organization impact how they react to a company following a critical event. The stakeholder’s initial response then has a “cascading” impact that flows through peer stakeholders.
Therefore, if key stakeholders perceive you positively and a negative critical event takes place, there’s a greater chance of surviving intact than if stakeholders dislike you in the first place.
“Building relationships with different stakeholders matter a lot,” Dorobantu says. The problem, she says, is that “companies simply don't devote enough time to building these resources” because of the costs and time involved.
2. Conduct Response Plan a Must
Jeffrey Goodman, an employment lawyer at Hicks Morley Hamilton Stewart Storie LLP, says companies need to treat conduct risk like they would disaster planning and recovery, and design a plan to address potential harms, such as a social media maelstrom.
Many conduct-related events move too quickly to make things up on the fly, he cautions, so some advanced preparation is necessary. With an official investigation or regulatory action, a company usually knows it's out there and “you have got weeks to figure it out.” However, if the conduct involves an employee “doing something on the Internet,” it can go viral in “minutes.”
He recommends mapping out an advance plan including who should be on the response team, and make sure it is updated regularly. Include the proper blend of talent from communications to HR, privacy, legal and operations, depending on what the conduct centres on.
3. Processes and policies
While process and policies won't stop a rogue, they are critical nonetheless, as they set the tone and culture for an organization. Richard Powers, Associate Professor at Rotman School of Management at the University of Toronto, who lectures on governance, says good corporations make sure they have ethical codes in place and have employees regularly review and sign them. He suggests making sure there are appropriate morals clauses in employment contracts and employee codes to cover inappropriate conduct.
Whistleblower regimes are also becoming more popular to ferret out bad behaviour. However, he says, don't simply drop the whistleblower regime in the Board’s lap. “They don't have the resources,” he says, suggesting that companies use a third-party employee assistance provider.
When it comes to doing business overseas, Powers, a former in-house counsel at Honda Canada, stresses that it’s important to have programs and policies in place to ensure that your agents and third parties are abiding by things like anti-corruption laws. And, he says, they have to be followed through with internal and spot audits to keep people honest.
4. Train, train, and then train some more
Thales’ Marion stresses the importance of constantly training employees on policies, especially when the employees are new, or there are changes or developments in policies. That includes live training and practice drills on how to respond if something bad happens. While training and testing employees won't prevent a rogue from acting out, it can temper the regulatory impact on the company down the road.
For example, when a former Morgan Stanley employee pleaded guilty in 2012 to conspiring to evade internal accounting controls that the investment bank maintained under the U.S. Foreign Corrupt Practices Act (FCPA), it was the evidence of training and programs that helped the firm avoid the wrath of the courts and the SEC.
Morgan Stanley, which was not charged and cooperated with investigators, was able to show the court that it had internal policies in place to prevent employees from “offering, promising or paying anything of value to foreign government officials” and those policies were frequently monitored and updated. That included training the employee on its FCPA policies seven times and providing him with 35 compliance reminders.
Although that didn’t stop him, it effectively provided the firm cover when investigators came knocking.
5. Communications is critical
Bertrand says the Ghomeshi incident “taught me the importance of the communication aspect of your response. Communications is key.”
Also, don't assume that people read and understand codes of conduct and employee handbooks or even follow them. “Having a robust policy is one thing,” she says, but making it effective is another. She urges that companies need to review their policies to make sure they are comprehensive and aren’t contradictive.
CBC hired an outside law firm to investigate the Ghomeshi incident and its report provides a roadmap on what to avoid in the workplace.
It identified a number of telltale signs of Ghomeshi’s conduct in the workplace that should have been flagged and further identified weaknesses in CBC’s policies and enforcement, including the existence of “Host Culture,” where conduct is tolerated because someone is considered a star employee. Adding to the mix, according to the report, was a lack of a direct boss, as the producers and Ghomeshi belonged to the same union bargaining unit.
It urged CBC to clarify its policies, including defining what constitutes the workplace and consensual relationships at work, as well as a creating a definition around what constitutes a “poisoned work environment.” It called for enhanced procedures on what management should do with information of a policy breach and the creation of a standalone Respect at Work policy. It also called for customized training, spot audits, a workplace hotline and better training for those tasked with investigating workplace conduct.
Bertrand adds that when a matter becomes highly public, as the Ghomeshi affair did, it’s important that those investigating the matter have direct access to the Board, as often the “CEO doesn’t have the sufficient level of detail to satisfactorily deal with the Board’s anxiety over the matter.”
Bertrand, who recently completed her Master of Science degree in Risk Management and has been looking at a range of crises that companies face, observes, “You won’t be judged on the fact that something happened that was bad. They really judge you on how you manage it.”
For Marion, he expects conduct risk to play a growing role in that judgment. “It’s not something only legal departments have to focus on. It’s something many companies as a whole have to focus on.”
Jim Middlemiss is a writer based in London, Ontario.
This article was initially published in the Spring 2017 issue of CCCA Magazine.