// By Anne M. Simmons
The financial crisis has created significant chaos in the markets, the workplace, and in the personal lives of millions of people worldwide. This is a time of enormous stress. The long-standing, familiar rules of the game no longer seem to apply. As a result, equities are plunging and layoffs are mounting. So many of us feel the ground falling out from under us, and yet we feel powerless to do anything about it.
This is a toxic combination for corporate ethics. Unfortunately, people – good, hardworking people – don’t always act rationally in times of stressful chaos. When fear gets the better of us, we have a tendency to lay low, hoping not to bring what we perceive as negative attention to ourselves. Why report practices that violate our company’s policy if it could result in angering our management and losing our jobs?
The fact is, when layoffs are widespread and employment opportunities scarce, no one really trusts the promise of non-retaliation in their employer’s code of conduct. What employee with a family to support would blow the whistle in such times?
And yet so much of this current crisis results from people failing to report risk. In an analysis of what went wrong at Merrill Lynch, Gretchen Morgenson reports that Ahmas Fakahany, the firm’s vice president and chief administrative officer, “had weakened Merrill’s risk management unit by removing longstanding employees who walked the floor, talking with traders and other workers to figure out what kinds of risks the firm was taking on.”
What if those employees had at their disposal a mechanism that allowed them to bypass Mr. Fakahany and report those firm-threatening activities directly to the Board? Would the Board have orchestrated an intervention? And if they had, would Merrill still be an independent firm today?
In a survey of CFO’s conducted by the online publication Treasury & Risk earlier this year, more than 30% said they’d been disrupted by financial and operational “surprises” in the past year.
Clearly, very few companies can afford “surprises.” Every one of us wants to get out in front of problems before they jeopardize our company’s reputation and balance sheet. But let us state the obvious: “surprises” don’t come out of nowhere. All of today’s troubled entities (Merrill, Lehman Brothers, AIG, Fannie Mae, Freddie Mac, IndyMac, WaMu, etc.) had employees who were aware of and feared the risks they saw members of their organization taking on, but lacked a voice to report them to the people who were in a position to end the recklessness.
I passionately believe that to mitigate risk in any meaningful way, employees must be provided with a mechanism to report risk without fear of retribution. Moreover, the only way (emphasis on only) to prevent retribution is to guarantee anonymity. And that requires the aid of a third-party specialist who can receive reports, verify their veracity, and inform the Board so that no major issues will be swept under the rug.
Now, every company has a code of conduct, and by law, those codes lay out the company’s whistle-blowing policy. But how good are those whistle-blowing policies?
This past summer I spent a chunk of time reviewing the codes of conduct of all the companies that participated in Ethisphere’s 2008 World’s Most Ethical Companies benchmark study. I focused on the language concerning their policies for reporting wrongdoing. What I found is that far too many of these companies – and mind you these are the crème de la crème of ethical companies – instruct their employees report violations to their managers.
Unfortunately, the chain of command couldn’t be more inappropriate, particularly if, as was the case with Merrill, “command” has a strong incentive to keep its activities hidden because profits were just too good. If I send an email to my supervisor, as many of these companies instruct their employees to do, anonymity doesn’t stand a chance.
A Strategy for Uncovering “Surprises”
If your company is at risk for surprises – if, for instance, you’ve recently suffered rounds of layoffs and your employees are likely to be laying low – as chief risk officer, you need to put a strategy in place that lets you uncover problems early on. Here’s what I suggest:
Walk the floor. Find out what people are saying about your firm. You want to uncover their gripes, concerns and potential embarrassments to the company’s reputation so that you can address them immediately. Approach employees one-on-one in break rooms, offices; any place that doesn’t feel like a public forum so as to solicit honest and unfiltered feedback. Be sure to emphasize the company’s – as well as your personal – commitment to non-retaliation. Word will quickly spread that ethics is an important part of the company’s culture, and that employees should feel safe reporting wrongdoing.
Have policies in place that guarantee non-retaliation. Work with a third-party to develop a system for collecting reports, verifying the information from employees anonymously, and following up with those employees while still maintaining their privacy.
Block mid-level interference. Reports of wrongdoing, once vetted by a third-party, should go to the Board. Exposure to the Board all but mandates that serious issues be investigated. Failure to do so all too often results in cover-ups or sidetracking by the very people responsible for troubles.
In conclusion, economic downturns are stressful times for employees, and there is little incentive for them to report the kind of risk-taking that has brought our economic to the state it’s in today. Chief Risk Officers need to combat that fear with a strong whistle-blowing policy, one that guarantees anonymity by engaging a third party to collect those reports, and to forward the serious issues directly to the Board. Too many Chief Risk Officers say they’re worried about surprises that may bubble up on their watch. The sooner they learn about those surprises, the sooner they can address them. That’s what a whistle-blowing policy is for.
Comments? Suggestions? I’d love to hear your thoughts.
Anne Simmons is the co-founder, president and CEO of Board Advisory Services (BAS), a consultancy group founded on the fundamental belief that organizations can find a balanced approach to ethics, controls, and compliance to drive improved shareholder contributions in the near- and long-term.
