UK Report Spotlights Internal Reporting
British regulators published a report last week on how financial firms handle allegations of personal misconduct, finding that a significant number of firms don’t have any formal governance process to review complaints and a small number still don’t even have required internal whistleblower programs.
The report was published last Friday by the U.K. Financial Conduct Authority, which regulates a wide range of financial firms there. It was based on a survey of nearly 1,000 financial firms operating in London, and specifically looked at reports of non-financial misconduct (discrimination, harassment, drug abuse, workplace violence, and the like). Many of the findings were broadly in line with other studies of whistleblower programs that look across multiple industries or multiple countries; but the report flagged a few issues that are worth examining in detail, so that you can assure that they won’t cause problems in your own organization.
For starters, one-third of survey respondents said their firm has no formal governance structure or committee that decides the outcomes (including disciplinary actions) for employees involved in non-financial misconduct cases. That lack of governance structure even persisted among larger firms, sometimes to an alarming degree.
For example, among market intermediaries (banks, brokerages, and other firms that help buyers and sellers execute transactions) that had at least 250 employees, 39 percent said they had no committee that decides outcomes for non-financial misconduct. Forty-four percent of large market insurers said the board receives no management information about non-financial misconduct.
The FCA readily admitted that not all firms need a formal governance structure — but the larger the firm, the more you do need one, to assure consistency in discipline across large numbers of employees. So those large firms without a governance structure left the FCA concerned. “The responses to questions about board [reports] and governance structures suggest that large firms’ governance and oversight of non-financial misconduct could be falling short of our expectations for the size, nature and complexity of the firms’ businesses,” the report said.
I would simply note that here in the United States, the Securities and Exchange Commission’s many settlements with financial firms for off-channel messaging apps always include provisions for stronger governance of disciplinary action, to assure that violations are enforced consistently and proportionately. Sure, those violations involve recordkeeping rather than personal misconduct, but the theory is the same: companies need a mechanism to enforce consistent discipline, because that, in turn, supports a strong culture of ethics and compliance.
So, does your organization have a formal structure to review and adjudicate reports of personal misconduct? Is that structure documented, and suitable for your organization’s litigation and compliance risks? Those are the questions you want to ponder.
The report also found that a small number of firms (anywhere from 3 to 10 percent, depending on the type of firm) still didn’t have a whistleblower program as required by law. In this day and age, however, you gotta wonder about any financial firm that hasn’t achieved these table stakes of a compliance program. #FrownUpon
Other Numbers About Reports
The FCA report also found a steady increase in both (a) the total number of reports that firms received over the last three years and (b) the number of incidents per 1,000 employees. See Figure 1, below.
The FCA called that increase “significant,” and in relative terms that’s true. For example, if you went from 1.8 reports per 1,000 employees in 2021 to 5 reports per 1,000 by 2023 (which happened for market intermediaries), that means your rate of complaints more than doubled in two years’ time. That should set off alarms in any compliance or HR department.
Except, we’re not yet sure how much that surge is due to more employees coming back into the office after the pandemic, or to employees being more willing to report misconduct (good), or to more employees acting like jerks (bad). Most likely, that surge is due to all three factors, with each firm experiencing its own mix of those forces.
The mix of issues followed predictable patterns. Bullying was generally the top specific complaint, followed by sexual harassment and discrimination; although the catch-all “Other” category exceeded all three, at roughly 40 percent of all complaints for all firms. See Figure 2, below.
The above findings are largely in step with other workplace complaint studies we’ve seen, such as Navex’s annual analysis of internal hotline complaints. Almost every year Navex finds that workplace behavior issues are the lion’s share of all internal reports, with issues such as accounting fraud or corporate corruption trailing behind. Even under that umbrella category of workplace behavior, however, “Other” typically outpaces all specific categories that Navex tracks.
Another interesting finding: most complaints, across all major categories the FCA report identified, led to employee discipline or some other action (verbal warning, reassignment to another team, and so forth). In other words, most complaints were substantiated. See Figure 3, below.
High substantiation rates are fine — they demonstrate that the organization has strong investigation capabilities and that few folks file bogus complaints — but do consider the implications here. If you have high rates of substantiation and disciplinary action, it becomes more important to have clear disciplinary policies, follow them rigorously, and document your decisions. Otherwise you’re exposing yourself to retaliation complaints, litigation from unhappy employees, and even nasty-grams from regulators reviewing your compliance program.