Snakes in the grass: exposing the extent of conduct issues lurking within financial services firms

For too long, companies have been in the dark about the conduct of their employees. Shocking examples in financial services firms have dominated headlines in the last year, with significant monetary and reputational costs to the businesses involved. Radar spells out why it’s time to turn over those rocks and reveal the snakes that may be lurking within your firm.

Picture the scene: you’re in a dark room, all appears well, you’re alone. Then for a brief instance, a bright light illuminates the room. You’re actually surrounded by snakes. These snakes are of varying sizes, type and carry different levels of venom. Some are small but deadly, others huge and seemingly immobile – some are brightly coloured and easy to see, while others are camouflaged and indistinct. The lights go off. Where are the snakes? How do you identify them? What is your next move and action?

Apply this analogy to your own company. Every day you are surrounded by employees who, for all intents and purposes, appear to be hard-working, conscientious and adhering to the values of the business – and they probably are. You have a code of conduct in place, it appears to be working on the surface. But how do you know? What risks do your employees pose once they’re at their computer screens? Do they enjoy their jobs? Do they feel safe at work? Are they performing well or not? How do you measure everyone’s conduct?

All these are questions that for too long companies have been unable to answer, or have wilfully avoided knowing the answers. The following article exposes examples of the length and breadth of misconduct that has infiltrated the financial services industry – from high-profile examples to issues that have been flagged by companies that have deployed Behavox. It may make you think twice about continuing to remain in the dark.

Criminal activity on corporate devices

Let’s dive in at the deep end. Of course, there will always be occasions in which staff may slip up on corporate devices: a cheeky text to their spouse, gossip about the night before between colleagues perhaps. Usually, this will be harmless and of no concern for the HR team. Unconscious lapses are one thing, but what about instances where employees commit criminal activity or serious misconduct while at work?

One firm, which has successfully deployed Behavox’s platform, picked up that an employee had arranged to pick up illegal drugs using their work phone. The individual in question had then gone on to discuss with colleagues the concoction of alcohol and drugs they would take, and which was best.

In another instance, a senior member of staff was using the corporate network to arrange prostitutes, writing “tell her to wait for me in the hotel. I cannot use my corporate card so will use cash” via Blackberry messenger on his work phone. This is not an isolated incident; on one occasion the arranged prostitute proved to be underage.

At another company, Behavox’s platform uncovered examples of employees using racist language in Slack messages – referring to colleagues as “monkeys” and suggesting they were a “diversity hire”. There was also chat between a group of colleagues in which they had used the company’s IM system to discuss their female colleague in an explicitly sexual way. “So what?” you might think…”they were only fooling around”. But what if those chats were read aloud in a courtroom or a senate hearing as an example of a firm taking advantage of their clients or not taking their fiduciary duties seriously? Does that still look like “fooling around”?

What is most alarming here is that, had the company not been using Behavox, it is unlikely that the activity would have been picked up. Business would have continued as usual with staff, often senior staff, conducting criminal and illicit activity and putting the reputation of their company precariously on the line.

This is not just about failing to meet regulatory codes or expectations, it’s about the expectations of the market and of society. Do you want the general public to know, as they inevitably will, that a member of your c-suite has used your office to pursue criminal activity – and that your firm turned a blind eye? The evidence is there, it undeniably exists in your company data. Wilful ignorance will not be tolerated much longer.

It started small but will grow if it is left untreated – bad conduct becomes bad culture

Most companies will at some point address unruly or rule-breaking employees. Some companies may even have to deal with employees who have committed criminal offences – though these will, more often than not, be one-off incidents. It is a nuisance and an embarrassment that most firms will want to avoid. Some may choose to ignore these issues. But this is how a bad culture festers. Bad culture develops on smaller conduct issues and the failure to tackle them. It often starts with an individual pushing a boundary, which turns into accepted group behaviour, which permeates the life-blood of the company and becomes comfortable and systemic.

Take Uber, for example, where a blog post about a culture that failed to tackle sexual harassment ended with the firm paying $1.9m to 56 workers who were victims – all part of a larger class action involving 485 people who claimed discrimination.

In December, a New York Times article entitled “This is what racism sounds like in the banking industry”, revealed that when one customer enquired as to why he was facing difficulties in becoming a private client at JP Morgan he was told, “you’re bigger than the average person…and you’re also an African-American.” The customer had been recording the conversation, which he subsequently shared with the media outlet. The article uncovered other instances of racism at JP Morgan towards its own employees, including denying one black employee a promotion opportunity. This came only one year after JP Morgan paid $24m to settle a case of discrimination brought by six black employees.

In November 2019, the Financial Times ran an article entitled “Betrayed by the Big Four: whistleblowers speak out”. It uncovered tales from 20 former employees of EY, Deloitte, KPMG and PwC who had all experienced differing levels, and in some cases, deeply shocking cases of harassment, bullying and discrimination.

HSBC recently received a warning from the Bank of England about its conduct-risk controls after an anonymous staff survey found it ranked lowest out of seven banks when staff were asked whether colleagues “turned a blind eye to inappropriate behaviour.”

Where these conduct issues would once have remained latent and for insiders only, they are more often being exposed. The above examples give a flavour of the stories that have been in the press over the last year. Bad conduct costs. Not only does it cost money as the regulators tighten their grip on the issue, but it can cost a company its reputation, which can disappear overnight and never be restored. If a firm fails to have in place an effective system that can detect misconduct, it may be left unresolved and become part of the company culture. This is far harder to overhaul, and causes far more damage, than a single, rogue employee.

Bad conduct doesn’t always have a bad foundation

Bad culture and conduct does not always exist outside the realm of work-related issues. Sometimes it can form precisely because of the way in which a company carries out their work: long hours, inflexible systems, boisterous management. Activities that may often begin as well-meaning encouragement can soon turn toxic or become bullying if not carefully monitored. These are particularly rife in hyper-growth companies.

Challenger-bank Revolut, for example, narrowly avoided a media storm in February last year when former employees told Wired that it was implementing unachievable targets, unpaid work and high staff turnover. One individual who had applied for a role at the company recalled how, during her job interview, she had been asked to recruit 200 clients in a week in order to pass through to the next stage. Some former employees said this reflected the culture of “hitting targets at all costs”. In response, Revolut CEO, Nikolay Storonsky, wrote a blog post – “Revolut’s culture: the past, present and the future”, in a bid to have an open and frank discussion about the issue. He admitted “we haven’t always gotten things right” but noted that he had reflected on past mistakes and the company was taking strides to focus on the future of its culture. “I’m not going to pretend that we’re perfect, but we absolutely want to be,” he said. Revolut’s culture had stemmed from a desire to be profitable, productive and to delight its customers. Unfortunately, it was at the expense of employee wellbeing.

When does a personal issue become an issue for corporate attention

Workplace bullies (and the bullied), predators, those committing harassment, the wrong conduct and culture – all of these can be hard to spot when the majority of interaction now takes place in the digital realm – over comms platforms, in email or text. The same logic can be applied to employees facing personal stress and strain. Staff will often appear fine in person, but issues could be bubbling up underneath that may affect their performance, their tolerance to stress or even a temptation to conduct illicit behaviour.

A Behavox client recently found that one of its employees was going through a divorce. A very common fact of life. However, this situation got escalated by Behavox’s system because it transpired that the individual in question was using company email to send extremely abusive, expletive and threatening emails to their soon-to-be ex-partner. Their compliance team picked them up and passed them onto the individual’s manager.

Regulators do not explicitly say that a person cannot abuse their spouse via company email – nor is it necessarily within the compliance team’s remit to tackle such personal issues. However, regulator expectation is shifting. It is now becoming the thinking that the way an employee behaves is intrinsically linked to their propensity to carry out illicit behaviours or misconduct. If a person is willing to send abusive emails via corporate portals, where might he draw the line? If a person is suffering from deep personal debt, are they best placed to be handling confidential information about multi-million-pound trades? As Andrew Bailey, Governor of the Bank of England, recently noted, “a firm’s culture can’t be divorced from how they run themselves internally. What you do inside your firm and how you behave will have an effect on our objectives. So please don’t think that we are prepared to ignore what goes on and moreover, that we expect management not to ignore it.”

While these examples exist within the realm of financial services, they are not the only industry at fault. Bad conduct and culture is not endemic to one firm or one industry – it’s pandemic – perpetuated by those who operate in the grey areas or take advantage of a company that they know to be ignorant to employee behaviour. One headline about a rogue employee at a company is far less damaging than a headline about multiple rogue employees at a firm that failed to harness the tools available to monitor their data.

If a firm doesn’t know their employees, they are unable to properly understand the conduct and culture that lies within. Unless a company employs a platform that monitors and analyses employee data in real-time, it will remain in the dark to the issues that have the potential to tarnish both profits and reputation. It’s time to uncover the snakes.