Managing Employee Risk – Part 3 – Disciplinaries, Investigations and Departure

In the previous article, we considered how to manage employee risk on an ongoing basis through oversight of employees and also through the provision of learning and development. This final article sets out some thoughts on how a business should respond in the event of any concerns over an employee’s conduct and also when an employee decides to leave.

Disciplinaries

In the same way as the provision of training can be an important defence in the event of any issue arising at a regulated business, it is important for a regulated business to take action in the event of any concerns arising over an employee’s conduct.

It’s generally a defence for individuals to say that they followed a business’s policies and procedures. But this places the onus on the business and its designated personnel (in particular the compliance personnel) to ensure that the policies and procedures meet and keep up-to-date with the relevant requirements of the legal and regulatory regime. It also emphasises the importance of the work that compliance and internal audit teams do to monitor that employees do comply with the business’ procedures throughout the year.

Similarly, if an employee is found to have been responsible for any deficiencies or breaches, the business must consider taking action. This may well just mean further training or some form of words of advice, but in the event of deliberate, repeat or significant breaches, the business may have to consider invoking its disciplinary process. This process protects the business in the same way that following the policies and procedures protects its personnel.

Investigations

The steps a business and its employees should take when things go significantly wrong will very much depend on the precise circumstances of the situation and should potentially also be informed by legal advice.

As already noted, employees should generally follow the business’s policies and procedures in order to protect themselves. However, they should also raise a query where they think a policy or procedure is wrong or inappropriate. If the employee has a position of responsibility or if their concerns are sufficiently serious, they may consider if necessary to formally document their concerns, for example in a report to the board or even just in an email. In the worst case, it may be necessary to escalate concerns even further or even to whistle blow (to HR, a director or the regulator), although this should only be done with great caution.

The key for employees is to ensure that they can evidence that they did everything they could to prevent or minimise any misconduct or other issue, particularly if this impacts on clients.

In the event of a formal investigation, we would recommend that an employee who finds themselves involved, whether as a subject of the investigation or just as a witness who is providing the authorities with evidence, cooperates fully in order to reassure the authorities over their personal integrity. However, we would also say that an employee in such a position should consider getting their own legal advice.

A regulated business should record any breaches, errors or similar matters where they relate to an employee’s performance and should ensure that appropriate action is taken in response, including potential disciplinary action. Again, the aim here is for the business to evidence that it did everything it could to ensure that employees knew what they had to do, e.g. by providing appropriate training, and that it has a defence in the event of any misconduct or other issue.

If a regulated business does find any significant issue, it may be necessary to launch a formal investigation and potentially report the issue to the JFSC or other relevant authority. Such reporting will likely trigger questions from the JFSC or other authority, such that obtaining legal advice may be advisable.

Departure

Even in the vast majority of cases where an employee is leaving for perfectly normal reasons and there were no issues which triggered their departure, there are some risks of which businesses should be aware. It may be necessary to impose additional controls on an individual during their notice period, for example blocking access to client/sensitive files and disabling any portals for data sticks. There have been cases of individuals taking client lists and hundreds of pages of sensitive documents during their notice periods and businesses should consider taking measures to guard against this.

In some instances it would be ideal to place an individual on gardening leave immediately once they hand in their notice but often a business does not have the necessary level of resource available. We would typically suggest that the handover of the departing individual’s work starts pretty much immediately with another colleague attending all meetings, being copied into emails and generally learning the ropes with the aim of a seamless and professional transition.

For a business’ key people, there may be contingency measures in place for their departure and these measures can be implemented or accelerated, for example promoting someone from within their team, bringing in a colleague from another team or office or engaging external support.

It may be necessary to notify stakeholders such as the regulator, the market, client contacts, or other offices, and just as when new personnel join the business, it is possible that the regulator may wish to interview departing personnel to understand whether the individual’s departure was triggered by anything of interest.

A business should always try to understand the reasons for an employee’s departure. It may well be that the trigger was innocuous or expected – family reasons, more money or career development – but these may still help the business understand how it measures up against competitors – perhaps it should consider allowing flexible or remote working, perhaps pay levels have fallen behind industry standard, perhaps your staff don’t feel they have sufficient learning and development opportunities. Or the business may even learn about a more significant or fundamental problem.

Finally, depending on the role and seniority of the individual, there may also be a need to update relevant documentation such as policies and procedures and the Business Risk Assessment.

Conclusion

It’s impossible to overstate the importance of its personnel to the success of a regulated business.

We’re all aware of the trend over recent years, accelerated by the pandemic, whereby people are realising that there is more to life than work. If businesses want to get the best out of their people, they have to recognise that businesses have responsibilities to their personnel. There are the fundamental legal and regulatory responsibilities of course, but what employees expect of the businesses that employ them is continuing to grow.

Similarly, what clients, customers and the JFSC expect of regulated businesses is also growing and this means that the performance of their employees is increasingly important. Every regulated business has to be aware of and mitigate as much as possible the risks that their employees present.