7 tips for compliance officers to effectively handle misconduct

Consider some of the most impactful headlines, such as the collapse of energy giant Enron in 2001, which underscored the severe effects of misconduct on both financial stability and public trust. Similarly, Theranos – a so-called blood testing revolutionary once valued in the billions, crumbled after investigations exposed that their technology was defective, producing inaccurate results that led to serious medical errors.

The above instances are only a few among thousands of organisational misconduct scandals. It goes without saying, whistleblowers have a major role to play to unmask misconduct stories. However, whistleblowing and its repercussions is never easy. It can damage and impact employees in myriad ways, such as personal and professional grievances. It can also take a major toll on organisational image, reputation and risks hefty legal repercussions.

So, the job is a big one to address misconduct cases timely and maintain ethically compliant business environment. But the real question is: how do you tackle misconduct effectively when it arises? And are there ways to prepare for the storm?

Defining misconduct in a professional environment

Misconduct in the workplace is any behaviour or action that violates company policies, ethical standards, or legal regulations. It can range from relatively minor infractions, like inappropriate use of company equipment, to severe offenses, including harassment or fraud.

Based on research, just over half (52%) of employees have experienced or witnessed inappropriate, unethical, or illegal behaviours at work. The most prevalent of these behaviours were bullying (51%), sexual harassment (40%) and racism (30%). Misconduct undermines the organisational culture and can lead to significant financial and reputational damage.

What are examples of misconduct?

Workplace misconduct covers a broad spectrum of behaviours, ranging from minor policy violations to serious unlawful actions. Common forms of misconduct include:

• ‍Bullying: Persistent offensive, intimidating, malicious, or insulting behaviour that makes the recipient feel upset, threatened, humiliated, or vulnerable.‍
• Sexual Harassment: Unwanted sexual advances, requests for sexual favours, and other verbal or physical conduct of a sexual nature that affects an individual's employment.‍
• Fraud: Deception intended to result in financial or personal gain.‍
• Theft: Stealing company assets, whether tangible or intellectual.‍
• Discrimination: Unfair treatment of employees based on gender, race, age, disability, orientation, or other protected characteristics.

Below are some fictional illustration of types of misconduct.

Example 1: Misuse of company resources

Story: James had been a reliable employee at the logistics company for several years, but recently, his colleagues noticed unusual changes in his behaviour. He started staying late, claiming to work on pressing deadlines. However, an IT audit revealed a different story. James had been using company computers and his access to the logistics management software to run a small side business, coordinating shipments for personal profit. This misuse of company resources and breach of trust placed James squarely in the middle of an internal investigation.

Example 2: Inappropriate behaviour

Story: The annual office party was always a highlight at Marketing Maven, a place known for its vibrant culture and close-knit team. However, this year's event took an uncomfortable turn. Lisa, a new addition to the team, was visibly uncomfortable as her supervisor, Mark, made several inappropriate comments and advances throughout the evening. Although initially brushed off by others as "just Mark being Mark," Lisa felt alienated and filed a complaint the following day.

Example 3: Data deception

Story: Sarah, a data analyst at a burgeoning tech start-up, was under pressure to deliver positive reports on a new app's performance. Facing the threat of reduced funding if the real numbers were revealed, she manipulated the data, enhancing user engagement metrics to secure further investment. The truth surfaced when an external audit was conducted, revealing the discrepancies, and putting the entire company's future at risk.

Example 4: Conflict of interest

Story: Miranda, a member of the city council, played a pivotal role in the decision-making process for urban development projects. She advocated strongly for a new commercial complex which was set to rejuvenate the downtown area. However, it was later discovered that Miranda had failed to disclose her financial interest in the construction company awarded the project. This conflict came to light when an investigative report revealed her undisclosed shares in the company, leading to an ethics investigation to assess the extent of her involvement and the legitimacy of the project's bidding process.

What is the difference between general and gross misconduct?

General and gross misconduct have pivotal differences. General misconduct might include situations like consistent lateness or minor breaches of company policy, which, while disruptive, can often be remedied through corrective actions or disciplinary measures.

Gross misconduct, however, is more severe and may warrant immediate dismissal without notice. Examples include theft, physical violence, serious insubordination, or significant breaches of safety protocols.

Here are two fictional examples to distinguish both:

General misconduct

An example of general misconduct is when an employee behaves in a manner that contradicts the ethical or professional standards set by their organization. For instance, a manager might exhibit favoritism towards certain employees without any objective basis, affecting fairness and morale within the team. This type of behavior can undermine the integrity of the workplace and lead to a toxic environment, potentially harming the company's culture and productivity.

Gross misconduct

An example of gross misconduct is when an employee commits fraud, such as embezzling funds from the company. This not only involves stealing money but also falsifying records to cover up the theft. Such actions breach trust to a degree that typically results in immediate dismissal and could also lead to legal consequences for the employee involved.

Key legal frameworks in the EU, DACH Region, and UK

Compliance officers are tasked with the intricate job of understanding and applying a diverse range of legal frameworks that regulate workplace behaviour. These laws and regulations not only differ from one region to another but also cover a broad spectrum of compliance aspects from employment standards to data protection and ethical conduct. A thorough grasp of these legal frameworks is essential, not just for managing and resolving incidents, but also for preventative measures such as staff training and policy development. ‍

European Union (EU)

In the European Union, compliance officers must consider several key directives and regulations. In the European Union, compliance officers must navigate a complex landscape of directives and regulations crucial for maintaining legal and ethical standards. Among these, the General Data Protection Regulation (GDPR) stands out, significantly influencing how organisations manage personal data. The Working Time Directive governs maximum work hours and mandated rest periods, ensuring employee health and safety.

A critical addition to these regulations is the EU Whistleblowing Directive, which provides a robust framework for the protection of whistleblowers. This directive mandates that organisations establish safe channels for reporting breaches of EU law, ensuring that whistleblowers are protected from retaliation and their identities kept confidential. This complements the EU's Anti-Discrimination Directive, which safeguards against workplace discrimination based on sex, racial or ethnic origin, religion, disability, age, or sexual orientation.

DACH Region (Germany, Austria, Switzerland)

‍Each country in the DACH region has its own set of laws impacting workplace compliance. In Germany, the Works Constitution Act (Betriebsverfassungsgesetz) and Federal Data Protection Act (Bundesdatenschutzgesetz) play critical roles, alongside specific laws governing anti-corruption and corporate governance, such as the German Corporate Governance Code. Additionally, Germany has implemented the Supply Chain Act (Lieferkettengesetz) which mandates that companies manage their supply chains to prevent human rights violations.

The German Corporate Governance Code further outlines standards for transparency and ethical business practices. Austria follows similar principles but has distinct nuances in its Labour Constitution Act and Data Protection Act. Switerland, though not an EU member, aligns closely with EU regulations like GDPR and has strict laws governing employment and data protection, detailed in the Swiss Code of Obligations and the Federal Act on Data Protection.

United Kingdom

‍Post-Brexit, the UK has retained the GDPR through its UK GDPR adaptation, which continues to be a cornerstone of data protection compliance. Additionally, the UK has its own set of employment laws, such as the Employment Rights Act 1996, which covers details from wages and dismissal to employment contracts and maternity leave. The Equality Act 2010 is another crucial legislation, protecting workers from discrimination. Compliance officers must stay abreast of the ongoing changes and adaptations in UK law post-Brexit, as well as the evolving case law that can influence employment practices.

For compliance officers, staying informed about these legal requirements is not merely about legal adherence. It involves an ongoing commitment to educating and training the workforce, revising internal policies, and ensuring these policies are transparent and equitable.

Moreover, with the growing focus on ethical standards and corporate responsibility, compliance officers play a pivotal role in shaping an organisational culture that not only adheres to the law but also upholds high ethical standards, thereby fostering a safe and respectful workplace environment.

7 tips for compliance officers to effectively handle misconduct

In 2023, only 58% of employees reported the poor behaviours they experienced or witnessed. This is down 6% from 2019 – and reveals a growing blind spot of unreported incidents for organisations. This makes it important for compliance officers to lay out the foundation for a handling misconduct. Here are the most crucial tips:

1. ‍ Clearly define misconduct in your internal policies: Start by ensuring that your company policies clearly define what constitutes acceptable and unacceptable behaviour. These definitions should be accessible and understandable to all employees, forming the foundation of your compliance strategy.
2. Provide clear and anonymous reporting tools: Offer multiple channels for employees to report misconduct. In 2023, 39% of employees cited a lack of communication and 42% lacked understanding of what to expect – which signifies a large number of organisations that need to improve their processes and communication. Tools like SpeakUp make it possible for employees to submit reports anonymously, encouraging more open communication, building a dialogue and early detection of issues.
3. Create a process to address instances of misconduct: Develop and clearly outline the processes that follow a misconduct report. These should include initial assessments, investigations, and the steps taken after findings are concluded, ensuring all actions are fair and consistent.‍
4. Analyse, document, and tackle the root causes of misconduct: It’s not enough to address the symptoms of misconduct; you must also identify and tackle its root causes. This might involve analysing patterns of behaviour, conducting culture audits, and implementing targeted training programs.
5. Be prepared to do some damage control: When misconduct comes to light, be ready to manage its impact on your team and organisation. This involves clear communication with all stakeholders and taking steps to ensure such incidents are less likely to recur.‍
6. Provide clear guidelines on when and how to escalate: Not all misconduct needs to be escalated to the highest levels immediately. Provide clear guidelines on when escalation is appropriate, and ensure these protocols are understood across the organisation.‍
7. Facilitate a strong speak up culture: Encourage an environment where employees feel safe and supported in reporting misconduct. This involves regular training, open communication, and visible support from leadership.

Using the right whistleblowing software tools to effectively handle misconduct

Introducing an anonymous reporting system in the workplace can significantly enhance the willingness of employees to report misconduct. One of the main reasons for people to hesitate to speak up about misconduct is the fear of retaliation.

While the emphasis on whistleblowing protection and ways to make it easier to speak up is growing, interestingly, issue resolutions from investigations have declined from 70% in 2019 to 63% in 2023, which shows there is room for improvement there. To aid the entire whistleblowing workflow, consider adopting the right whistleblowing software tool. Here are the top reasons why:

• ‍Increased likelihood of reporting misconduct: Knowing that identities will be protected, employees are more likely to report unethical or illegal activities, which helps create an environment of openness and accountability.‍
• Less communication gap or worry over translations: Reporting software tools help with communication gap, by enabling multi-language availabilities for employees to report on. ‍
• More efficient case handling: These tools can uncover recurring issues and trends of misconduct that might not be apparent, enabling management to take pre-emptive actions and adapt policies to mitigate such issues in the future. And can enhance your ability to manage, document, and resolve misconduct cases. ‍
• Compliance to high standards: Features like secure case management, encrypted communications, and comprehensive reporting tools help maintain the integrity of the investigation and ensure compliance with applicable laws.

However, searching for the right tools for whistleblowing in your organisation can be time consuming. There is a plethora of options in the market, and you need to also abide by your company culture, ethos, size and needs. Read our buyer’s guide which is designed to help you make your choice.

Creating an environment of ethics and integrity

Effectively handling misconduct is essential to maintaining a safe, ethical, and compliant workplace. By implementing these seven tips, you empower your organisation address issues efficiently and hopefully prevent them. Remember, creating an environment where employees feel valued and heard is a major step towards nurturing a robust speak up culture.