It's riskier not investigating – why your organisation must confront serious allegations

Mitigating risks and upholding accountability 8 min read

In the past, serious misconduct in an organisation was often raised externally by regulators, law enforcement, or individuals initiating litigation, and addressed reactively by those organisations.

In Australia, through law reform, regulatory focus, a shift in community expectations and an evolution in corporate culture, mechanisms such as company whistleblower programs allow for allegations of serious misconduct to be raised internally. Associated with an uptick of internal reporting is a growing expectation by internal and external stakeholders that organisations will take those allegations seriously and investigate them properly.

Today, the risks of not investigating allegations of serious misconduct significantly outweigh the challenges that may arise from doing so. The costs of failing to investigate can be high from a commercial, legal and reputational perspective.

This Insight examines the risks of not investigating allegations of misconduct and sets out some ways you can gauge whether your company is set up to adequately investigate serious allegations.

Key takeaways

• The current legal and regulatory landscape requires companies to investigate misconduct properly. Failure to do so may breach whistleblower and employment-related laws.
• External stakeholders and the community expect organisations to take responsibility for their actions and scrutinise their own conduct.
• A failure to investigate material allegations can have serious commercial and legal consequences for a business.
• There are several myths about investigations that can cause a reluctance to investigate, which we dispel below.
• In relation to how your organisation is positioned to adequately investigate serious allegations, read on to learn about key 'red flags' and 'green flags'.

Legal and regulatory drivers to investigate

In Australia, a number of legal developments have created exposure for companies who do not investigate. In the whistleblowing space:

• Corporate whistleblower laws have created an expectation that companies will investigate allegations of serious wrongdoing. Companies that are required to have a whistleblower policy must describe in the policy how they will investigate such allegations.
• Companies and their directors and officers who publicly deny whistleblower allegations without conducting an investigation may expose themselves to a claim of detrimental conduct by a whistleblower or by ASIC. Recently, ASIC brought proceedings against TerraCom and its directors and officers, asserting that they engaged in detrimental conduct towards a whistleblower when TerraCom made announcements to the market that mispresented the findings of an investigation.
• ASIC is proactively reviewing company whistleblower programs, which includes examining how reports are triaged and acted upon.

Meanwhile, in the employment and safety space:

• A failure to investigate allegations of bullying, discrimination and harassment can lead to litigation by employees who are affected by the alleged conduct.
• Taking disciplinary action against the subjects of serious allegations without a proper investigation can give rise to litigation risk including unfair dismissal and adverse action claims in the Fair Work Commission, as well as breach of contract claims in the courts.
• There is an expectation (now entrenched in various advisory standards and regulations) that psychosocial risk will be managed as a safety issue. Safety regulators are becoming more active in investigating (and in some cases taking enforcement action) in relation to a failure by employers to manage psychosocial risks. Regulators are also using their powers to inquire into investigations and outcomes within a company in relation to conduct such as discrimination, bullying and harassment.
• From December this year, the Australian Human Rights Commission will have enforcement powers to ensure companies are taking positive measures to eliminate, as far as possible, sex discrimination, sexual harassment, harassment on the ground of sex, conduct that subjects another person to a workplace environment that is hostile on the ground of sex, and acts of victimisation.

Finally, in the ESG space, organisations who hold themselves out as having zero tolerance towards certain types of conduct and systems to address problem conduct potentially could be found to have engaged in misrepresentations if they receive reports of alleged conduct that run counter to their public narrative and are shown not to have triaged and investigated those allegations effectively.

Community and external stakeholder drivers to investigate

Evolving community expectations also make it a risky prospect not to investigate:

• ESG investing can include consideration of how companies address allegations of misconduct. For example, sexual harassment has been identified as a material ESG risk by the Australian Council of Superannuation Investors. HESTA, an institutional investor with more than $72 billion of funds at its disposal, recently engaged in a review of 19 mining companies in relation to their track record on gender equality, including transparent reporting by companies on incidents of sexual harassment and measures to prevent and respond to workplace sexual harassment.
• There is intense media interest in company and professional services scandals involving misconduct, including sexual harassment, systemic bullying or senior manager bad behaviour, and an expectation by the public that companies will investigate allegations raised and take swift action.
• Beyond traditional media, awareness raising via social media is a growing trend whereby individuals will call out a company's conduct and, as a result, diminish its reputation and sometimes even its share price. In 2018, Guess lost $250m in market value on the day that a complainant took to Twitter with a sexual harassment allegation against its co-founder. For individuals who have not had their complaints taken seriously by a company, social media can be an alluring alternative.
• There is also a trend of public reporting and public inquiries into specific types of misconduct and specific sectors. For example, sexual harassment and investigations into such conduct has seen increased attention through the National Inquiry into Sexual Harassment in Australian Workplaces, and the WA Inquiry into Sexual Harassment Against Women in the FIFO Mining Industry.
• Some organisations have chosen to share reports that identify problematic conduct within their organisation publicly. While this increases transparency, it also heightens community expectations that action will be taken to address the conduct, including by way of investigating serious allegations.

Some common investigation myths

A reluctance to investigate can, in part, be attributed to a fear of investigations and what they entail. This section sets out some common myths about investigations, with a view to dispelling them.

• It is the police's job to investigate, not ours – legal and regulatory obligations still apply even in the face of police involvement. Many organisations are now willing to conduct a parallel investigation into such matters. Provided that care is taken, organisations who investigate will be able to make findings on the balance of probabilities and are better positioned to meet regulatory and community expectations.
• An investigation may damage our reputation – in truth, companies that proactively investigate misconduct and adequately act on the outcomes are positioned more strongly to deal with subsequent regulator or media scrutiny.
• Joe Bloggs is a high performer and if we investigate the allegations made against him then he will quit – it is generally easier to find talent than it is to restore an organisation's reputation.
• We avoid investigations because they could potentially traumatise our workforce - while an investigation has the potential to cause stress and anxiety and damage relationships in the workplace, investigations that are procedurally fair, conducted confidentially, quickly, and with care and diligence can mitigate this risk. Short term unease or tension in the workplace should also be weighed against longer term, higher risks for the organisation.
• We don't need an investigation because we all know that Joe is the sort of guy who did it – jumping to outcomes, rather than conducting a fair investigation, is a failure of natural justice and can create employment law exposure for the organisation.
• People will understand that we didn't investigate this matter because we just don't have the resources – there is no denying that investigations require time and expertise (and money, when outsourced). However, organisations that are inadequately resourced to conduct an investigation, or are unwilling to find the resources, place themselves at a higher risk of exposure to the legal, regulatory and stakeholder consequences of not investigating.

How can you gauge whether your company is adequately investigating misconduct?

Organisations should consider the following issues to gauge whether they are set up to adequately investigate serious allegations. Below we set out three 'red flags' that can indicate increased risk, as well as three 'green flags' that can indicate decreased risk.

Red flag: the organisation receives no reports of misconduct.

Some large organisations feel confident because they receive no, or very low numbers, of reports. Sometimes it is the case that large organisations with a significant number of employees have a healthy culture and no misconduct is occurring.

However, research suggests that certain types of workplace misconduct, including sexual harassment and fraud, is quite common. Reporting data from whistleblower platforms, such as NAVEX, provide indicative numbers on how many reports your organisation should expect to receive each year, based on number of employees.

Sometimes, a lack of reporting numbers indicates a weak speak-up culture, a strong fear of retaliation, or a lack of awareness or trust in the organisation's reporting mechanisms. These organisations are at risk.

Red flag: there is no one in the organisation who has time to review, triage and/or investigate (or oversee an investigation into) allegations of misconduct.

Organisations who do not have a viable system in place or who do not adequately resource it are at higher risk of not investigating. Some organisations nominate a senior manager in the company whistleblower policy, but then do not follow up by training them or ensuring that their job role is altered to accommodate the new functions and duties that they are expected to undertake as a result. Sometimes, organisations that receive a large number of reports do not take steps to ensure that they can be triaged and investigated in a timely way, which also gives rise to risk.

Red flag: the Board or sub-committee of the Board has no visibility over misconduct allegations.

As a matter of good corporate governance, Boards are expected to consider, manage, and maintain robust oversight over material risks including misconduct. A lack of transparency and visibility may suggest that a Board is not able to exercise its duties of care and diligence.

Green flag: there is an independent function in the business that has a mandate to receive, triage and/or investigate allegations of misconduct, it is adequately resourced, and everyone knows about it (including the CEO).

In large organisations there may be a dedicated ethics and compliance or integrity team, whereas smaller organisations may have one or a few people from other functions (such as legal, compliance, employee relations or risk) dedicated to this role. Senior leaders such as the CEO drive awareness campaigns and encourage reporting. People routinely refer matters into the function. The function has processes in place in case conflicts of interests arise. Investigations are conducted promptly and to a high quality.

Green flag: the Board is actively engaged.

Boards (or appropriate sub-committees of the Board) should:

• have insight into reporting numbers;
• receive de-identified summaries of high-risk investigations and outcomes;
• ensure that allegations raised against the CEO/Managing Director or other Board members are escalated to the Board (without the participation of the implicated Board member, if relevant) to determine next steps; and
• have a plan in place in the event that the above occurs.

Green flag: the organisation proactively engages in culture reviews.

Organisations that are on top of their responsibilities in relation to investigations are often looking forward and considering how they can prevent misconduct arising in the first place. One way to achieve this is by interrogating reporting data and looking for 'hot spots' in relation to geographic or functional areas and then conducting a culture review into those areas, with a view to changing the culture of the team.

Should you have any concerns over allegations of misconduct, please contact us below.