Eye of the storm for Facebook

Normally companies have the chance of dealing with one or two major crises at the same time. But this wasn’t a luxury afforded to Facebook’s VP of Policy Solutions, Lord Allen, when he appeared in front of a committee of lawmakers from nine countries this morning at the UK Parliament in London.

Mark Zuckerberg was repeatedly invited, but didn’t show up. Regardless, the committee set up a spare chair and his name card (top photo, credit: Parliamentlive.tv).

Given the committee wanted to grill the organ-grinder and not the monkey, Lord Allen didn’t do a bad job. But he was fighting with one arm tied behind his back as he faced questions and accusations on Facebook’s corporate governance and corporate responsibility, and how it handles GDPR, trust, data protection, hacking, privacy, election meddling and fake news.

With a very few exceptions, the three-hour session offered very little support for Facebook, nor the type or extent of its efforts to solve the issues or mitigate the risks.

The final blow came when Charlie Angus, a Canadian MP concluded the session by saying: ‘Facebook is the problem’ and suggesting the company should face anti-trust legislation as ‘the only way to get a credible democratic response from a corporation’.

Facebook has been slow off the blocks on most, if not all of these issues.

First they denied there were problems, then insisted the problems weren’t their problem, given they’re ‘only a platform’; before being hit by the freight train that is this multi-country parliamentary committee.

A case of too little, too late by Facebook bosses, and a classic example of how ‘an issue ignored is a crisis ensured.’

At crisismanagement.ch, we often spend time with senior executives identifying scenarios, horizon-scanning and working to fix the root causes of the problem, rather than waiting for the solid matter to hit the aircon. We believe it’s time well-spent and an investment that offers a significant return for the business.

 

 

Mega risks and disasters – a resilient company will get back on track faster

Businesses are increasingly expected to prepare for, and manage the effects of major disasters and they play an integral role in disaster risk mitigation and recovery.

We produced a blog for 6-Group on what businesses should be doing to ensure they are resilient and therefore become partners of choice for their customers if disaster strikes.

Photo, thanks to ‘Jessica Lea/DFID’

 

 

Oxfam – work begins on ensuring a permanent fix for the aid sector

Since allegations emerged of aid workers participating in sex parties in disaster-stricken Haiti, Oxfam has been fighting a rear-guard action.   It’s looked like an organization that was wrong-footed from the outset, never regained the initiative and is struggling to use its undoubtedly noble values as a defence for the defenceless.

This is doubly ironic, as many who know the sector say Oxfam’s HR and investigation processes are ‘stringent’ and better than many smaller, less well-resourced charities. A systemic issue that ranges across the sector as a whole looks more of a possibility.

Oxfam won’t win this one, but it must prevent the next one.

Aside from Oxfam’s unenviable current position, other notable elements of this crisis include the role of the International Development Department of the UK government and the Charity Commission. It could be the international development aid sector’s version of the #MeToo movement, with complainants or whistle-blowers feeling empowered by seeing stories of Oxfam.

The charity no doubt has systems and processes in place to collect, triage, verify, report and remedy allegations of all types of problem from bribery and corruption through to assault and mobbing.  There was a whistle-blower, there were internal reports and there are safeguards over employment processes.  So either the information didn’t reach the highest level or if it did, someone either didn’t appreciate its seriousness, or they decided to sit on some or all of it.  Its report of ‘misconduct’ to the Charity Commission, apparently, did’t contain specific allegations of abuse of  beneficiaries, according to a statement from the Commission.

Why not? And if not, does the Charity Commission have to take some heat because it didn’t dig sufficiently deeply into the allegations?  And how much did the International Development Department know and how diligently did it seek to discover more?

What next?

  • Bosses of any organisation must set a tone from the top that expresses a ‘zero tolerance’ for misconduct.  AND they must have the strength of character to also welcome reports of misconduct and ensure they are properly investigated and action taken.
  • The organisation must review its compliance processes, including whistle-blowing policies, hotlines and protection to ensure they’re fit for purpose
  • The processes and systems for ensuring good oversight of human resources management and safeguarding of employees and other stakeholders must be robust and must be tested
  • The Charity Commission has launched a statuary review and this must include a review its own processes if it finds that this incident has raised concerns that its oversight was weak or incomplete
  • The government is channeling public aid money through charities and has a duty to ensure it is satisfied with how the money is spent and that the organisations it contracts are the subject of rigorous due diligence from a financial, ethical, social and governance perspective.  The process may now have to be more intrusive than prior to the Oxfam/Haiti revelations
  • Any charity sitting on similar allegations should be seriously considering going public on anything they know – and soon…because the allegations will find their way into the public domain, sooner or later and it’s better to be proactive on this

Penny Mordaunt, for the International Development Department, announced a new unit, which clearly implies there are perceived weaknesses in the oversight processes. She said: “This unit will be wide-ranging and comprehensive in its remit, looking at safeguarding across UK and international charities, suppliers, and the UN and multilateral organisations so that together we can make progress.

‘This will look at how to guard against criminal and predatory individuals being re-employed by charities and abusing again, including the option of establishing a global register of development workers.”

And finally – all parties need to do the acid test: imagine there is a repeat of this scandal and review whether their improvements to policies, training, oversight and whistle-blowing would stand scrutiny in the court of public opinion. Imagine they’re picked over in The Times and see how complete and robust they seem to be then.

CrisisManagement offers crisis and resilience audits to ensure organisations have the right levels of awareness and proactive processes in place to avoid or mitigate risks.

Photo cropped from original of Haiti by @verdyverna. Many thanks for posting royalty-free.

 

The Presidents Club: the sound of British businessmen in five-speed reverse

20-20 hindsight is a great thing…

Bear with me on this, because the fallout from this dinner is a great crisis, business ethics and risk management case study.

Case study scenario: Bosses of company X are invited by supplier Y to a charity dinner as their guests where they will be treated to entertainment costing around £1,000 each at the men-only event. The guest list is packed with clients and competitors in the industry. Should they attend? End of scenario.

The ticket price of £1,000 would be ‘trigger one’. It would prompt a deeper dive into whether attendance is a good idea, initially relative to the UK Bribery Act and the Gifts and Entertainments clause of ISO 37001, the anti-bribery standard.  At a rough guess, the invitations should have been rejected at this stage by many guests, as attending the event, with this ticket price, could be seen to represent a significant potential compliance issue. Whereas they probably wouldn’t take a £1,000 bung for a business favour, a dinner ticket worth a grand needs careful handling. Alternatively, executives could be offered the chance to pay for their own tickets to avoid any whiff of a business ethics issue.

But if the company still considered allowing executives to accept the invitation, it should have a policy on, and a process to evaluate, offers of gifts, entertainment etc and give or refuse approval to attend on the company’s behalf.

‘Trigger two’ would follow, once due diligence had established the real nature of the event (men only except professional hostesses), aside from its charitable fund-raising.  And perhaps it would be good if men AND women were involved in this due diligence.  At this stage, it would probably be a ‘no’.

But in a broader context, if any scenario identifies a risk as having potential to hit the company, it must decide what to do against clear criteria.  Should it mitigate the hazard, avoid it or share it (insure against it)?

Avoiding it is the only option. It’s almost impossible to ‘share’ the risk of attendance at the Presidents Club dinner by insuring against it – and post-hoc mitigation attempts by those invited have been hilarious and represent some are excellent examples of throwing fuel on the fire.  Companies refuse to comment (their name is already in the Financial Times), so they’re guilty by association.  Individuals, including politicians say they were invited, but claim they left early (presumably before any of the harassment or groping got underway); some said they weren’t aware of any bad behaviour and others say that although they were invited, they weren’t there.  It’s the sound of British business in five-speed reverse… 

Anyone who thought a dinner like this couldn’t possibly be the subject of headlines of the Financial Times – for consecutive days – and that the Presidents Club itself would be dead in a day and a half following these revelations – needs a reality check.

So what should have happened?

A company wanting to avoid reputational damage and possibly a big-ticket legal item, like being the wrong side of the UK Bribery Act, should have implemented a systematic and arm’s length approach to event due diligence, which may include the following:

  • A diversity of people should review events the company is involved in on a strategic basis – and a case-by-case
  • The review needs to thoroughly determine the type of event – by using multiple sources
  • It needs to evaluate whether the cost of the tickets offered are in line with its own gifts and entertainments policy. If it doesn’t have one, it needs to get weaving PDQ…
  • On a company basis, it should avoid the hazard and not attend the event, as mitigation is also almost impossible. Mitigation, in this case, would be like choosing new material for the deck chairs on first day of the first voyage of the Titanic
  • And finally: Executives should do their own risk management 15 second test, by answering this question: “What would my kids think if they knew everything about the event I’m about to go to?”

As my old news editor used to say: “If in doubt (lad), leave it out.”

Carillion, the government and when someone else’s problem becomes yours

The situation with Carillion seems to support the old adage: “If you owe the bank £100, it’s your problem, if you own the bank £10m it’s the bank’s problem.”

In this case, last week’s theoretical, but realistic prospect of the melt-down of Carillion looked like the banks, bondholders and shareholders would have a problem, but this morning, the UK government has a huge problem.
Carillion has, after all, taken on a lot of risk from the government, simply because running contracts in return for money is a form of accepting risk.  But the level of exposure the government faces became clear as this turned from a corporate finance problem to a government headache.
To appreciate the scale of the challenge, this link shows just one aspect of the government’s exposure to the company – in the defence area.  In the recent past, the government also continued to award contracts worth hundreds of millions to the company, despite one, then another profit warning.  Perhaps the intention was to keep cashflow flowing, in the hope that the company would turn around and continue to manage these risks on behalf of the government.
The cash didn’t keep flowing and the company hasn’t turned around.
The government has now ‘crystallised its responsibilities’ and in solving company’s problems, ministers now must decide how they want to manage the coming few days, weeks and months.  They have a few options:
  • temporarily re-nationalise some of the service contracts, therefore maintaining continuity of service (in defence and prison contracts this is particularly important)
  • at a corporate level, hope for and encourage debt for equity swaps and plough on while restructuring on an ongoing basis
  • find trade buyers for some of the businesses or contracts and inject some funding for an interim period on critical strategic infrastructure projects in order to maintain continuity and retain key staff
  • JV partners of Carillion take over contracts (maybe with government guarantees)  in a way that ensures continuity on contracts
  • a mix of the above
  • none of the above, or anything else the government has planned with the administrator
The extent to which government-led crisis and contingency management planning has been going on – and for how long – will be directly related to how ‘bumpless’ the transfer is between Carillon and a new solution, like those listed above.  I’d expect any JV partners to have been working overtime since September (the last profit warning from Carillion) to ensure an orderly transfer of responsibilities.
Compounding the woes, lurking in the background is the spectre of the government’s pension lifeboat having to take over the 28,000-member scheme, which reports a deficit of £580m. Costs could end up being more than twice that, but either way, it’s additional angst for the government and politically another point of exposure.
We do know that the pension situation, and the scope and scale of government work that was contracted out to Carillion, will clearly mean the taxpayer will take a hit on this insolvency. The unknown is how and how much it will cost.
Lessons for crisis management?  A business would undoubtedly have n process by which it identifies big-ticket potential hits to the organization in a systematic way – via an Enterprise Risk Management process, for example.  In this case, they will have generic, adaptable plans to activate if a supplier or a customer goes out of business.  The plans will be developed on a risk basis (how likely how damaging), including from a ‘worst-case, what if’ scenario planning perspective, and contingencies will be put in place in good time.
So how will we know whether the government (and constituent departments that contract with Carillion) has been through a similar exercise?  If they have, while the first few days will naturally be a bit ragged, the stabilising solutions should be ready to implement relatively quickly and smoothly.  If it hasn’t planned or planning is incomplete, expect a more extended period of uncertainty as solutions are more obviously invented and cobbled together on a tactical, case-by-case basis.
And finally, the plunge in the company’s worth from £2billion to Friday’s closing valuation of £61m reminded me of the time the company I worked for took a 60% hit on the share price in one day, and then fell further to just over one Swiss Franc.  The national financial magazine here characterised the situation thus: “Question: What’s the difference between [the company’s] share price and a sausage? Answer: You can eat a sausage.”
Cruel, but in that case, the company recovered, stabilised and thrived, but it was scary.
[Thanks to Terry Robinson for allowing his photo above to be used via a Creative Commons licence]