The recent events involving Big Four accounting firm PwC have highlighted the need for organisations to revisit existing governance arrangements. Senate Estimates, together with extensive media reporting and statements from PwC’s Chief Executive Partner, have drawn attention to numerous apparent failures of governance at the top level of PwC’s leadership, with the consequences of these alleged failures ranging from the potential for reduced Government work to a complete existential crisis (to quote former Prime Minister Malcom Turnbull). At this stage, it appears that one of the numerous alleged governance shortcomings of PwC was its failure to respect confidentiality agreements to which it as an organisation, as well as its individual partners, were a party, and to adhere to its own code of conduct.
PwC’s alleged conduct illustrates that a deeper understanding and appreciation of why confidentiality agreements and codes of conduct were in place, together with the consequences of non-compliance with those frameworks, was required.
Confidentiality Agreements are known in many guises – non-disclosure agreements, proprietary data agreements, confidential disclosure agreements. At its heart, however, the purpose of a confidentiality agreement is to protect specific information, for a particular purpose, at a particular time or for a specific duration.
Commercially sensitive information that an organisation wants to protect to retain its competitive advantage is commonly protected by confidentiality arrangements. These could include agreements between the organisation and:
A commonly overlooked but vital element of confidentiality agreements is what happens once the confidential information in question has been provided. Key features to consider including in confidentiality agreements are:
The importance of confidentiality agreements in protecting sensitive information cannot be understated given the potential consequences of a breach may be a reduction in an organisation’s ability to carry on its business. Well formulated and clear agreements also help to set expectations of employees. When a confidentiality agreement clearly outlines what information is protected, why it is protected and what the consequences of breach are, then employees are under no illusions as to the importance of protecting the trade secrets and sensitive information of the organisation, and, importantly, of its clients.
Codes of Conduct
Briefly, codes of conduct typically establish the values and ethics of an organisation, and what minimum standards of behaviour are expected of employees in order that their conduct is aligned with those values. Codes of conduct cannot account for every nuanced situation; nor do they override applicable laws and regulations. Rather they are a common set of expectations or standards that are used to promote the fair and responsible conduct of business.
Codes of conduct generally include expectations regarding how employees interact with each other, with customers and clients, and with the organisation’s leadership team. An important consideration, therefore, is that if your organisation’s code of conduct contains a value or responsibility that places importance on the use of confidential information (this may come under the auspices of discretion, conflicts of interest, client interaction or use of client or company materials), then your confidentiality regime must enable this, and you must ensure your employees are aware of that regime and properly educated in to perform their work within its four corners.
Ensuring & measuring effectiveness
Testing, measuring and improving is one of the most important aspects of governance. Without measuring the effectiveness of systems, policies and processes, including whether they are broadly understood and respected by those who are expected to operate within them, the impact of governance structures may be significantly reduced. Organisations need to be asking whether the people who work within governance frameworks understand and respect them. Policies that promote understanding and compliance by being appropriately tailored to staff and the type of work they do is fundamentally important. Further, when it comes to governance, the drafting of structures, processes and policies that reflect the applicable laws and regulations, the legal risks and the potential opportunities facing the organisation is important, but it is also critical that the policies are widely promoted so staff know they exist, with education provided to staff that highlights (i) the outcome the specific governance structure is designed to achieve; and (ii) what staff need to do to comply. It cannot simply be a case of “because the law says so”: buy-in, understanding and compliance from employees is more easily achieved and effective when employees clearly understand and accept:
What should I do now?
If those at PwC’s top table apparently did not understand or respect the obligations imposed on them by confidentiality agreements to which they were subject, how could PwC expect its staff to?
That being the case, you should now be asking yourself whether your business:
If the answer is no to any of the above questions: take action now.