June 28, 2016
An Underestimated Source of Risk
by Donna Galer
Human resource risk is often underestimated, and that can be a serious misjudgment -- as recent lawsuits and settlements prove.
When directors or CEOs or senior managers think about risk, they generally envision risks associated with the company’s finances, manufacturing, data, supply chain and customers. Human resource risk is often underappreciated, and that can be a serious misjudgment. Recent events, lawsuits and settlements prove this point.
It is true that the risk associated with talent and a lack thereof has risen in the risk hierarchy of most organizations. However, the many other serious risks associated with managing existing talent are often relegated to the bottom of the risk register.
The reasons for this underestimation are varied. Many executives tend to think that: 1) human resource matters are supplemental to the business rather than integral, 2) being an “employer at will” protects the company and enables it to make human resource decisions however it sees fit, 3) a single employee, applicant or retiree is no risk to the organization as a whole (even though a single employee can potentially cause a “class” to be formed under the law). The danger inherent in underestimating HR risk is that it does not get adequately addressed with mitigation plans.
Not all organizations will have the same exposure to risks. Even if they did have the same exposure, some will have more safeguards already in place and warrant a lower risk ranking than some other organization. The discussion that follows is not meant to imply that all HR risks must be prioritized at the top right hand corner of a heat map. It is meant to highlight the potential impact that some HR risks can have on an organization.
Rogue Employee Risk
The rogue employee is one of the most amazing phenomena among human resource risk categories. In financial services, rogue employees have wreaked havoc on otherwise solid and long-standing businesses. Two noteworthy examples are Barings Bank, London’s oldest merchant banks, and UBS, one of Switzerland’s financial giants. Roughly 20 years ago, Nick Leeson, a Barings Bank derivatives trader, gambled away the equivalent of $1. 4 billion of bank money from a secret “error” account. The bank went bust and was bought by ING for a nominal sum. In 2011, UBS announced it had lost $2 billion due to unauthorized trades by a director at its global synthetic equities desk.
And financial institutions are not the only organizations exposed to rogue employee actions that create huge risks and large losses. For instance, GNP, parent of Just BARE and Gold’n Plump, just recalled 55,608 pounds of chicken because of what it called a “product tampering incident” at one of its processing plants.
Here are some of the ways in which such an employee can create risk in just about any industry sector and for which organizations need to develop safeguards as part of their mitigation plans:
- Abetting a data breach affecting customer/employee personal data
- Sabotaging mechanical or technological equipment
- Sabotaging products intended for sale
- Stealing company property, including intellectual property
- Mishandling customers/patients on purpose
See also: Risk Management, in Plain English
A fundamental safeguard is thorough vetting during the employment process. Others include: 1) active supervision, 2) automatic, system alerts when authorities are exceeded or other rogue actions are attempted, 3) robust internal audits.
Regulatory Violations Risk
Organizations must deal with employee-related regulation at the local, state and federal level. The number of major federal regulations has grown significantly in the past few decades and now includes such well-known acts as: the Fair Labor Standards Act, Title VII, Age Discrimination Act, the Americans with Disabilities Act, Employee Retirement Income Security Act, Family and Medical Leave Act and WARN Act. Each of these has numerous elements that must be understood and complied with, including gray areas that need to be thought through before any action regarding an employee can be decided on.
The Fair Labor Standards Act has been the high-risk area of late. There have been numerous types of suits under this act related to: 1) misclassification of employees into exempt and non-exempt categories, which has implications for overtime pay, 2) incorrect calculation of overtime pay for those due it, 3) mismanagement of paid break time.
A $188 million judgment against Walmart, which is being appealed, had to do with paid versus unpaid break time. Interestingly, this case revolves around the company not living up to the policies in its own handbooks, not around a failure to fulfill specific requirements spelled out in the law. This case is, therefore, illustrative of two important points. First, settlements can be financially significant even for the largest of companies. Second, when dealing with human resource matters, formal programs or policies, which constitute a contractual obligation, have to be considered.
See also: Building a Strong Insurance Risk Culture
Wage and hour suits are likely to keep increasing in 2016 due to the success of recent plaintiffs, new regulations regarding overtime pay and an overall concern among employees that wages are not sufficient or not fair. In an article titled “Why Wage and Hour Litigation Is Skyrocketing,” Lydia DePillis writes, “The number of wage and hour cases filed in federal court rose to 8,871 for the year [ended] Sept. 30, up from 1,935 in 2000.”
Title VII and age discrimination cases have been associated with large dollar losses over the years. Given the many federal, state and local statutes, coupled with a more informed and litigious employee population, organizations can inadvertently step into non-compliance pitfalls rather easily.
Organizations should always follow the laws that apply to them. Risk enters into the equation because there is always the potential that someone in management is unaware or careless or, worse yet, disrespectful of the laws. Thus, the organization is continuously exposed to the risk of violations. Every effort should be made to be compliant, including: 1) having a clear set of core values that guide lawful behavior, 2) educating management and all employees about the laws and how to comply with them, 3) investing in strong compliance processes and 4) making sure violators are dealt with quickly and appropriately.
HR Program Risk
Human resources professionals create and administer many expensive programs such as retirement, benefits, compensation and incentive programs. A large error in terms of budgeting or managing such programs could lead to a sizable financial risk for the organization.
Imagine an actuarial error that creates severe pension underfunding or a poorly managed self-insured medical benefit plan that costs double what benchmarks would suggest. Or, consider a new incentive program that produces the antithesis of the behavior it was intended to promote. The risk can be major, not unlike the size and seriousness of a natural catastrophe or product recall or supply chain debacle.
CEOs need to ensure that HR programs and policies are being handled by expert professionals, whether staff or consultants. At the same time, senior management needs to invest the attention and support necessary to ensure these are well-designed and implemented according to specification.
The comments in this article are neither meant to be all-inclusive nor to be construed as advice.