Delivery in day(s): 3
LEG500 Corporate Social Responsibility Oz Assignments
In this report, the case of Westpac Bank will be evaluated to understand how the corporation has failed to maintain a standard which resulted in violating the privacy of its users. Recently, the employees of the corporation resulted in leaking the passwords of its clients to mortgage broker which violated their privacy, and this incident also brought other incidents into the attention of the public in which the employees benefits of Westpac Bank leaked the private data of its customers (Farrell, 2018). The purpose of this report is to evaluate what ethical concerns raised in these incidents and evaluate them to understand how Westpac Bank has violated its duties by failing to comply with its corporate governance policies. The scope of this report is wide which will include evaluations of other incidents in which Westpac Bank failed to maintain a standard of care along with examples of other banking organisations in Australia who also failed to ensure the security of its clients. The method used in this report focuses on evaluating the media articles which highlighted the failure of the enterprise along with an analysis of various journals to recognise the standard which is expected from banking institutes. An ethical question will be asked by evaluating the facts of the case, and various corporate governance theories will be analysed to understand the ethical concerns arise in the incident. A stakeholder analysis will be conducted in the report as well along with the implementation of ASX principles on the topic. Moreover, ethical theories will be applied in the case along with Rawls approaches. Lastly, recommendations will be included in the report for Westpac Bank to improve its policies and address the ethical dilemma faced by the enterprise.
Background of the case
The importance of effective corporate governance policies has increased between corporations, especially in the banking sector. The banking and financial institutes are responsible for ensuring that they maintain a high standard of care while performing their operations in order to avoid violating their duties. Recently, Westpac Bank was in the news due to the actions of its employees. A former manager of the company, Marten Puden, handed the passwords of more than 80 clients of Westpac Bank to a mortgage broker (Farrell, 2018). The ethical question raised in this case is related to the ethical concerns which people face due to violation of data privacy in the banking sector. The ethical question will evaluate what are the ethical, social and legal implications of violation of data privacy of clients of banking corporations and why these organisations are failing to maintain a proper standard to ensure the security their clients’ data (Brown, 2018). This incident is triggered because the data privacy issues have become a global debate after people realise how social media giants collects and uses their personal data. The company gives information regarding this incident to the OAIC in 2017 in which it admitted that temporary passwords of more than 80 Westpac Bank customers who have obtained home loans had been given to a particular mortgage broker group (Poposki, 2018). In its report, the bank admitted that the data breach of 80 customers is reported, however, passwords of many other clients might have lost by the enterprise. After the incident, another employee resulted in setting the password for the customers whose temporary passwords were leaked.
Moreover, the enterprise reported that it had not identified any unauthorised transaction in the activities of its customers whose passwords were leaked. In April 2017, the company reported that one of its former employees gained unauthorised access to the accounts of around 15 customers in which all the clients were public figures (Sowells, 2018). Moreover, in August 2017, another employee of Westpac Bank gained unauthorised access to the banking records of his former wife along with many other customers. Similarly, an employee of NAB entered into a dispute with public members on Facebook, and the employee set a fake account and posted the address of the owner online. Previously, it was voluntary for banks if they wanted to give the information regarding the data breach to the information commissioner. However, from March 2018, it has become compulsory for banking organisations to report the privacy breach to the information commissioner (Farrell, 2018). This topic is chosen in this report because the recent issues relating to data violation of social media sites has highlighted the issues relating to data securities of online users. These incidents show that along with large technologies giants, banking organisations has also failed to ensure the security of their customers. This topic is chosen to evaluate various ethical concerns relating to the violation of data privacy of bank clients and analyse various methods which can be used by these enterprises to address this issue in the future.
Implementation of Corporate Governance Policies
Corporate governance is implemented by modern corporations which are referred to a system of regulations, activities, and procedures which directs and controls the operations of a firm. It focuses on balancing the interest of different stakeholders of a company by effectively managing its operations to focus on achieving their interest (Wintoki, Linck and Netter, 2012). Corporation Social Responsibility (CSR) is defined as a business approach which is focused on contributing towards the sustainable development of the enterprise while ensuring the social, economic and environmental benefits of all stakeholders. Corporate Social Performance (CSP) is referred to the outcome and activities of business relationships with stakeholders including institutes, organisations, societies, communities, and earth (Ioannou and Serafeim, 2012). In this case, the principles of all these theories are violated by Westpac Bank. The company has failed to implement stakeholder theory while performing its operations due to which it did not implement appropriate actions to ensure the security of its clients. The corporate governance policies of the corporation are not focused on ensuring that the private data of its clients are secured. It has failed to invest in appropriate resources to ensure that its employees are not able to gain unauthorised access to the personal and banking records of its clients.
The CSR structure of the company is not targeted towards eliminating cybersecurity risks which its customers face while using online banking services of the company. In case the corporation would implement effective CSR policies, then it would have been able to detect the breach of its client’s data by its employees before they were able to collect this information (Aguinis and Glavas, 2012). Moreover, there are various incidents which have happened in the past year which shows that the company has not learned from its mistakes and it has failed to ensure that the security of its clients is maintained even after many breaches. Although, the company has started investing in improving its cybersecurity and data privacy policies of its clients, however, the actions are not enough. In the case of Westpac Bank, the privacy of clients is violated by the employees of the company rather than any outsiders. The CSP cube identifies that the actions taken by the company to improve the security of its clients are good, however, the failure of the company in the first place and delaying the policies for ensuring the privacy of its customers shows the bad side of the company (Boulouta, 2013).
Porter and Kramer’s Creating Shared Value concept provides that the creating shared value is a new way for corporations to achieve economic success rather than a way for ensuring sustainability or social responsibility. This concept focuses on realigning the corporation’s budget to focus on profit maximisation while complying with economic and societal values (Crane et al., 2014). As per this concept, the corporation is required to realign its business structure to align it with the interest of its customers. The company should focus on the satisfaction of its customers by prioritising the security of their data. By implementing these principles, the enterprise can ensure that it builds strong and positive relationship with its customers which assist the company in maximising its profits (Beschorner, 2014). On the other hand, currently, it has made a negative image in public due to its failure to maintain appropriate standards in order to ensure the security of the data of its clients. The corporation has failed to implement an effective CSR structure which focuses on building strong relationship with its customers. The employees are not trained to ensure that they handle the private data of customers with care and avoid misusing it for personal motives. Therefore, the lack of an effective CSR structures has made it difficult for Westpac Bank it ensures that the data of its clients are not violated.
During the stakeholder analysis of Westpac Bank, the five key questions will be answered to understand the key ethical dilemmas faced by the enterprise along with strategies which are necessary to address the ethical issued faced by the enterprise.
1. Who are the stakeholders?
In the case of Westpac Bank, the primary stakeholders of the company include its customers, employees, managers, shareholders, local communities, business partners and others. The secondary stakeholders of Westpac Bank include government regulators, trade bodies, competitors, social groups, media, and the environment (Westpac, 2018a).
2. What are the stakeholders’ stakes?
In this case, the key stakeholders who are affected include the customers, employees, and governmental bodies of Westpac Bank. Customers have a large stake in the company since they are the primary source of its revenue. The company provides a range of financial related services to its customers based on which it collects their private data. Therefore, the company is required to ensure that this data of customers are secured from any violation to protect the interest of customers. The employees are a key part of the corporation since they perform its operations. They have a key stake in the company since they are affected by its operations. The company should ensure that appropriate training is given to them so that they are able to ensure the security of the data of customers. Since Westpac is a major bank in Australia, the government also focuses on its operations. The Banking Royal Commission focuses on ensuring that the company is complying with its duties to ensure that the interest of the customers are protected, therefore, the stake of the government is focused on ensuring the effective operations of the enterprise (Westpac, 2018b).
3. What are the opportunities and challenges present by stakeholders to the company?
Effective relationship with employees brings opportunities to increase the number of clients of the company which resulted in increasing its overall profitability. Moreover, it creates a positive brand image of the enterprise which attracts more investors. The challenges related with customers include protection of their private data. In case the violation of customer privacy did not stop, then it can adversely affect the profitability of the corporation. The opportunities brought by employees include effective management of operations and increase in overall efficiency which is crucial for the success of the enterprise. The challenges related to employees include difficulty in ensuring that they did not violate the customers’ private data. The opportunities with government include future collaborations to expand the operations of the company at an international stage. The challenges include penalties or cancellation of the licence to operate business in Australia.
4. What economic, legal, ethical and philanthropic responsibilities do Westpac Bank has towards its stakeholders?
The company has to ensure that it protects the banking data of its customers and pay its salaries and taxes on time. Legally, it can be sued for violating the privacy of its customers due to the failure of ensuring that the clients’ data is protected from violations. Ethically the corporation has failed to ensure that the privacy of its customers is maintained due to which its responsibility is violated.
5. What strategies to best address stakeholder challenges and opportunities?
Westpac Bank should improve its customer privacy policies to ensure that the privacy of its customers is maintained. It should implement effective CSR structure to ensure that its employees are not able to gain unauthorised access to the data of the clients.
Structure of Principles and Recommendations by ASX
1. Laying solid foundations for management and oversight
This principle provides that the company should establish the roles and responsibility of its board members and project management (ASX, 2010). The company has failed to achieve this principle since most of the privacy breached is caused by employees who were operating at managerial posts. The independence given to the management has been misused, and the board has failed to implement appropriate policies to ensure the safety of clients’ data.
2. Structuring board to add value
The board of directors of Westpac Bank is independent they have given the authority to form policies for the enterprise. The diversity in the board of directors is maintained and encouraged by the enterprise (Westpac, 2018c).
3. Act ethically and responsibly
Although the board of directors of Westpac Bank has implemented appropriate policies which are targeted towards ethical operations of the company, however, they have failed to ensure the privacy of their customers.
4. Safeguarding the integrity in corporate reporting
The board has implemented safe and rigorous process to ensure that the integrity of corporate reporting is maintained. Therefore, all the incidents related to violation of customers’ privacy is brought forth by the enterprise itself.
5. Making timely and balanced disclosures
The company continuously disclose its performance and sustaining in annual reports which are issued separately so that its customers and public can access them on its website. In these reports, the corporation also discloses it corporate governance failures which adversely affected the company and its stakeholders while maintaining their integrity.
6. Respecting the rights of security holders
Westpac Bank is known for its effective relationship with its shareholders since it maintains transparency in its operations and provides them access to all the appropriate information. The rights of the security holders are clearly defined by the enterprise as per the guidelines issued by ASX (ASX, 2014).
6. Recognising and managing risk
Although the company has implemented a sound risk management system, however, it had failed in recognising the data privacy threats which its customers face. The corporation has failed to recognise the risks and manage it to ensure the effectiveness of its operations.
7. Remunerate fairly and responsibly
The board of the company provides fair remuneration to its employees, and the corporation also complies with the guidelines given under the Fair Work Act 2009.
Utilitarianism ethical theory is a normative ethical theory which judges the rightness or wrongness of a situated based on its consequences. If the consequences are focused on greater good for a greater number of people, then the situation is considered as ethical (Broad, 2014). The security violation conducted by employees of Westpac Bank resulted in adversely affecting the privacy of its customers. The consequences of this situation can be disastrous because cybercriminals can hack into the bank accounts of customers to collect their data. The passwords leaked by the former employees of Westpac Bank could be accessed by third parties who could use such passwords to violate their personal information and steal their money, therefore, the failure of Westpac Bank to ensure the safety of its customers is unethical. Deontology ethical theory judges a situation based on the fact whether the parties have violated any duties or not (Yazdani and Murad, 2015). This theory did not focus on the consequences of the situation. Westpac Bank has a responsibility to ensure that the data of its clients are secured; however, its employees have violated this duty based on which the actions of Westpac Bank are unethical.
Rawls approach provides that people have basic rights which should be protected. The core liberal rights include freedom of religion or freedom to speech or right to own personal property (Basta, 2016). In this case, the customers of Westpac Bank have the right to access their banking reports and ensure that their privacy is protected from violation. Aristotle defined justice as fairness which provides that parties should be treated with equality. Westpac Bank has violated this principle since it has failed to ensure that the data of its customers are protected from unfair practices of its employees. The justice in this situation is that the company has realised its mistakes and it is focusing on implementing appropriate policies to avoid these incidents in the future. However, the company has violated the policies of justice and economic distribution since it has failed to ensure the data privacy of its customers in the future.
Employees of the company should be trained properly to ensure that they are able to understand various ethical principles which they have to comply with while discharging their duties. The training would also assist in detecting of the violation of the private data of customers which will enable the company in putting a stop to it.
The company should increase the budget of cybersecurity to ensure that the data of its customers are protected from unauthorised access.
The company should use technologies to ensure that employees are not able to access the data of client without proper permission and share it with others. Their operations should be monitored by the company periodically to avoid any negative consequences.
Effective CSR structure should be implemented by the company to ensure that its strategies are focused on ensuring the interest of its stakeholders to protect the interest of its customers and employees.
Strict legal and financial penalties should be imposed on employees who violate the policies of the enterprise to breach the data of its customers.
In conclusion, Westpac Bank has failed to implement appropriate policies to ensure the safety of its customers’ private data. Employees of the company have been engaged in unfair practices which resulted in leaking the confidential information of the clients. The company has failed to implement an effective CSR structure since this incident has happened many times. As per the stakeholder analysis, customers of the company are its key stakeholder who affects others as well. From an ethical perspective, the enterprise has failed to comply with its duties since it has failed to implement effective corporate governance policies. The company can address this issued by adopting a CSR structure which monitors the performance of employees, provide them ethical training and penalise their unfair practices. These corporate governance policies will assist Westpac Bank in address its ethical issues and sustaining its future growth.
1. Aguinis, H. and Glavas, A. (2012) What we know and don’t know about corporate social responsibility: A review and research genda. Journal of management, 38(4), pp.932-968.
2. ASX. (2010) Corporate Governance Principles and Recommendations with 2010 Amendments. [PDF] Available at: https://www.asx.com.au/documents/asx-compliance/cg_principles_recommendations_with_2010_amendments.pdf [Accessed 02/10/2018].
3. ASX. (2014) Corporate Governance Principles and Recommendations. [PDF] Available at: https://www.asx.com.au/documents/asx-compliance/cgc-principles-and-recommendations-3rd-edn.pdf [Accessed 02/10/2018].
4. Basta, C. (2016) From justice in planning toward planning for justice: A capability approach. Planning Theory, 15(2), pp.190-212.
5. Beschorner, T. (2014) Creating shared value: The one-trick pony approach. Business Ethics Journal Review, 1(17), pp.106-112.
6. Boulouta, I. (2013) Hidden connections: The link between board gender diversity and corporate social performance. Journal of business ethics, 113(2), pp.185-197.
7. Broad, C.D. (2014) Five types of ethical theory. Abingdon: Routledge.
8. Brown, S. (2018) Westpac bank breach: Former manager shared banking password of dozens of customers. [Online] Available at: https://cyware.com/news/westpac-bank-breach-former-manager-shared-banking-password-of-dozens-of-customers-d481a9b1 [Accessed 02/10/2018].
9. Crane, A., Palazzo, G., Spence, L.J. and Matten, D. (2014) Contesting the value of “creating shared value”. California management review, 56(2), pp.130-153.
10. Farrell, P. (2018) Westpac employee gave customer passwords to mortgage broker in serious data breach. [Online] Available at: http://www.abc.net.au/news/2018-09-10/banks-data-breaches-revealed-under-freedom-of-information/10207678 [Accessed 02/10/2018].
11. Ioannou, I. and Serafeim, G. (2012) What drives corporate social performance? The role of nation-level institutions. Journal of International Business Studies, 43(9), pp.834-864.
12. Poposki, C. (2018) Westpac employee gave 80 bank customers' passwords to a mortgage broker in heinous security breach. [Online] Available at: https://www.dailymail.co.uk/news/article-6150761/Westpac-employee-gave-80-bank-customers-passwords-mortgage-broker-heinous-security-breach.html [Accessed 02/10/2018].
13. Sowells, J. (2018) Australian Banks Security Breach, as Revealed by a Freedom of Information Request. [Online] Available at: https://hackercombat.com/australian-banks-security-breach-as-revealed-by-a-freedom-of-information-request/ [Accessed 02/10/2018].
14. Westpac. (2018a) Listening to stakeholders. [Online] Available at: https://www.westpac.com.au/about-westpac/sustainability/goverance-and-accountability/listening-to-stakeholders/ [Accessed 02/10/2018].
15. Westpac. (2018b) Who are we. [PDF] Available at: https://www.westpac.com.au/docs/pdf/aw/SIR06_BusinessReporting.pdf [Accessed 02/10/2018].
16. Westpac. (2018c) Board of Directors. [Online] Available at: https://www.westpac.com.au/about-westpac/westpac-group/board-of-directors/ [Accessed 02/10/2018].
17. Wintoki, M.B., Linck, J.S. and Netter, J.M. (2012) Endogeneity and the dynamics of internal corporate governance. Journal of Financial Economics, 105(3), pp.581-606.
18. Yazdani, N. and Murad, H.S. (2015) Toward an ethical theory of organizing. Journal of Business Ethics, 127(2), pp.399-417.