- Retaliation: 53% of software engineers have suspected wrongdoing at work. For those who didn’t report unethical behaviour, fear of retaliation from management was reported as the top reason (59%).
- Gagging Clauses: Investigation finds settlement agreement between Worldpay and current BT CEO, Philip Jansen, contains a gagging clause banned by the Financial Conduct Authority. The investigation also sheds new light on settlement agreement clauses used by the Post Office in the wake of the Horizon IT scandal.
- Flawed Oversight: Despite software delivery metrics prioritising speed, the British public and software engineers agree it’s the least important factor. Instead, the public cares most about data security, data accuracy and preventing serious bugs.
As AI continued to bring public concerns about computer systems to the forefront, earlier this year FTX’s former Director of Engineering plead guilty to his role in wrongdoing at the now-defunct cryptocurrency exchange. Meanwhile, the Horizon IT Inquiry continues to investigate how faulty accounting software has been blamed for multiple suicides and what has been described as “the most widespread miscarriage of justice in UK history”, with those wrongly imprisoned including a pregnant woman.
53% of software engineers surveyed by the polling firm Survation say they’ve suspected wrongdoing at work. Of those who speak up, 75% report facing retaliation the last time they reported wrongdoing to their employers. In instances where software engineers stayed silent, the top two reasons cited were potential retaliation from management (59%) and potential retaliation from colleagues (44%).
Some companies have also sought to bypass public interest disclosure laws by getting employees to agree to warranty clauses during severance stipulating they know of no grounds to make protected disclosures. Such protected disclosures can include matters related to criminality, failure to comply with legal obligations, miscarriages of justice, health and safety dangers, or environmental damage.
Despite these workaround clauses being banned by the Financial Conduct Authority (FCA) in 2016, the investigation has found that they continued to be used in a financial institution – as evidenced by a settlement agreement between Worldpay and current BT CEO, Philip Jansen. The agreement lists automatic unfair dismissal for making a protected disclosure as a “particular claim” settled under the agreement and in exchange for signing the agreement Mr Jansen was paid £251,282 as a severance payment, the first £30,000 of which was tax-free, in addition to a £20,000 plus VAT contribution to legal fees, £3,700 plus VAT in outplacement counselling services and £100 for agreeing to post-termination restrictions.
Commenting on the settlement agreement between Worldpay and Philip Jansen, Professor Richard Moorhead, Professor of Law and Professional Ethics at the University of Exeter, said: “If the clause is in breach of the FCA rules then this is a serious matter that I would expect them to look into, identify the senior people responsible, and take appropriate action. Any lawyers on top of their brief and involved in drafting such a clause would, I think, be expected to advise their clients that such clauses were inappropriate under FCA rules.”
With engineers feeling unsafe to speak up, the investigation has also found the “industry standard” metrics frameworks used to assess software teams are flawed. Whilst Google’s DORA team has continued to use metrics that prioritise speed (and volume) to measure the delivery performance of software teams, a nationally representative poll of British adults ranked “getting the latest features as quickly as possible” least important to them when using computer systems (22%). Of the 10 different dimensions measured, the public was most likely to agree “to a great extent” that data security (62%), data accuracy (55%) and ensuring there are no serious bugs (55%) mattered to them. Of 8 dimensions, software engineers were least likely to agree “to a great extent” that “delivering work quickly” was most important to their jobs (33%); instead being able to provide for their families (52%), delivering work that is highly reliable (51%) and ensuring their work kept data secure (47%) came top.
Additionally, whilst newer frameworks have focussed on the use of surveys within team settings; the investigation found, alongside the risk of retaliation for speaking up, 1 in 6 software engineers feel unable to express ideas or concerns, speak up with questions, or admit to mistakes, without fear of negative consequences. Nearly 1 in 4 software engineers said they were unable to take calculated risks without fear of negative consequences. Prior research identified in the investigation has also shown that “those with the lowest programming skill” are most likely to be most over-optimistic at evaluating software delivery performance in large projects. With 44% of those who didn’t report wrongdoing attributing fear of retaliation from colleagues as a reason, the study highlights the need to ensure subjective employee feedback mechanisms are not used as a tool for retaliation.
Commenting on the entire investigation, Dr Junade Ali CEng FIET, the Principal Investigator of the study, said: “Recent developments demonstrate the fundamental importance of software engineers being free to raise the alarm when they become aware of potential wrongdoing; unfortunately our research has highlighted that software engineers are not sufficiently protected when they need to do so. From software engineers facing mass retaliation for speaking up and banned gagging clauses still being used, to ‘industry-standard’ software development metrics not considering the public’s risk appetite; this investigation has highlighted systematic and profound issues with society-wide impact, given how integral computers are to all our lives. Our investigation has shown a tendency for problems to be swept below the rug until they reach boiling point rather than addressed, this is neither compassionate nor honest for those involved.”
In relation to the Worldpay settlement agreement, the Solicitors Regulation Authority said: “It’s not clear that any solicitors were involved in this matter. The FCA as Worldpay’s regulator will investigate this matter and if they felt that any solicitors were involved in drafting agreements that breach our rules, they would refer them to us through our agreed channels.” … “We were made aware in 2018 that solicitors potentially could be forgetting their legal obligations when drawing up settlement agreements and were including NDAs that were not compliant with the law. That led to us putting out a warning notice in 2018 that we updated in 2020 to make sure the profession did not breach its obligations. Solicitors should uphold the rule of law and proper administration of justice, after all.”
FIS who own Worldpay, Phillip Jansen, the Post Office and the Financial Conduct Authority did not respond to requests for comment. BT Group declined to comment. Detailed responses from Professor Richard Moorhead, the Solicitors Regulation Authority and the Post Office can be found in the report.