The Problem With Hush Money At Work

This article explores the ongoing news that Worldline SA and it’s subsidiary Payone together with their lawyers, Orrick UK (Orrick) offered hush money to a vulnerable former employee of PAYONE. Just imagine the power differential between an unrepresented employee going up against the superior firepower of a global law firm that in addition employs unfair tactics.

In 2022 a Payone employee made protected disclosures alleging that Payone GmbH was in serious breach of (1) The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulation 2017 (2) The Pensions Act 2008 (3) Employers’ Liability (Compulsory Insurance) Act 1969.   

The principle we aim to drive home is that the illegal activity could have been serious sexual harassment, racial harassment, or other misconduct. Whatever it is it should not be subject to withdrawal or other unfair tactics using NDAs.

If you remember the Harvey Weinstein incidents, then you may of course recall the #MeToo Movement. The movement achieved two things. Firstly, it empowered women who had been abused and taken advantage of to speak up, creating a solid community of empowerment that still rings true today. Secondly, it exposed the deep-rooted, and unfortunately common relationship between hush money and the suppression of illegal activity.

Sexual harassment, fraud, racial harassment, and regulatory misconduct is nothing new in many workplaces. Any woman walking home alone at night or on her lunch break around town can attest to that. In fact, One Study conducted by UN Women UK found that 97% of women between the ages of 18-24 were victims of sexual harassment while just going about their daily lives.

Suppression of the above only does harm and the NDA is a key tool that those in power (in this case Orrick) wield as a way of impeding, deterring, and preventing investigations. Shutting the investigations down so that the regulatory bodies are unable to fully do their work. For example, one of the disclosures alluded to the Payone failure to take out Employer’s Liability Insurance between 2012 and 2017. Use of insecure online translation tools to translate documents such as monthly invoices. Would you scan your bank statement or other financial information onto an online website to make sense of it; would you want to know if bank staff was doing that with your company data? Here Are The Risks of taking confidential data to online translation websites. What if the disclosures of Anti-Money Laundering were wider spread and or facilitated serious crimes that impacted our everyday lives? i.e. money laundering, terrorism, data breaches, etc. What about the pension disclosures alleging that Payone GmbH illegally failed to auto-enroll UK employees into pension schemes for many years, and attempted to conceal the violation from employees?

These are all disclosures that Orrick tried to suppress or even shut down!

Firms such as Orrick are only allowed to exist based upon the rock that is integrity and ethical values that the public expects them to uphold. Why on earth would Orrick request that such investigations are withdrawn?! It just does not make sense, yet this is exactly what they did in a December 2022 correspondence to the former PAYONE employee who made the Protected Disclosures; fully instructed by Worldline SA and Payone GmbH senior staff. 

What are Protected Disclosures?

In the UK, a protected disclosure at work is covered by the Protected Interest Disclosure Act 1998 which protects employees from retaliation if they report relevant information regarding wrongdoings at work. Examples of Protected Disclosures could be acts of racism or sexual harassment, to misappropriating public/corporate funds, criminal acts, breaches of law, and any other form of gross misconduct. Oh, and the stuff that is disclosed about Worldline and Payone above. For any geeks out there, you can read the publicly available legislation HERE for free.

How does hush money work then?

An NDA can often be nestled within a settlement agreement and also known as a non-disclosure agreement, is usually between two parties that prevent the disclosure of information to the outside world.

Clearly, Orrick was seeking to facilitate a hush money deal when their proposal offered money for the withdrawal of Protected Disclosures. Just think, if the former employee had agreed and taken the money, this article could not be written, Worldline SA, Payone GmbH, and members of its Corporate Group could skip away without any investigation into serious disclosures. Even if the regulators decided to continue investigating there would be little credibility to it because the individual who made the disclosure no longer supports the investigation. 

Wirecard

Do you remember Wirecard?, The Firm Was Shut Down By Regulators For Financial Fraud?  They were involved in one of the biggest banking frauds in German history. It is widely conceded that the Wirecard fraud should have been stopped earlier and auditors failed to detect it perhaps due to Wirecards skillful concealment. Worldline and Payone GmbH were at the time Wirecard’s close competitors.  

Whilst no law can prevent a Wirecard from reoccurring again it certainly does not assist the regulators when competitors make requests for Protected Disclosures to be withdrawn.  The employee in question told Loopline media:

 “Payone targeted the Protected Disclosures by requesting that I withdraw the disclosures. It may be prudent that they rather target the issues within the disclosures to identify and withdraw any wrongdoing that may impact the employees at the company long term. A recalibration of perspective is required at the company.

Given the Wirecard context, one would be forgiven for thinking that Payone asking an individual to withdraw regulatory Protected Disclosures would be the last thing on their to-do list. You just could not make this stuff up! That’s my opinion and the extent of the Wirecard comparison to my knowledge”.

The journalist Dan McCrum who helped to bring down Wirecard features in the below Netflix documentary called Skandal:

If In Doubt, Should I Kick It Out?

Using hush money or getting victimised employees to withdraw their Protected Disclosures come with many downsides for all involved. Orrick now faces several questions as to why they felt it was okay to propose such an offer to an individual suffering from mental health difficulties. Why did they only propose just 5 days for the individual to respond? And why they proposed a clause knowing that such a clause was not legally enforceable? Difficult questions for Orrick to answer.

For the victim involved the detriment is one of emotional injury from undue unfair pressure. They are placed in a position of fear where the power dynamics are already unbalanced. Clearly, they may suffer damage simply because they brought forward genuinely protected disclosures in good faith and to compel changes at the company Payone, in the public interest.

While this “Orrick” example is by no means how ALL such NDAs are conducted, if you feel you are being asked to withdraw disclosures about illegal activity in exchange for money, you should seek a lawyer’s advice as urgent.

Simply put, asking an employee to withdraw their protected disclosure and signing an NDA forces the victim to be silenced by the perpetrator or by an organisation that wants to keep this kind of behavior hushed.  

Orrick tactically did not inform the former employee that such a proposal was unenforceable. It is under the false premise that the proposal would be enforceable that makes it is rooted in unfairness. 

Places Other Existing Employees and Clients at Risk  

Having a victim withdraw their Protected Disclosures puts the rest of the staff at risk, particularly in cases of continuing sexual harassment.  The same goes for existing clients, who for example, may never know if it was one of their transaction data (invoices) that may end up on a dodgy website or search engine. Silencing one victim means that a company is potentially allowing the misconduct in question to continue. 

While this could eventually become a much larger issue among the staff, the short-term benefit seems to be in the company’s best interest.

So, Who Can Protect The Employees?

So, companies who behave like Worldline, Payone and Orrick do not exactly have free reign to do whatever they like. Dressed fully in a proverbial cape with eyebrows raised are the Solicitors Regulation Authority, or the SRA. It is their job to restrain and check that law firms such as Orrick cannot behave in the way described in this article. Orrick has a professional duty under Principle 2 of the SRA principles, for example, to act: 

 “in a way that upholds public trust and confidence in the solicitors’ profession and in legal services..” 

The SRA Warning Notice 2018/2020 (a must-read) states that an NDA that is used to prevent someone from making Protected Disclosures or reporting regulatory misconduct is considered improper.  Law firms such as Orrick could face disciplinary actions for making the above hush money proposals. 

Beware of the tactics

  1. Victims who sign NDAs under duress and time pressure from often powerful law firms can be prone to unfair tactics as demonstrated by Orrick. Tactics to pressure a victim into signing an NDA often include things like imposing an artificial time limit to sign it or using threats of termination. 
  2. Threats of “life-changing costs” may be explicitly threatened or inferred by the employer’s lawyers to persuade or coerce individuals to drop disclosures or ongoing court cases.  
  3. Even though the victim might have grounds for a legal case, an employer may turn that argument on its head and make it seem like they can go after the victim for trying to defame their image in a public setting with any kind of lawsuit if they don’t sign an NDA, or if they disclose illegal activity thereafter. 
  4. Taking unfair advantage of unrepresented victims by brazenly requesting withdrawal of Protected Disclosures in exchange for money. Such proposals are made by high-powered lawyers and victims are not normally aware of their legal rights meaning the employer can get away with it until such time the victim becomes aware that the clause is unenforceable. 

It’s not that the NDA itself is necessarily unethical; in some cases, they are a good closure to a difficult relationship with employers or ex-employers. However more often than not, they’re a sign of a much larger problem and companies that want to avoid negative attention will, ironically, always find themselves embroiled in controversy. The truth always comes out. It’s just a matter of when not if.

To Employees, Knowledge Is Power

It can be tempting to want to sign an NDA for fear of retaliation. After all, we need money to survive and the threat of losing employment or our reputation can make us feel like we’re between a rock and a hard place.  

However, the reality is that it’s the ones asking us to withdraw our protected disclosures and sign NDAs that are really the ones who are between a rock and a hard place. Because, once we speak out, their reputation and their company are at risk. Always read carefully all such documents and where financially possible seek legal advice. 

Loopline media thrives on providing true examples in all our articles to heighten the reality of the challenges faced in the workplace. Loopline media is not a legal entity, and this article is not legal advice. All individuals suffering from any issues discussed in this article should seek immediate legal advice.

@loopline media

london, willis building, reflection-3529954.jpg

This Article is brought to you by

Loopline Media

Catch up with the Author

Facebook-f Twitter Linkedin

Subscribe Now to Get Regular Updates

Search

Post-Brexit: data protection
Card processor sends sensitive data to wrong address
24 August 2022

Worldline SA subsidiary Payone GmbH has been accused of breaching data protection rules after it sent sensitive employee payroll information to the wrong address by accident. The Worldline Group holdS a 60% stake in the Frankfurt based company who have a small UK market presence.

In June 2021, one of Payone GmbH’s ex UK employees (the data subject) received a “potential data breach notification” from the firm advising him that his salary, National Insurance data, nationality (Special Category Data) was amongst various bits of information sent to an incorrect home address.

This included personal information such as the former employees name, age and address.  It also included details such as the date of birth and the amount of annual work bonus he received in his bank account amongst other identifiable data.

Payone GmbH confirmed that this document was sent out in error following an employee making a mistake when re-entering data processed by their third-party payroll provider.  The error arose when the employee was fulfilling an Article 15 GDPR request. The error was spotted by the data subject when he noticed in an email version of the document that the postal address was incorrect. An attempt to notify Payone GmbH of the error went in vain as the document was already irretrievably despatched.

The data subject was alarmed with the incident which exposed him to the possibility of fraudulent activity, amidst reasonable fears his data could end up on the dark web and used by criminals.  Habitually resident in the UK he complained to the Information Commissioner’s Office (ICO) in June 2021. He similarly raised the concern in Germany via The Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

The ICO reprimanded Payone GmbH for the error in their final decision letter.
Similarly, the HBDI cited a violation of Article 5(f) of the General Data Protection Regulation (GDPR) relating to integrity and confidentiality.

The ICO stated in their July 2021 findings that Payone GmbH, “should take steps to ensure that all personal data records are accurate and up to date. Holding inaccurate information, such as addresses, does increase the risk of personal data breaches and poses risks to the security of information”.

The HBDI confirmed in their October 2021 findings that Payone GmbH had taken remedial action. They concluded that a monetary fine would not be imposed on Payone GmbH as they had taken technical and organisational steps in response to the data breach. Data subjects could now request their data in an autonomous portal.

The GDPR, which came into effect in 2018, gave the Information Commissioner’s Office greater powers to tackle data breaches. The new ‘UK GDPR’ charts its own course after Brexit whilst seeking to maintain EU GDPR adequacy.  In extreme scenarios, organisations face penalties of up to £20m or 4 per cent of their global worldwide turnover, whichever is more.

In the years prior to GDPR, the ICO fines were capped at £500,000.

The data subject said: “I am just glad I spotted it; they were going to resend the document again to another wrong address. Prior to Brexit the process would have been commenced via the ICO who in turn would liaise with the HBDI on the data subjects’ behalf; but I found myself communicating with both authorities separately which was an additional step but in the end was surprisingly
effective. Unfortunately, Payone GmbH again sent my incorrect address to the
Workers Pension Trust in January 2022, and documents yet again went to the wrong address. In my opinion they have not learned from the first time and my complaint is sitting with the ICO yet again”.

The former employee is pursuing a remedy under Article 82 UK GDPR via
the Court’s of England & Wales.

Extraordinary Experiences

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Our Core Values

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
  • Locavit liberioris possedit
  • Diremit mundi mare undae
  • Spectent tonitrua mutastis

We use cookies to improve user experience and analyse website traffic. By clicking ‘Accept’, you agree to our website’s cookie use as described in our Privacy Policy.

Accept
Decline
Accept
Decline