As I have mentioned in another blog, Pedro and I strongly believe that every member of the team should be empowered and — contrary to Mexican company customs — making mistakes is ok as long as you have a logical reason for having made that decision and we all make sure that the same mistake is not repeated.
Last month, we ran into a sticky problem that challenged that idea. A long-time collaborator (over three years) from the accounting/finance department approached us with an idea: give him part of the portfolio of uncollectable accounts and pay him a percent of what he could recover. This idea is not new or novel. Lots of credit companies “sell” their uncollectables, though we are not yet doing it. It seemed like a good way of getting our toes wet on this potential additional revenue stream.
This particular manager had brought us different ideas over time, many of which we have implemented. For a while, he became the supplier of fresh fruit to the office and has handled, via his grown children, customer deliveries for us. We have known him to be reliable, hard-working and honest. In the past, he managed his accounting responsibilities very well. You probably already suspect where this is going. Not a good place.
We authorized him to take a subset of the uncollectable accounts and start there, giving him a good piece of whatever he could recover. Two things happened that got him in more trouble than anyone could foresee:
- First, because of his long-time position as manager in the finance department, he had full access to our customer database (very few in the company have this and only veteran employees at that)
- Second, one of his sons had been recently hired as a customer service rep
When we approved him collecting on a subset of our “dead” accounts, the plan was for our collections area to give him the list. He decided to be proactive and jump the gun and downloaded directly what he thought were the bad accounts. He then gave them to his son, so customer service could send a message to start collections on those accounts.
What happened next was fairly disastrous. He had downloaded the wrong list and it included all sorts of customers, not just those late in payments. His son, a recent hire with no experience or training on mass emails since it was not his area, sent a note to the whole list as CC:, not BCC:. Thus a number of our clients, some that were late, some that were not, all got a collections notification and, even worse, saw each others’ email addresses. And to top it off, a number of our advisors and key investors had applied for loans in the past and some of them were also on the email list.
After a thorough investigation that started as a suspected hacker attack, we unraveled the whole thing. At no point was there any malice, since there was no personal gain to having sent the email, other than increasing our collections, and our father and son employees getting their commission. It truly was an unfortunate mistake based on good intentions by a loyal and good employee.
So in recap, an employee saw an opportunity for the company and him to benefit, asked permission to do it, proposed a win-win, and went ahead and executed the idea. He made some key mistakes in the last part, but how could we blame him for doing exactly what we encourage ALL our folks to do: take initiative and think of ways to help the company?
In the end, we decided that his unauthorized downloading of part of our client database, even if it was not for nefarious purposes, crossed a line of trust he could not walk back, so we had to let him go. In the process, we lost a good and loyal accounting manager. Unfortunately his son too lost his job, for also crossing a line of trust by sending a mass email without authorization. We of course now have more focused policies, procedures and technology in place to prevent a repeat. Yes, after this particular horse left the barn.
We always tell our team that they should take charge and make decisions. We want a company that has empowered team members. But maybe not that empowered? How much is too much? Can you write rules and procedures to foresee every case of well-meaning enthusiastic screw-ups?
We explained to our other managers what happened, though now we are afraid that the nuance of their colleague being let go for violating privacy rules, and not for trying to do something new for the company, might be lost on them. We’re afraid of the perception that we talk a good game, but when it comes down to it, if you try something new, you will get fired. That would be yet another bad outcome of this whole sad incident.