Code of Conduct (18 marks)

Explain the main elements of code of conduct for service company.

1. Ethical guidelines: The code of conduct should outline the company’s ethical guidelines and
principles, including information on how the company expects its directors and staff to act with
integrity, honesty, and transparency.

2. Legal compliance: The code of conduct should provide guidance on laws and regulations that
the company must comply with. For example, information on anti-bribery laws, anti-corruption
laws, data privacy laws, and other relevant regulations.

3. Conflicts of interest: The code of conduct should address conflicts of interests, such as
situations where an employee’s personal interests may conflict with the interests of the company.
It should provide guidance on how to identify, manage, and disclose conflicts of interest.

4. Workplace conduct: The code of conduct should outline expectations for ethical workplace
conduct, including appropriate behavior, dress code, and language. It may also cover issues
such as harassment, discrimination, and bullying.

5. Financial integrity: The code of conduct should address financial integrity, including guidelines
for financial reporting, accounting, and internal controls. It should also provide guidance on
how to avoid conflicts of interest related to financial matter.

6. Gifts and entertainment: The code of conduct should provide guidelines on gift-giving and
entertainment, including information on what types of gifts are appropriate to give or receive,
and under what circumstances deemed as appropriate.

7. Reporting violations: The code of conduct should outline the process for reporting violations
of the code, including who to report and how to make a report. It should also provide protection
for whistleblowers who report violations in good faith.

Employees and the Corporation (17 marks)

Briefly explain the concept of living wages in HK.

According to Oxfam Hong Kong, a living wage refers to the salary an employee earns that not only
allows them and their family members to meet their basic needs, but also enables them to live a decent
live. This includes being able to afford a balanced diet, reasonable living space, social life, education,
healthcare and being able to save up for an emergency. In Hong Kong, the statutory minimum wage is
HK$40 per hour, but in ethical sense, the living wage should be not less than HK$60.1 per hour.
Compared to the gradually increasing in living wage since 2018, the minimum wage has been freezing
over the past four years of around HK$37.5, which severely impacted workers’ livelihoods. Although
it raised to HK$40, it might not sufficiently make for inflation, especially in terms of food and energy.
On the other hand, a living wage ensures workers can receive a higher level of income, leading to a
better quality of life, and improved wellbeing for workers and families. This could result in higher job
satisfaction, higher sense of belonging, and greater work incentives for employees.
Employers who pay a living wage will award the ‘Living Wage Employer Logo’ to acknowledge their
responsible wage policy, showing that they are ethical employer. This could definitely lead to a better
brand reputation, better staff morale, improved service quality, easier recruitment of gen z and
millennial talent, higher staff retention, and eventually create a positive impact for society.

What are the rights of employees especially employees’ privacy right in the workplace?

Employees’ privacy rights in the workplace apply to the employee’s personal items, which include
handbags, storage lockers and private email accessible only by the employee. New technologies enable
companies to gather, store, and monitor information about employees’ activities. Although management
justifies the increase in employee monitoring is to improve employee efficiency and prevent employee
misconduct, the company should balance between legitimate employer concerns and employee privacy.

Other employee privacy rights include the rights to freedom from harassment and discrimination of all
types. Although employer, in general, has no right to prevent office romance between consenting adults,
if there is any sexual harassment happened in the workplace, the employer must take action to address
the issue such as conduct investigation, take appropriate disciplinary action against the harasser, and
create a safe reporting environment for victims.

Employees have certain privacy rights when it comes to drug use and alcohol abuse. Generally,
employers have a legal and ethical obligation to provide and maintain a safe and healthy workplace for
their employees as well, which may involve implementing policies related to drug and alcohol use.
However, employers must balance their interests with respecting employees’ privacy rights. Employers
may conduct drug and alcohol testing as part of their safety protocols, but such testing should be
conducted in a fair and confidential manner. It’s also important for employees to familiarize themselves
with the company’s policies regarding drug use and alcohol abuse, as well as any applicable laws in
their jurisdiction.

Other privacy rights include expectation of fair wages, free speech, and whistleblower rights.
Employees generally have the right to express their opinions on work-related matters. However, it is
important to note that there may be limitations on free speech when it involves defamation, harassment,
or disclosure of confidential information. Whistleblowing involves reporting suspected wrongdoing or
illegal activities within an organization. Whistleblower is generally protected by specific laws and
regulations, such as Sarbanes-Oxley Act passed in 2002, Dodd-Frank Act of 2010, and U.S. False
Claims Act 1986, to encourage individuals to come forward with information about wrongdoing without
fear of retaliation. These laws provide legal safeguards for whistleblowers against actions such as
termination, demotion, or harassment in response to their disclosures.

Ethical decision-making (15 marks) – short case scenario

Evaluate and analyze director’s decision to lay off workers to cut cost by using ETHICS PLUS
model.
The ETHICS PLUS model consists of two parts: the ETHICS process includes six major steps in the
thinking process; and the PLUS standards are four key factors to consider in the decision making.

E: Establish the relevant facts and identify the ethical issues at stake.
T: Take stock of all the stakeholders involved. (Who are involved?)
H: Have an objective assessment of each stakeholder’s position.
I: Identify viable alternatives and their effects on the stakeholders.
C: Compare and evaluate each alternative with the PLUS standards.
P: Are there any violations to the professional, industry specific or company code of conduct?
L: Is it against the law?
U: Does it correspond with my self-values, such as loyalty and fairness?
S: Can I disclose my decision to others openly and honestly without misgivings?
S: Select the best course of action.

Ethics and Technology (25 marks) – long case scenario

Cybercrime, cybersecurity, information security and ransom attack

Threat of cybercrime

Cybercrime is a criminal activity done using computers and the Internet. It is a threat to organization
and the public. For example, anything from downloading illegal music files to stealing millions of
dollars from online bank accounts, posting confidential business information on the Internet, and also
non-monetary offenses, such as creating and distributing viruses on other computers. It usually
committed by individuals or groups gaining unauthorized access to a business organization through its
computer systems, i.e., hackers. There are three common motivations for hackers to hack, such as
financial-incentive motive (hackers hack to profit from their actions), retaliation motive (hackers hack
in retaliation against action or inaction by a company or government), and seeking media attention
motive (hackers hack to gain media attention for their political or social viewpoint or to boost their own
ego).

Costs of cybercrime

In US, the average cost of a data breach was over $7 million. Most costs were incurred during intrusion
detection and when attempting to recover. Significant costs were attributed to disruption of the business
organization’s computer system. Breaches also resulted in regulatory fines, legal costs and an increase
in the average cost for each lost or stolen record containing sensitive and confidential information.
Moreover, ransomware attack is a kind of cyberattack in which malware locks the data on a victim’s
computer and demands payment to decrypt the data. The costs that victims paid for ransomware can be
huge and significant.

Comments on HK Cyberport ransom attack

- Ransomware attack on city’s tech hub and its delayed reaction to data breach show there is no
room for complacency in cyberspace.
 - The news that Cyberport has become the latest victim of a ransomware attack has caused more
than just embarrassment. The data that has been leaked and subsequently exposed on the dark-
web includes sensitive personal information, such as details of staff identity cards, bank account
numbers, salaries and credit cards. They decided not to release details of the attack until the
theft came to light on social media.
- The delay in disclosing underlines the lack of urgency and sensitivity on the part of management.
This was also reflected in a suggestion that data was stolen from a shared drive with presumably
less protection.
o Set different level of right of access

Guidance on the ethical development and use of Artificial Intelligence

Objectives:
1. To provide guidance to enable organizations to develop and use AI in compliance with the
requirements under the Personal Data (Privacy) Ordinance (PDPO) and in an ethical manner.
2. To facilitate healthy development and use of AI in Hong Kong.
3. To facilitate Hong Kong to become an innovation and technology hub and world-class smart
city.
Data stewardship values:
1. Being respectful to the rights, interests, and reasonable expectations of stakeholders.
2. Being beneficial by providing benefits and minimizing harm to stakeholders.
3. Being fair by avoiding bias and discrimination.
Ethical principles:
1. Accountability: Organizations should be responsible and be able to provide sound justifications
for actions.
2. Human oversight: The level of human involvement should be proportionate to the risk and
impact of using AI.
3. Transparency and interpretability: Organizations should disclose their use of AI and relevant
policies and strive to improve the interpretability of automated decisions.
4. Data privacy: Organizations should put effective data governance in place to protect personal
data privacy.
5. Fairness: Organizations should avoid bias and discrimination in the use of AI.
6. Beneficial AI: The use of AI should provide benefits and minimize harm to stakeholders.
7. Reliability, robustness, and security: AI systems should operate reliably, be resilient to errors,
and be protected against attacks.

Preventive measures – build strong defenses to protect information and ensure stakeholder
privacy

1. Develop an incident-response plan for cyberattacks. These plans compliment the effort to
prevent access to information but also focuses on what to do when a breach occurs.
2. Use the white hatters’ computer skills to identify weaknesses in the company’s information
systems.
3. Raise awareness and empower people to protect their privacy, control their digital footprint,
and escalate the protection of privacy and data as everyone’s priority.
How to regain trust and confidence?

- Being transparent about the incident

- Promptly informing all stakeholders about the steps being taken to address the issue
- Engage in CSR practices

Shareholders and the Corporation (25 marks) – long case scenario – corporate governance

Directors’ executive compensation, principles of good corporate governance, institutional and

individual shareholders rights

Comments on the level of directors’ executive compensation

Setting executive compensation is a key board function. Due to the separation of ownership and control
of the company, executive compensation acts as a corporate governance mechanism to alleviate the
agency problem for aligning the interests of the corporation and its shareholders with those of its top
managers.

The executive compensation initially is based on pay-for-performance approach. Some supports that
managers are simply being rewarded for their outstanding performance. High salaries provide an
incentive for innovation and risk-taking as they offer individuals a tangible reward for their efforts and
contributes. They are more likely to be motivated to take on innovative and risky projects. Moreover,
high compensation reflects a shortage of labor. It is necessary to have high pay to attract top talent
because not many individuals are capable of running today’s large and complex organizations.

However, many critics feel that executive pay has become excessive. The executive compensation in
US by international standards is very high. It is said that inflated executive pay hurts the ability of US
firms to compete with foreign rivals. Executives may prioritize short term financial gains over long-
term strategic decisions that are necessary for sustained competitiveness. Unscrupulous executives may
become so fixated on their performance pay that they will do anything to increase the stock price, even
if this involves unethical actions. Secondly, high executive pays cause mid- and lower-level employees
to feel they are not receiving their fair share that widens the income gap within the organizations,
creating feelings of unfairness and resentment among employees. When employees believe that
executive pay is excessive, it can negatively impact the overall company culture that may erode trust,
decrease morale, and hinder teamwork. Also, empirical evidence finds weak relationship between
executive pay and company success.

What is corporate governance

Corporate governance refers to the process by which a company is controlled or governed.

The people who control are the board of directors: an elected group of individuals who have a legal
duty to establish corporate objectives, develop broad policies, and select top-level personnel to carry
out these objectives and policies.

Example of directors’ misconduct

 - EY: A female employee claimed she and another colleague had been sexually harassed by a
senior male manager, in the presence of her superior and several other staff – used female
subordinates as sexual resources for the benefit of their superior on top of workplace bullying
behaviors including maliciously searing and stigmatizing victims afterwards.
- Sex Discrimination Ordinance – illegal

Consequences of directors’ misconduct

The legal consequences of director’s misconduct in sexual harassment can include civil lawsuits,
criminal charges, and severe damage to the company’s reputation and financial standing, as well as
personal repercussions for the director such as fines, imprisonment, and difficulty finding future
employment.
- Damage to its reputation
- Loss of shareholder confidence
- Legal liability
- Financial loss

Principles of good governance / Suggestions to maintain good or improve corporate governance

1. Select outside directors to fill most positions, i.e., Independent Non-Executive Director (INED).
It can provide an independent perspective and bring fresh insights to the decision-making
process. They are not directly affiliated with the company or its management, which reduces
potential conflicts of interest and promotes objective decision-making. Outside directors can
help ensure that the board has a balanced mix of perspectives, lead to more robust discussions
and better decision-making, ultimately improved corporate governance.

2. Hold open selections for members of the board. It allows a fair and transparent process in
choosing board members. It also helps to ensure that the most qualified candidates are selected
based on their skills, qualifications, and suitability for the role, rather than being limited to a
closed or predetermined pool of candidates. Open selections enhance corporate governance and
contribute to the overall effectiveness and credibility of the board.

3. Hold elections for all directors annually. It is a common practice to ensure that the board of
directors is accountable to the shareholders and that the composition of the board is reflective
of the current needs of the company. The practice ensures that board is composed of individuals
who have the necessary skills, expertise, and experience to oversee the operations and strategic
direction.

4. Appoint an independent lead director. It is done to ensure effective corporate governance and
to maintain a balance of power within the board of directors. The role of an independent lead
director is to provide leadership and oversight, act as a liaison between the board and the
management, facilitate communication, and provide independent perspective on important
matters. It helps to enhance transparency, accountability, and decision-making within the
organization.

The ultimate goal of above suggestions is to diversify board membership, and eventually lead to good
corporate governance. Diverse board members bring different expertise and experiences, which can
lead to more comprehensive and well-informed decision-making. For example, Coca-cola is known for
its commitment to diversity and inclusion. The company has a diverse board that includes individuals
with various ethnicities, genders, and professional backgrounds.

Institutional and individual shareholders rights

Shareholders are the legal owners of business corporations, also called stockholders or investors.
Individual shareholders are people who directly own shares of stock issued by companies. Institutional
shareholders are those pension funds, mutual funds, insurance companies, and university endowments,
holding certain percentage of shares and they have a balanced and diversified portfolio that can provide
returns over the long term. The insurance company helps to invest on behalf of individuals. In US,
institutional ownership is gradually surpassing household ownership and become dominant. Below are
the major legal rights of shareholders:

1. To receive dividend if declared.

2. To vote on: members of board of directors, major mergers and acquisitions, charter and bylaw
changes, and proposals by stockholders.
3. To receive annual reports on the company’s financial condition.
4. To bring shareholder suits against the company and officers for misconduct.
5. To sell their own shares of stock to others.