Imagine finding out you’re being laid off because an automated email drops into your inbox asking you to return your laptop. That’s exactly what happened to 100 bankers at ANZ last week.
Bruce Rush, CEO of ANZ Retail Bank, later apologised with, “it was not our intention to share such sensitive news with you in this way”.
Having spent most of my career in global financial services, where governance is supposed to be second nature, I’m at a loss to understand how this could happen. I feel for everyone involved
Last week, I wrote about handling layoffs with empathy. This week, I want to focus how to avoid undoing the good work with poor governance and control.
Governance and control are not the same thing
Governance and control are often mentioned together, but they’re not the same thing. Governance is the framework; the rules, responsibilities and processes that guide how an organisation communicates.
It sets out who has authority, how decisions get made, and what checks and balances are in place. Control is about the mechanisms that make sure those rules are followed. Think approval steps, version control, audits or clear stop/go points before a big announcement.
Put simply: governance is the framework, control is the practice. Together they protect both the organisation and the individuals involved making sure communications are accurate, consistent and aligned, while reducing the risk of mistakes and leaks.
Governance isn't glamorous, it's essential
Good governance protects both the organisation and the individual. It ensures decisions are made clearly, consistently, and accountably. It helps communicators manage the risks that come with scale: multiple stakeholders, overlapping priorities, and the sheer speed of today’s business environment.
Governance isn’t about slowing things down. The best frameworks are clear, consistent, and proportionate — offering just enough oversight to protect people and reputation, without creating unnecessary bureaucracy.
Five governance and control must-haves for sensitive communications
1. RACI: clarify who does what. Use a RACI chart (Responsible, Accountable, Consulted, Informed) to streamline decision-making. It defines who holds the pen, who signs off, who’s consulted, and who’s simply kept in the loop. Most importantly, it makes clear that only one person is accountable.
2. Automation boundaries. Automation is a powerful timesaver but when it comes to sensitive data, it’s a hard no for me. The risks are simply too high: a pre-loaded email firing too early, a system misreading time zones, or worse, everybody finding out before impacted individuals. Define when automation is appropriate and when it’s not. For sensitive communications, automation should only be used as a follow-up tool, after people have been informed in person.
3. Access control. Limit who can view sensitive documents and remove access when it’s no longer needed. Password-protect files and share passwords via a separate channel. This simple step prevents leaks and accidental forwards.
4. Version control. Avoid the chaos of “Final_v3” and conflicting drafts. Implement a clear versioning system so everyone works from the same document. Whether it’s SharePoint, Google Docs, or another tool document the process and stick to it.
5. Go/no-go authority. Establish who has the final say to press send. This decision point must be crystal clear to avoid premature or mistaken releases.
If you enjoyed this article, sign up for free to our twice weekly editorial alert.
We have six email alerts in total - covering ESG, internal comms, PR jobs and events. Enter your email address below to find out more: