Dailyhunt
News|Video|Viral
Moonlighting and Conflict of Interest in Indian GCCs: The HR Governance Problem Companies Cannot Ignore

Moonlighting and Conflict of Interest in Indian GCCs: The HR Governance Problem Companies Cannot Ignore

NASSCOM Insights 2 days ago

Moonlighting and Conflict of Interest in Indian GCCs: The HR Governance Problem Companies Cannot Ignore

Moonlighting is no longer a casual HR issue.

For Indian Global Capability Centres, it has become a serious governance question.

A GCC employee may work on sensitive technology systems, source code, customer support processes, payroll data, internal finance records, legal operations, HR analytics, cyber security, procurement, research, or product development. If the same employee takes up outside work without disclosure, the problem is not limited to whether the employee is working extra hours.

The real issue is conflict of interest.

Could confidential information be exposed?
Could client data be misused?
Could intellectual property be compromised?
Could the employee's productivity or availability suffer?
Could the employee be working for a competitor, vendor, customer, or related business?
Could the GCC face legal, cyber, contractual, or reputational consequences?

For GCCs, moonlighting should therefore be treated as a workforce governance issue, not merely as a matter of employee discipline.

Why the moonlighting issue matters more in GCCs

GCCs are not ordinary workplaces. They are deeply integrated with global businesses. Indian employees may support overseas parent companies, group entities, clients, products, platforms, compliance systems, and shared services.

This creates two specific risks.

First, employees may have access to sensitive information far beyond their immediate job title. A mid-level employee may have access to global customer data, internal dashboards, confidential technical documents, financial reports, legal templates, product roadmaps, or access credentials.

Second, GCC employees often work in hybrid or remote settings. Remote work has improved flexibility, but it has also made it easier for undisclosed outside work to go unnoticed. The concern is not every side activity. The concern is undisclosed work that conflicts with the employer's business, uses employer resources, affects work performance, or creates legal exposure.

EY has noted that moonlighting in India's technology sector exposes companies to strategic, operational, financial, and compliance risks, and that companies need clear policies, internal controls, and sanction frameworks.

That is exactly where GCCs need to focus.

The legal position is not simple

There is often a mistaken assumption that moonlighting is either completely illegal or completely permitted. The legal position is more nuanced.

Indian law does contain restrictions on double employment in specific contexts. For example, Section 60 of the Factories Act, 1948 states that no adult worker shall be required or allowed to work in any factory on a day on which the worker has already been working in another factory, except in prescribed circumstances.

However, this does not automatically answer the question for all GCC employees, especially those in IT, services, corporate functions, or white-collar roles. The legal analysis often depends on the employment contract, standing orders where applicable, company policies, nature of work, confidentiality obligations, conflict of interest rules, and facts of the case.

The Model Standing Orders also recognise the concept of exclusive service in certain industrial employment contexts. But for many modern GCC roles, the practical control point is still the employment contract and internal policy framework.

This is why GCCs should avoid vague statements such as "moonlighting is illegal" or "dual employment is always allowed". Both positions are too broad.

The better approach is to define what is prohibited, what requires disclosure, and what may be permitted.

Not every outside activity is misconduct

A balanced policy should distinguish between different kinds of outside activity.

For example, an employee teaching a weekend course, writing a book, volunteering, mentoring startups, speaking at events, or doing occasional non-conflicting freelance work may not create the same risk as working secretly for a competitor or vendor.

The real risk arises when outside work:

  1. Conflicts with the employee's current role
  2. Competes with the employer's business
  3. Uses company resources or devices
  4. Uses confidential information
  5. Affects availability or productivity
  6. Breaches client obligations
  7. Creates data security exposure
  8. Violates working-hour, exclusivity, or disclosure obligations
  9. Involves a vendor, customer, competitor, or group company conflict

GCCs should not use one broad rule for every situation. A policy that treats all outside activity as misconduct may be difficult to administer fairly. A policy that permits everything silently is equally risky.

The right model is controlled disclosure.

The contract should speak clearly

Many employment contracts contain broad language on full-time employment, exclusivity, confidentiality, non-solicitation, IP ownership, and conflict of interest. But these clauses are often copied from templates and not connected to actual GCC risks.

A GCC employment contract should clearly state:

  1. Whether the role is full-time and exclusive
  2. Whether outside work requires prior written approval
  3. What kinds of outside work are prohibited
  4. What must be disclosed
  5. What counts as conflict of interest
  6. Whether company assets, devices, software, data, or time can be used for outside work
  7. What continuing confidentiality obligations apply
  8. What disciplinary consequences may follow

The policy must also be practical. Employees should understand what they can and cannot do. HR should not need to interpret vague clauses each time an issue arises.

Confidentiality and data security are central

For GCCs, the strongest reason to regulate moonlighting is not moral judgment. It is confidentiality and data security.

An employee working for another entity may consciously or unconsciously carry information from one workplace to another. In technology, consulting, finance, legal operations, HR, and data roles, even general knowledge can be commercially sensitive.

This is especially important where the employee has access to:

  1. Source code
  2. Product roadmaps
  3. Client data
  4. Pricing information
  5. Internal process documents
  6. Cyber security protocols
  7. HR data
  8. Payroll information
  9. Legal records
  10. Vendor negotiations
  11. Customer support systems
  12. AI models or training datasets

The GCC's response should therefore combine HR policy with IT controls. Contracts alone are not enough. There should be access management, device control, role-based permissions, data loss prevention, logging, exit checks, and clear reporting channels.

HR should not investigate casually

When moonlighting is suspected, GCCs must be careful. A rushed or poorly documented investigation can create employment disputes.

The company should first identify the basis of concern. Is there evidence of outside employment? Was company time used? Was confidential information accessed? Was there a conflict with a vendor, client, or competitor? Was the employee's performance affected? Was there a policy breach?

The employee should be given a fair opportunity to respond, especially where disciplinary action is being considered. Evidence should be preserved properly. HR should avoid informal accusations or public embarrassment. If the matter involves data theft, client breach, cyber incident, or IP misuse, legal and information security teams should be involved early.

A strong process protects the company and also reduces the risk of arbitrary action.

What GCCs should do now

GCCs should take five practical steps.

First, review employment contracts and HR policies. Ensure that exclusivity, outside work, conflict of interest, confidentiality, IP, device use, data access, and disciplinary clauses are clear.

Second, create a disclosure and approval mechanism. Employees should know how to disclose outside engagements and when approval is required.

Third, classify risk. Not all outside activities require the same response. High-risk roles involving client data, code, financial systems, HR data, security access, or legal records may require stricter controls.

Fourth, train managers. Many moonlighting issues first surface through reporting managers, not HR. Managers should know when to escalate and what not to do.

Fifth, connect HR policy with technology controls. GCCs should monitor access appropriately, revoke unnecessary permissions, limit data download rights, and maintain audit trails.

The leadership point

Moonlighting cannot be solved only by inserting a harsh clause in an appointment letter. It needs a governance design.

A GCC must decide what it is trying to protect: productivity, confidentiality, client commitments, intellectual property, data security, or conflict-free employment. Each objective needs a slightly different tool.

The strongest policy is not the most aggressive one. The strongest policy is the one that employees can understand, HR can enforce, and courts or regulators can view as reasonable.

Conclusion

Moonlighting in Indian GCCs should not be treated as a simple yes-or-no issue. It sits at the intersection of employment contracts, workforce ethics, confidentiality, data security, productivity, and corporate governance.

The right response is not panic. It is structure.

GCCs should build clear employment policies, require disclosure of outside work, define conflict of interest carefully, strengthen confidentiality and IP protections, connect HR rules with IT controls, and follow a fair process before taking action.

In the GCC model, employees are often connected to global systems and sensitive business information. That makes undisclosed dual employment more than an HR concern. It is a governance risk that leadership must address before it becomes a dispute, breach, or client confidence issue.

GCC India employment HR data security


Disclaimer

This content is a community contribution. The views and data expressed are solely those of the author and do not reflect the official position or endorsement of nasscom.

That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.

Download Attachment

Dailyhunt
Disclaimer: This content has not been generated, created or edited by Dailyhunt. Publisher: NASSCOM Insights