Category Archives: Latest News

Dispute Resolution – Do You Know The Facts?

Disputes are costing businesses in England and Wales an estimated £11.6 billion each year, with the average amount of resolving the dispute reaching nearly £17,000 in time and money. The largest cause of disputes? For 72% of small businesses, legal struggles are put down to late or non-payment.

The data from the Federation of Small Businesses also found that half a million businesses had disputes which were unresolved, with 19% taking their case to court. However, with only 43% of businesses dealing with a disputer informally or semi-formally, it’s clear that more organisations could benefit from more information on the subject.

As a business owner, you manage and oversee all areas of the business; interacting with a variety of employees, business partners, agencies, contractors and clients. Therefore, it’s to be expected that at times conflicts and issues – however unwarranted – will arise. However, managing these disputes effectively will help to maintain business relationships and brand image, and minimise any damages which may occur.

If a dispute gets out of hand, then litigation may be the only option left. Yet, not all disputes need to get to that stage. At present, only one in ten resolve their issue using alternative resolution methods such as mediation or arbitration – but, using such alternatives can avoid costly legal expenses.

Mediation resolves misunderstandings and involves a third-party mediator who aids the parties in reaching a settlement. It’s more than likely that a mediator does not have authority to make a binding decision, and is there to oversee the matter instead with an objective view.

Mediation is private and confidential, meaning that disputes are kept away from the public spotlight, and is often the first step. The cost of a mediator is often shared between those involved.

If still unresolved, the next possibility is arbitration.

Arbitration involves submitting a dispute to an impartial person who will then determine a binding decision. The arbitration process does not follow any of the normal legalities when supplying evidence.

An arbitrator may ask for documentation related to the case, and once reviewed will submit a decision.

When compared with mediation, arbitration is a formalised process of dealing with a dispute and reaches a binding decision. Mediation allows either party to withdraw at any time, whereas with arbitration those involved are committed to resolving the dispute.

If the dispute still remains, then businesses may be involved in litigation.

Types of dispute which your business may find itself involved in include employment, contract, fiduciary and commercial.

Below we have listed the most common types of dispute and how they can be resolved.

Employment Dispute

Disputes with employees can arise from a range of issues such as; unfair treatment, unclear job roles, poor communication and working environment and discrimination claims.

Often, employee disputes can be avoided by ensuring that an employment contract is watertight and covers every eventuality. All employees are entitled to a written contract within the first two months of their employment with an organisation. However, it’s worth remembering that verbal contracts should also be upheld – although they are hard to prove in a court of law. To ensure that your business is covered keep all contractual agreements in writing to prevent a dispute arising. This includes covering details which you may deem obvious to state.

As an employer, you should confront disputes head-on, rather than let issues fester. However, this can be tricky if a dispute arises which is outside of the remit that you usually deal with – for example, if you aren’t familiar with the inner workings of a particular department with which the dispute is contained, it can prove difficult to solve.

To effectively manage employee disputes, you should aim to take action as soon as you have evidence of the issue, understand employee boundaries and enable employees to know when a line has been crossed, respect employee differences and confront tension.

To aid management of disputes and grievances, you should set out a policy which details expectations of employees and how such situations will be handled. This can help to make the company stance clear and set out a path to be followed if required.

Director and Shareholder Disputes

When a company is started, little is often thought to what happens if a dispute arises. After all, it’s likely to be the last thing that a business owner or shareholder has on their mind when they start a business. However, disagreements and disputes can occur when relationships between parties break down.

Disputes can derive from a variety of issues such as, disagreements over strategy, level of dividends, salaries paid to shareholders, service contracts and remuneration, conflicts of interest and disproportionate contributions of money or time from shareholders. This list is by no means complete, and these issues can have a devastating effect on director and shareholder relations, and the business in question.

To avoid shareholder disputes, it’s advised that you draw up an agreement which covers likely causes of disputes, financing of the organisation, dividends, directors fees and salaries, responsibilities for key business areas, company objectives and authority required to take certain actions. The agreement should also aim to predict future eventualities as best as you are able to – this will help minimise any future conflicts which may arise in the future. A shareholder agreement should also detail that a majority or all shareholders are required to give approval before the business is bound to a certain development or policy.

To guarantee board members and directors are effective in their role, an open communication policy can help to ensure issues are discussed openly. Before a board meeting an agenda should detail the topics which will feature in the meeting and give directors the chance to reach a consensus prior to the discussion.

Directors are legally required to declare any conflicts of interest which they may have and not use their position to make private properties at the company’s expense.  This is due to the legal responsibilities that director’s hold, which include loyalty, good faith, and duty of care, diligence and skill to aid the success of the company. If these duties and responsibilities are not upheld then they could be disqualified as a director, fined, face criminal prosecution, or made responsible for the company’s debt.

Directors should have the courage to speak up if they feel that a board member is acting improperly. For example, if a simple mistake was made or process overlooked this should be bought to attention and rectified. However, if you feel that a board member is acting deliberately improperly, then you should ensure that there is evidence of your objection in writing, meeting minutes or take legal advice.

If you are found to be taking a blind eye this is not enough to protect you. As a director, you are responsible for keeping yourself informed about what is going on in the business and participate in management meetings.

Commercial Disputes

A commercial dispute often occurs when payment has defaulted on delivery of goods, issues concerning payment or finalisation of a project, and any issues regarding contract obligations.

If you receive notification that your business is part of a commercial dispute, then you should look at the matter immediately. Most formal notifications will include a date which you need to respond or take action by.

To handle a commercial dispute, you should review the terms of your agreement and how clear it was, before discussing how either (or both) sides failed to live up to that expectation. If either side has suffered a loss this should be detailed, alongside any other evidence which you may hold, such as contracts, correspondence, witness statements etc. Any negotiations or attempts to resolve the issue should also be documented.

If the claim is financially driven, then you should take into account the party’s ability to pay by running a credit check. If the case does go to court, then you will want to consider how the costs of proceeding to trial will weigh up against the cost of remuneration.

Going to court can also set a precedent for other suppliers, clients or business partners who may feel the same way. Therefore, avoiding such a public setting, and settling out of court, can help to prevent the case from being made public. Remember to include a confidentiality clause in your settlement.

Where you are required to have an ongoing business relationship, then an amicable settlement should be reached at the earliest stage to avoid any further damages to the partnership. It’s best practice to have legal advisors present and ensure that they are aware of what you are hoping to achieve. Negotiations will often focus on where the breach occurred and how damages can be resolved.

Effective dispute resolution can help to minimise the costs your business may incur, and avoid damaging professional relationships and your brand image. If you are unable to resolve a dispute and the case proceeds to litigation, then you should bear in mind that a willingness to negotiate can often put you in better light.

The Future of Scandal: Technology and Corporate Wrongdoing

The Future of Scandal: Technology and Corporate Wrongdoing

For as long as there has been business and investors, there have been those who have sought to make money illicitly by breaking the rules and misleading others.

Nowadays, corporate scandals come in many shapes and forms, but among the most common are those related to fraud and price-fixing cartels. One thing that links all modern scandals is the importance of electronic devices, both as a means of propagating a scandal and as a source of electronic evidence that can be used to detect a scandal or deal with the legal consequences.

This article examines the life cycle of a scandal; how they are created and how they emerge, as well as offering practical advice on prevention and crisis management.

How do scandals start and how can they be prevented?

A joint report by the International Corporate Governance Network (ICGN), the Governance Institute (ICSA) and the Institute of Business Ethics (IBE) suggests that certain corporate cultures can increase the chance of wrongdoing.

The report highlights some ‘red flags’ that can be an indicator of malfeasance and according to the report are not industry-specific; with examples being drawn from banking, retail, manufacturing and automotive sectors. According to the report there are three main factors that lead to a degeneration in ethical behaviour:

  • “Corporate stress” which encourages employees to take short-cuts
  • Tolerance of minor rule breaches and an atmosphere where rules are pushed to their limits
  • Focus on short-term targets

Much like the ‘Broken Windows’ theory of crime, the report’s authors believe bad behaviour is incremental. What could start as relatively minor breach could develop into something more serious.

Other factors given by the report include:

  • controversial pay deals, such as high executive pay or targets which encourage risk-taking to hit short-term targets
  • complex legal structures which make it hard for boards and management to work out what is going on inside the company
  • poorly executed takeovers which lead to a mix of cultures within a company, with “pockets” of bad behaviour thriving beyond the control of the board
  • lax financial discipline, for example both Northern Rock and RBS had excessive leverage which led to their problems as the crisis hit.

The report also warned of the dangers of “autocratic” chief executives who staff are afraid of angering for fear of reprisals, meaning that vital information about potential problems might never reach senior management.

The report said that the best way of improving companies’ corporate cultures to reduce risk was to get boards more involved and have a better understanding of the way staff are motivated and treated.

Changing company culture can be a long-term process. A more immediate preventative measure is to look to corporate communications. Scandals, particularly cartels, live and die by conversation. Without communication between parties, there can be no cartel, in the traditional sense of the word.

Including checks on communication can be a powerful part of any robust compliance strategy.  Since evidence showing misconduct may be found in written communications and among irregularities found in financial data, savvy compliance officers and in-house counsel regularly conduct mock dawn raids and perform compliance audits. Both these methods are good starting points for companies wanting to take a more proactive approach to compliance.

What is a mock dawn raid?                                           

Mock dawn raids are usually conducted by third parties, such as lawyers and ediscovery providers, to deliver the experience of an unannounced inspection from an authority. Computer forensics professionals will seize electronic devices, such as laptops, computers and phones, as well as take copies of data from servers and the cloud. They may also take paper documents. Data stored on these devices will then be forensically copied for analysis and a full audit trail maintained. Other consultants may train a variety of personnel (including receptionists, in-house legal and IT) on the proper procedures to follow when confronted with a surprise inspection.

After a mock dawn raid, it is possible to learn from the experience and identify areas that the company ought to address.

Mock dawn raids are a powerful tool for compliance officers because they can help to assess a company’s level of readiness for investigations and they also send a strong message to employees that compliance is taken seriously

Compliance audits

Authorities such as the European Commission and Competitions and Markets Authority recommend that companies conduct internal reviews to assess compliance. Regularly reviewing samples of electronic communications and information is an important part of an internal compliance audit. The benefit of such audits is to gain insight and to be in the driving seat if anything seems out of place.

Information gathered from interviews may lead the audit toward particular sources of data for review. Email, databases and even social media can be targeted to provide an organisation with a more comprehensive view of the levels of risk to which it is exposed.

As the know-how to interrogate databases develops, companies are increasingly using specialist data analytics tools to proactively examine financial, operational and transactional data. Even light analysis of databases can uncover patterns, anomalies and red flags. For example, data can be arranged graphically to show purchases by country or account number. Outliers such as purchases being made in unexpected countries or to duplicate accounts can then be investigated.

Regardless of the method chosen, organisations that carry out internal reviews to detect wrongdoing, such as corrupt practices and anti-competitive behaviour, are better positioned to defend themselves should a scandal be uncovered.

What industries are at risk from corporate scandals in 2017?

As stated earlier, scandals can stem from misconduct of individuals or small groups of individuals and so in theory any industry runs the risk of a scandal. However, corporate culture aside, some industries are more at risk from corporate scandals emerging simply because they are more heavily regulated than others and the regulator’s focus is increasingly broad.

The Competition and Marketing Authority (CMA) stated that their priorities for 2017 were in the following areas:

  • Consumers’ access to markets and barriers to decision-making
  • Online and digital markets
  • Technology and emerging sectors
  • Regulated sectors and infrastructure markets
  • Markets for public services
  • Sectors that are important to economic growth

Ostensibly, this covers quite a large swathe of industries operating in the UK and beyond. Any corporation whose business activities fall under the above categories should consider making compliance a priority for 2017.

On a more international scale, the European Commission has also laid out its priorities for 2017, and whilst they are broadly analogous with the CMA’s, there are some interesting points to note. Firstly, European antitrust authorities will gain increased powers to prosecute breaches of competition rules under draft legislation to be proposed by next June, following talks between the Commission, corporations and competitions experts.

Currently, the Commission is proposing the following actions to increase the power of national regulators.

  • giving national authorities tools to detect and sanction violations of EU competition rules;
  • encouraging companies to come forward to national authorities with evidence of illegal cartels through ‘leniency’ programmes;
  • ensuring the independence of the national authorities
  • ensuring authorities have sufficient resources and staff

Big data and how companies use big data is also a priority for the Commission.  Companies in possession of big data can potentially trigger both Articles 101 (antitrust cases) and 102 TFEU (abuse of dominance cases). However, the Commission is looking to strengthen its ability to enforce the rules in cases involving big data.

During a speech in late 2016, Margarethe Vestager, the European Commissioner for Competition stated that the Commission does not object to the collection of large data sets as long as they don’t hurt consumers in the process, by undermining competition. In order to combat this, the Commission is aiming to release a proposal on legislation for big data in early 2017. Based on Vestager’s comments in the speech, this is likely to be in the form of a directive rather than a regulation.

She also commented that further scrutiny may be required for mergers with valuable data, even if the turnover of these companies is not large enough to come under the usual merger control criteria. Again, this widens the pool of companies who are at risk of corporate scandals emerging from regulation, bringing in smaller players who might not be prepared for competition scrutiny. Companies handling large data sets should ensure they are up to speed with the latest directives and understand how their data can breach EU law and take steps to ensure compliance.

What should companies do?

Going looking for trouble leaves some companies feeling squeamish, but the authorities often impose lower fines when a company confesses and provides good quality evidence to help the authorities with their investigations.

If the wrongdoing is exposed by a whistle-blower or as a result of a regulatory investigation, this can add considerable pressure to any internal investigation the company chooses to instigate. Companies who are implicated in this way are more vulnerable to penalties. Also, if the matter has had time to grow in scale, they face potentially larger legal penalties and fees than if they had put themselves into the whistle-blower position. And when outside investigators looking at one issue discover further skeletons in the closet, this can lead to further scrutiny, public criticism and costs.

If a company is implicated in a scandal, what is the best way to manage the situation?

  1. Act quickly and launch an internal investigation as soon as possible. Once news of a scandal is in the public domain, an investigation by a regulatory body is almost inevitable. An internal investigation will help get to the heart of the issue and enable a company’s legal team to form a strategy based on evidence found in the investigation. Time is of the essence, so technologies such as predictive coding can help find hot documents as early as possible. Predictive coding learns from the decisions made by human document reviewers to prioritise other similar documents for review and to predict how unseen documents might be categorised.
  1. Think outside the box when it comes to data. Email and calendar appointments are some of the most important sources of electronic evidence, but valuable evidence can be found from other sources, as well. Twitter, Instagram and even GPS data from satellite navigation systems can provide revealing information that may be vital to a case.
  1. Use an experienced digital forensics provider. It is of vital importance that data is collected in a forensically-sound, defensible manner. Digital forensics experts employ the correct techniques to carefully and accurately contain, preserve and extract critical evidence. This includes the implementation of a strict “chain of custody” procedure and audit trail throughout the analysis of the data. Leaving the task of handling such important evidence to in-house IT teams, potentially without advanced forensics knowledge, can compromise the defensibility of a case.

Although corporate scandals and wrongdoing can seem somewhat inevitable, a rigorous compliance regime and a positive company culture can reduce the risk of scandals causing reputational and financial damage should wrongdoing be found.

 

Flag it Up – How can solicitors work to identify and tackle the risk of money laundering in the UK?

Organised crime costs the UK more than £24 billion each year – that’s £1 a day per citizen. The fact that criminals are using the services of legal professionals in order to try to hide the origins of their illicit funds is nothing new, but there are important questions that solicitors must ask themselves to avoid becoming drawn in without their knowledge.

Criminals are likely to have built what appears to be an authentic business to avoid unwanted scrutiny and this makes you and your profession vulnerable to becoming unwittingly involved in serious and organised crime. For solicitors, the consequences of being involved in money laundering, are severe. These can range from loss of your practicing certificate, damage to your own and your businesses’ reputation, significant fines and even a prison sentence. The creation of the Participation Offence in the Serious Crime Act 2015 makes it a crime – punishable by up to five years in prison – to participate in activities which an individual “reasonably suspects” contribute to organised crime.

With this in mind, it is imperative that solicitors continue to take responsibility to comply with money laundering regulations, particularly the obligation to complete adequate due diligence on new and existing clients. By doing their due diligence and submitting quality Suspicious Activity Reports (SARs) where appropriate, solicitors can play a significant part in tackling the threat through identifying potential cases of money laundering before they enter the economic system.

Spotting the red flags

The most effective way to ensure that solicitors remain compliant and are able to spot the red flags of money laundering is to implement an effective and well-documented risk-based approach. This will not only protect a legal firm from criminals, but in the unfortunate event that there is an issue it will reassure law enforcement and the regulator that the appropriate precautions have been taken.

In the first instance, they should step back and consider whether there are any immediately apparent warning signs. By considering whether there are inconsistencies in the information clients provide, if the client runs a cash-rich business, if there are unusual amounts or sources of funds, or any discrepancies in previous transactions, solicitors can begin to assess whether there are any suspicious activities that could ultimately lead to them becoming implicated in a crime.

In order to identify these red flags, firms should always continue to undertake comprehensive due diligence checks on new and existing clients in order to sweep for any risks. But due diligence extends beyond obtaining a passport and utility bill, and adopting a merely tick-box approach. It should be risk based, include lateral and critical thinking, and may include scrutiny of all beneficial owners with a controlling interest of over 25%, in addition to the client. Conducting internet searches on a prospective client could help to pick up any obvious warning signs with regards to their professional credibility.

Asking the right questions

Ultimately, while those working in the legal profession certainly have an awareness of money laundering, and how drastic its impact can be, there can sometimes be a lack of recognition of how it affects them personally. In all cases, solicitors should be looking at the whole picture, in order to build as comprehensive a client profile as possible.

For instance, a solicitor approached by a potential client that differs from their normal client profile should always ask “why me?” irrespective of the size of their firm. If a client is atypical of the regular client demographic, whether due to factors such as scale, sector, jurisdiction or any other reason, they should look to establish why their firm has been approached.

If something doesn’t stack up, asking a direct question is usually the most efficient way to get to the bottom of the irregularity. If the client is subsequently evasive, or if the answer is vague and lacks detail, that should immediately trigger suspicion.

Applying any local knowledge is critical when considering whether a business is legitimate or not. It might be helpful to make a visit to their premises during normal working hours. Often a lot can be taken from an organisation’s place of business that helps to reveal how authentic it is, and it allows legal professionals to make judgments on the accuracy of the information they are providing. For instance, if a firm is asked to work on behalf of a retail outlet that is empty at peak time, this could be an indicator that all is not as it seems.

Taking action

If any due diligence checks call the credibility of the client into question, solicitors should ask themselves if this amounts to suspicious activity, and consider going through the proper reporting processes. As a starting point, they should educate themselves about how low the level of suspicion has to be in order to get to this point. It is critical to remember that this assessment is not about being beyond a reasonable doubt, or building a case against a client. In R vs. Da Silva (2006), it is simply defined as “a possibility, which is more than fanciful, that the relevant facts exist”.

If they decide that a particular client does meet this criterion, solicitors have a legal obligation to submit a suspicious activity report (SAR) in line with internal procedures. Submitting a SAR can be seen as a much more drastic move than it is, and can be a concern for legal professionals. Solicitors are trained to maintain the highest levels of client confidentiality, so there is often apprehension that if the information they have is vague or imprecise; it may appear as if they are taking an extreme step without possessing the requisite evidence.

However, it should always be remembered that submitting a SAR is confidential. And it is also worth noting that if a SAR is not submitted when there are grounds to, solicitors risk breaking the law under the Proceeds of Crime Act 2002, and potentially allow criminals to escape with the proceeds of their wrongdoing.

One additional consideration to take into account is the quality of SARs. If a solicitor is submitting a SAR, they should ensure that it is filled in honestly and correctly, without adopting a defensive tone. Bad quality SARs often lack the information needed to build a wider intelligence picture so it is important to get them right first time, every time. The National Crime Agency (NCA) has created guidance on submitting better quality SARs, and solicitors should review this regularly.

Making a difference

Money laundering is undoubtedly a pervasive influence on the UK economy, and as professionals that are often operating in the financial space, solicitors are at risk of being unwittingly caught up in criminal schemes.

However, by taking a risk-based approach to due diligence, being direct with clients about perceived discrepancies, and submitting SARs if they have suspicion, they can avoid becoming involved. Ultimately, solicitors are in a unique position when it comes to disrupting the risks of money laundering, and can play a huge role in ridding the UK of this threat.

Preparations for MiFID II: IT teams ahead of their Risk & Compliance colleagues within Financial Institutions

A recent study from Aeriandi of IT decision makers and Risk & Compliance managers within UK financial services businesses, has revealed a concerning lack of preparation and understanding of the requirements of MiFID II legislation coming into force in January 2018.

The study, carried out in January 2017 shows that managers and decision makers within these institutions have little understanding of the severity of potential penalties and are struggling to apply the legislation to their businesses.  However, comparing the responses of IT professionals and those responsible for managing Risk & Compliance within a business shows IT teams have a better overall understanding of the consequences of non-compliance.  62 per cent of Risk & Compliance managers admitted to not knowing a company can be fined up to five million euros or 10 per cent of annual turnover, compared to only 42 per cent of IT managers and decision makers.

It would appear however, that a countdown to compliance has begun.  Organisations are now starting to invest time and money in preparations.  30 per cent of respondents say that budget has been allocated this year to help with preparations, and more than a third (36%) report that policy and procedure have now been developed.

The revised Markets in Financial Instruments Directive, commonly known as MiFID II, is due to come into force in January next year.  First introduced by the EU in response to the 2008 financial crisis, MiFID II is a set of sweeping reforms for the financial industry designed to prevent history from repeating itself.  The new legislation governs everything from where and how derivatives can be traded, to measures for reducing volatility and policing potential conflicts of interest among financial advisers.  Achieving compliance is no mean feat and certainly will not happen overnight.  Indeed, MiFID II is widely considered to be one of the most sprawling pieces of financial legislation ever devised, and as a result it presents numerous challenges for those looking to achieve compliance ahead of the deadline in early 2018.

One of the more contentious aspects of the new legislation is the change in requirements relating to the recording and archiving of telephone calls.  The Financial Conduct Authority (FCA) currently mandates that only the telephone conversations of individuals directly involved in trading need to be recorded.  MifID II broadens the scope considerably to include anyone involved in the advice chain that may result in a trade.  Naturally, this has a significant impact regarding the scope of whose conversations must be recorded once the new legislation takes effect.  Conversations between the likes of wealth managers or independent financial advisors and their clients will now all fall under this scope.  Furthermore, the legislation applies to both fixed line and mobile conversations, and all calls must be stored and accessible for a minimum of five years after taking place (seven in some instances).

This particular portion of MiFID II is causing a certain degree of consternation.  Before MiFID II was announced, few financial institutions had the infrastructure in place to meet the new requirements.  Many are still working on how best to achieve compliance and are looking to third party solutions to increase their call recording and archiving capabilities. Leveraging third party expertise enables organizations to achieve ‘out of the box’ compliance.

Choosing the right third party technology can prove difficult without necessarily knowing what to look for in a solution.  There are, however, a number of key requirements that should be considered when assessing call recording and archiving solutions, which will ensure the technology meets the requirements set out by MiFID II:

  • Coverage of all required telephone platforms

MiFID II mandates that calls must be recorded across both mobile and landline platforms, so ensuring the solution has the capability to do this is crucial.

  • Easy implementation and scalability

Will implementing the new solution result in business down time and therefore, loss of revenue?  Many cloud-based recording and archiving solutions no longer require any on-site installation.  This can eliminate potential disruption during integration. Scalability is also a major factor.  Can the solution scale both up to cover busy periods, whilst scaling down to save the organization money during quieter periods?  If not, organizations will likely end up overpaying for excess recording capacity, or having to buy additional capacity at premium pricing on short notice.

  • Access to call recording archives from anywhere

Cloud-based recording and archive solutions offer the ability to access call recordings and archives from anywhere, at any time via a secure online portal. This is particularly beneficial to organizations spread over multiple sites or countries. Vendors specializing in on-site recording and storage often cannot deliver this level of flexibility in terms of recording accessibility, so be careful to ensure any solution being considered can match the needs of the organization.

  • Secure storage and encryption to protect recordings

MiFID II mandates that call recordings relating to a financial transaction must be stored for five years after the transaction was made.  This is a significant rise from the six-month period currently mandated by current FCA legislation.  Not only does this impact heavily on storage resources, it also presents security challenges, particularly if the recordings contain sensitive financial information.  After all, five years is a long time to keep data safe.  Only recording and archive solutions that offer the latest levels of data encryption and provide guarantees about who is able to access recordings should be considered.  If a technology includes outdated encryption or the company does not offer ongoing guarantees regarding upgrades to security as/when they become available, it should be avoided at all costs.

  • Compliance with additional data standards

The primary driver for implementing a suitable call recording and archiving system is to achieve MiFID II compliance.  Many solutions, however, also offer additional layers of compliance such as the Payment Card Industry Data Security Standard (PCI DSS) and BS10008; governing whether recorded content is legally admissible in court if required.  These data standards can bring additional return on any investment made and should be considered when choosing a suitable solution.

With less than a year to go until penalties for non-compliance will kick in, you would hope that those responsible for delivering compliance would be completely prepared.  However, our research demonstrates that for many, planning is still at a very early stage.  Organizations must understand the key areas of impact on their business and start to plan for change.   Detailed risk analysis needs to take place along with mapping out the required processes and procedures for MiFID II compliance.  Only then can a business determine whether their existing solutions will be adequate, or if it needs to roll out a new set of tools and supporting processes.

The impact of the General Data Protection Regulation (GDPR)

The GDPR will come into effect on 25th May 2018 and has been described as the biggest shake-up of data protection law for 20 years. James Wickes, CEO and co-founder of cloud-based visual surveillance company Cloudview, looks at the changes businesses need to make and the consequences of getting it wrong.

Data protection is a fundamental concern to all organisations which hold personal information. Next year new, tighter legislation comes into force which has been described by legal firm Wright Hassall as the biggest shake-up of data protection law for 20 years.

The General Data Protection Regulation (GDPR) becomes law on 25th May 2018. It will be directly applicable in the UK without further implementation, and serious breaches could see organisations facing fines from the Information Commissioner’s Office (ICO) of up to €20 million or 4 per cent of turnover, whichever is higher. These increased fines will apply immediately, so organisations need to ensure that their GDPR compliant policies and processes are in place promptly. Large organisations also need to be aware that the size of the fine is calculated on the turnover of the whole organisation, not the operating division or subsidiary in which the breach occurred.

Personal implications for senior executives

Fines, however, are not the only potential penalty. The new legislation could have a personal impact on any senior executive with legal responsibility for their organisation’s behaviour.

The Culture, Media and Sport Committee’s investigation into cyber security, triggered by the cyber-attack on TalkTalk, was published in June 2016 and makes two recommendations. First, it suggests that a portion of CEO compensation should be linked to effective cyber-security. The report says: “To ensure this issue [cyber-security] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber-security, in a way to be decided by the Board”.

It goes on to say: “We concur with the ICO [Information Commissioner’s Office] that whilst the implementation of the GDPR will help focus attention on data protection, it would be useful to have a full range of sanctions, including custodial sentences.” So executives could face jail as well as fines for breaching the new regulations.

The need for consent

To understand the implications of the GDPR, we commissioned a briefing note from independent solicitors Wright Hassall. They identified two key issues:

  1. Organisations whose core activity is processing special categories of data or the systematic monitoring of individuals on a large scale will have to appoint a Data Protection Officer to monitor compliance with the rules.
  2. Organisations will have to demonstrate that an individual’s consent to the processing of their personal data is ‘freely given, specific, informed and unambiguous’. In most cases implied consent will not be sufficient. In my area, CCTV, it is as yet unclear to what extent organisations will need to seek to obtain explicit consent from individuals to record them via a CCTV system as we are already are required to make the presence of cameras very clear.

To prepare for the GDPR, the first step organisations should take is to carry out a Privacy Impact Assessment (PIA) to identify the most effective way to comply with data protection obligations and meet individuals’ expectations of privacy. They need to consider whether there is a legitimate reason to collect specific information, whether it is stored securely, with safeguards to prohibit interception and unauthorised access, and whether data is deleted when it no longer serves a purpose. This latter issue has recently been raised as a concern by the surveillance camera commissioner, who points out that the Metropolitan Police are failing to delete number-plate records after two years, but have retained the data since the London Olympics in 2012.

Organisations also need to have a documented information retention policy which is understood by those handling data collection, and ensure that staff know how to respond to requests from individuals for access to their personal data. For more information, the ICO has produced a useful guide.

Personal data is not just text

What many organisations often fail to understand is that personal data covers every type of information, from written text to video and audio. This is increasingly important with the growth of the Internet of Things (IoT). All the data we upload onto our phones, from how many steps we take to changes in our heating systems, could be included if it allows individuals to be identified. IT departments are often responsible for all these devices and all this data.

Yet one area falls outside the remit of ‘traditional’ IT: CCTV, which many organisations use to monitor communal areas, manufacturing sites and warehouses. If video footage enables individuals (clients, employees, or passing members of the public) to be identified, the GDPR is applicable. CCTV surveillance systems should not normally be used to record conversations between members of the public or staff as part of a working environment – this is highly intrusive and unlikely to be justified.

CCTV footage differs from other types of data in that systems are binary in their ability to be secure or accessible. Because IT systems have moved into data centres, or better still, to the cloud, it is relatively straightforward for IT departments to ensure that data protection regulations are met, for example by ensuring that only authorised individuals can access certain information. However, access to current DVR-based CCTV systems has to be physically constrained by using locks or passcodes, as anyone with access to the equipment can access the data. Remote access has to be managed through a VPN (Virtual Private Network) which is expensive to set up, not always secure and inflexible.  Processes also need to be enforced rigorously to ensure data protection standards are met. CCTV is typically seen as peripheral to a business – but the legislation still applies, as do the fines.

One solution to this CCTV GDPR compliance problem is to hold CCTV information securely in the cloud, with access limited to authorised personnel. There is no longer a physical DVR; data is sent directly and securely from the cameras to the cloud. Such systems should be configured to record CCTV data only when needed and should automatically delete it when it is no longer required. Cloud-based CCTV systems should also have all the required security and encryption necessary to protect data and verifiable audit logs to prove that data was handled, transmitted, viewed and deleted appropriately. Not all providers offer this level of end to end service, so organisations still have to take responsibility for ensuring that their cloud provider is compliant with the appropriate regulations. They should also bear in mind that many cloud providers have clauses which allow them to share data with third parties – clearly inappropriate for personal data.

Ignorance is no excuse for breaking the law, and this includes data protection legislation. The new legislation comes into force in just over a year’s time, so organisations need to begin preparing now.

More information is available in the briefing note ‘Is your use of CCTV compliant with data protection legislation’ from Wright Hassall, available on the Cloudview website http://www.cloudview.co/dls/white/Cloudview-CCTV-Article-vanilla-23-05-16.pdf

CFAS, Costs And Professional Conduct Issues – A Whistle Stop Tour Of The Latest Principles To Emerge

A string of recent case law in the UK has provided those of us working in the legal profession with a number of important reminders and clarification on certain points of law in relation to our client retainer and costs.

A number of significant principles have surfaced or in some cases re-emerged over the last few months relating to claim and litigation fee structures, including conditional fee arrangements (CFAs), qualified one-way costs shifting (QOCS) and the proportionality of costs. Drawing on some recent examples of case law, a number of the key principles have been highlighted in the sections below:

Conditional Fee Agreements (CFAs)

Engeham v London & Quadrant Housing Trust and the Academy of Plumbing (in liquidation) [2016] 3 Costs LO 357 reminds us of the importance to identify all defendants in a CFA if you wish to recover costs from them. In this case, a Tomlin Order awarded £10,000 plus costs from the second defendant but the claimant was unable to claim costs because the CFA was limited in its operation only to the claim against the first defendant.

Kupeli v Cyprus Turkish Airlines [2016] 3 Costs LO 365 outlines the importance and relevance of where a client signed the CFA. Here, the defendants claimed that the CFA was unenforceable because it had been signed at a community centre which was an ‘excursion’ under the Cancellation of Contracts made in a Consumer’s Home or Place of Work Regulations 2008 (then in force) and notice of cancellation in writing had not been provided and therefore, they had no liability in costs to the claimants. The judge on appeal disagreed holding that it was not an excursion and therefore, the claimants were entitled to recover their costs.

Radford v Frade [2016] 4 Costs LO 653 highlights the importance of checking the scope of the CFA and ensuring that it covers the work which are you carrying out and hope to recover costs for. The defendant won this case with costs and at Detailed Assessment, submitted a bill of £805,000. The CFA was limited to the pursuit of procedural points and that work came to an end on the making of the Consent Order. The CFA did not extend to work on the defence of the claim, counterclaim or application for summary judgement. Therefore, Radford was not liable to pay for any costs incurred after the consent order.

Surrey v Barnet and Chase Farm Hospitals NHS Trust [2016] 4 Costs LO 571 has had many questioning what advice was given to a client who was a late transfer (shortly before 1 April 2013, being the date from which it was no longer possible for claimants proceeding under a CFA to recover success fees and after the event premiums) from legal aid to a CFA? As it stands, the claimant should be entitled to recover the additional liabilities if the switch to CFA from legal aid was a reasonable choice at the time. The fact that the solicitors did not advise him that the switch would deprive him of the 10% uplift on general damages was irrelevant. However, watch this space; permission to appeal to the Court of Appeal is being sought.

Jones v Spire Healthcare Ltd [2016] 3 Costs LO 487 tells us that a CFA can be assigned from an old firm to a new firm. In this case, the claimant signed a CFA with a firm that subsequently went into administration. A second firm agreed to acquire the claimant’s case and the claimant agreed to move to the new firm. Following settlement via a Part 36 offer the respondent contended that the claimant was not entitled to costs as there was no longer a valid retainer. The case of Jenkins v Young Bros Transport Ltd [2006] 3 Costs LR 495 was followed. It was therefore held that if both firms agree to the assignment and so does the claimant (following being advised of their best interests) and a Deed of Assignment is entered into then it would be ‘unduly restrictive to deny the parties the effects of what they intended’. However, we recommend keeping an eye on this as a case is soon to be appealed to the Court of Appeal in which it was ruled by the District Judge that the assignment was invalid.

Proportionality

In assessing proportionality of costs the court used to avoid ‘double jeopardy’ but since 1 April 2013 Civil Procedure Rule (CPR) 44.3(5) applies and the court will stand back at the end of the Detailed Assessment and reduce the reasonable necessary costs further if required to make them proportionate. The following cases demonstrate.

BNM v MGN [2016] 3 Costs LO 441
Damages recovered were £20,000. Costs assessed at Detailed Assessment to be £167,000. Cut to £83,000 after considering the proportionality issues.

May v Wavell Group plc [2016] 3 Costs LO 455
Damages recovered were £25,000. Costs assessed at Detailed Assessment to be £99,000. The award was reduced to £35,000 plus VAT.

Qualified One Way Costs Shifting (QOCS)

Parker v Butler [2016] 3 Costs LR 435 demonstrates that any appeal which concerns the outcome of a claim or the procedure by which it is to be determined, is part of the proceedings as defined in CPR 44.13 and therefore, QOCS will apply.

Costs Budgeting

Sarpd Oil International Ltd v Addax Energy SA [2016] 2 Costs LO 227 demonstrated that the court can take into account incurred costs even if set out in a costs budget, when considering the reasonableness and proportionality of estimated costs. It was only in relation to the formally approved estimated costs contained within the costs budget that the court would not depart from.

Group Seven Ltd v Nasir [2016] 2 Costs LO 303 highlights the importance of being able to justify your hourly rates, number of people involved in the case and location of the Solicitors. The judge in this case looked at all costs and held that retention of two leading and one junior counsel was not reasonable or proportionate, the case did not involve any sophisticated issues and therefore instructing City of London solicitors was unnecessary (apart from the bank whose decision as a foreign party to instruct London solicitors was understandable), the rates for a City firm would be allowed by reference to the 2010 Guideline rates and the budgeted fees for counsel were reasonable. However, note that the 82nd update at PD3 E7.10 published shortly after states that it is not the role of the court to fix or approve hourly rates.

Churchill v Boot [2016] 4 Costs LO 559 highlights that a costs budget can be amended once it has been set only if there have been significate developments in the case within the meaning of CPR PD 3E para 7.6. In this case the claimant was refused permission to amend his cost budget. It was held that the doubling of the amount claimed, the adjournment of the trial and the further disclosure which has led to updated expert reports were not significant developments because the parties could have envisaged these developments at the time of the original costs budget.

Various Claimants v MGN [2016] EWHC 1894 (Ch) reminds us of what type of costs can be fixed under a costs budget. The court ruled that the determination of figures in the costs budgeting exercise should not include the additional liabilities of the CFA uplift and after the event insurance premiums. It was pointed out that CPR PD 3E para 6(a) provided that unless the court ordered otherwise, a budget had to be in the form of Precedent H. On Precedent H, below the summaries of costs under various headings is the following wording, “This estimate excludes VAT (if applicable), success fees and ATE insurance premiums…..”. The court held that this is a clear direction as to what should not be included.

Part 36

Bolt Burdon v Tariq [2016] 4 Costs LO 617 serves as a reminder of the provisions of Part 36.17 (4). The bank offered a sum as compensation. The firm negotiated a higher sum and claimed fees on the contractual interest that had been awarded, as well as on the principal sum. The defendant objected. The firm made two offers under CPR Part 36. The judgement against the defendants was at least as advantageous as the proposals in the Part 36 offers. The main questions was whether any additional amount was payable within the meaning of r36.17(4)(d) in relation to the firm’s award for contractual interest. The court held that it was because the fees on the contractual interest constituted an additional amount.

The Solicitors Act 1974

Rosenblatt v Man Oil Group SA [2016] 4 Costs LO 539 provides us with a reminder on varying the terms of a retainer with a client. The firm in this case had agreed a fixed fee with a client but on the proviso that it could revisit the fixed fee if any of the assumptions on which they were based proved to be incorrect. The court held that the firm was obliged to notify the client of its intention to change its fee and seek the client’s agreement. As a result, the firm was only entitled to the lower fixed fee of £92,500 plus disbursements instead of their entire bill of £537,949.

Conclusion

The obligations to the client and the Court are always evolving with case law this summary of recent important decisions and reminders takes us back the basics:

  1. Is the CFA valid?
  2. Is the assignment of the CFA valid?
  3. Can you demonstrate the costs are proportionate?

The recent twitter libel case involving the controversial newspaper columnist Katie Hopkins with an award of damages of £24,000 and a interim costs award of £100,000 shows that if the Court is satisfied that the costs are merited they will still make interim payments but the referral for a detailed costs assessment also shows even then the issues will be reviewed.

Non-litigation Options to Resolve Family Dispute

Family lawyers throughout the UK are increasingly looking for processes which are more human, subtle and responsive to their client’s needs.

As family law solicitors know well, life is never predictable when the most intimate emotional and financial aspects of people’s lives are thrown open to scrutiny and come under (real or perceived) attack.

That’s why it is important to have the broadest range of different options available to try to resolve differences before litigation has to come into play.

Firms like Balfour+Manson, and specialist family lawyers in Scotland more generally, are leading the way in offering a range of non-litigation options to resolve family disputes, often grouped together and described as ADR (Alternative Dispute Resolution). To many clients, that description is meaningless; they are simply interested in knowing which way forward is best for them.

If we are genuine about doing what is in a client’s best interest, we need to talk to them, and listen to their stories, their aims, hopes and fears – then identify which might be the best path to follow.  As family lawyers, we must not give in to temptation to go down the route which seems to offer the “obvious” path or answer.

The best path depends on a number of factors, including the couple’s ability to communicate, level of trust, power balances in the relationship generally and whether there has been any other verbal or physical abuse.

Where the relationship is balanced, communication is good and trust and openness are high, it is frequently possible for clients to resolve their difficulties with a minimum of legal intervention – sometimes referred to as kitchen table agreements.   In such cases, clients take some advice but tend to reach agreement themselves.  A binding contract in the form of a Minute of Agreement is required but can be completed on an “implementation only” basis with minimal intervention.

Where a greater level of intervention is needed, mediation is often a good option. Balfour+Manson has three trained mediators and when instructed as mediators, they are not acting on behalf of either party. Their role is to facilitate constructive discussions directly between two individuals to assist them in reaching a mutually acceptable resolution. As with implementation only agreements, the majority of control is with the individuals, rather than their solicitors.  For mediation to work, clients must be able to sit in a room with each other and communicate in a respectful way.

The requirement to sit in the same room as their estranged partner is also a feature of a third form of resolution, collaborative practice. This is popular with clients who feel they need a greater level of assistance and representation but wish to maintain good levels of communication and work towards a solution to meets the needs of the family as a whole.

Balfour+Manson has four trained collaborative practitioners. They know that neither collaborative practice nor mediation are easy routes.  It can be difficult to sit in a room with a recently estranged partner, particularly if personal trust has been diminished as a result of the separation and the reasons behind it.

Where clients can adopt one of these routes, however, they can ensure, despite their separation, that they have not lost the ability to communicate directly with each other.  That can be particularly important when they have children. Another real benefit of the first three routes of resolution is that the focus is away from written communication. When “positions” are reduced to writing, hurt can be caused, even when not intended – and committing positions to paper means they can do long-term damage.

It is not always possible for clients to resolve matters in a way which involves direct communication.  There may be a breakdown of trust or hurt at a level which means constructive 1:1 discussion is simply not possible.  Occasionally, geographical issues make discussions impractical.  In such cases, it is possible to resort to traditional solicitor negotiation.

Occasionally, no matter how constructive the discussion is, an impasse arises. Whether that is in relation to one point or matters as a whole, it is possible to refer a matter to a specialist family arbitrator if there is a need to ask a third party to make a decision.  At Balfour+Manson, two of our family law partners are qualified as arbitrators, who are effectively private judges.  Ultimately, however, if agreement cannot be reached and the impasse remains, or there is a failure to engage by one party, the courts are there to provide a way of making progress towards overall resolution.  Sometimes, urgent issues arise around a need for protection, either of one party or of a child, and court is the only realistic route to take.

Family lawyers have spent the majority of their working lives being directed to look for outcomes for clients based on their entitlement in terms of the law.  It is essential clients are aware of their rights within the legal framework – but we must we must listen to them and have the confidence to assist them in reaching solutions which fit their own needs in relation to both process and outcome. We must also ensure the outcome is one which they will be content with – not only today, but in the future.

GDPR – the double-edged sword facing the legal profession

On May 25th 2018, the way companies handle data will change forever. On this day next year, the General Data Protection Regulation (GDPR) will come into force, changing how customer data is handled, and outlining the toughest consequences of data breaches ever seen. Considering we create 2.5 quintillion bytes of data a day , and the global volume of electronically stored data is doubling every two years , this presents a problem for businesses and their advisors internationally.

The GDPR will shake up the collection and processing of personal information of EU individuals, colossally. Whether it’s a business in France, Germany, the US or India, there is no room for complacency as the new set of obligations will apply to all companies that target both EU markets and consumers. It also presents an issue for law firms as let’s face it, they will be hit two fold; both in terms of data held about clients, employees and so forth, along with any potential data they have been provided by clients and third parties which they are storing.

Complacency is no longer an excuse for firms, they need to know what they’re doing with consumer data, or face the consequences. For those who infringe the rules, there are significant changes to the penalties they face. One of the biggest developments is that Supervisory Authorities have the power to impose hefty administrative fines for violations – be that in regard to data protection law or operational transgressions. Whilst a tiered approach is being brought in to direct the appropriate punishment, the majority of breaches look to fall into the higher tier. In terms of punishment, it currently stands at:

• Tier one: fines of up to €10,000,000, or 2% of global turnover, whichever is higher
• Tier two: fines of up to €20,000,000, or 4% of global turnover, whichever is higher

As you can see from the above, this is a significant rise from the previous limit of £500,000. To put this in context, Talk Talk was fined £400,000 for the data breach of its 157,000 customers. With the new changes, they could have faced the maximum tier two fine of up to €20,000,000 or 4% of their turnover. Quite a difference indeed and one that could ultimately ruin a smaller firm with less capital.

The problem we all face is, the world we operate in is going through a digital transformation, which relies on scrupulous data recording and being able to verify that the information we hold is truly up-to-date. The NHS, for example, fell foul of this in February when the news hit that 700,000 patients had not received sensitive health information, because records were out of date or incomplete. Imagine waiting for a biopsy result, or news on your treatment dates, only for the information to never turn up. Or, in the most recent case, being able to google yourself and find transcriptions of doctors letters on your medical treatment leaked by a 3rd Parties insecure infrastructure . You might have thought critical information such as this would be available, but this example typifies the challenges facing businesses, including those in the legal sector – you need to know what data you have, and ensure it’s correct.

But what does it mean in terms of implication and operations for UK firms? Below are five recommendations to help legal firms get ahead.

Library vs landfill

A common challenge for any client-servicing business is knowing what data to file and what to delete. Names, addresses, personal health information, legal history or payment details may well be necessities, but all this information can start to mount up, to the point that you have such a detailed picture of an individual that they would be shocked if they knew the true extent of the depth of information you hold on them. In addition to holding all this information, locating it can also present an issue for some businesses, particularly if that data goes back for years.

When you are dealing with serious amounts of data, it’s not uncommon to be using multiple mediums of communication, multiple servers and multiple databases to hold all the information, never mind the ad-hoc extracts people tend to make whenever they need them. Therefore, it’s not impossible for customer data to sit in more than one place on your system, leaving valuable information forgotten about and collecting dust. However, this is not good practice. Information should be held in one place, to make it more secure and to ensure you have an accurate (and accountable) picture of the customer’s information. Dissipated data is a nightmare, and if a business needs to quickly present accurate data information, searching for records in disparate locations is a massive drain on resources. Additionally, with data duplicated across multiple locations, businesses could be wasting space that could be freed up. Time and server space are expensive commodities, so GDPR is a good opportunity to get everything in one, secure place via a data inventory.

Consumer rights

Leading on from the data storage point, GDPR also gives consumers the right to know how their data is stored, and what it’s being used for (data minimisation). Therefore, businesses need to be wary of what data they hold, as if they can’t give a valid, business-critical reason for holding that specific data, they need to get rid of it (and in the right way). Generally, any consumer requests for their own personal data must be fulfilled within one month of receipt.

For law firms, this presents a problem. Background information related to cases is almost always kept on file – be it testimonies, character witness statements or client details. Once cases are over, calls need to be made on how long this information should be held for, and to what extensive degree (can some files be purged quicker than others?). Above all, a decision needs to be taken as to who ‘owns’ the decision over whether data should be deleted or not, the law firm or their client?

Additionally, businesses will be looking to their legal advisors for help with the changing data legislation, so legal firms need to be advising on how best to meet the new regulations. For example, stellar security is vital to protect core assets, and identifying any weak spots should be undertaken to help avoid any breaches. Due to the extensive repercussions, Data Protection Officers could be recommended as a remedy, to oversee data governance, security, analytics and location, being directly responsible to the Board. We fully expect this job function to increase in headcount and importance over the next two to five years, as conservative estimates predict up to 28,000 DPOs will need to be appointed across the EU before GDPR comes in .

Employment

Changes in data holding will also affect employment, and how much information companies can hold (or collect) on their employees – even more so in the case of former employees. Privacy notices and consent will be big, immediate issues for businesses to deal with. Businesses will need to look at the terms and conditions of privacy notices and ensure they follow the guidelines by including information such as how long information will be held for and if said information will be transferred to other countries. Legal practitioners will therefore need to work with clients to ensure they’re meeting these regulations.

In terms of consent, this has traditionally been a murky area, so the GDPR changes may help make this clearer. As it stands, businesses can keep and process data as they have employee ‘consent’. GDPR has more prescriptive requirements around consent, and states that employees must be able to withdraw their consent at any stage and the processing of the data needs to be ‘explicit’ in detail. Employers will therefore be able to rely on the consent argument less, and will need other legal arguments to hold on to employee data.

Legal implications

To adopt GDPR fully, changes to the Data Protection Act will need to be made to ensure there is no duplication or confusion. The government is adopting GDPR in full, as it comes in before the UK exits the EU. Therefore, changes will be made and legal firms will need to be aware of any possible alterations, and how clients will be affected, especially given all the uncertainty around Brexit. There is also the possibility of whether the UK and US governments look to make their own data flow laws, as with the UK leaving the EU, it will no longer be covered by the EU-US Privacy Shield, never mind the future relationship between the UK and the EU.

GDPR is one of many international initiatives aimed at simplifying the legal and regulatory requirements about the management and security of data. Firms, therefore, will often find themselves bound by a wide range of requirements which can differ significantly depending upon the industries and jurisdictions they operate in. Regulations ranging from MiFID II, Basel III, Solvency II and FRCP Rule 37(e) should be fully considered and included in any data compliance strategy.

Breach notification

Any firm which has experienced a data breach will now be expected to report this to their Supervisory Authority within 72 hours. Currently, only those working in Financial Services or telecoms are required to report breaches, so for companies outside these sectors, they will now need to comply fully with this legal requirement. Being able to assist clients develop and integrate internal procedures for discovery, reporting and investigation of breaches will be an essential component of any advice.

Opportunity for trusted advisors

In order to meet the full requirements of GDPR, clients will need to be advised of the full extent of potential changes and the steps they will need to take to manage the alterations required. This is not limited to legal advice, but demands an element of technical knowledge as well as operational change management. To facilitate this for clients, it is vital to partner with experts who can help advise on any changes, to leave no stone unturned. Businesses can no longer leave it to the IT Director to facilitate the changes, and legal advice can help manage costs and warn on the potential damage (financial and reputational) of breaches. Clients need to employ a holistic approach to the GDPR with all their relevant data stakeholders involved in order to ensure that they make the right decisions.

Intelligent Contracts – Is this the Way Forward for Enterprises?

Technology is an ever moving target. It’s one of the most demanding working environments; every few weeks or months you need to understand and account for new technologies changing the nature of IT.

However, the benefits of being in a fast-paced environment are that new opportunities to combine methods or technology occur almost daily. One such combination is Narrow Artificial Intelligence for contract detection and extraction of information held within physical contracts. This is brought together with ‘smart contracts’, the encoding and execution of contractual data and events on a programmable blockchain, a technology solution which provides a public ledger of all the transactions on a network. A block is the ‘current’ part of a blockchain which records some or all of the recent transactions, and once completed goes into the blockchain as a permanent database.

Smart contracts may not fully deliver on all that is promised, as they face several technical limitations and challenges. The usefulness of the data or functions encoded, and how it gets accurately encoded onto the smart contract are often questioned.

Intelligent Contracts

Intelligent Contracts are far more intelligent (as the name suggests) and extensible than smart contracts as they are currently defined. The intelligence comes from the ‘I’ in AI (Artificial Intelligence), where a system is taught to continually and consistently recognise and extract key information from contracts, with active learning based on users’ responses, both positive and negative, to the extractions and predictions made. This is very different to current smart contracts, but it still uses some of the underlying methods of blockchain and the extension to store immutable information or actionable events within a block.

The Value of Intelligent Contracts

To help demonstrate the value of Intelligent Contracts, let’s take a sample customer of a large international IT/software company that has acquired different companies or business units over many years. They have over 16 different contracting solutions on both the buy and sell sides of their business, with no standard reporting on contracts. They continually sign Master Agreements in different locations or departments, and should allow all global entities access to discounts once negotiated levels are reached or exceeded. This is a very common challenge with larger organisations.

You can immediately see where a ‘smart contract’ could be used to encode the master agreement’s key performance indicators (KPIs) onto a blockchain, and then automatically apply the discounts across all departments. However, with all the different systems, and no single or consistent method to track and report on new contracts being created, signed, or agreed to on (potentially) 3rd party paper, extracting the required information can be a challenge

Blockchain: The Single Source of the Truth

If we take this further, past just the encoding of actions, and the combination of parties and events, we can see how this solution provides companies with a ‘single source of the truth’ within contracts. As a contract placed onto the blockchain has been agreed by both parties, why not share the same information between parties – as a single entity with continually updated contract terms?

Companies placing details of actual contracts onto a public blockchain might soon run into issues of security and scalability. Security because every person on the blockchain can see the transactions that occurred, and scalability as block size is limited on public blockchains for many reasons, not least of which is performance. With blockchain, the larger the blocks the longer it takes, and the more processing power is needed to reach consensus (e.g. the process used by a group of peers responsible for maintaining a distributed ledger to reach agreement on the ledger’s contents.) To this end, it should be clear that a public blockchain or smart contracts system are unlikely to meet the requirements of many organisations for contracts.

Intelligent Contracts use private blockchains with algorithms to ensure no single system controls the creation of the blocks, leading to immutable and distributed consensus. As the chains are private, the issue with sizes of blocks is removed, and security can be implemented at many different layers, including HASH-only and PKI key-level security for access to information encoded on the blockchain. The use of the private blockchain also allows for the system to provide Know Your Customer (KYC) functions, as each entity within the system would be required to be known as they are a party to, or have an interest in a contract. They can all participate in the creation of the blocks as each entity is known and trusted.

With the differences outlined above, it’s clear to see why Intelligent Contracts are what enterprise customers need.

Intelligent Contracts: The User Experience

One of the most important aspects of technology is to make users’ daily lives simpler, and the operation and adoption of new technology as seamless as possible. One of the best ways I have found to do this, over years of working with enterprise customers, is to embed new functions into well-known existing applications or processes so users are actually unaware of the new processes and functions taking place behind the scenes.

Who Needs Intelligent Contracts?

In the example above, I described a large software/IT company with many different contract repositories and processes across their business functions and lines of businesses.

But there are many other types of use cases for Intelligent Contracts, where the capabilities of this new technology will provide significant value over what is currently available. These include M&A and business restructuring, Contract Lifecycle Management (CLM), and regulatory compliance.

Intelligent Contracts in M&A

When ownership of an organisation changes, the contracts associated with that business are divested or acquired within those transactions, and can greatly affect the accretive nature or overall outcome of the transaction. In M&A, organisations need to review contracts and analyse their metadata in the due diligence phase, to ensure they know what they are buying, and then integrate contracts into the new organisation post transaction. With divestitures, they need to know which entities to assign the appropriate contracts to.

With Intelligent Contracts, organisations will be able to immediately locate all relevant contracts as they will be located in one repository. All the metadata will be associated as blocks on the relevant chains, and so full reviews will be fast and simple, in due diligence and post transaction. For example, special indemnifications and assignment and termination rules will be identified immediately across the entire portfolio, and will be relevant to valuation. The current deal room, where limited subsets of contract documents are placed for manual reviews across multiple legal professionals will no longer be needed. The deep analytics embedded in Intelligent Contracts will mean that M&A and legal professionals can immediately, and visually, capture all types of metrics and analytics across entire contract portfolios.

Contract Lifecycle Management

A challenge often found with Contract Lifecycle Management is system ROI (return on investment) which has been elusive for most customers. The systems are heavy in workflow and document library services, and are very light in contract data management. They have proven to be overly complex, tough to implement, and suffer from low adoption rates and usage with knowledge workers. They also have poor change management functionality, and the data management is primarily manual input of contract data by users, which is inconsistent and error prone.

Intelligent Contracts will be authored in the familiar Word user interface, and collaboration and negotiation is facilitated via workflow in the blockchain. Contract data is captured and shared automatically on the chain, and there is never any question or confusion as to which versions and edits are being used and approved, and why. Changes can be initiated and processed in the Line of Business (LOB) via Word using approved language, meaning legal operations resources are used more efficiently and cost effectively. The result is a lean, efficient, secure, and scalable contracting system that finally delivers the ROI desired for contract automation.

Regulatory Compliance

The final user case is in regulatory compliance. With Intelligent Contracts, when a regulation changes, all contract data is automatically captured and presented visually, so organisations understand the size and nature of the impact of the new regulation to their business. Compliance owners can determine strategies and project plans to meet compliance deadlines.

When contract repapering or renegotiation is needed to achieve compliance, the business owner can initiate the process in MS Word and using approved language, make the needed changes. Those changes are captured on the blockchain, and then can be routed to legal operations resources for final approval. This is more efficient than using legal operations resources throughout the entire process. The blockchain is available to all relevant parties, so contract changes are permanent, transparent, and auditable.

Avoiding Shoot, Ready, Aim: Cease and Desist Letters and the Streisand Effect

The urban legend says, “If you don’t protect your trademark rights, you’ll lose them.” Like most urban legends, there is a kernel of truth lurking at the base, although the proposition is not literally and universally true.

If mark owners do not enforce their rights against third-party uses of the same or similar marks or names for goods or services, the mark owner’s rights to object to such uses and similar ones can be diminished if not extinguished. This is true particularly when the goods or services are the same as or closely related to those of the mark owner, and when the activities of the parties overlap in geographic area or other market segmentation.

But if mark owners seek to enforce their rights when either the marks or the goods and services are so significantly different that no confusion is likely, they face different risks with a similar result. These include publicizing the third-party use, being unsuccessful in attacking the use, encouraging additional uses and potentially having their rights diminished if not extinguished.

Often mark owners send a cease and desist letter to third parties who use the same or similar marks or names for goods or services. When a cease and desist letter is sent, the typical response is a return letter stating that there can be no reasonable probability of confusion (probability here equating to likelihood, rather than a possibility of confusion) because of the nature and extent of third party use of similar marks on the same and related goods and services, thus demonstrating that the relevant public is not likely to be confused by use of the accused party’s mark. The impact of this response depends on the number and nature of the third party uses that the accused party can find.

However, if mark owners seek to enforce their rights for a mark that is subject to challenge based on a registration that is subject to challenge, they likewis risks the diminishment if not the extinction of their rights. Such extinction of rights can occur based on several different arguments: that the asserted mark is generic for the goods (such as “footlong” for 12” sandwiches); that the mark is deceptive or merely descriptive and has not acquired distinctiveness; that the mark is the configuration of the goods and that the configuration is functional; or that the claim of use was defective and the evidence of use insufficient to support the claim to registration.

Given these scenarios, it looks like mark owners could be damned if they do try to enforce their rights and damned if they don’t. So, what are mark owners to do? That decision should be made by assessing the answers to the following questions and considerations, which fall into two general categories: diligence and identification of options.

Diligence

It’s essential to research all the relevant information by answering these questions. Who has priority? What is the nature and extent of use of each mark? Has there been any confusion? Granted the conditions of purchase trade channels and strength of the senior mark, is there a real likelihood of confusion that is commercially meaningful or a hypothetical “if-then” concern? Is the accused company one that might be a business partner or customer? How vulnerable is the senior mark (or registration) to attack? What counterclaims might be brought against the client? Does the accused party have superior rights in another jurisdiction of interest? How important is the matter to the client? Is the business at issue profitable, justifying the expense of potential litigation? Will the mark be in use into the foreseeable future, will it be phased out in a matter of months, or is it otherwise at the end of its lifecycle?

Identification of options

Sending a cease and desist demand letter or filing a complaint are common remedies used to protect a mark. But there are other approaches worthy of consideration that may be more effective. These include the following: taking no action; communicating with the third-party user by having a business person to business person conversation by telephone or otherwise; or having an initial expression of concern made by in-house counsel to in-house counsel with an invitation to discuss how those concerns might be addressed. On the other extreme, if the conduct is egregious and appears to be deliberate, there is no requirement for a cease and desist letter to be sent. The first communication to the adverse party may be the service of the complaint, with or without a demand for interlocutory injunctive relief.

If, after consideration of all the options, the decision is made to send a cease and desist letter, the next step is to determine what the demand is going to be, how much support will be provided for the demand and what the tone of the demand will be.

In making these determinations it is important to remember that how the message is conveyed will impact the response, which may include a resort by the recipient to social media. This is where the Streisand effect (that is, the capacity of an attempt to shut down a communication to generate even wider distribution of the communication) may come into play. Having a demand letter to cease and desist made public on social or other media by an accused entity seeking to generate public sympathy and support against a “bully” may generate more notoriety for the mark owner’s conduct than the accused party’s mark or product ever would have received, if the dispute had not become public. What this suggests is, first, that the demand be written as if it will be read by the client’s customers, as well as the general public, and second, that if the misuse is likely to be short-lived and little noticed, a different kind of letter may be called for. In the latter instance, the letter will have a less formal and less strident tone, as it is intended to educate and persuade. It’s also important to realize that search engine optimization can address any number of issues without recourse to legal demands.

Generally, the objective should be: first, to provide a factual and legal basis for the claim, especially if the recipient is an individual or small enterprise that may not have done a comprehensive search or may not have any real understanding of trademark law; and second, to demand what is feasible and what the client is entitled to. Overblown demands and demands that cannot reasonably be met are more likely to generate resistance than to secure compliance.