This post is actually about a talk given jointly by me and Barry Vitou of Pinsent Masons and of thebriberyact.com to an audience invited by Iron Mountain in Westminster this week about the Bribery Act and developments in e-Disclosure. I came across a couple of diversions on the way which help illustrate some relevant words and terms which are in danger of losing their meaning – we all nod wisely when they come up but have lost any sense of what they mean in practice.
Barry’s subject and mine had various things in common, but both come down to having business processes in place to anticipate likely eventualities, to assess and manage risk, and to reach business objectives. You consider some external pressure, evaluate your exposure to it, understand its implications and the possible downsides, add up the costs of anticipating it, make an informed decision about it and set up a system to handle it. Or perhaps not.
Take hotels and their booking systems, for example. Risks range from accepting a booking and then denying all knowledge of the guest when he turns up to having him freeze to death in your room. Or, perhaps worse, not quite freezing to death and surviving to write about it afterwards.
One clearly-identifiable risk for me when I am due to speak early in the morning is that the trains will not run: the wrong kind of leaves on the line, the wrong kind of snow or, more probably, the wrong kind of management, all make it possible that this will be the day when you hear some variant on “We really can’t be arsed to run your service today” over the tannoy at Oxford station. I manage the risk by going up the night before and staying in an hotel.
I generally leave it quite late to decide on this – part of my just-in-time approach to life generally – and use a web-based service which includes the word “Late” in its name to emphasise that its niche is last-minute bookings. You can choose an area, spot the bargains, eye a place up, book a room, and pay, leaving it to them to tell the hotel that you are coming. They do 95% of this extremely well, and you may think it very picky of me to expect the last bit to be handled with the same efficiency as the marketing and the taking of my money. There does seem to be a glitch in the system here though and, when I presented myself at the hotel, I found myself not expected. The last time this happened (at a different hotel), I made such a fuss that they threw someone else out to make room for me. This time, I really thought I was in for a cold night huddled in a doorway. With a bit of emailing (thank you iPad for the means and the cloud for the availability of my emails including my booking confirmation) I eventually got in to my room – which, it transpired, was not much warmer than the forecourt of Victoria Station across the way.
What’s a chap to do? I suppose I could have gone out and found the delightful-looking lady who had accosted me in the street earlier and taken her up on the kind offer which I had rejected so brusquely. As an alternative way of getting warm, I could have piled all the room’s tacky furniture in a heap and set fire to it. My risk assessment suggested that both had obvious downsides disproportionate to the benefit – I suspect that imprisonment for arson would have been preferable to whatever the lady was offering, despite the growing number of ex-MPs who are lowering the tone in our prisons.
Early morning found me going out to warm up in Starbucks, overlooking the station forecourt – which brings me to my second peripheral example of processes going not quite to plan. On 15 September 1940, Flight Sergeant Ray Holmes was part of a squadron of Hurricanes tackling German bombers over Victoria. His risk assessment was that one of the Dorniers was heading for Buckingham Palace; the standard business process was to push a button which sent a stream of lead towards the target, but Holmes found that he had run out of ammunition. His quick reassessment of the risk (very quick at a closing speed of 327 mph) suggested that the King remained in danger and that his own options were limited so, pausing only to shake off the parachutist who was draped over his wing, he rammed the Dornier instead, causing its tail to shear off (see this clip at 2.30 to 3.00 for what happened next). The Dornier crashed into the station forecourt, right opposite where I was now having my coffee – compare the window arrangement on the right of the two photographs to show that we are in the same place. The Hurricane buried itself so deeply in the tarmac of Ebury Bridge Road that it stayed there until 2004, when it was uncovered in Ray Holmes’ presence. He died the following year aged 90, so his risk assessment paid off – in more ways than one, since the German rout of 15 September led, two days later, to Hitler’s decision to postpone the planned invasion, and marked the end of the Battle of Britain.
Well that’s all very interesting, you may say, but I come here for hardcore edisclosure / ediscovery, not complaints about railways or hotels and reminiscences of the war.
There is in fact a point behind these stories. Terms like “business process” and “risk assessment” become dulled with over-use. Like “proportionality”, they become part of the aural wallpaper of business discussion and it helps, every so often, to illustrate them by examples pulled from elsewhere. A hotel booking service which works like a dream except for the formality of actually placing the booking helps us to understand that one needs to pay more than formal lip-service to the idea of “process”. A risk / benefit analysis which involves the potential death of the head of state, the sacrifice of valuable company property (Churchill had just been told that there were no fighter reserves), and your own probable death explains the term “risk assessment” despite its remoteness from our everyday experience. If “proportionality” is described as “the balance of risk and/or likely value against cost”, it moves beyond being a mere term of art and becomes meaningful when you think of it in these terms.
And (to merge business processes, risk assessments and proportionality into one whilst bringing us back to the substance of our talks), we do need to keep the risks, costs and benefits in proportion when developing our processes. I will not recapitulate all that Barry Vitou and I said (you can come to our next joint talk for that) but there are several elements in common between the processes needed to be fit to give electronic disclosure in litigation and those required for the Bribery Act and other regulatory, investigatory and compliance matters. I opened my talk with pictures of huge piles of paper, of people sorting through them, of an army of officials arriving unexpectedly at the office and of that worried call from the client to a lawyer who did not have a clue what advice to give. I ended it with a photograph of firemen playing their hoses over burning thatch (preventative measures are too late by then) and of a board meeting at which the chairman thanked Mr Geek for his, er, interesting report on information management which the board might come back to at the next meeting. Bribery Act readiness adds several rather pointed layers to the message implicit in all this, but the fundamental point is the same.
Both subjects have their scaremongers. In e-disclosure they include lawyers who whine about the burdens of the Practice Direction 31B and its questionnaire without, apparently, having read either of them, and service providers who seek to drum up trade by asserting that it is no longer possible to manage document-heavy litigation without their help. The pending Bribery Act has given air-time to journalists and others with an interest in implying that every drink bought for a potential supplier by a potential customer will land both parties in prison, with the same implication that masses of expensive pre-emptive advice will be essential for all companies. Proportionality comes up under both headings, as does the fear that actions or lack of actions in one jurisdiction will cause problems in another.
“Proportionality” is our third example of management-speak aural wallpaper. Along with “business process” and “risk management”, it passes over our heads with a sage nod which, too often, merely indicates that we recognise the words rather than their real meaning as they apply to the actual situation in front of us.
In e-disclosure terms, it means that we weigh the estimated value of disclosing documents against their likely value; in the rules it appears as an express part of the court’s management duty – “considering whether the likely benefits of taking a particular step justify the cost of taking it” [1.4(2)(h) CPR]. This does not imply that you keep quiet about anything potentially disclosable but means that you are transparent and cooperative about the cost-to-value ratio. “Risk management” means that you have assessed the likelihood that you will face litigation and investigation, and considered whether (as HHJ Simon Brown QC put it in Earles v Barclays Bank you “need to anticipate having to give disclosure of specifically relevant electronic documentation and [have] the means of doing so efficiently and effectively”. The “business process” is management-speak for “this is how we do things here” and will be different as between different companies.
In Bribery Act terms, the same sliding scale of proportionality applies. Barry referred to Transparency International’s Corruption Index; if you deal with high-risk countries then you need to work harder to anticipate the giving or receiving of bribes and to identify the sectors or individuals most likely to cause problems.
We will have to wait and see what the guidance notes say about the hospitality questions which have caused so much concern, but most people will be able to recognise the difference between a level of entertainment which is normal for the industry and proportionate to the legitimate objective (on the one hand) and an improper inducement (on the other) – the latter will generally have no element of proportionality in it and will be improper whatever its scale. The “business process” in this context is likely to involve the formalisation of common sense. Common sense (to say nothing of resources) will also inform the SFO’s approach – that does not imply that a blind eye will be turned to trivia, but that the SFO will choose its battles carefully.
Let us revert to the examples with which I opened. The hotel booking system fell down, for me at least, because the objective – getting customers a room for the night at short notice – seems to have been subordinated to the mechanics of facilitating choice and taking payment. Its parallel, in e-disclosure terms, is an excessive focus on the minutiae of the rules and of the technology whilst losing sight of both the overriding objective and the client’s objective.
It is unlikely, frankly, that Ray Holmes had time for much informed risk assessment, nor did his training manual specify what was the proper course when you had a German parachutist dangling from your wing, no ammunition and a bomber in front of you heading for the Palace. What he did have was an objective, which was to bring down as many raiders as possible. I give it as the exception which illustrates (even if it does not prove) the general rule that “risk” involves an informed calculation.
My thanks to Iron Mountain for the opportunity to speak on these subjects. If you want to keep up with Bribery Act developments as they happen, thebriberyact.com is the place to go. You are already at the place for informed comment on edisclosure and ediscovery matters.