News

April 7 2024

What should in-house General Counsels do when they become aware that their organisation – or senior people within it – are, or may be, behaving unlawfully?

Back in the USA

It is not a new question.

In 1991 the head of Salomon Brothers’ Government Trading Desk, Paul Mozer, deliberately breached the rules at 5 separate auctions of US Treasury bonds between December 1990 and May 1991, falsified trading records then lied to supervisors as US regulators started to ask questions. What made the firm’s behaviour worse was that, despite the GC, Donald Feuerstein, the Chair, John Gutfreund, and two other senior executives (John Meriwether and Thomas Strauss) being told of Mozer’s behaviour during the February auction in April 1991, despite them agreeing that his conduct should be reported to the US Treasury, they did nothing. It was only in August that the Treasury was informed and, even then, the firm failed to say that top executives had known for months but failed to act, a delay described as “inexplicable and inexcusable” by Salomon Brothers’ new Chair, Warren Buffet. 3 of those 4 executives had resigned by then but not the GC who had repeatedly told senior management that they must act but had failed to make any reports himself. Eventually, he too resigned.

The report into this matter – and the conduct of the GC – was one of the first things I read when joining Salomon’s Legal Department a few years later. It was made crystal clear that, when it came to legal issues, especially reporting to authorities, lawyers could not, should not satisfy themselves with telling others that something had to be done but had an obligation to ensure that it was done and, if necessary, by them. Lawyers were not just there to advise others. Sometimes they had to act too.

And now?

Some 30 years later that lesson still needs learning, judging by what we are learning from the never-ending revelations of the Post Office Inquiry and, lately, the release of numerous recordings, involving conversations between the independent external investigators, Second Sight, and the Post Office’s General Counsels, Susan Crichton and, later Chris Aujard. Much of the focus has been on what they show about Paula Vennells’ knowledge of Horizon’s failings and its consequences for subpostmasters, contrary to what she later claimed to a Parliamentary Select Committee.

Worse is what they show about the response of the Post Office’s General Counsel, their most senior lawyer and the person who should, if they understand their responsibilities properly, be ensuring the company complies with the law even if this adversely impacts its commercial interests or is deeply embarrassing (whether for the organisation or him personally of his team).

The latest recording, released by ITV, is worth dissecting. The new GC, Chris Aujard, was told by Second Sight, that his organisation may have pressured subpostmasters improperly into pleading guilty to serious criminal offences on the basis of false or non-existent evidence, failed to carry out investigations and misled the court.

“It’s that serious.” he is told.

He responds:

“My focus now is on dealing with each case as it comes through. So yeah, the macro, macro issues are another pot. They’re not in my pot. They belong to other parts of the organisation. I can feed through some of the thoughts on this call into that pot.”

And

“… I will absolutely relay on to the right people.”

What is this garbage management-speak? He was the chief lawyer. He was one of the “right people“. He had an overriding duty to ensure that the organisation of which he was the GC did not behave unlawfully. He had an overriding duty to the court to ensure that it is not misled, whether expressly or by omission, a duty overriding any other duty to his client. If there was – as he was clearly told – the slightest chance of his organisation misleading a court during litigation and/or in criminal prosecutions, he should have been all over this. Not wittering about “pots”, “macro issues” and dumping his responsibilities on others like some latter-day Pontius Pilate. “Not my job” is not what a GC should be saying when told of unlawful, potentially criminal behaviour. A GC is not a passer-by at the scene of an accident.

What should have happened

He should have informed the full Board, including the non-executive directors, of what he’d been told and what needed to be done. Did he? If he was either not listened to or told to do nothing or that it was none of his business, he should have resigned and told the legal regulatory authorities, the courts and the government why. Of course, this would have required a sense of professionalism, some ethical sense and courage. Were these qualities more widespread in public and commercial life, our organisations would be in a much better state than they are.

What does this show us?

What this vignette (and the other recently released recordings) suggest is a Board lacking the necessary curiosity alerting them to what was happening at the executive level. Or, just as likely, a Board not wanting to know, making that clear and thereby stifling any chance of independent ethical action by managers from the executive level down.

It also suggests a legal department unwilling or unable to take full and proper responsibility for the company’s investigations team and the consequent prosecutions. What sort of an investigations team the Post Office actually had and whether it really did any investigations in the proper sense of that word will be for another time. (Spoiler: no.)

It is worth noting that this approach did not start with Mr Aujard. In 2010 the Post Office’s Head of Criminal Law, Rob Wilson, when asked for his views on having an independent investigation into Horizon said:

“To continue prosecuting alleged offenders knowing that there is an ongoing investigation to determine the veracity of Horizon could also be detrimental to the reputation of my team.” (Emphasis added.)

His full response (see here) shows someone more concerned with adverse publicity, the Post Office’s reputation and damage to the business, as well as to his own team. His team’s reputation simply should not have been a factor when determining whether or not to have an independent investigation into a system whose data was being relied on in criminal prosecutions. In any event, it took another 2 years before such an investigation was commissioned.

What this recording also suggests is an organisation splitting up its management of – and responsibility for (“They’re not in my pot.”) – its response to what was being alleged in a way which weakened the GC’s authority, made it harder for any one senior person or department to see the extent of what was happening (or easier to turn a blind eye and disclaim responsibility, depending on how cynical you’re feeling) and easier to treat the constituent parts of the scandal as problems to be managed away rather than fully understood and properly handled.

Bad stuff happens

Employees will often break the rules, whether deliberately or by mistake. Sometimes they will try and cover up what they have done. Or say nothing, hoping the problem will go away. Or lie when asked. There is nothing unusual about this. But that is precisely why we have gatekeepers – in-house lawyers – to act when others don’t, when others are foolish or malicious or afraid to act. It is why the best test of an organisation’s culture is how it – its senior managers, its lawyers – respond when bad stuff happens, when things go wrong, when misfeasance, misconduct or just plain stupid mistakes come to light.

The Williams Inquiry resumes its hearings on 9 April with the interviews of a number of senior Post Office lawyers. It will be interesting to hear from them how they understood the scope of their role, whether they understood that they might sometimes be in a position where their duty to the court was in conflict with what their client wanted and what they should do in such a situation. And whether what they actually did was in line with the high standards which ought to be expected of them.

This is something all lawyers, especially in-house ones, have to have an answer to, even if you hope never to be put in such a position. An “I can’t remember.” or an “I see no ships” answer will not be good enough.

March 12 2024

My latest article for GRIP.

What the City of London can learn from the UK police

The full article is below.

The recent Angiolini Report on the multiple failings of various UK police forces which allowed Wayne Couzens to become and remain a police officer until he kidnapped, raped and murdered Sarah Everard, has lessons for all of us, in particular, for organizations now grappling with non-financial misconduct.

An excellent review by Rob Mason, director of regulatory intelligence at Global Relay, covers how firms will need to monitor staff and the factors they will need to consider when monitoring and reviewing non-financial behavior. So what lessons can we learn from what went wrong with the police?

Prevention is better than cure

If you can avoid employing crooks/bullies/racists/sexists/incompetents in the first place, it will be very much easier than dealing with misbehavior later. It’s not just that getting rid of bad employees takes time and effort. Gresham’s Law applies: just as bad money drives out good, bad employees drive out good. They help create a bad culture. They make it harder than it ought to be to keep good people. They make it more difficult than it ought to be for others to speak up about such misbehavior.

There is a mismatch between what you (and your many procedures/Codes of Conduct) say and what your employees see you doing. You’re not simply having to monitor for – and deal with – misbehavior but also having to work harder than necessary at stopping good employees from leaving.

Hiding in plain sight is easy

One of the most surprising – and worrying – findings of the report was that, far from it being obvious to colleagues that Couzens was a violent predator, he gave the opposite impression. Many of those working with him thought he was a good officer, helpful, hard-working and so on. Rather than thinking “yes, he was capable of that” when caught, many could not believe it. It was frighteningly easy for a seriously depraved man to hide this from his colleagues.

What was true in three police forces is also true in the City. Many of the worst wrongdoers were thought of as “stars” or charming. Even the worst bullies are well capable of presenting a good side to those they need to impress. There is a level of calculation and thought in what they do. So you need to be alert and test how genuine all this “charm”, “hard work” and “starring achievement” really is.

There are always clues

The clues are usually small: the wrong dates for previous employment, small errors in addresses for credit checks, making your chaotic finances look good for the period when they are checked. All these were present in Couzens’ case; all were deliberate; all were done with the intention of presenting a picture of himself which was designed to mislead. It is a feature almost invariably found with wrongdoers elsewhere.

Small lies matter

Couzens’ small lies mattered – not because they were evidence of his offending and sexually violent interests – but because they evidenced the way Couzens, as with so many other wrongdoers, was able to compartmentalise himself, presenting the image he wanted to authorities and only sharing his true self with a few trusted colleagues.

It is not the content of the lies that (usually) matter but the fact of them. What does that tell you about someone? And if they get away with them before they have even joined your organization, what have they learnt? That they can lie and get away with it. That what you put in your procedures doesn’t really matter. They are the most important lessons they will learn – and ones which your training risks doing little to counter.

What is the point of due diligence/vetting?

Not the silly question it might seem. The point is to try and understand the character of the person you are hiring and whether the wonderful things you have been told during the interview process are too good to be true. Too often, though, they are seen as merely a tediously bureaucratic process which must be gone through, outsourced to another team, often far away, who do not understand either what they are doing or why it matters.

The risk is that any inconsistencies are not escalated or ignored and only reviewed after something has gone wrong. At that point you have two problems: those caused by your errant employee, and your faulty judgment and/or failure to take information you had asked for into account. The latter is an easy hit for regulators. They’ll take it.

Judgment matters

“Had those responsible for police vetting not allowed process to usurp their independent thought and curiosity, Couzens may not have held the office of constable for as long as he did.” (From the Report’s Foreword)

Independent thought and curiosity are always needed, no matter how good your processes. The latter are an aid to judgment, not a substitute for it.

One of the more interesting tidbits from the Report is that the Civil Nuclear Constabulary outsourced its vetting to Kent Police, made the decision to hire before receiving the results back, then did not change its mind even though the vetting showed chaotic financial indebtedness of a type which should have stopped his hire, because of the risk of blackmail and/or stress.

Couzens, who worked for many years in his father’s garage, was a fluent Russian speaker. He joined the Met because he said he wanted to do detective work, then immediately applied to become a firearms officer with the Diplomatic Protection Squad. But no one wondered whether such a person should have been guarding nuclear facilities, or have a firearm with access to diplomats, or why his actions were at odds with his stated intentions. Or, indeed, whether they might be a target for a hostile foreign state actor.

The financial world is also a target. One of my more interesting cases was discovering the hire of someone as a bond trader who claimed to be in the SAS (unevidenced) and had then taken five years out to teach in Syria during the middle of the civil war (why?). No one was asking questions about this unusual CV.

Whatever monitoring you do, look at what you were told before someone joined, look at the whole picture, don’t just focus on breaches of procedures, join up the dots, look at the whole picture and ask the obvious questions: does what I am being told up add up / make sense / is this the sort of person we want here / is this the sort of behaviour we want to see? Then act.

Make it easy for yourself

The more complicated the processes and procedures, the easier it is to make mistakes, forget things, not keep accurate records. This too was a feature here. Some complication is inevitable given the seemingly endless and ever-changing rules. But try to make your processes easy to understand and follow. Make the point of them and their importance clear. Keep accurate records. Give yourself the best chance to know what is going on.

January 12 2024

Why has no-one called  the subpostmasters whistleblowers?

My GRIP article here –

The victims of the UK Post Office scandal are whistleblowers – and should be recognised as such

The full article is below –

The UK Post Office subpostmasters have been called many things over the years:

• thieves, crooks and fraudsters (often garnished with appalling racial epithets) by Post Office investigators and managers;
• victims by those campaigning for them, including MPs;
• heroes by some; and
• the “skint little people” by the dramatist, Gwyneth Hughes, telling their story in the recent TV drama.

But the one thing they have not been called, surprisingly because this is what they indubitably were, is “whistleblowers”.

Why has no one called them this? They did not call themselves that. They did not send an email marked “Whistleblowing”. They did not refer to any internal policy or press a button on the corporate website marked “Making a Whistleblowing Report” (even assuming the Post Office had such a procedure).

They weren’t even Post Office employees. But the substance of what they did was to blow the whistle on a flawed accounting system. And, subsequently, on flawed, badly understood contracts (see the March 2019 Bates Common Issues judgment) and the behavior of its internal investigators and lawyers, whose conduct is currently being reviewed by the Williams Inquiry.

It is all too easy for organisations, focused on drafting whistleblowing procedures, to forget what whistleblowing is for.

It is the substance of the message which is what makes something a whistleblowing. Not the how of its communication or the status of the messenger. If someone is telling you that something is – or may be – wrong, then rather than worry about how to categorize them, or what legal arguments you can use to justify ignoring them, you need to listen, investigate and not go after the messenger.

It is the difference between taking a “tick-the-box / does this fit the procedure?” approach and understanding what the point of whistleblowing is and why it matters.

The Post Office did not treat the subpostmasters as whistleblowers because this would have required it to accept that there was something which needed investigating – and doing so properly. It would also have made it impossible for it to demand the money it wanted. But at some more fundamental level it simply did not recognise that this was what was happening.

This is not surprising. It is all too easy for organizations, focused on drafting whistleblowing or, as they are often now called, “Speak Up” procedures, on understanding the finer points of the latest EU Whistleblowing Directive, if they have operations within the EU, or regulatory requirements or the precise remit of the Public Interest Disclosure Act 1998 to forget what whistleblowing is for.

It is not meant to be an intellectual legal categorization exercise for employment lawyers or HR personnel. Too often it devolves into an assessment of whether an individual has brought themselves within scope of the relevant law and what legal arguments might be used against them to protect the organization from an employment claim and the payment of damages.

Nor is it meant to be another process or procedure to be proudly displayed to one’s regulator or talked about in the Annual Report, a token of how “transparent” and “compliant” the organisation likes to present itself as being.

One of the hardest things for organizations – especially large ones – to do is see what is really going on in their organization. Partly it is because there is so much information and, paradoxically, despite its quantity it can too often be silo’ed. But partly it is because the information collected or focused on is about what is going well: profits made, targets met, new customers, new contracts etc …

But what you also need to know is what is not going well: complaints, demands for information from regulators or other outside bodies, legal actions, internal investigations, disciplinaries, grievances, reasons for departures, system problems, faults, monitoring reports, whistleblowing claims and so on. All of these are signs that the organization’s health is not what it should be.

Whistleblowing reports do not always come neatly packaged as such. The person raising an issue may not even realise that that is what they are doing. They may only have part of the picture, or get some of it wrong, or not understand the implications. Or miss out key facts which can only be teased out when they are spoken to. They may do so for self-interested reasons.

But none of that really matters. A concern raised – in whatever context – is a warning that something is or may be going wrong. It is a chance to look at it properly before it becomes a crisis to be managed. It is something to be welcomed because it tells you something that you might not otherwise have spotted. Or it helps you connect seemingly random bits of information and understand what that tells you.

Who tells you and what their motives may be are less important than what they are telling you, certainly until you have investigated and established the facts in a robust and reliable manner.

What organizations need is the skill to realize that they are being given clues needing proper investigation. And the sense to realise that this – proper investigation and resolution of the concerns raised – is the point of having all these procedures, processes, policies, training, Whistleblowing Champions and the rest.

Those subpostmasters were whistleblowers. It is a mark of how poorly understood the importance and purpose of whistleblowing is that it has taken two decades after the first whistleblowing legislation, passed at around the same time the Horizon scandal started, ironically enough, for their concerns to start being properly understood and addressed.

Photo: author’s own.