Unsettled Lloyds legal team reports to finance

The legal team at Lloyds Banking Group (LBG) now reports to the bank’s finance team after the group’s latest reorganisation, which also saw the departure of chief people, legal and strategy officer and ex-Linklaters managing partner Simon Davies, after less than two years.

The move has shifted responsibility for the legal and strategy teams to LBG’s chief financial officer George Culmer, with group general counsel Kate Cheetham reporting directly to him.

The changes, which were implemented from 4 September 2017, will also see Cheetham attend the group’s executive committee. António Horta Osório, LBG’s group chief executive, said the changes were fundamental to prepare the group for its upcoming strategic plan for the 2018-20 period.

Continue reading “Significant matters – Autumn 2017”

Do you know your cash-burn phase from your TLDNR? Welcome to the buccaneering, hierarchy-lite world of the fast-growth, tech-driven ‘disruptors’, the kind of business that a growing number of lawyers aspire to work in or advise.

Continue reading “GC 2.0”

Speaking at the Westminster Legal Policy Forum recently, renowned industry futurologist Richard Susskind accused the UK’s law schools of being stuck in the 1970s, preparing graduates to undertake work that will become increasingly uncommon while failing to train aspiring solicitors in the new technologies that will replace much of the work lawyers now do.

Continue reading “Education, education, education”

In October 2017, solicitors will make their first declaration that they have ‘reflected on and addressed any identified learning and development needs’. Continuing professional development (CPD) is the latest aspect of solicitors’ lives to convert to an outcomes-focused approach, under the Solicitors Regulation Authority (SRA)’s continuing competence regime. Continue reading “Over to you: assessing your training need in the age of ‘continuing competence’”

Imagine the worst: within the last 72 hours, your company has been hit by a major crisis. There may have been serious damage to the community in which you operate. Your customers may have suffered, people’s livelihoods may have been destroyed, the environment may be irretrievably damaged. Some of your employees and contractors may be injured, or worse. Your investors will be livid, and the board looking to assign blame. By the end of the first week, chances are your organisation will be facing dozens of lawsuits, some set to become class actions over time.

Continue reading “Beware the Black Swan”

Even for City lawyers used to increasingly heavy-handed tactics in panel reviews from banking groups, it proved something of a shock. News earlier this year that Deutsche Bank had notified pitching firms of its unwillingness to pay for trainees and newly-qualified lawyers during its last adviser review sent a jolt through the UK legal market. The practice of writing off the time of junior lawyers has been common for years in the US, reflecting in part higher relative salaries, charge-out rates and a propensity to clock up more tangential work as billable hours stateside.

Continue reading “Whose dime?”

On 19 May, Iran went to the polls for what many believed would be a tightly-fought election. By the next morning it was clear that the analysts’ predictions had been wide of the mark. Incumbent president Hassan Rouhani, leader of the Moderation and Development Party, secured a landslide victory over his nearest rival, Ebrahim Raisi, chair of the Popular Front of Islamic Revolution Forces. Shortly after the results were announced, Rouhani appeared on state television to say the election had shown Iran was committed to improving relations with the rest of the world. To investors and businesses that have been eyeing the country for years, it was a positive sign, but hopes of an open market have been dashed before. Sanctions related to Iran’s nuclear programme were lifted in early 2016, but businesses have so far been frustrated in the ongoing difficulties they face in the market.

Continue reading “The long, long game”

‘It has happened to me where you serve a client, have a great book of business, and then Ernst & Young [EY] is lucky enough to win the audit work for that client,’ says EY global legal head Cornelius Grossmann, reflecting on the vagaries and rewards of providing legal services in a Big Four giant.

Continue reading “Who’s afraid of the Big Bad Four?”

Is the general counsel the ringmaster managing risk effectively within their organisation, or a stage prompt waiting in the wings? These were the main discussion points of a recent panel debate before an audience of more than 40 senior in-house lawyers gathered together at Eight Members Club in Moorgate.

Continue reading “Get in the ring”

The legal implications of new technologies have been making headlines recently, with a group of more than 100 specialists in robotics submitting an open letter to the United Nations urging a ban on the use of machine learning and artificial intelligence in weapon systems. But on the commercial side the change capturing lawyers’ attention is not cutting-edge tech but the creeping maturity of IT systems that have been around for years. As Louise Pentland, general counsel of PayPal, comments: ‘The disruptive trends that are likely to shape business in the coming months are existing technologies becoming more capable.’

One of the best examples of a disruptive trend developing from technology that most businesses are already familiar with is the sudden ubiquity of cloud computing. Although moving business processes to the cloud is technologically passé – remote processing through application service providers (ASPs) has been around for nearly 20 years – internet speeds were, until recently, too slow to allow for anything beyond simple processes to be migrated. Now it is entering the mainstream. In early June 2017 Lloyds Bank finally signed its long-planned outsourcing contract with IBM, a £1.3bn deal that will see a large number of staff, along with core business processes, move over to IBM. Many large organisations are likely to follow.

Kit Burden, global co-head of technology sector at DLA Piper, says the impending mass migration to the cloud will change the way businesses think about the relationship between their core and support processes.

‘Concerns around security and data protection that have traditionally inhibited engagement with the cloud seem to be ebbing, and cloud providers are working out how to handle business-critical processes in a seamless way. We are seeing a demonstrable uptick in both take-up and deal sizes and it is having a very interesting domino effect in the market. The next 12 months will see cloud providers take over large parts of many businesses’ operations and it will lead to a big change in how global organisations operate.’

Baker McKenzie IT partner Harry Small echoes the point. ‘Lawyers like to highlight the dangers surrounding data protection and security in the cloud but for clients the economics are overwhelming and increased use of cloud services is inevitable. Security concerns aside, it is essential to do thorough diligence on a provider before migrating business processes. Cloud contracts tend to be very short term and can be switched off at will, but the danger, from the customer’s point of view, is that it remains difficult to get your data out in a manageable way.’

One result of this move toward outsourcing business-critical processes, says Chris Fowler, GC UK Commercial Legal Services at BT Group, is that in-house teams are increasingly likely to oversee the work themselves. ‘Outsourcing has become such an important part of business efficiency that you have to understand a lot of internal processes to get it right. In-house lawyers are, very generally, expected to know a lot more about outsourcing than previously. Contracts also tend to be shorter in duration and divided between different providers. As a result, managing various providers and making them work together has become more important than understanding the underlying laws.’

That comes as a threat to outside counsel specialising in outsourcing work. Robert Shooter, head of technology, outsourcing and privacy at Fieldfisher, the largest technology and outsourcing team in Europe, comments: ‘We are seeing a lot of the traditional big deals staying in-house now with clients sending only very specialised pieces of an outsourcing or the high-volume, low-cost aspects of it to firms. We see it as an opportunity to ask ourselves what our clients want from their external lawyers.’ Mitigating this loss of revenue, a growing focus on data privacy is leading to a big uptick in work. Fieldfisher has taken on ten new hires in the last 12 months, and Shooter says the firm expects client demand for data protection expertise to remain strong well into 2018.

Lawyers highlight the dangers surrounding data protection in the cloud but for clients the economics are overwhelming.
Harry Small – Baker McKenzie

Indeed, the big trend of the coming 12 months, says Richard Kemp of Kemp IT Law, is that legal aspects of data – from data rights and sovereignty to security and protection – will become even more important to in-house teams. ‘Data protection has gone from one of those slightly geeky areas that you’d occasionally see one or two lawyers specialise in at the larger firms to the in-demand skill that clients are looking for.’

Whose data is it anyway?

Simply taking the UK’s example, it is easy to see why data protection is no longer an afterthought for GCs. Under the 1998 Data Protection Act, the largest fine that the ICO (Information Commissioner’s Office) could levy was £500,000. The largest fine it had ever levied before 2017 was £250,000. That has now changed, and the ICO is becoming more robust. This year alone it has levied two £400,000 fines. But the big change is the General Data Protection Regulation (GDPR), which comes into force across the EU, including the UK, on 25 May 2018 and introduces a maximum fine of 4% of global turnover for data security breaches.

With the growing interest in outsourcing to the cloud, the shadow of GDPR-related fines for misuse of data looms large. ‘Five years ago, most outsourcing contracts allowed for data protection to be an unlimited loss,’ says Burden. ‘Data loss may have been a big worry for customers but it was economically a relatively trivial issue for suppliers. With the ramping up of national data regulators and the introduction of GDPR, the way contracts get scrutinised will fundamentally change.’

Kemp is seeing a similar shift in the way contracts are approached. ‘Trade-offs with security, the kind of indemnity protection the provider gives, and the liability position they are prepared to adopt will change, but the precise outcome is hard to predict at this stage. Cloud services are commoditised, which means there is not sufficient margin for providers to give the type of liability protection a customer would need in the event of misuse.’

Not only are the potential losses through fines much larger, but the introduction, under GDPR, of processor liability will also change the dynamics of contracts. As things stand, if a business outsources its customer relationship management system to a provider in the EU, the entity outsourcing its data is the only one liable to be fined (usually not very much). After GDPR takes effect the processor (ie outsourcer) will equally be regulated. As a result, any contract between controller and processor will have a different balance of power.

Of course, any law that restricts businesses’ ability to monetise data will cause friction, and it looks certain that the European principles of data protection and privacy will come into conflict with the tech giants of Silicon Valley. The Trump administration has signalled that it will take a more lenient approach to data protection, which does not bode well in the face of the EU’s increasingly stringent requirements.

Every GC is going to spend a lot of time looking at data protection. There will be a huge wave of work for law firms. Richard Kemp – Kemp IT Law

Ruth Boardman of Bird & Bird notes: ‘When companies come to trade in the EU from other jurisdictions they can find it difficult to get their heads around the fact that we don’t see data as an asset. From their perspective they have sweated blood and tears to generate data and they should be able to monetise it.’

It is likely that battles that have traditionally been fought in the arena of competition law, where fines can reach up to 10% of turnover, will be revisited in data protection cases. However, Kemp takes a more circumspect view of the risks to business. ‘Every GC is going to spend a lot of time looking at data protection before May next year and there will be a huge wave of work for law firms, but I would caution against listening to some of the hype coming from the service supplier community about how challenging it will be to comply. I take a fairly pragmatic view, which is that companies should comply but not over-invest in their compliance strategy. Knowing what to do is as much a project type approach as a legal analysis.’

Rachel Jacobs, GC of Springer Nature, picks up the theme: ‘Increasingly we are facing the sort of regulations that link legal analysis, IT specialists and questions of what the business is trying to achieve. These are no longer regulations that can be approached from a legal silo, though there are fundamentally important legal questions associated with them.’

Machine rights

Away from outsourcing and data protection, a notable trend across the TMT sector – driven by the pace of technological change and poor economic conditions – is the relative lack of litigation. While there have been some major cases in the High Court and the Technology and Construction Court involving technology and communications contracts, Harry Small says these represent only a small fraction of the general disputes in the sector. ‘TMT today is best characterised as contentious but not litigious. The really large amounts of work we get are contracts that have gone wrong but are never going to reach the courts. There is a growing tendency to re-evaluate contracts and enter into structured renegotiation.’

A bigger legal change, says Small, is yet to come. ‘Automated or artificial intelligence will fundamentally change IP law in the sector. A computer programme now does a lot of the work that a human might formerly do, even such things as drafting contracts and credit scoring. The question that arises is twofold: who owns the output and, more particularly, who owns the algorithms and decision processes made by the software?’

UK law has a small provision covering this question, which Small himself helped insert in the Copyright, Designs and Patents Act of 1988. The provision states: ‘In the case of a literary, dramatic, musical or artistic work which is computer-generated, the author shall be taken to be the person by whom the arrangements necessary for the creation of the work are undertaken.’ It is a vague provision, says Small, but one which the EU was not prepared to follow at the time. ‘The harmonisation of copyright law across the EU, quite wrongly in my opinion, took the view that copyright works must have a human author. This is almost certainly a linguistic reflection of the Droit d’auteur or Urheberrecht, but we are in a world that is rapidly moving away from humans as the sole authors of output. When Brexit gives us the freedom to look at our intellectual property laws again, we will have a great opportunity to make laws that reflect the world we live in.’

Such laws may reshape the sector entirely, but in the coming months GCs are more likely to focus on less cutting-edge technologies. As Pentland concludes: ‘It is tempting to say there is nothing new about digital transformation – almost every company has moved to online and digital offerings – but implementing a proper digital transformation strategy means ripping up what you have done previously and doing it all in a different way, enabled through technology. That is doing something new in response to something not quite so new, but that is what being a lawyer in the TMT space is all about. Software licences, open-source and outsourcing were all once at the leading edge of law, but the real question for in-house lawyers comes when they stop being at the leading edge and start to become something that impacts the way your business is structured.’

[email protected]

The legal implications of new technologies have been making headlines recently, with a group of more than 100 specialists in robotics submitting an open letter to the United Nations urging a ban on the use of machine learning and artificial intelligence in weapon systems. But on the commercial side the change capturing lawyers’ attention is not cutting-edge tech but the creeping maturity of IT systems that have been around for years. As Louise Pentland, general counsel of PayPal, comments: ‘The disruptive trends that are likely to shape business in the coming months are existing technologies becoming more capable.’

One of the best examples of a disruptive trend developing from technology that most businesses are already familiar with is the sudden ubiquity of cloud computing. Although moving business processes to the cloud is technologically passé – remote processing through application service providers (ASPs) has been around for nearly 20 years – internet speeds were, until recently, too slow to allow for anything beyond simple processes to be migrated. Now it is entering the mainstream. In early June 2017 Lloyds Bank finally signed its long-planned outsourcing contract with IBM, a £1.3bn deal that will see a large number of staff, along with core business processes, move over to IBM. Many large organisations are likely to follow.

Kit Burden, global co-head of technology sector at DLA Piper, says the impending mass migration to the cloud will change the way businesses think about the relationship between their core and support processes.

‘Concerns around security and data protection that have traditionally inhibited engagement with the cloud seem to be ebbing, and cloud providers are working out how to handle business-critical processes in a seamless way. We are seeing a demonstrable uptick in both take-up and deal sizes and it is having a very interesting domino effect in the market. The next 12 months will see cloud providers take over large parts of many businesses’ operations and it will lead to a big change in how global organisations operate.’

Baker McKenzie IT partner Harry Small echoes the point. ‘Lawyers like to highlight the dangers surrounding data protection and security in the cloud but for clients the economics are overwhelming and increased use of cloud services is inevitable. Security concerns aside, it is essential to do thorough diligence on a provider before migrating business processes. Cloud contracts tend to be very short term and can be switched off at will, but the danger, from the customer’s point of view, is that it remains difficult to get your data out in a manageable way.’

One result of this move toward outsourcing business-critical processes, says Chris Fowler, GC UK Commercial Legal Services at BT Group, is that in-house teams are increasingly likely to oversee the work themselves. ‘Outsourcing has become such an important part of business efficiency that you have to understand a lot of internal processes to get it right. In-house lawyers are, very generally, expected to know a lot more about outsourcing than previously. Contracts also tend to be shorter in duration and divided between different providers. As a result, managing various providers and making them work together has become more important than understanding the underlying laws.’

That comes as a threat to outside counsel specialising in outsourcing work. Robert Shooter, head of technology, outsourcing and privacy at Fieldfisher, the largest technology and outsourcing team in Europe, comments: ‘We are seeing a lot of the traditional big deals staying in-house now with clients sending only very specialised pieces of an outsourcing or the high-volume, low-cost aspects of it to firms. We see it as an opportunity to ask ourselves what our clients want from their external lawyers.’ Mitigating this loss of revenue, a growing focus on data privacy is leading to a big uptick in work. Fieldfisher has taken on ten new hires in the last 12 months, and Shooter says the firm expects client demand for data protection expertise to remain strong well into 2018.

Lawyers highlight the dangers surrounding data protection in the cloud but for clients the economics are overwhelming.
Harry Small – Baker McKenzie

Indeed, the big trend of the coming 12 months, says Richard Kemp of Kemp IT Law, is that legal aspects of data – from data rights and sovereignty to security and protection – will become even more important to in-house teams. ‘Data protection has gone from one of those slightly geeky areas that you’d occasionally see one or two lawyers specialise in at the larger firms to the in-demand skill that clients are looking for.’

Whose data is it anyway?

Simply taking the UK’s example, it is easy to see why data protection is no longer an afterthought for GCs. Under the 1998 Data Protection Act, the largest fine that the ICO (Information Commissioner’s Office) could levy was £500,000. The largest fine it had ever levied before 2017 was £250,000. That has now changed, and the ICO is becoming more robust. This year alone it has levied two £400,000 fines. But the big change is the General Data Protection Regulation (GDPR), which comes into force across the EU, including the UK, on 25 May 2018 and introduces a maximum fine of 4% of global turnover for data security breaches.

With the growing interest in outsourcing to the cloud, the shadow of GDPR-related fines for misuse of data looms large. ‘Five years ago, most outsourcing contracts allowed for data protection to be an unlimited loss,’ says Burden. ‘Data loss may have been a big worry for customers but it was economically a relatively trivial issue for suppliers. With the ramping up of national data regulators and the introduction of GDPR, the way contracts get scrutinised will fundamentally change.’

Kemp is seeing a similar shift in the way contracts are approached. ‘Trade-offs with security, the kind of indemnity protection the provider gives, and the liability position they are prepared to adopt will change, but the precise outcome is hard to predict at this stage. Cloud services are commoditised, which means there is not sufficient margin for providers to give the type of liability protection a customer would need in the event of misuse.’

Not only are the potential losses through fines much larger, but the introduction, under GDPR, of processor liability will also change the dynamics of contracts. As things stand, if a business outsources its customer relationship management system to a provider in the EU, the entity outsourcing its data is the only one liable to be fined (usually not very much). After GDPR takes effect the processor (ie outsourcer) will equally be regulated. As a result, any contract between controller and processor will have a different balance of power.

Of course, any law that restricts businesses’ ability to monetise data will cause friction, and it looks certain that the European principles of data protection and privacy will come into conflict with the tech giants of Silicon Valley. The Trump administration has signalled that it will take a more lenient approach to data protection, which does not bode well in the face of the EU’s increasingly stringent requirements.

Every GC is going to spend a lot of time looking at data protection. There will be a huge wave of work for law firms. Richard Kemp – Kemp IT Law

Ruth Boardman of Bird & Bird notes: ‘When companies come to trade in the EU from other jurisdictions they can find it difficult to get their heads around the fact that we don’t see data as an asset. From their perspective they have sweated blood and tears to generate data and they should be able to monetise it.’

It is likely that battles that have traditionally been fought in the arena of competition law, where fines can reach up to 10% of turnover, will be revisited in data protection cases. However, Kemp takes a more circumspect view of the risks to business. ‘Every GC is going to spend a lot of time looking at data protection before May next year and there will be a huge wave of work for law firms, but I would caution against listening to some of the hype coming from the service supplier community about how challenging it will be to comply. I take a fairly pragmatic view, which is that companies should comply but not over-invest in their compliance strategy. Knowing what to do is as much a project type approach as a legal analysis.’

Rachel Jacobs, GC of Springer Nature, picks up the theme: ‘Increasingly we are facing the sort of regulations that link legal analysis, IT specialists and questions of what the business is trying to achieve. These are no longer regulations that can be approached from a legal silo, though there are fundamentally important legal questions associated with them.’

Machine rights

Away from outsourcing and data protection, a notable trend across the TMT sector – driven by the pace of technological change and poor economic conditions – is the relative lack of litigation. While there have been some major cases in the High Court and the Technology and Construction Court involving technology and communications contracts, Harry Small says these represent only a small fraction of the general disputes in the sector. ‘TMT today is best characterised as contentious but not litigious. The really large amounts of work we get are contracts that have gone wrong but are never going to reach the courts. There is a growing tendency to re-evaluate contracts and enter into structured renegotiation.’

A bigger legal change, says Small, is yet to come. ‘Automated or artificial intelligence will fundamentally change IP law in the sector. A computer programme now does a lot of the work that a human might formerly do, even such things as drafting contracts and credit scoring. The question that arises is twofold: who owns the output and, more particularly, who owns the algorithms and decision processes made by the software?’

UK law has a small provision covering this question, which Small himself helped insert in the Copyright, Designs and Patents Act of 1988. The provision states: ‘In the case of a literary, dramatic, musical or artistic work which is computer-generated, the author shall be taken to be the person by whom the arrangements necessary for the creation of the work are undertaken.’ It is a vague provision, says Small, but one which the EU was not prepared to follow at the time. ‘The harmonisation of copyright law across the EU, quite wrongly in my opinion, took the view that copyright works must have a human author. This is almost certainly a linguistic reflection of the Droit d’auteur or Urheberrecht, but we are in a world that is rapidly moving away from humans as the sole authors of output. When Brexit gives us the freedom to look at our intellectual property laws again, we will have a great opportunity to make laws that reflect the world we live in.’

Such laws may reshape the sector entirely, but in the coming months GCs are more likely to focus on less cutting-edge technologies. As Pentland concludes: ‘It is tempting to say there is nothing new about digital transformation – almost every company has moved to online and digital offerings – but implementing a proper digital transformation strategy means ripping up what you have done previously and doing it all in a different way, enabled through technology. That is doing something new in response to something not quite so new, but that is what being a lawyer in the TMT space is all about. Software licences, open-source and outsourcing were all once at the leading edge of law, but the real question for in-house lawyers comes when they stop being at the leading edge and start to become something that impacts the way your business is structured.’

[email protected]