The Law and Compliance after Enron

By Paul Motion - Ledingham Chalmers

November 7, 2005

Compliance is a hot legal and Boardroom topic at the moment. The Enron scandal provided the driver for some of the most onerous corporate compliance requirements ever enacted (and some of the severest non-compliance penalities). Fear of the USA’s Sarbanes-Oxley Act 2002 has led to a 29% decrease in the number of persons willing to act as non-executive Directors.

In the European Union, the Basel II accord, agreed in June 2004 in relation to bank’s capital reporting requirements, has created significant systems and data management implications. One estimate has put the cost of Basel II compliance at £100 billion for the banking industry globally. Finally, the new EU auditing directive has the potential to be as tough on United Kingdom institutions as the Sarbanes-Oxley Act.

All of the above provide compelling reasons for Boards to re-examine their approach and capabilities relative to data processing, storage, and retrieval systems. The temptation is to delegate such matters to the IT Manager.

Some firms have demanded that all electronic data be retained but blanket retention on its own can result in terrabytes of impenetrable data. What is really required is a comprehensive appreciation of the compliance requirements, and then communication of these to all levels from Board downwards by way of intelligible policies and procedures.

In addition to the draconian measures mentioned above relative to corporate reporting and financial institutions, the United Kingdom’s laws now include the Data Protection Act 1998, Freedom of Information (Scotland) Act 2002, and the Access to Environmental Information Regulations 2004. Each of these enactments presupposes that corporate bodies and Public Authorities are in a position to store data in a meaningful and manageable fashion.

The deadlines for compliance are very strict and Public Authorities responding torequests under the Freedom of Information Act and AEI regulations have a mere 20 days within which to do so. Beyond the demands of industry regulators and entitled persons, the courts in the USA and United Kingdom are now showing an increasing general level of interest in, and awareness of, the need to locate and examine not just paper documents but underlying electronic metadata.

In England most litigants are required by the Civil Procedure Rules to sign off an extensive certificate, setting out in detail the steps they have taken to examine their computer systems for potential evidence. The Scottish courts will probably follow suit in the near future as a comprehensive review of courtroom procedure and technology is ongoing at present. The need for informed comment and advice on the matter of compliance has never been greater.

In a recent American litigation, the cost to a bank of retrieving deleted emails in a single discrimination claim for example was no less than $300,000. Appropriate archiving procedures and electronic document and retrieval systems might have assisted but this is an increasingly complex and important area straddling the provision of strategic legal advice and the practicalities of doing business in the twenty first century.

Paul Motion
Partner
Ledingham Chalmers, Edinburgh

Chairman of the Scottish Society for Computers and Law
Convener of the Law Society of Scotland’s Technology Committee.
Secretary of the Society of Solicitor Advocates

More News