Labour Leak – Closing the Stable Door

This blog article is one of several albeit the first published on the labourleak. It focuses on fixing the problems identified and implied in the #labourleak in a holistic way. It looks at the controls, briefly on why they failed, how the private sector manages, the question of Union collusion, IT standards & controls, the disciplinary process, the NEC and if genuine professionalism can possibly improve the quality and honesty of the decisions taken by the Labour Party; it concludes by proposing that the rules be changed to place a duty on all role holders to conform to the Nolan Principles, and that whistle blowers have better protection, but on the way recommends that the Labour Party use a series of external certifications, ask the Auditors to to inspect that payments and receipts are handled according to the Party’s financial control rules, increase the professionalism of the staff and NEC committees, all of this to guarantee to its members and staff that good practice and not arbitrary actions are the guiding principles of judgement and decision.

Controls

If the structural problem is the powers and lack of accountability, how does the private sector deal with the problem of corrupt or useless CEOs. It would seem that what companies need and do, is implement a 3^rd party & regulated auditing regime, a strong board, led by a strong Chair and an empowered risk & audit committee and implement a whistle blowing process; the Labour Party needs to learn from the private sector as it would seem particularly ill equipped. Another common feature in the growing number of US Exec. failures is the growth of collective action within the workplace with the development of new unions or the arrival of the old unions in new workplaces. The Labour Party’s Unions need to learn to defend their members not just the senior members whose interests are the same as the management’s.

Another conclusion to be drawn, from the US is that whistleblowing must include talking to the press^[1], without the torchlight of publicity the impetus to cover up and the power of the wrongdoers is usually too high. This need is partly caused because in the US, Unions are often not recognised, and in the Labour movement in the UK, they are often captured by the management, in their guise as senior workers. This is one of the reasons that Unions ‘recognise’ other Unions.

Private sector shareholders also have a big test which they ask and answer with brutal judgement. What’s the stock/share price doing? While the Labour Party with enhanced factional insight ask this question of the Leader, perhaps we should be asking it about the bureaucracy as well? Under McNicol’s leadership, Labour lost two general elections and the referendum; it’s not a good record.

Another area of controls to be considered are the IT system segregation of duties and the use and accountability of the Party’s record management function. A series of policies about defining privilege, allocating privilege via roles, auditing and recording privileged actions are specified in ISO 27001 (Annex A-9) on IT Security. The use of emails as a system of record is a breach of the first principles of good record management. Highly regulated businesses have solved this problem and there are ISO published global standards, ISO 15489 which defines the means of having a safe record keeping system. Interestingly in some cases US legislation mandates that some records are immutable. Because of these requirements, business processes should be implemented using auditable workflow systems to avoid arbitrary ‘loss’ and to ensure that only permitted deletions occur.

The disciplinary process

This needs to be rebuilt from scratch, there is no confidence in it. The fundamental principles need to be that there is a segregation of duties between, investigators, prosecutors, judges and a right of appeal and that the system conforms to the principles of natural justice guaranteeing the right to a fair trial, innocence until proven guilty, the proportionality of any sanctions and that our rules respect the rights to privacy and free speech. The Party has been going in the wrong direction since 2016 and the latest, Conf19 amendments, also known as the Fast Track procedure, are in clear breach of these standards. Ideally, the Party should be grown up enough to manage itself, but the evidence is sadly that this may not be the case. I’d like to have one more chance, but I understand those that feel it’s gone beyond that. The Party has already outsourced aspects of the disciplinary process in cases of sexual harassment and maybe that’s where we have go, although reforms such as electing the NCC by STV and having a ‘suitable person’ qualifier^[2] on the positions might be a means that the Party can remain self-governing. The summary exclusion powers in Chapter 2, should be abolished and all those excluded should be amnestied. The exclusion powers are another affront to natural justice. The developed, but extra-vires practice of requiring once opponents to wait two years before being able to join, unless they wish to “cross the floor” of a council chamber (or one of the houses of Parliament) should also be abolished.

I also wonder if malicious, or vexatious complaints should be punished, and whether we should just take the view that unless it’s a crime, we won’t pursue a complaint, and if it’s a crime, we’ll refer it to the police; the big problem with that is that bullying^[3] is not a crime, and the desire to be better than criminal on equalities issues would seem to be desirable.

The NEC

The NEC is responsible for running the Party and the GS is accountable to it and they can terminate their employment. McNicol’s behaviour was unacceptable in 2015 when he tried to bend the leadership election by ‘investigating’ over 10,000 members to deny them a vote, in 2016, when he withdrew the promise to let new members vote in the 2016 leadership election thus excluding 125,000 members from that ballot and in 2017, when it seems he ran or tolerated Operation Cupcake seeking to influence the political centre of gravity in the post-election PLP. To which we add the alleged corruption of Labour’s complaints process involving the victimisation of members and the damaging of the Party’s reputation.

Why did the NEC permit this to happen? Some of this is because the NEC members do not have the time^[4] to do their job properly.

The NEC Chair is a rotating position, elected on the basis of seniority and part time, it’s unlikely that such a person can contend against a GS that’s gone rogue, provided they want to. Possibly the NEC should be reminded that they are individually liable for any malfeasance. Equally important we should demand that all role holders are subject to the Nolan Principles.  

During the Democracy Review, I considered proposing that there is a separate disciplinary process for the General Secretary and the NEC as they have specific roles in the disciplinary process which makes it exceptionally inappropriate to use for those individuals, although this did not stop frequent complaints about NEC members in the hope of creating a call-up, which historically, would probably have had the effect of changing the political balance of the NEC.

Money

The NEC members are personally accountable in law for any financial malfeasance. The party is audited by Crowe UK who will value their reputation more highly than the Labour Party’s. The difficulty is that like all audit companies, they are also likely to value the next contract and they are appointed by the NEC, one assumes on the recommendation^[5] of the joint Treasurers. However, dramatic failures can kill audit companies as it did for Andersens over Enron^[6]. It would seem from examining the Annual Report, that the auditors do not perform a governance review and their certification of the accounts is only that they are accurate and meet agreed accountancy standards.

The NEC has a Risk & Audit committee and the Party has two member^[7] auditors. (One of them is a GMB member, the Union representing most LP staff and the Union that McNicol worked for prior to becoming GS.) This may be another indicator that part of McNicol’s metaphoric air-cover was the GMB; this could be considered to be reinforced by the reaction of the GMB Labour Party branch over the instigation of the review and the management investigation.

I have further questions on the Risk and Audit Committee’s training and capability, for instance how often does it meet, and how much staff time does it get to support its work. Again, it’s possible that as with the NCC, they should receive advise and time from professional staff not accountable to the GS. The Party must consider if the Party needs an internal audit department and if they should ask Crowe UK to conduct external audits into the design and operational efficiency of the Party’s financial controls.

Staff Management

During McNicol’s tenure the issue of staff management was raised again. Some members of the NEC at some point wanted some democratic control and insight into the management of staff. This was not resolved satisfactorily. The membership needs clarity on how this works and how staff are recruited and managed. I believe that the General Secretary is the de-facto employer and all staff are accountable to the General Secretary. I think this responsibility needs to subject to segregation of duties controls. There needs to be an NEC staffing committee^[8] responsible for staff management policy and reviewing the conduct and capability and attendance of the senior staff. Chakrabarti recommended that the Labour Party review its recruitment and management policies to ensure that BAME equality polices were both designed and operated effectively.

Since we seem to be going in the direction of external and independent supervision the Labour Party should become accredited by “Investors in People” and “A great place to work”.

Independent Professionalism

The Labour Party like many organisations relies on accurate and dispassionate advice. There are four roles that should be examined to see if they are sufficiently independent of the GS and even the NEC majority as McNicol’s accurately assessed confidence that he wouldn’t be interfered with by the NEC is part of the problem. Without independence, it becomes almost impossible to implement even the most basic segregation of duties nor to remove any “Toxic Combinations”.

The roles are Head of Compliance, the Data Protection Officer (DPO)^[11], and the de facto Head of Finance i.e. the most senior qualified accountant. Proposals for an Ombudsperson were made to the Democracy Review but didn’t make it to the final report.

I have written frequently, specifically with a view on local government that legal departments need to be broken up, with the rump legal department basically saying what they can do, and a compliance department, responsible for saying what cannot be done, and ensuring that the regulators^[9] are appropriately informed. It is possible that the Head of Compliance should be a rules defined position, maybe with a “suitable person”^[10] qualifier before people can be considered. This post is meant to be a check on the GS and the rest of the organisation, they need to be given the tenure and tools, including the right to veto illegal decisions, to perform this work. Arguably, these positions should be undertaken by people legally trained and members of one of the legal professional associations, although the role of the Legal team needs to be better understood to see if further controls are needed.

One idea that seems to have failed to come through the Democracy Review is the idea of a members Ombudsperson. Again, the issues of independence and authority are raised. How do we guarantee these people the budget, staff, time and authority to ensure that good or even decent practice occurs?

As mentioned, the other two regulatory roles to be considered are the Data Protection Officer and the Head of Finance, the issues remain the same; they need to be guaranteed the independence to their job and need to be professionally accredited. We should recognise that the GDPR states that the DPO^[] must be appropriately qualified and adequately resourced.

It is a legal requirement that the DPO,

… shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39”

GDPR Art 36

It’s also part of the Data Protection laws that the DPO cannot be fired for doing their job.

38.3 The controller and processor shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks. He or she shall not be dismissed or penalised by the controller or the processor for performing his tasks. The data protection officer shall directly report to the highest management level of the controller or the processor.

GDPR ART 38

One option other than independent professionalism, is using interested observers. The Public Accounts Committee of the House of Commons is always chaired by an opposition MP and has the whole of the NAO working at its direction. Maybe some of these control positions should be done by elected committees elected by STV^[12], meaning that a diversity of views This would have the advantage of ensuring that cover-ups would be much harder to do although the experience of the NCC & LCF’s where they create sub-committees to do the work and of the alleged events of in GLU over the last few years show how even these measures might be circumvented.

Decency

What’s needed is a renewal of a culture of decency so that the bureaucracy and the elected NEC members behave properly and fulfil their duties of trust. I have argued to change Labour’s rules to incorporate the Nolan principles as duty on all role holders but especially the NEC members, but unless recent wrong doing is punished, it’ll become just another policy to be ignored and circumvented.

ooOOOoo

[1] This might be best implemented as a rule change, adding it as part of a freedom of speech right to members and staff.

[2] This of course is a route for games and stitch ups, see “GMB accused of stitch up …”.

[3] Bullying should be prohibited in the rules and complaint handlers given training in dealing with complaints of bullying.

[4] If the NEC meets 11½ times p.a. for 7 hours, that’s 80 ½ hours, the GS we can assume provides over 1,500 hours p.a. and it would seem that most decisions are based on GS proposed papers, which are often hard to amend.

[5] This is a classic control weakness, not unique to the Labour Party & Crowe.

[6] This story too was ‘broken’ by a journalist, Bethany Maclean.

[7] These must be delegates to the Conference that elects them, another preselection barrier against CLP members. The current two auditors are Steve Jennings (GMB) and Chris Kitchen (NUM).

[8] If we can fix the issues of time, training and appetite.

[9] Labour’s regulators are the Electoral Commission, HMRC & SFO for money and the ICO for data protection.

[10] The NCC members must have 12 months membership of the Party currently, but maybe we should require some of these employees to hold a professional association membership.

[11] Full Disclosure: I applied for this role.

[12] The LP would have to use STV as D’Hondt requires slates/parties, which interestingly would create a massive problem for the Labour Party as it has for most Leninist Parties as they struggle with representing internal dissent and exercising democratic centralism. How would the party with legal certainty permit factions and maintain Rule 4.I.2.B.