| BAE Systems
Philip Bramwell
| BAE Systems
Group general counsel | BAE Systems
Team size: Over 300 What are the most important transactions, litigations or other major projects that you have been involved in during the last year? At its height, the Covid...
Real Estate, Transport and Infrastructure | BAE Systems
Team size: 250 Major law firms used: Allen & Overy, Eversheds Sutherland, Freshfields Bruckhaus Deringer The experienced and influential group general counsel of defence multinational BAE Systems, Philip Bramwell, has...
Team size: 250
Major legal advisers: Allen & Overy, Eversheds Sutherland, Freshfields Bruckhaus Deringer
Just over a decade ago, defence multinational BAE Systems’ newly-appointed GC, Philip Bramwell, was tasked with implementing the 23 recommendations of the Woolf Committee Report on the company’s ethical policies and processes. That committee was formed in mid-2007 following allegations of corruption relating to an arms contract in Saudi Arabia.
A major part of the company’s response was establishing a global code of conduct. That has generally been tweaked every few years and is credited with all but removing the perception of the company as a high risk for bribery and corruption. For 2020, however, an entirely new chapter has been written – and company-wide training rolled out to more than 85,000 employees – around information security.
‘We have huge amounts of expert legal bandwidth tied up with information security and keeping the business abreast of developments in things like the cloud and AI, but frankly we’re fighting a losing battle because there just aren’t enough of us to provide the level of man-to-man marking the business wants,’ Bramwell comments. ‘That, together with cyber risks generally, has convinced me we have to bring to bear the same ground-up reform around the responsible use of information in 2020 that we did a decade ago around responsible business conduct.’
BAE, as with most companies, has an existing IT acceptable use policy, but this new chapter of the code takes that a large step forward. The exercise, Bramwell says, is about making employees actively aware and responsible for information security. ‘When I joined this company it had the right policy set – it’s just that people didn’t regard themselves personally as accountable,’ he comments. ‘We tell people, “Don’t hang up your judgement on a coat rack when you come into your office. If you see unreasonable behaviour in the office, are worried about conflict of interest or anything else, speak up, get help, because we’re going to rely on you.” That is strategically the only way we’re going to be able to cope with the pace of change in information handling over the coming decade.’
As with the codes around integrity in business dealings, Bramwell and his legal function will lead on the training and communications of the new chapter. His IT lawyers will train up the 250-strong legal function before every executive is briefed, their direct reports briefed, and so on until a series of town hall meetings and symposia on the shop floor.
‘Treat your data like a two-year-old child – do you know where it is and what it’s doing? It might not necessarily be in plain view, but you need to be aware of your responsibility for it,’ Bramwell comments. ‘We need to get back to the information hygiene we had 30 years ago on paper, when people would put it in a filing cabinet and lock it. With the advent of cloud solutions, we’ve had a complete erosion of discipline around basic information handling – it’s happened in people’s personal lives as well.’