Practical and legal challenges exist when responding to a potential wave of requests from various jurisdictions over the same wrongdoing.

Global financial organisations face requests for information from both local and overseas courts and regulators. Regulatory supervision and enforcement teams are collaborating and the overlap between regulatory investigations and litigation is growing. Multiple prosecutions of the same wrongdoing by different government agencies, foreign regulators and private plaintiffs are increasingly occurring.

Practical and legal challenges exist when responding to this potential wave of requests. Businesses under investigation or conducting an internal investigation need to be able to access and examine information, assess culpability and respond to regulators or self-report quickly and accurately, often within weeks of the initial request.

This process of retrieval and assessment is complicated by the evolution of electronic data and the globalisation of business. Such complexities stem in large part from the ease and pace at which electronically stored information (ESI) is created, duplicated, disseminated, stored, hidden, and retrieved around the globe.

Moreover, global organisations tend to have multiple information management systems, based in numerous jurisdictions. Potentially relevant information may be stored in one or several of these systems.

Data mapping

To resolve these challenges, companies need to ensure that a multi-faceted strategy is in place, and that this strategy and all of its components are regularly updated and reviewed. The first step toward an effective approach is a data map which comprehensively illustrates where and how data is stored. This is made all the more important by the prevalence of mobile devices used by an increasingly mobile workforce for business and personal communication, and the difficulties of locating and managing data generated by those devices.

Further, a growing number of social media sites upon which individuals may conduct communication that becomes relevant adds to the web of data. Organisations may also use proprietary applications, email systems and archiving solutions which make the process of gathering the data ever more complex.

Audio evidence and evidence that may be contained within data types peculiar to financial industries such as SWIFT (Society for Worldwide Interbank Financial Telecommunication) messaging and transaction processing also needs to be considered and may add to the challenge of locating, preserving and collecting relevant data.

Review strategies

Several steps need to be taken to ensure that data is collected and reviewed in the most timely and cost-effective manner:

  • Prior to review, collect and de-duplicate the data set. De-duplication is particularly relevant for ESI, which is easily and frequently duplicated. De-duplication methods prevent the same information being reviewed by outside counsel more than once.
  • Conversely, consider whether a duplicate of a document stored in a foreign jurisdiction, e.g. the US, might actually assist the disclosure of documents to a regulator based outside of the EU by enabling the organisation to respond to a request without breaching stringent EU data protection legislation.
  • Implement strategies for reviewing foreign language and multi-language documents. Software that quickly identifies languages and groups documents containing particular languages together to enable search and facilitate review is invaluable to this exercise.

Technology

As the nature of data used by businesses continues to evolve, so too do the technologies created to review it. Companies should keep abreast of and apply cutting-edge technologies to accelerate review where appropriate.

The new breed of technology-assisted review (TAR) tools can save time and costs by prioritising data so that documents which are most likely to be relevant to an investigation or dispute are pulled to the front of the review queue, enabling lawyers to review the most relevant information first.

UK regulators require that financial institutions record all conversations, including those conducted via mobile phones and SMS.

Audio evidence can be critical to legal proceedings, but speech analytics is a complex area and harvesting relevant conversations can be extremely time consuming and difficult. The review of speech requires technology that deciphers and facilitates the search of local dialects, accents, languages and the peculiarities of pronunciation and abbreviation. This is a challenging and developing area but one which financial institutions must embrace. 

Data protection

Organisations are encouraged to self-report early and cooperate with regulators for fear of damage to reputation and massive fines. However, they must also ensure compliance with local data protection and privacy requirements, which may require that personal information remains private and is not transferred across borders under any circumstances.

For example, a European business may be asked to produce evidence to defend against litigation or regulatory investigation initiated in the US. While it is not possible to resist these demands for information, organisations need to be mindful of the risks involved in transferring data across borders, and implement strategies to minimise the risk of breaching local data protection regulations. 

An option which can assist here is to process and review data in-country, on the business site, in order to remove extraneous personal information from the document population and to minimise the risk of transferring anything other than that which is relevant to the request. However, this must be undertaken in consultation with local lawyers who are able to advise upon the idiosyncrasies of local data privacy legislation.

The time may come when cooperation between regulators and courts across the globe results in international agreement such that data required to be transferred across borders in response to regulation or litigation is permitted to move freely. Until then, these challenges must be managed effectively.

Multiple regulators

The trend for multiple regulators to become involved in investigations has increased. For example, the ongoing Libor (London Interbank Offered Rate) investigation has involved several authorities including the US Department of Justice, US Commodities Futures Trading Commission, the Canadian Competition Bureau, the European Commission and Japan’s Financial Services Agency.

Each regulatory authority is able to request categories of evidence to satisfy its particular requirements and may seek information at any time either during or at some time after the initial investigation or enforcement action has taken place. The extensive preparation undertaken when responding to an initial regulatory or internal investigation may uncover information which will also be useful for future litigation and investigation.

To save time and costs, it is therefore imperative for businesses to establish an efficient system of archiving that enables them to retain this information.

There has been a dramatic increase in the level of cross-border enforcement by government regulators and the courts, with regulatory agencies working in an increasingly collaborative way to detect and punish those who contravene international and domestic laws and regulations.

Conclusion

Waiting for a dawn raid or service of a writ before considering response strategies will lead to inadequate responses, potentially increased fines and penalties, and damage to the corporate reputation.

Proactivity, engagement with technology and vigilance in monitoring the organisation’s information will aid an effective response.

Deborah Blaxell, legal consultant, Epiq Systems