E-disclosure at a crossroads
July 2016 | EXPERT BRIEFING | LITIGATION & DISPUTE RESOLUTION
The volume of emerging technologies is increasing, as are the way those technologies are used in the financial sector. Business communications now reside in myriad electronic locations and on multiple devices, increasing the complexity of data privacy compliance and e-disclosure. In this article, we will discuss the key trends impacting e-disclosure processes in the financial sector.
E-disclosure (or e-discovery as it is known in the US) refers to the identification, collection, review and production of electronically stored information (ESI) in response to litigation or regulatory investigation. For example, if a company is suspected of wrongdoing and is investigated by a regulatory body, it will need to work with its legal team to access and review any supporting information such as emails, text messages and telephone calls, in order to support its case or build its defence. E-disclosure is the process of searching for that information, reviewing it to determine which information is relevant and then disclosing the information as required.
Financial companies have been dealing with e-disclosure for many years. In recent years, the trend for national regulators to initiate large scale investigations into global financial organisations has increased. Authorities from across the world work individually and cooperatively to interrogate corporate information and expose regulatory breaches, resulting in the imposition of fines and sanctions against global organisations.
Several aspects of modern working life are making e-disclosure an increasingly complex operation.
There are a number of key trends which have emerged in recent years, as outlined below.
Eruption of data
Banking companies have been swift to adopt enterprise social messaging. Deutsche Bank, the German global investment bank, employs nearly 100,000 staff across more than 70 countries and began using its Jive-based platform in 2009 to encourage collaboration among its employees worldwide.
Essentially, data is erupting from email accounts, smart phones, tablets, social communities and search engines; it crosses borders, takes new forms and is housed in virtual clouds. Each employee is likely to send and receive multiple emails per day. And each email is likely to cross the desktops of dozens if not hundreds of individuals. That data is then archived and replicated, and grows exponentially. An International Data Corporation (IDC) study estimates digital information will double every two years between now and 2020 to 40 trillion gigabytes, which equates to 5.2 terabytes of data for every man, woman and child alive in 2020. The sheer volume of data and the number of places in which it is stored complicate the e-disclosure challenge.
Global footprint of businesses and the wider regulatory framework
Cross-border data transfers are not only frequent, but often crucial components of everyday business. However, when it comes to retrieving and disclosing that data, companies need to make sure that they can do so without violating data transfer regulations and privacy laws. Not all countries have rigorous privacy laws in place, and therefore data can be at risk when it is transferred outside of Europe.
One of the biggest challenges for companies responding to regulatory investigations is the short timeframe allowed. In many cases, just a few short weeks are given to review all the necessary data and build a case.
Over the last five to 10 years, companies across all industries have experienced cyber breaches on a fairly consistent basis, with hackers pursuing data for the sake of profit. Typically, data such as names, addresses, bank and credit card information has been targeted in order to commit fraud. The financial sector is by no means immune to cyber attacks. Indeed, last year investigations into data privacy breaches in British financial institutions tripled from the previous year.
Banks and financial institutions can face lawsuits from consumers and shareholders, as well as regulatory fines and potential loss of clients and reputation. As the breach runs through its lifecycle, litigation may arise, depending on factors such as the size of the breach, the company and consumers involved, and the nature and scope of what was taken or compromised. In the event of litigation, an organisation will require an e-disclosure service, which enables it to efficiently manage the collection, processing and review of electronic documents and communications.
When assessing litigation costs, the expense of e-disclosure is a key consideration. Only by ensuring that the exercise is completed efficiently and with the requisite expertise can the cost of e-disclosure be effectively managed. Costs will be significantly reduced if those managing the disclosure exercise gain an early appreciation of the nature of the data, and are able to assess what is likely to be relevant to the investigation and what can safely be removed from the data set prior to review.
How can companies prepare for e-disclosure?
The key to effective e-disclosure is forward-planning. When a request for information is made, the time allowed for producing the evidence may be very short. An urgent or rushed response to a request is more likely to lead to poor strategic decisions or errors.
Investing the time to build a data map – essentially a description of the organisation’s data types, technical infrastructure and storage solutions – is a critical first-step to understanding where the data resides.
An e-disclosure specialist will be able to help formulate a plan. Companies shouldn’t wait for a request for information, but proactively approach an expert to devise a plan and consider the most appropriate technology solutions. This partner should also be up to date with the latest technological advances, which are constantly evolving, so that the plan of action can change accordingly.
Failure to prepare
Failing to manage the e-disclosure process effectively is highly likely to increase the cost of the litigation, and there have been numerous cases in the UK and US where inadequate e-disclosure has resulted in penalties being imposed on companies.
The resulting media exposure of an investigation can cause extreme damage to the company’s reputation and share price. An effective and efficient approach to e-disclosure will ensure that this damage is minimised, and that the company is not held up as a poor example of the e-disclosure process.
A range of factors are conspiring to increase the complexity of data governance and e-disclosure. In order to keep costs to a minimum, meet the stringent time constraints often applied by regulators, and ensure the smooth running of the e-disclosure process, forward planning is key. Companies need to compile a comprehensive data map and put an e-disclosure strategy in place before an investigation happens. For many, the most reliable way to meet the challenges of e-disclosure will be to partner with an expert, to guide them through the process and make sure they ready and able to respond.
Adi Elliot is the Vice President of Market Planning at Epiq Systems.
© Financier Worldwide