Thriving in a post-bailout world: preparing for new regulations with defensible methods and practices

By Autonomy ZANTAZ

The current and continuing financial crisis that has seen governments worldwide take drastic steps to prop up financial markets has led to the failure or merger of a myriad of financial institutions and caused a ripple effect across all sectors. Combined with a dramatic increase in litigation and investigations, financial institutions need to prepare for a changing regulatory, compliance and legal landscape.

The regulations and reporting that will be required as a result of this crisis may make the financial reporting failures which led to regulations, such as SOX, pale in comparison. When combined with the eDiscovery and eDisclosure requirements in the U.S. and U.K., the potential impact to financial institutions will be huge. To be prepared, institutions will need better access and control of their electronically stored information (ESI). They will need advanced functionality to manage and understand it for compliance, litigation, and investigations and the ability to do this across borders, languages, and data formats. The challenge will be to create a defensible, compliant, and effective process while avoiding the repercussions from failures that can include sanctions, fines, and jail sentences.

The Current Landscape
Worldwide, the scenes have repeated over and over—institutions failing or merging at unprecedented rates and governments and regulators responding with financial support packages. The crisis has led to the failure of respected institutions that survived both World Wars and the Great Depression and has seen financially stable institutions acquire others at fire-sale prices.

The price-tag for this crisis will reach into the trillions of dollars, but the bailout is the tip of the iceberg. After several years of declines, the crisis has led to a dramatic increase in litigation—43% of companies of more than one billion in revenue predicted a jump in litigation. See Fulbright and Jaworski LLP, Fifth Annual Litigation Trends Survey Findings. However, in addition to increased litigation, the crisis will bring new and revised compliance regulations in 2009.

Current Regulations
Even before the crisis, financial institutions were subject to extensive oversight and compliance regulations from organizations including the SEC, FSA, and MiFID. This is in addition to the litigation rules in jurisdictions in which they do business. Over the last few years, both the legal and compliance bar have been raised by the need to encourage accountability and compliance at all corporate levels and to streamline the management and delivery of ESI.

While there are far too many rules and regulations to list, and they vary by country, they include the following:

• US Federal Rules of Civil Procedure (FRCP)
• UK Financial Services Authority (FSA) COBS 11.8 (effective March 2009)   
• UK Civil Procedure Rules (CPR)
• EU Markets in Financial Instruments Directive (MiFID)
• US Sarbanes-Oxley Act (SOX)

Although the underlying cause of the crisis is debatable, it is clear the current framework failed. These failures transcended oversight and regulatory models, and new regulations and oversight will be implemented to prevent this from happening again.

Future Regulations & Oversight
While we cannot be sure what the new regulations will bring, we can be sure that currently regulated markets will face more stringent oversight and formerly unregulated markets, such as the CDS market, will face new oversight. There will be a sea change in the regulatory landscape, and although the scope and form of these regulations is as yet unknown, they will most likely include:

• New oversight for companies and sectors that were largely unregulated
• Fully transparent exchanges for products and markets that were unregulated
• Greater transparency for all financial dealings and transactions

Based on recent failures, it is clear that increased transparency will be a requirement in any new regulatory scheme, with the hope being that the hidden dangers of the past can be avoided.

To stay ahead of the curve, the most judicious approach is to look to the most stringent and transparent requirements and design systems to meet, if not exceed, these.

Next Steps: A New Approach
One of the greatest surprises to emerge from the crisis was not that the system failed, but rather that the compliance and supervision solutions used by organizations and relied on by regulators failed. When looking for a new approach, one should look to the judicial system for the new paradigm, as it has dealt with transparency and approaching the challenges of managing massive volumes of ESI since the Zubulake cases and the FRCP amendments.

Though most institutions currently utilize compliance, supervision, and eDiscovery systems, and huge sums have been spent building them, they are point solutions that are not integrated. Further, they proved inadequate in the face of the crisis as regulators and organizations either failed to take requisite action or understand that the information presented required action. 

While compliance regulations differ across jurisdictions and industry, the most stringent requirements regarding a defensible and transparent process have come from court cases and the rules and regulations surrounding the FRCP for eDiscovery and CPR for eDisclosure. Although their preservation requirements differ, both require that all data sources be searched, including voice and video, and Courts in both the U.S. and U.K. are beginning to recognize the usefulness of advanced search technology. To meet these judicial requirements, a systemized, repeatable, and defensible process is required. This same process will prepare your organization for any future regulatory environment.

Challenges with Current Processes
Most systems today are point-solutions that are isolated and cannot communicate with other systems. They rely on legacy search techniques, including keyword and Boolean searches, and manual processes to analyze data that fail to understand the meaning of the information present. Additionally, the bulk of the technology is language and format dependent, further complicating ESI management when on a global scale. Global organizations, multiple languages, and rich media are common challenges.

Organizations need to look for an automated solution that can understand concepts and meaning behind the data while also managing all data from a single platform. This new approach needs to manage information via a seamlessly connected solution that can support compliance, litigation, investigation, retention, and related obligations across information types and sources.

Challenges with Manual Processes
Many systems rely on manual efforts that are not scalable and cannot handle the ESI explosion. While one solution is to throw more bodies at the problem, this only exacerbates the issue of siloed systems and persons not communicating with each other.

The judicial landscape is also littered with cases that highlight the challenge and ineffectiveness of manual processes, as they rarely provide a transparent, systemized, or defensible process. They are fraught with risk as potentially relevant data is often missed, misunderstood, overlooked, or deleted; it is irrelevant whether this is intentional. See U.S. v. Philip Morris (2004), In re NTL Sec. Litigation (2007), and In re Intel (2008).

The case law and compliance failures make it clear that manual, siloed processes cannot effectively manage large or complex data sets.

Challenges of Legacy Search
Many of today’s systems rely on legacy keyword and Boolean search techniques, whose limitations, shortfalls and over inclusiveness are well documented. Though these legacy methods are considered standard methods for eDiscovery and compliance, courts are beginning to question them and studies have shown that keyword searches find only approximately 22% of relevant data, missing 78%. See Paul, George L. and J.R. Baron, “Information Inflation: Can The Legal System Cope?” 22-24, Richmond Journal of Law and Technology (2006), http://law.richmond.edu/jolt/v13i2/article10.pdf.

In addition to scholarly research, a recent case highlights the pitfalls of keyword searches. In Victor Stanley, Inc. v. Creative Pipe, Inc., 250 F.R.D. 251 (D. Md. 2008),  Magistrate Judge Grimm wrote that “all keyword searches are not created equal; and there is a growing body of literature that highlights the risks associated with conducting an unreliable or inadequate keyword search....”

An additional shortcoming of legacy search techniques is that they cannot identify slang, abbreviations, or misspellings, which presents challenges in a compliance and litigation context as people will generally try to cover their tracks.

A better approach is required through advanced conceptual search.

Judicial Support for Advanced Search
Advanced conceptual search has found support in recent cases and scholarship. In Disability Rights Council of Greater Washington v. Washington Metropolitan Transit Authority, 242 F.R.D. 139 (D.D.C. 2007), Magistrate Judge Facciola discussed the search and review of a large volume of data and said: “I bring to the parties’ attention recent scholarship that argues that concept searching, as opposed to keyword searching, is more efficient and more likely to produce the most comprehensive results.”

Courts, attorneys, and compliance officers are recognizing the need for and value of advanced search technology. When combined with the inherent weaknesses of legacy techniques, a forward-looking compliance solution should rely on advanced conceptual search and the ability to understand meaning to be successful.

Benefits of Advanced Search
The benefits of advanced search technologies are several. First, they offer the ability to understand and analyze the meaning of all ESI automatically, reducing both costs and the reliance on manual techniques. Second, they manage all data sources and types, eliminating the need for multiple systems, solutions, and vendors. Third, they provide a holistic view of the institution’s data, making it easier to understand data quickly and allowing for a truly proactive system.

As financial institutions merge, grow, and add disparate systems, the challenges in managing data become greater, but advanced solutions scale easily. The key is to ensure that any solution is integrated, goes beyond legacy methods and uses advanced, scalable search technology to ensure that the meaning of the data is automatically available.

Other Challenges
As new systems are deployed, keep in mind the challenges that the information explosion, globalization, and M&A activity can present.

Information Explosion: The rise in use of unified messaging, videoconferencing, and other rich media formats has contributed to the information explosion. When combined with the fact that most systems cannot manage data at the edge of the network, including laptops and desktops, this becomes a huge risk. To be effective, the solution must be able to manage and understand all data sources and types from a single interface and platform.

Globalization—A Multinational Workforce: Many systems are language dependent and cannot scale to meet today’s needs. To be effective, any new system should be language independent, with the ability to manage data across borders while respecting regional regulations and privacy requirements.

Mergers and Acquisitions: A single financial institution already has a problem managing disparate systems for compliance, supervision, and eDiscovery, but the task is more onerous when multiple systems for each job function must be combined. Merging disparate systems quickly and efficiently without losing or damaging data is a huge challenge. To ensure success, systems need to communicate seamlessly and have the ability to understand the content and meaning of the data.

Conclusion
In the eDiscovery space, the clear trend is toward a single vendor providing an end-to-end solution, with seamless connectivity from information management through preservation and production. This approach enables organizations to rely on a single platform across all data sources, through all steps of the process, to ensure compliance. Through the aftermath of the financial crisis and the need to bring about a more transparent process, this seamless, end-to-end vision for eDiscovery needs to be one and the same solution for compliance and supervision for financial institutions. The key is to find a vendor with the experience and technology that can handle the needs of the institution.

Assisting the world’s largest banks, corporations and their counsel to meet compliance requirements and manage high-stakes litigation is standard practice at Autonomy. Autonomy currently runs the world’s largest cloud computing centers for eDiscovery processing and regulatory compliance with deep expertise hosting review in times of crisis. Autonomy’s integrated compliance, supervision, and eDiscovery solutions are FRCP- and CPR-compliant. Whether it be for regulatory compliance, internal investigations, multi-party, subprime litigation, or M&A, Autonomy eDiscovery, Compliance, and Information Governance solutions are fast, accurate and defensible.

Contact details:
Jack Halprin, Esq., VP eDiscovery & Compliance
T: 415-243-9955, E: Jack.Halprin@autonomy.com or autonomy@autonomy.com, W: www.autonomy.com/ediscovery