When Knowing What Happened Is Not Enough

This year the market witnessed the dramatic and devastating impact of high-profile fraud cases. World-class financial institutions putting back the pieces of their organizations are asking themselves, “How can one trader, one market segment, expose us to such enormous risk? Why didn’t our risk management controls work?” In retrospect, the answer seems obvious: information silos, a lack of integrated governance processes and alert mechanisms across systems and departments created corporate blind spots. Senior management had no immediate visibility into the scope or depth of the risk.

Technology’s Role
The fundamental issue is one of technology. To date, risk management systems have taken a segmented, passive, after-the-fact approach. Audits are periodically verified, control processes are tested and executed, and data subject to regulatory requirements is archived with only a small percentage of communications monitored for policy violations. These processes are segmented by department, language or system. The email-monitoring team doesn’t cross-reference alerts with the team that monitors system access or trade policy violations. The on-going and escalating risk slips innocently (or maliciously) past the monitors whose vision is limited to a small slice of the information available for analysis.

System Boundaries & Structural Risks
There are “natural” boundaries between risk management systems – including security measures, language, content type, regulations and job functions. Mergers, acquisitions and point solutions invariably generate pockets of isolated data, further segmenting the corporate IT environment.

The risks of this data dispersion are high and costly, both in terms of everyday knowledge gaps and inefficiencies, as well as, compliance violations, litigation readiness exposure and, as we have seen recently, outright fraud and malfeasance.

Companies working to bridge these natural, systemic and information governance barriers are usually limited to lightly connecting some core systems or automating a few key processes. The complexity and cost of integrating multiple and differing systems, format requirements, access controls and program functions is very high and always an ad-hoc approach. Unfortunately, within a few years these efforts break down as system revisions and subsequent maintenance demand an ever greater portion of an IT budget line item that is shrinking or gone – the boundaries return along with the risk.

Eliminating the Blind Spots
Autonomy, a long-time leader in the information access, pan-enterprise search and compliance markets, has brought together the technology, expertise and vision to resolve these challenges and gain a clear and unabridged visibility into corporate information risk. The core technology driving Autonomy’s offerings is the Intelligent Data Operating Layer (IDOL). Using sophisticated and advanced mathematics, the IDOL platform was designed to form an understanding of content in any format – text or voice-based, any language, structured or unstructured – regardless of how it is stored, how it was created, or which application is managing the data.

IDOL-driven applications can thereby communicate with each other without any manual effort involved in setting up complicated connectors. IDOL connects to over 400 repositories, across more than 100 languages, and 1,000 file types, including voice and video, so no repository or file is out of bounds. Autonomy’s technology makes the information governance system “data-agnostic” and provides automated efficiencies for processes that were once manually intensive.

This is a fundamentally different paradigm for risk management. Instead of building application-level handshakes to “integrate” disparate systems, IDOL creates an intelligent, universal access layer across all data, drawing meaning-based connections between all sources, types and locations. IDOL-driven applications then rely on this deep understanding to apply policy, classification, alerting and intelligence to the information from a truly pan-enterprise position.

Moving from Reactive to Proactive
Autonomy’s unified information access layer changes your risk management strategy from a purely reactive approach across lightly connected systems, to one that proactively manages risk based on the content and context of information, regardless of its location. Companies can now actively monitor and intercede in the flow of live information reducing the initial exposure to fraud across the enterprise. In addition, proactive records management capabilities to eliminate new and existing content from the archives not required for compliance purposes, further reduce risk exposure during subsequent audit and eDiscovery events.

Using Autonomy’s Information Governance solution, companies can, for the first time, look at a single dashboard that encompasses all languages, data types, geographies and systems to see a visually categorized and prioritized real-time analysis of their archive, content repositories, records management, compliance policies, and legal holds. The active dashboard is linked to the escalation and process automation system for immediate execution of approved risk mitigation processes.

Autonomy In Action
With a global customer base of 17,000, more than 350 leading software vendors building their products on Autonomy technology, and a market capitalization over $4 billion, the company has grown into one of the most valuable software companies in the world. Organizations benefiting from Autonomy technology include 14 of the top 20 financial institutions, 10 of the top 10 legal firms and key financial and government entities including the SEC, Bloomberg, NYSE and the US Department of Homeland Security. Autonomy is further acknowledged by industry analysts such as Gartner, IDC and Forrester Research, as the worldwide leader in high end information processing, management and archiving. With over 130 patents and 500 functions for processing and extracting meaning across all types of information (email, text, audio, video, IM, etc), Autonomy offers the most advanced and broadest meaning based computing platform in the world.

Security and Scalability
Many large financial institutions have architectural and regulatory limits that demand the deployment of multiple systems, further complicating a unified information risk management approach. The IDOL platform is massively scalable, maintaining the highest levels of performance under all load levels. It provides a highly-secure, grid-based hosted archive and storage environment for monitoring and managing content in over 400 other enterprises systems, including Documentum, SAP and SharePoint. Autonomy utilizes five ultra-secure, fully redundant data centers for hosted operations. Each data center is SAS 70 compliant (or equivalent outside the USA) and biometric and physical security system are complemented with maintenance and monitoring systems that enable Autonomy to offer guaranteed service levels that exceed most in-house IT capabilities.

Autonomy maintains over 6,000 servers, deploys an average of 170 TB of storage every month, and is currently hosting in excess of 6.8PB of content for the world’s largest financial corporations and law firms. All of this provides a single, unified platform that is instrumental in the elimination of multi-system gaps that complicate and extend the risk assimilation and analysis process.

Alternative Approaches
The task of reviewing and assimilating the alerts generated from multiple teams is complicated by relying on traditional, lexicon-based monitoring solutions that generate large numbers of “false-positives.” False-positives are items incorrectly flagged as suspicious, reducing valuable time available to investigate truly suspicious activities. Lexicon- and keyword-based monitoring methods are inherently flawed in that they only catch a percentage of the actual incriminating communications that have taken place in the organization.

Autonomy’s Information Governance application applies real-time conceptual analysis of each file for compliance with corporate policies to ensure suspicious activities are escalated immediately. Automated follow-ups and audit records help companies eliminate the gaps caused by manual and department-specific escalation processes. A policy-driven “hold-in-place” option provides a choice of immediate lock-down of suspicious content or the option to monitor the communication thread as it flows through the organization. In parallel, records are compared to the records management policies for categorization and retention period assignment. Records not subject to compliance requirements are not sent to the compliant archive, significantly reducing the volume of content archived – with matching reductions in potential risk exposure and storage costs.

A Policy-Based Approach to Risk Management
In contrast, Autonomy utilizes a more intelligent, policy-based approach to their risk management strategy that leverages IDOL’s conceptual understanding of information. IDOL provides organizations with and understanding of the entire corpus of information, that can be used to more consistently apply and enforce corporate policies against both live and archived communications and data using concepts, keywords and metadata, resulting in better detection capabilities across multiple systems, languages and data formats. The conceptual analysis provided by IDOL further aids the risk management team by identifying and highlighting previously unknown areas of concern that are outside the scope of pre-defined lexicons and keyword searches. The unified approach of platform and application reduces the number of information silos and improves visibility for an overall more effective approach to risk management.

The incorporation of real-time risk mitigation and investigative capabilities into an enterprise information risk management solution will shift a post mortem and potentially public analysis of what went wrong to a proactive, private resolution of risk matters with minimized risk of subsequent legal or regulatory action.

The Impact of FRCP
For many companies, the business of managing information risk and legal matters are completely separate with limited or no visibility of the relationship between on-going communications and active legal matters. The impact of the 2006 FRCP changes is forcing companies to re-examine this separation. FRCP Rule 16 and Rule 26(b) require opposing parties to meet and discuss the discovery plan and associated issues. The window for both parties to identify and evaluate the relevant electronically stored information (ESI) is very short. Legal teams lacking access to an enterprise-wide information platform and ability to execute legal holds on potentially relevant materials often find preparing for the discovery conference disrupts normal business operations and is very costly. Failure to comply often results in court sanctions and fines.

In the event of a legal matter, the Autonomy platform provides full FRCP-compliant search and legal hold measures across the archive and live systems. Autonomy leverages existing IT infrastructure for custodian identification, including Active Directory and HR systems. Autonomy can return a suggested set of custodians to be included in the legal process after automatically matching the criteria against the organization’s operational systems. Using the information gathered, Autonomy generates a real-time data map for known locations of custodial data, enhancing litigation preparedness.

Another unique Autonomy feature, the legal hold preserve-in-place tool, gives legal teams the option to apply a preserve-in-place hold on the relevant content in addition to issuing the required hold notification. This exclusive capability provides full compliance with the FRCP duty to preserve potentially relevant ESI without the cost and disruption incurred with traditional methods that require physically securing and replicating the content. With typical corporate cases involving 5-10 million pages of data, the cost savings in storage and processing time can be significant.

Conclusion
As recent events have demonstrated, the complexity of information sources and management makes governance, managing risk and detecting fraud a very challenging proposition. The opportunity for malfeasance to go unnoticed or for savvy individuals to exploit weak protections is high, particularly where systems are without an integrated pan-enterprise view and approach to policy and governance. The most difficult loopholes to close are the ones clever folks will find: communicating with different devices, languages, and methods. So a comprehensive approach becomes the clear choice for managing that risk.

Autonomy’s Information Governance solution is the world’s first real-time information risk management and mitigation solution. It provides a flexible infrastructure for organizations revamping their traditional risk management tools to provide unabridged visibility, control and understanding across all systems, data formats, languages and geographies. Autonomy’s unique solution eliminates the corporate blind spots and information silos that allow risk to pass undetected until the damage is done. Autonomy’s vision and expertise are already at work, with active deployments underway at some of the largest companies in the world.