Expert Advice from Espion

Introduction
Traditionally, financial institutions responding to litigation, compliance, auditing or similar events have delegated responsibility for eDiscovery tasks to third-parties such as law firms and their support providers.

However, as volumes of electronic documents in enterprises increase and eDiscovery costs escalate accordingly, there is a greater need for organisations to take more control of eDiscovery processes. This is particularly relevant to the data-intensive nature of the banking and financial services sector. Progressive organisations are starting to manage eDiscovery like any other business process – one that is repeatable, defensible and measurable, and are achieving greater cost control and risk mitigation around their eDiscovery and information management initiatives – as well as more successful outcomes from their litigation activities.

Regaining ownership of corporate eDiscovery requires careful consideration of your organisation’s specific situation and needs, an understanding of how various eDiscovery processes operate, and the roles that people and technology elements play around those processes. It also requires a careful balance between the elements that should be done in-house, versus those best suited to remaining as outsourced activities. For example when financial organisations are investigated by government agencies, it is essential to understand how key privileged information should be presented to regulators during investigations and enforcement activity.

The indicators are that the frequency, scale and intensity of investigations by government agencies are set to increase in the coming years. Given the potential of severe penalties and sanctions as well as reputational risks that could stem from a negative finding or even the media attention surrounding such investigations, companies can ill afford to wait until a trigger event has occurred.

Reactive eDiscovery
Several common themes occur when an organisation delays thought on eDiscovery to the very last moment – typically when a sudden and unexpected involvement in litigation or similar event occurs. Negative consequences include organisations jumping into rapid-reaction panic mode by reactively hiring outside experts leading to immediate cost escalation, unnecessary disruption of key business processes and related stakeholders, and invalidation of necessary information to be collected due to eDiscovery collection processes being poorly managed and executed. All of this can often lead to costly upfront settlements being made that could have been avoided with a proactive eDiscovery strategy.

To avoid such outcomes some key upfront questions to ask that can help establish the kind of eDiscovery approach that applies to your enterprises – be it an in-house, outsourced, or hybrid approach, include:

What’s your company’s litigation profile? It’s important to understand the profile of your organisation, particularly for highly regulated industries such as the financial sector. Is attention to related events the norm? Do litigation events occur frequently? Do these legal events occur in consistent cycles, or can peak litigation periods be anticipated in advance? What is the potential outcome of those events – are they often “bet the company” scenarios, or impactful on corporate reputation? When ‘yes’ is the answer to such questions a proactive eDiscovery approach with appropriate treatment of in-house processes is needed.

What’s the financial profile of existing eDiscovery initiatives? It’s important to compare historical costs of eDiscovery initiatives with existing provisions for financing them. Does your company have a formal eDiscovery budget? Is it defined as a specific capital expense (more ideal) or it is taken from general operating budgets as needed (less ideal?). Is there a way of assessing inbound and outbound cash-flows relating to eDiscovery over time? Such analysis is important for developing an ROI argument specific to your organisation’s needs.

How consistent or complex are your typical eDiscovery use-cases? This involves comparing individual eDiscovery cases that occur in your organisation. Many organisations in the financial sector find that every eDiscovery matter is unique and different – dictated by factors such as diversified business interests, broad regulatory requirements, differences in outside counsel and eDiscovery approaches used, the need for expert testimony and auditing, and so on.

How are your personnel assigned to eDiscovery efforts? The eDiscovery effort can involve input across different areas of expertise including legal, IT, records management, HR and the functional business units. In some organisations there will be hard-and-fast distinctions between these, and eDiscovery initiatives will operate informally across this structure. Other, more progressive organisations will craft a specific cross-functional team across these and other business units to handle eDiscovery projects.

Finding The Right Balance in your eDiscovery Process

Figure 1 below depicts the Electronic Discovery Reference Model (EDRM), a popular reference point indicating how eDiscovery processes should be handled.

 

In order to bring relevant aspects of eDiscovery in house, different stages should be considered for suitability. First up, a large-scale information gathering exercise should be considered carefully as part of the “Information Management” step, ideally as part of a wider Information Governance (IG) initiative. At the “Identification” step potential information sources should be assessed for scope, depth or breadth in relation to a pending/prospective legal proceeding – availability of appropriate cross functional resources (IT and legal in particular) is crucial here in order to create an accurate map of all data sources.

At the “Preservation” step, it must be ensured that relevant electronic information can be protected against inappropriate alteration or destruction once legal stakeholders issue hold notices. To manage this it must be ensured that legal, IT and outside counsel are able to co-ordinate effectively to hold these notices. If this is not feasible then outsourcing should be strongly considered.

Regarding the technical harvesting of data at the “Collection” step, managing this activity in house is easiest when the file types in question are easily manageable by capable IT personnel, using proven tools that don’t change relevant metadata. However if litigation is contentious then third party support is advised.

Significant ROI can be achieved by bringing the “Processing” stage in-house, especially in the financial domain where large repeatable caseload over time with large data volumes are involved. Outsourcing can be a more favourable option when litigation is less predictable or infrequent.

When evaluating and scanning electronic information for content and context at the “Analysis” step (e.g. key patterns, topics, people and discussions), there is a strong case for bringing elements of this stage in-house when internal personnel are often familiar with issues around the subject matter and may be able to act on the data quickly. Outsourcing should be considered when there are large volumes of data requiring a more thorough brute-force approach. Effective support at the “Production” stage requires an understanding of the specific file format requirements requested by the requesting party – and to provision for these file formats in earlier EDRM steps.

Conclusion
The scale and impact of the global banking crisis, among other events, has resulted in greater regulations and tighter controls for financial institutions in the foreseeable future. In this landscape financial institutions that adopting best practices that balance in-house and third-party support across the entire eDiscovery process – are more likely to achieve a number of benefits such as:

• Increased likelihood of a favourable outcome to the underlying litigation or similar event
• Greater ability to add focus and manage scope of eDiscovery
• Greater ability to control eDiscovery activity costs
• Increased insight into how to manage the process and make it more repeatable over time
• Reduced disruption to internal data custodians and those who manage and maintain the IT infrastructure

Colm Murphy bio
Colm Murphy, Espion’s Technical Director, has taken primary responsibility for the development and management of Espion’s Digital Forensics & eDiscovery division. He has worked in the ICT industry since 1996 and has specialised in eDiscovery since 2001. He is a graduate of Trinity College, Dublin.

Colm has performed over 200 computer based forensic investigations and has led some of the largest electronic discovery projects conducted to date in Europe. He has presented evidence in court on many occasions. He has written extensively on Information Security, Digital Forensics and eDiscovery. He has lead and managed a range of information security projects in the public and private sectors in the UK, Ireland, Australia, New Zealand, Malaysia, Hong Kong, Singapore, and the Philippines. He was appointed an expert evaluator by the European Commission for the Preparatory Action on Security Research in 2007, and the FP7 Security call in 2010. Currently, Colm is leading a large multi-jurisdictional eDiscovery initiative for a major European Bank.