Corporate investigations – using technology to find a smoking gun

February 2013 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION

Financier Worldwide Magazine

Most corporate investigations these days can be hugely complex and there may be literally millions of documents in the dataset being preserved and reviewed by the legal department. The ideal project is one that combines knowledge from legal counsel, experts, and, when appropriate, technology. Finding that one piece of important evidence within this mass of information is something that software and technology can often help with.

Whether it be internal investigations, regulatory requests, or legal or HR inquiries, technological expertise can assist in effecting a timely and efficient resolution. However, clients do have concerns about the cost implications, how effective the process is, and what can be done to make sure that the needle in the haystack isn’t overlooked.

Assess the data

Assessing the potential ‘universe’ of data that may need to be collected and reviewed is vital in planning and executing an investigation. Current technology enables the project team to assess the data before it is collected and preserved, and can help determine whether any unforeseen issues exist while the investigation is still in its early phases. Early case assessment can be performed on data ‘where it lives’ in the organisation to minimise any disruption or downtime. Oftentimes, the early assessment done at this point affects the known list of data owners or ‘custodians’ as it becomes better refined. This shapes the entire project moving forward: Who has the most data? Does a Tier 1 custodian have 10 times more data than expected? How much data is duplicative? Are there potential problems with the stored information? Did you encounter the unexpected – data corruption? Missing backup data? Is the data encrypted or password-protected? Gaining this valuable insight early on allows project managers and the legal team to act more efficiently on information and, sometimes, to rethink presumptions.

Collect the data

Technological improvements have also come to data preservation. Data can now be collected from smart phones and tablets, as well as from sensitive production systems that require 100 percent uptime. Data can be filtered at the collection phase, eliminating file types and documents that fall outside of the investigation scope. Often, the legal department will need assistance to scope the project and ensure that potentially relevant data from crucial individuals is preserved and collected. Efficiency is key, but you must also be sure the net you cast is large enough, as additional costs will be incurred if later it is determined that the initial data collection effort came up short. Here, technology might also be able to assist. Despite best intentions, not all IT / HR departments records are always up to date. Technology can help a company crawl its own computer infrastructure and identify the individuals, departments, remote employees, and contractors that are sometimes inadvertently missed. With regard to preservation and data collection, consider collecting more than less. Data preservation and collection is frequently the least costly facet of a corporate investigation. It may be tempting to try, but cutting corners in this area can negatively affect the project as it grows and evolves over time.

Processing and reviewing the data

At this phase in the investigation, you can rely on software tools to further cull and filter your collected data. Electronic files that were previously unsearchable (such as scanned documents and images) can be made searchable. Metadata, such as email date ranges or file type information, can be used to whittle down the data set.

As the review process is approaching, consider the various methods one can use. Not all projects or investigations lend themselves to just one or two people reviewing all collected documents. If you have a project that requires a team review methodology, you can leverage technology to provide an efficient review process. For example, you can have your Team A perform a first-pass relevance review, then have Team B perform an automatic second-pass privilege review of the documents flagged as ‘Relevant’. Additionally, you can have the decisions made by the review team ‘broadcast’ to related documents, such as a document ‘family’ consisting of an email message along with its file attachments, or to duplicate files belonging to multiple custodians. The tools available today can be leveraged and customised to best fit the particular requirements of an investigation.

Concept searching – replacing and refining the standard keyword search

The standard document review process of yesterday was a serial approach; documents were numbered sequentially and given to the review team. Reviewers slogged through each email one by one. Gradually, the reviewers would start to recognise whether emails and documents might be responsive just by their filenames or repeating email subject lines. However, getting to this point took considerable time and effort, and the important documents that everyone was looking for didn’t necessarily materialise, sometimes after days or weeks of legal review time.

In years past, software technology was not able to ‘read between the lines’ to ultimately determine the core concepts that were being conveyed in email messages or work documents. As a result, using software to first build an index of all text in every email, and then applying simple keyword searches, were jointly the principal method of identifying important documents during the review process.

The standard keyword search method will be successful only when the important documents actually contain the keywords you decide to use. What if there are communications where the parties are using code words or phrases? What if the keywords you think the marketing department uses in their communications are actually something just slightly different? What if the document reviewers start to find hundreds of emails that seem very important to the investigation, but none of your keywords show up in the messages? Do you start over?

Advances in technology have been made that allow document review teams to quickly and easily identify and target the key concepts that exist in the document population. Suppose a series of emails contain language pertaining to hiding trades or keeping a second set of books (…or maybe they don’t). No matter what kind of data or documents you have, conceptual similarities between documents exist that, when identified, organise the documents not by their owner, but instead by the ideas and subjects they represent. This dramatically changes the landscape of standard document review. It allows the legal team to quickly identify documents and emails that are pertinent, and may help add to the known keyword list after these categorisations come to light.

This also works in reverse. Take, for example, a series of spam or ‘newsletter’ emails that exist in the collected data. From one to the next, the emails themselves may contain different keywords, but based on their similarities, document review technology exists to identify the conceptual similarities between the emails and subsequently categorise them as being non-responsive. The ability to do this can quickly and drastically cull the document set the review team has to look at. This saves everyone time and money, and puts into sharper focus the remaining documents and emails to be reviewed.

Used purposefully, technology can play an important role in a corporate investigation and can be properly leveraged to save time and money while bringing about a speedier resolution. It must be combined with the proficiency and knowledge that legal and subject exports bring to the table. Because as exciting as new tools can be, technology alone is no substitute for expertise.

Jonathan Karchmer is a senior manager at iDiscovery Solutions, Inc (iDS). He can be contacted on +1 (310) 694 6893 or by email: JKarchmer@iDiscoverySolutions.com.

Jonathan Karchmer

iDiscovery Solutions, Inc (iDS)