Complying with Regulators’ Requests & How AI Helps Organizations to Comply with Requests More Easily
A version of this article was originally published in Orbit, a Technology Risk Compliance publication by Global Relay
How do you describe your job to your mother?
Ha! After years of struggle and revision, here’s what I’ve got: I help our partners understand their data faster so they can make better business decisions faster. Sometimes that means using Artificial Intelligence (AI) to find a ’smoking gun‘ document, and sometimes that means digging in, getting our hands dirty, and connecting dots that don’t want to be connected. That’s our biggest value-add: actionable intelligence earlier in the evaluation and decision-making processes.
What are the biggest mistakes companies are making with their discovery?
That’s easy. Did you hear the one about employees communicating for work on an unsanctioned chat platform? It happens all the time in every industry. Group texts. Slack instances. Facebook groups. Personal email lists. WhatsApp. Signal. Telegram. These communication channels are so simple to start, and employees often have the best intentions: higher productivity, faster information sharing and so on. But when IT, compliance, and legal don’t know they exist, these rogue channels create massive problems. Fines. Sanctions. Reputational damage. Higher insurance premiums. The better approach is to incorporate approved communication platforms into an information governance regime and clearly communicate that business should only be conducted in those channels.
The other major mistake we see is the company ignoring discovery until it can’t anymore. When it receives a large data or document request, suddenly an enterprise built to conduct business at speed and scale discovers it can’t comply with complex regulatory or litigation requests without significant business interruption and investor backlash. Think significant and unexpected one-time charges that can swing a year from a profit to a loss; re-tasking IT headcount and resources; network slowdowns; invasive forensic and discovery consulting.
What are the biggest risks involved?
As with most risks, the spectrum is wide, but a short list includes: stock price reactions to major fines and sanctions; legal cases swinging from a win to a loss; reputational damage that can drive customers and prospects away; and, in some cases, criminal investigations that can result from compliance and discovery failures. These risks were always there, they just didn’t register.
They were Black Swans waiting in the wings. Actually, it’s more like Nicholas Nassim Taleb’s other avian allegory: “The Turkey Problem.” Turkeys think they understand risk. Every time there isn’t a problem, it reinforces the idea that the turkeys are safe, that they’re doing things right. But that illusion is shattered the week before a holiday dinner when everything changes for them.
What does the advent of AI mean for regulation and eDiscovery in the future?
Decisions in business are always made under uncertainty, but uncertainty is a matter of degree. As AI increases the speed of information gathering and interpretation, deadlines from regulators and courts will likely get shorter and shorter. An expectation of speed will be the norm. In a world where information velocity means profit versus loss, victory versus defeat, compliance versus violations, companies that incorporate AI into their business, compliance, regulatory, and legal processes will have the advantage. Even a slightly clearer picture from the data can dramatically reduce uncertainty and improve strategic decisions and outcomes.
What should the discovery posture/policy of a company be?
We can all agree that companies aren’t in the business of responding to regulatory, compliance, and legal requests. They are priorities, but not day-to-day ones. Like seeing the doctor for
an annual physical. Major changes from one year to the next can be early indications of something that needs attention. Discovery is the same. It needs to be part of a comprehensive information governance regime, and updated as new communication platforms are adopted or deprecated.
Do regulatory requirements affect eDiscovery?
Absolutely. With statutes and rules requiring regulated firms to retain records for long periods of time, when a regulator issues a data request, a Wells Notice (which is a formal notice from the Securities and Exchange Commission that it is planning to bring an enforcement action against the recipient), or a Civil Investigative Demand (a request for records and information in connection with a federal civil investigation), the datasets that are in scope can be extremely large. Imagine searching 100 employees’ emails going back seven years. That’s a lot of email, and more data almost always means higher costs.
What’s at stake for your clients?
It runs the gamut, but every case we work is probably the most important thing in the world happening to the people involved in it. We’ve done an arbitration that would cost one of our clients as much as $8bn if it lost. They didn’t lose. In fact, the arbitrator awarded $0, which was a huge victory for our client. But that should give you a sense of the size of the financial matters we handle. That the client trusted us with that specific matter speaks to the level of trust we achieved with its C-Suite, in-house legal department, and outside law firms.
We’ve also had clients whose personal freedom was on the line. And we routinely handle intellectual property rights and theft, antitrust/securities/employment class actions, massive contract disputes between companies that are household names, and government enforcement actions. In some cases, the future of the business is at stake, in others it’s an enormous regulatory penalty or trial verdict.
Tell us about the partnership with Global Relay?
Our top clients are law firms representing financial institutions, like investment funds, pension funds, and so on. The attorneys often had us work directly with the Global Relay service team to narrow the scope of the data needed. Global Relay’s responsiveness, the high-touch service, and clean, easy-to-handle data formats got all of our attention. We all looked at each other and thought, “We should get these folks as partners. They clearly approach data the same way we do.”
Global Relay and Trustpoint are both AI-driven companies. How is Trustpoint leveraging AI for customers?
Our approach to AI is like Global Relay’s: human augmented AI. That means people analyze a situation, define the scope, and decide what’s important. Then we use AI to clarify the data, finding insights and the unexpected (coded language, unexpected involvement by key employees, and even bald admissions of intentions and wrong-doing).
Next, AI amplifies human decision-making. I’ll give you an example. If we have 1m emails and messages, we can assign a few human experts to review a statistically valid sample of the documents. At the end of that review, we feed the relevant/irrelevant coding to the AI, and it teaches the system what is relevant and irrelevant. Now the AI has learned enough that it can categorize the remaining 998,000 records into 100,000 relevant versus 898,000 irrelevant records. Since AI is never perfect, humans review and correct its categorization of records as relevant/irrelevant, along with additional coding as necessary.
We also have case studies where we’ve been able to bring tremendous value despite a late engagement. In fact, we recently ran a project for a Fortune 10 company to double-check 11,000 hours of attorney review time using our Augmented AI approach. In a set of 500,000 documents, the company needed to identify every key document that was critical to the outcome of the case. After huge sunk costs, the company still wasn’t confident that outside counsel had found everything of consequence. In just 10 days, our team identified all the remaining key documents.
If one day of one person’s time can cut 90% of a dataset as potentially irrelevant, that’s a win for the client, its law firm, and us. And in a world where a deluge of data can obstruct justice and the truth, this is also a win for the legal and compliance system.
Jaclyn Schoen is Vice President of Strategy and Augmented Intelligence at eDiscovery specialist. She often talks and writes about the risks of not complying with regulators’ requests and how AI is helping organizations to comply with those requests more easily. To request a speaking engagement or guest article, contact email@example.com.