Early Case Assessment and The Cloud

A few weeks ago I wrote about the Early Case Assessment Trap and today as I was following the goings-on at the annual ACC get-together, it reminded me of our legal industry buzz-words and how vendors constantly re-invent themselves around the latest buzz. No doubt this week “cloud” will be hot  and “ECA” will still be generating a lot of noise.

The way I see ECA being applied is that the C stands for Cost not Case. Opposing Counsels get together and agree the scope of discovery based on the anticipated cost of the “document hit count” arising out of the agreed keyword terms.

Now granted, this is an over-simplification of a complex legal process and sure ECA means many things to many people. But, what we are not seeing is good, honest work being done in the early stages of a case to truly understand things like, who is involved, what is the company risk or exposure, is their sufficient evidence, what action should we be taking?

“Early Cost/Case Assessment” can quite easily become a template for “how much is this going to cost us” and “can we settle for less”.

At Catelas, because of the “buzz-word effect” which tends to make all vendors appear equal, we have shied away from calling ourselves an Early Case Assessment solution, for this very reason. We prefer to be thought of as Early Case Intelligence, where we endeavor to answer these key questions – who is involved, what was said and what action should the company take? We are trying to provide real, upfront intelligence to the client that helps them make smart decisions about the case, going forward. At then end of the day, Counsel does not want to be surprised with a “gotcha” six months into the case. Our mission is to ensure that Counsel gets “One Step Ahead” by providing key intelligence about the case within the first couple of days.

So this year at the ACC Annual Meeting, Early Case Intelligence may not [yet] be an industry buzz-word, but watch this space…

If you want to find out more check out this preso


Internal Investigations continue to rise

The latest Fulbright & Jaworski Litigation Trends Survey is out – slightly less litigation in 2011 compared to 2010, yet the cost of litigation per company rose. However, regulatory actions and internal investigations are climbing.

The report also reveals that whistle-blowers remain a concern in the coming year stating that one-quarter of respondents anticipate an increase in the number of claims or lawsuits brought by whistle-blowers next year. This year, 22% of respondents said their organizations were subjected to whistle-blower allegations. I suspect that this percentage has been increasing steadily over the last few years, but 25% !!! That certainly registers on the “take-notice” meter.

I also listened to a TechLaw10 podcast #42 this week, where Jonathan Armstrong was talking about the many challenges of internal investigations… more regulations, businesses being more global, more value on corporate data, more employee turnover. This last one certainly resonated – the work force of today statistically averages 2.2 years per company, a far cry from our Dads’ generation when jobs were for life. Whether people today are stealing corporate secrets more than they were before is not the issue; but the chance of this happening is significantly higher simply because people move around more and it is much easier to ‘take’ secret data with you.

All put together, I sense the perfect storm brewing to corroborate this trend of increasing investigations.

So to the people who actually have to do the work and respond to this trend, my question is how are you coping? In this economy it is not simply a case of asking General Counsel for a bigger budget – more people and more technology. It’s more complicated than that. It requires putting together a well thought out “mini-business plan” – what are the key areas of focus, how do you prioritize investigations, when and how do you deploy resources (locally and internationally), what policies and processes do you have to train and educate employees, etc. And of course if additional resources are required they need to be justified via an ROI calculation. This last piece is absolutely key – coming from the sales side, believe me, sales commission are directly proportional to a customer’s ROI.

Faced with an increase in internal investigations, the key is to use technology to your advantage – at Catelas, we are all about upfront intelligence – arming you with the facts about a case as early as possible, so that you can prioritize your investigations, spending time on the important, not the trivial, one’s, collecting only the relevant data specific to that investigation and thereby saving time and cost per investigation.

If you are interested in learning more, look here.

A new age of Whistle-Blowers

I read an interesting article last week by Joelle Scott about the “secret” whistle-blower at BNY Mellon. It turns out that Grant Wilson was the undercover whistle-blower who detailed how the bank had allegedly overcharged investors in their currency trades and defrauded investors for years.

This from the article… “So what is shocking about the BNY whistleblower is not that he exists but rather that he worked in conjunction with attorneys, regulators and fraud heroes to provide evidence for a massive lawsuit against his employer (the Justice Department and the NY Attorney General are seeking over $2billion from the bank).  This is almost as shocking as when the government used wiretaps to confirm and reveal the enormous insider-trading ring orchestrated by Raj Rajaratnam and his cohorts.”

In a shady world of fraud and corruption, law enforcement is to be applauded for making inroads by planting undercover agents into corporations or getting increased help from insiders.

But coming from the Information Security business, it does make me think about the people we work with that we take for granted on a day-to-day basis. Not if they are potential whistle-blowers, but the opposite. Are any of these colleagues working on the dark-side: do they have relationships with corrupt organizations, are they providing sensitive information to competitors? Do they have relationships that might be harmful to the company? Bar a cursory background check when an employee enters a company, the truth is, we really don’t know.

Worse, we only potentially find out once a crime has been committed, long after the horse has bolted from the stable.

And that is why Catelas is all about Relationships – it all comes down to ‘who you know’.

Voluntary Disclosure of FCPA violations

To disclose or not to disclose… that is the question. Definitely a thorny issue which Compliance Officers have to deal with. From my standpoint, I am seeing more voluntary disclosures hitting the press – here Maxwell and here Analogic, which is a good thing. Right?

Personal Disclosure – I have never been inside a Compliance Officer’s shoes when he or she is being chewed out by the CEO, so my opinion may not count for much. But what I have observed over the last few years being around corporate FCPA investigations is the following:-

1. We will investigate, prioritize and disclose potential violations that are brought to the Compliance Team’s attention:  what this means is that most companies have an investigation process in place and when they find something wrong and potentially serious, for the most part they will voluntarily disclose. Clearly, this begs the question what is “serious”, but most companies I would hope will not deliberately try to hide blatant stuff.

2. I don’t want to know what I don’t need to know: this is really about proactive monitoring or going out and finding potential violations. We work with a few companies in highly regulated industries where this is a must, but for most companies it is a step too far – ie I don’t want to uncover stuff that I don’t need to know about. This does not mean that these companies have blinders on, simply that they are doing what is necessary from a compliance and enterprise risk perspective. They feel they no not need to go the extra 9 yards.

3. Cover my backside principle:  this is about policies, processes, employee training, ‘walking the walk’, ‘top down approach’, etc. It’s what all good Compliance Teams do: they enforce and remind employees, partners, etc about good business practices. Often this is driven by past experiences – has the company been investigated by the authorities before, have they had whistle-blower incidents, etc?

4. Who is the target?  The company or the Executive: this is probably the one dynamic that has changed the most in the last 2 years. The charges are becoming personal, in that CEO’s (SEC charges CEO $20M in fraud case) or Compliance Officers are being charged for violations, resulting in possible jail time. No longer is it simply the company that stands to be charged.

Of course each company is different, but the underlying theme is reputation risk – enterprise and personal. Voluntary disclosure provides an avenue for ‘coming clean’, for putting some level of  ‘positive spin’ out of a bad situation and hopefully ultimately saving the company money in fines, etc. To all Compliance Officers – are you feeling the disclosure heat? Or is it still business as usual? I would love to hear your views.

What’s the next Killer App?

I have been in the hi-tech arena for around 20 years and most companies that I have worked for have spent large chunks of time trying to answer this question. When I was at Nokia around Y2K, “the” app was a digital camera on the phone, quickly followed by email. We also strategized about convergence of fixed and mobile, about the mobile phone as a credit card and command prompts using voice recognition.

At a company dinner last week we were trying to predict the “future” for computing. For instance, how long will the good old “qwerty” keyboard be around in its current form factor? Kids today oscillate their digits around a tiny input screen at a furious pace. They have learned this dexterity largely by playing “rapid-touch” games on their iPods and smart-phones. Heck, kids would rather text each other across a room (20 times in 5 minutes) than dare stand up and engage in face-to-face conversations. The elegant touch typist with a straight back is a bygone era.

I am sure many people much smarter than me are already figuring out the impact that Generation Z will have on the corporate work-force. But the impact will be massive since this generation will have survived adolescence with Facebook, iPads and the rest. They will also be far more demanding of technology than my generation was and certainly not over-awed by it.

Our Catelas dinner discussion might not have uncovered the next “killer app”, but we did speak about “personalized data”. In our world of data discovery, the current buzz is Big Data, which means crunching even more disparate datasets with faster processors. But this cannot be the answer. Surely, our data searches need to become more intelligently attuned with the individual  – we need to understand the individual before we “search the universe”; otherwise the search becomes impossibly big or we cut the parameters of the search so much that we exclude a lot of important stuff.

So the mathematical algorithms start getting infused with behavorial one’s – how the human thinks and behaves has a pivotal bearing on the type of data searched or retrieved. In eDiscovery the Catelas approach first identifies the relevant Custodians by uncovering “‘how they behave”, which then leads us to “what they say”. This has to be a smarter approach than simply guessing “what they said” which is the whole basis for keyword searching. It may sound complicated, but its analogous to the way law enforcement solves crimes…..

If there was a shooting in New York, the police officers would not round up thousands of people in a 5 mile radius of the scene, load them into a stadium and interview them all with the same 10 (or 1,000) questions. That is the big data approach. No, they would ask relationship-type questions of the key people at the scene – who was with the victim, did anyone see the assailant, etc. This link analysis approach identifies ‘who is involved’ BEFORE it starts looking for the ‘what’ (the smoking gun), thereby reducing the scope of data to only what is relevant, at the outset.

What is your industry’s next “killer app”?


What does an MRI and Enterprise Risk have in common?

Do you remember the days of X-rays when a GP would hide behind a screen and a huge puff of smoke would erupt from some weird-looking industrial type camera. Bygone days when surgeons operated with precious little knowledge about the patient’s condition. Risky business!

Today surgeons make use of sophisticated MRI’s, endoscopes and the like to perform key-hole surgery. Not only do they pinpoint the exact cause of the ailment before they operate, but the corrective procedures are conducted in a fraction of the time.

I use this MRI analogy for the work we are doing at Catelas. As I mentioned in my Gaping Hole in the EDRM post a week ago, what we do is provide Early Case Intelligence about a matter before the ‘operation’ of collection, processing and review takes place. Like a surgeon today, who would NOT conduct an MRI before operating on the patient?

Likewise, in the area of Compliance, specifically for Financial Services, we provide comprehensive surveillance of Information Barriers and Watch Lists. Because we can monitor an entire company’s communications patterns pro-actively, the company is leaving nothing to chance.

And just like a surgeon who knows how to read an MRI, we can immediately uncover enterprise risk that prompts the Compliance Officer to take further action.

My key point here about Enterprise Risk is that companies in many ways are operating like the surgeons of old – they do not have MRI’s to help them pinpoint precisely where the risks are. In eDiscovery or Compliance this is the role Catelas plays – helping you assess the risk before you start a widespread and costly collection and review operation.

Lawyers shouldn’t settle for too much!

We are fast approaching the turning of the fall leaves which means that turkeys are being fattened for Thanksgiving. This is kind of a continuation of my smiley faces rant in that the scope of discovery in a case is invariably “fattened up” before the unsuspecting turkey is placed in the oven.

Here’s the scoop: we know that most litigation cases settle before trial. But, in many cases we over-collect and so we use keywords to negotiate down the Anticipated Cost of Discovery (ACD).

See the problem: over-collection because we have no way of substantiating a narrower scope of discovery.  Let’s say a case might initially settle for around $250k, but then we calculate the ACD to be $3M. Guess what, opposing counsel now has a significantly higher “settlement ceiling” to work with. Counsel for both parties then confer and a settlement of say $2.5M is agreed.

In building up the scope and anticipated cost of discovery, opposing council has fattened up the turkey. In some ways Early Case Assessment has become our own worst enemy – we run a number of keyword searches and calculations to get a pretty accurate cost of anticipated discovery.

This is not the defense attorney’s fault, it is simply a consequence of the way we preserve and collect. So again, at Catelas we believe we have the answer: provide a comprehensive and defensible way to limit the scope of discovery. We are able to help counsel to preserve & collect only those custodians that are truly close to the matter. Not by keyword culling, but by actually identifying the relevant custodians.

Bottom line is … don’t get caught in the Early Case Assessment trap by settling for too much!

Death by 1000 smiley faces

This week I had a number of conversations with lawyers so that I could at least try to understand what it was like to be in their shoes. We talked about interesting cases, amazing escapes and ultimately about life in the electronic world. But a resounding theme  was “I wish I could go back to practicing law like I did 15 years ago”. Don’t get me wrong, these folks still loved their jobs, but they felt that somehow they had become subservient to a process, a workflow, that is ESI. The sheer volume of electronic data has changed their world.

I tried to visualize this impact and drew this picture – death by 1000 smiley faces. The point is the following: in ‘the old days’ when building a case a lawyer would conduct interviews and come up with a list of people (or custodians) who he felt pretty sure we close to the matter in hand. Call it intuition or gut-feel, it was a bit like police work, they just knew who the bad guys were. This gut feel still holds true today, except that lawyers cannot trust their instincts given the morass of electronic data that abounds – email, SMS, sharepoint, hard drives, facebook. smart phones, etc. So, they are forced to throw a much wider safety net around the cast of actors (the custodian list). Now they are faced with possibly hundreds of custodians rather than the 5 or 10 that their instincts tell them are the real actors. Well, we all understand the problem with this picture – there is too much data… so we use keywords to negotiate down the scope and cost of discovery.

Over-preservation and over-collection is a big problem. But we are trying to fix it at the back end (with keywords) rather than at the front end (identify the custodians really involved). But if we could do this it would be a sense of deja vu or “Back to the Future”.

What if I told you Catelas can take you Back to the Future. Comprehensively and defensibly we can help you limit the scope of discovery so that you really are preserving and collecting only those custodians that are truly close to the matter. Don’t settle for the 1000 smiley faces approach.