Catelas: a Divining Rod for your Discovery Efforts


Today’s post comes to you from Matt Berg who wrote a fantastic article (here) about Catelas. Matthew Berg is the Director of IT at Wolf, Greenfield & Sacks, P.C., a boutique Intellectual Property firm in downtown Boston.  Matt is a graduate of the United States Naval Academy and has a broad background in driving and supporting emerging technologies earned over the past 18+ years while fulfilling such roles as software developer, systems integrator and program manager.

INTRODUCTION

What if a vendor told you it could boil down a client’s document discovery production to “the five people you want to focus on first”? Or even better, “two key conversations” among those five people? And all within 24 hours? Sound like something out of Leonard Nimoy’s “In Search Of”?

Catelas’ eponymous product (see here) uses a proprietary algorithm to determine the relationships between parties involved in electronic communications, as well as the critical conversations being conducted by those parties.

And all of that before the first search term or keyword is even brought into play.

EARLY CASE INTELLIGENCE (OR ASSESSMENT) IN ACTION

Catelas is in my opinion the most intriguing player in the burgeoning “early case intelligence” (aka “early case assessment”) market. Catelas provided me with the following metrics from a recent case at an AmLaw 200 firm in Boston:

•           20,000 employee client, 3 million email log entries were ingested in 2 hours

•           15 individuals were identified as ‘key custodians’

•           80 ‘hot’ documents were tagged for senior executive review

•           Early Case Intelligence Report was provided to the client within 24 hours

Catelas was able to help counsel by defensibly reducing the collection of data. After a quick review of the reduced production set, the firm’s litigation team identified some risk. Based on these findings, they devised a strategy for their client to resolve the matter early through negotiation. A process that normally might have taken weeks (or months) took about a day.

HOW EARLY CASE INTELLIGENCE FITS INTO YOUR IT ENVIRONMENT

Catelas add value at the extreme left of the Electronic Discovery Reference Model (EDRM). It does not necessarily replace any of the existing functions (you’ll still need products like Concordance, LiveNote, etc. to manage and review documents, email, and transcripts), but it streamlines and adds relevance to these documents, saving significant costs downstream in the discovery process.

From an identification perspective, the approach helps to identify the key custodians before collection even occurs. This early identification has obvious implications for Legal Holds (whose data to preserve). The intelligence provided via the “hot” documents identified can be used to help counsel define and agree on high level case strategy, including keyword determination, interview lists, lines of questioning, etc.

HOW CATELAS WORKS: SORT OF LIKE “LAW AND ORDER”

As we can see from the case metrics above, the value of Catelas is clearly up-front case intelligence. The claim is not so much to “find intelligence that others tools cannot find,” but to pinpoint that intelligence dramatically more quickly and more effectively than traditional methods.

So what makes Catelas different? Catelas describes its methodology as following the approach that law enforcement has used for years — linking people to the scene of a crime based on association and proximity (relationships, timelines, and locations) rather than relying on keywords to cull down the dataset. A detective would not gather 500 people within the immediate radius of a crime-scene and interview them with 10 identical questions (which is essentially the way ediscovery works through the use of keyword searching).

The technology Catelas employs to perform these analytics is based upon behavioral science and network analysis. A variety of communications data (email, telephony, SMS, IM, etc.) can be ingested, but the starting point is often email log files. All email servers have these logs, which audit every single email communication into and out of a company.

It may sound like I’m talking about terabytes or even petabytes of data, but that is not the case because these logs contain no email content. Catelas uses this metadata to construct Relationship Maps showing how people are linked. Email is not simply counted between individuals to determine the strength of a relationship. There is much more to it than that — and that is where Catelas’ “secret sauce” comes into play and the folks at Catelas start to get a bit close-mouthed.

Having identified the key people involved, based on their relationships, the collection process (native email files, cell phone records, etc.) can be precisely attuned to key individuals, timelines, and conversations. Catelas then ingests the relevant native files and identifies and tags the priority or “hot” documents as part of its Early Case Intelligence report.

It’s not called “early” case intelligence by accident. Catelas is able to go into a new client, take a copy of its log files, and have Case Intelligence Reports available within 1-2 days.

WHAT ABOUT THE COMPETITION?

In the process of researching this BigLaw column, I was unable to find any true competitors of Catelas (though maybe I’ll hear from a few after publication). There are a handful of vendors out there advertising similar functionality. For example, Fios’ Case Intelligence and LexisNexis’ Early Data Analyzer use similar language to describe some of their offerings. But to my knowledge neither uses the same approach as Catelas.

MY VERDICT

Catelas can help your litigators (and clients) become more informed, earlier in the discovery process. In a traditional model, the litigation process is iterative — intelligence is obtained piece by piece, often over a period of many months. But Catelas is fast-tracking that process to prevent surprises downstream. Its early intelligence helps to reduce risk and provide opportunities to negotiate earlier. The business model that Catelas uses is also flexible — use it on a case-by-case basis or deploy it in-house on a licensed basis. The next time you have a big discovery project (probably weekly given where you work), consider giving Catelas a test drive early in the process.

Insider Trading: “The Circle of Friends”


The FBI continues to escalate their crackdown on Wall Street with their latest bust on hedge fund portfolio managers and analysts. This week seven friends have been charged with running a $62million insider trading scheme (see here).

The seven charged worked for five different hedge funds and investment firms and reaped nearly $62million in illegal profits on trades in Dell Inc, the prosecutors said.

This is eerily similar to the Galleon case and should not come as a surprise. There are numerous white collar crime cases where friends have been working in cahoots with one another. The Russian trader at UBS using “potato code” also springs to mind.
The fact is (and Catelas has been saying this for over 3 years now) that criminals cannot work in complete isolation. They need to work with trusted accomplices. Trust is gained through the building of relationships. And, it is unlikely that you will commit a crime with someone you do not trust, someone with which you have a tight bond, or strong relationship.
That is why at Catelas our fundamental premise is uncovering relationships. Our assumption is that a “circle of friends” committing a crime will not necessarily provide incriminating evidence in a email exchange. Sometimes people do make mistakes, but the thing that links these individuals is the communication exchanges they had (email, cell phone, SMS, IM, etc) lomg before the crime was committed. During the time these relationships were getting stronger. In fact, often we find that communications go “radio silent” leading up to the crime.
So our approach is rooted in Behavioral Science – we uncover communication patterns that mimic what behavioral science calls “shared experiences”. Its similar to going on a weekend camping outing with friends. Here a group of people participate in a shared experience (ie camping). After the weekend, this group will by definition have a stronger bond, having participated in a shared experience. Catelas has been able to apply this same approach to everyday business (and personal) communications. I cannot share the details of how we do it, but the results are astounding.
Our Relationship Analytics approach is used to first identify the people involved in or close to a particular investigation or case. These relationships leads us to critical conversations (topic or timeline related), which enables us to point the investigation, with laser focus, to the relevant people and the relevant documents.
The next time you are working a case and your question is: “Who else might be involved?”, think trusted relationships. For more information take a look at our website or contact me.
Rob.
(robert.levey@catelas.com)

FCPA – coming to a mid-sized company near you! Thanks for the interview, Mike Volkov!


Having read blogs for close to 5 years now, I always look forward to this time of year when predictions are made. I tend to select my reading based on subject matter expertise and style, focusing on people I like and respect. I have also learned to leave the predictions to the experts rather than making my own!

Last week at Catelas we interviewed Mike Volkov to gain his insights into FCPA Compliance and try to get a sneak peak into 2012. If you have not already read his blog (here) I highly recommend that you do. We thought we would share a 3 minute audio clip of our interview with Mike,which covers many of the same topics, but reinforces the message through our auditory senses. I hope we played a small part in helping Mike compile his thoughts.

One key prediction that resonated with me was “FCPA coming to a mid-size company near you”. Okay, this is a play on words, but the gist was that FCPA enforcement will expand beyond large multi-national companies and into mid-size or smaller public companies. These companies, who for the large part I assume do not have the people or money resources to handle these types of inquiries, will need some help. Both in the form of advice from people like Mike Volkov but also in the form of “audits or assessments” of where to start and what to prioritize from companies like Catelas.

For example: Mid Size company  – 20% of their business (and growing) comes from China. Step 1 and Priority 1 is to understand how the company does business in China, in particular understanding the relationships it has with its Partners and 3rd Parties in China.

Our interview goes on to discuss how resource-sensitive companies can use Catelas in a very targeted and cost-effective way – ie pinpointing the relationships they have in high-risk FCPA countries where they do business that is of importance to them.

I hope you enjoy the audio clip. Feel free to contact me if you want to listen to the full webcast or discuss the topic in more detail.

Rob (robert.levey@catelas.com)

Annual Performance Reviews – love or hate ’em ?


The time between Thanksgiving and the Holiday Season break is most typically when companies review their employees performance. Most everyone has their views on Annual Performance Reviews since we are all involved either as a reviewer or reviewee. I created the following poll on LinkedIn to gauge what people thought about the annual review process – take a look here. I was very surprised by the results.

The post today is not a lesson in Human Resource Management, but I do often think about how people in Compliance, Legal and Information Security are really reviewed in terms of their job performance. In sales its easy – how much did you sell?

The conversation for a Compliance Officer or a Chief Security Officer is more complicated – how many FCPA infractions did you investigate or how many security breaches did you uncover? These roles are about protection and prevention and for the most part the teams operate in stealth mode and are seen to be doing their best work when nothing bad is happening. So a good performance review is about “nothing bad happened or nothing bad was uncovered”. Right? Wrong!

The best Compliance or Security Officers are actually “looking for bad stuff”, they are not sitting back complacently believing that their fort is secure. The very fact that “bad stuff has not happened” is the very reason to look harder. They are pre-emptive or pro-active and their mantra is to “find bad stuff before it happens”. Lofty aspirations, perhaps?

So shouldn’t performance be [at least partly] measured on vigilance and awareness rather than simply policies, processes and how well a team reacts to bad stuff as and when it happens?

Believe it or not we come across the “don’t tell me what I don’t want to know” attitude everyday. Catelas has an ability to look inside the business and monitor, yes monitor, how business gets done. Or more accurately we visualize the communications patterns of a company to understand “who knows who” and “how well”. For compliance and security groups we are used as a monitoring solution to better understand company relationships – who in my company has relationships with X, where you can fill in the blank X to be competitor, press, government official, etc.

But my point is that for many companies we often have to water down the “monitoring” term because our audience (the Compliance or Security Officer) does not want to look deeper than the job dictates. They are not interested in pro-actively seeking out potentially bad stuff for fear of finding something. Sure I understand that these teams are max’ed out or are operating within the Risk Profile of their company, etc, but in this age of Whistle-blowers and Self-Reporting, I honestly believe that the CCO in particular needs to step out of his or her comfort zone and start being more proactive. Blind ignorance is no longer an excuse.

What do you think?

Dinner [and Pearls of Wisdom] with Tom Fox


It is not often that you can get time with someone like Tom Fox and pick his brain on FCPA and compliance issues. Eddie Cogan, the CEO and Founder of Catelas, was fortunate enough to sit down with Tom for dinner this week in Chicago at a World Compliance FCPA event. We  thought we would share some of Tom’s Pearls of Wisdom.

Q1: looking across the entire spectrum of FCPA violations what things stick out:

A:

  1. the continued increase in FCPA enforcement actions. It is not going away anytime soon.
  2. the DOJ is focusing industry by industry and we can definitely see their current focus on Pharma/medical devices and Private Equity; on top of the usual suspects. Now the DOJ seems to looking at aerospace and defense industries.
  3. finally I think we are seeing a greater focus on individual executive responsibility – a recently the President of Terra Telecom received  a sentence of 15 years

Q2: So what should a compliance officer do in the face of this scrutiny? Especially when such officers are sitting in offices very far removed  from the action:

A: well for starters not knowing is not a defense.  The DOJ have advised on what is a minimum best practice for compliance and most recently indicated “Enhanced Compliance Obligations”.  You need to incorporate these into your program.  If I were to focus on 3 things it would be 1) know your third parties, 2) training and 3) documentation, documentation, documentation.  The latter I repeat because its so important to be able to show the regulator when they come calling that your do have systems in place and that you do have a systematic reasonable approach to the task.

Q3: One of the things I am seeing more of recently is the concept of due diligence and ongoing audit programs.  That seems to be much more substantial than policy and training.

A: yes it is.  In the recent J&J case, we saw mention of obligations like “J&J will conduct due diligence reviews of sales intermediaries, including agents, consultants, representatives, distributors, and join venture partners” .  There is also a recognition that risk changes over time and that you need an ongoing program of review & audit in place.

Q4: What advice do you have for Compliance Officers trying to tackle this problem {of knowing your Partners} ?

  1. You need to fully assess, in writing, your overall risk parameters in a Risk Assessment. That is your starting point.
  2. Your due diligence should be based on the risk you assess for the third party.
  3. You should continue to perform and update your due diligence at greater than one year intervals, particularly if the risk profile has changed.
  4. Follow the DOJ enforcement actions and Opinion Releases for your best sources of information on the DOJ’s latest thinking on best practices.

The over-riding theme to the discussion was “know your partners” which is all well and good, but it is no trivial exercise. Large multi-nationals could typically have hundreds if not thousands of partners around the world; distributors who partner with 3rd party resellers or partners who sub-contract with local businesses. This can quickly and easily become a complex web of business relationships which is constantly evolving and changing. As Tom intimates, the only way to stay on top of it is to leverage technology, systems and documented processes so that company’s can more confidently say, “yes we know who our partners are” and “yes we know how business is being conducted”.

For more information about Catelas 360 degree Partner Assessments, look here.

Pharma’s in the cross-hairs – turning up the heat!


There seems to be a lot of heat in the Pharma compliance kitchens right now with a series of federal investigations and settlements. Stephanie Rabiner’s blog post summarizes the recent activity –  “Glaxo pays $3B fine, Pfizer paid $2.3 billion in 2009, while Eli paid $1.4 billion the same year. And Abbott Laboratories agreed to a $1.3 billion settlement in recent weeks.”

These cases center around fraud, off-label promotions and/or kickbacks and many go back over the last 10 years. Viewed holistically and considering the consumer suits that accompany these federal one’s, it is a very big deal. The Pharma Industry is certainly in the cross-hairs right now. And the heat is being turned up.

Another blogger, Richard Cassin, last month wrote about “a flock of Pharmas”, asking the question, was the Pharma industry simply prone to these types of investigations, given the business they are in?

The allegations being investigated are certainly broad – the illegal marketing of a number of drugs, de-frauding the Medicaid program, FCPA violations, to name a few. Is this the culmination of the big investigations or is this the tip of the ice-berg?

I also looked a little closer into the Pfizer case, started by a whistle-blower lawsuit. Turns out that the list of 10 whistle-blowers includes two former employees who had spent 24 years and 16 years respectively with Pfizer.  Long careers certainly, long memories, perhaps? This is not to say that the industry is inherently corrupt, but like the financial services industry, which was placed under massive scrutiny following Madoff, these types of investigations force every company in the industry to look in the mirror.

Given the revelations coming out of Penn State University this week, I would say that every Compliance Officer should be looking a little harder into their company’s Ethics programs to be sure that their company is not the next big Wall Street head-line.

How well do you know your Partners and 3rd Parties?


Reading through the Mike Volkov and Tom Fox blogs certainly provides food-for-thought around FCPA violations and infringements. Mike is holding a webinar next week to talk about FCPA with respect to Private Equity and Hedge Funds, in particular when such companies are considering international mergers or acquisitions; Tom talks about whether FCPA scrutiny revolves around the oil and gas company because of the places where they operate or the ‘cowboy tradition’ of the industry.

These articles got me thinking about the partners and 3rd parties that such companies contract with to conduct business in countries like Russia, China and Mexico. My question for companies with significant international operations is simply “How well do you really know your Partners and 3rd Parties?” I posed a similar question in my blog last month, but the point is worth repeating.

Most companies it seems, who are expanding their international businesses or looking at potential M&A activity, do a pretty good job at the front end – ie the due diligence stage. Vetting partners, 3rd party relationships, etc. The problem is that business relationships are not static – they change and evolve. Personnel changes, from sales to research and development teams to supply chain partners. With these changes, so does ‘who we do business with’ and more importantly ‘how business is conducted’.

At Catelas we are not advocating that companies need to monitor every business relationship every minute of the day, but we certainly recommend regular check-ups (or assessments). For example, a company might be have expanded its business operations into South America. Well it would not hurt to conduct a business partner / 3rd party assessment after 1 year to examine what those business relationships look like. Or a major pharma company conducting clinical trials in Indonesia may find it makes sound business sense to identify the key relationships that exist between the company, partners, 3rd parties and hospitals, six month into those trials.

As this picture shows, these 360 degree assessment need not be a massive, expensive investigation in-country. Nor is it a major audit of the company’s financials and partnership contracts. Rather they are designed to be a non-obtrusive examination of how  business is really being done on a day-to-day basis – ‘who is talking to who’, and ‘what are the key business relationships in place’. It provides first and foremost ‘peace of mind’ that the company is conducting business ethically. But if red flags are raised as a result of the assessment, then it provides a process for undertaking a more detailed examination.

And hence the MRI analogy we have used before – the Catelas 360 degree assessment provides an MRI into your foreign business operations – answering the question “How well do you know your 3rd parties?”. To learn more take a look here or give us a call. I would love to hear your views.

Early Case Assessment and The Cloud


A few weeks ago I wrote about the Early Case Assessment Trap and today as I was following the goings-on at the annual ACC get-together, it reminded me of our legal industry buzz-words and how vendors constantly re-invent themselves around the latest buzz. No doubt this week “cloud” will be hot  and “ECA” will still be generating a lot of noise.

The way I see ECA being applied is that the C stands for Cost not Case. Opposing Counsels get together and agree the scope of discovery based on the anticipated cost of the “document hit count” arising out of the agreed keyword terms.

Now granted, this is an over-simplification of a complex legal process and sure ECA means many things to many people. But, what we are not seeing is good, honest work being done in the early stages of a case to truly understand things like, who is involved, what is the company risk or exposure, is their sufficient evidence, what action should we be taking?

“Early Cost/Case Assessment” can quite easily become a template for “how much is this going to cost us” and “can we settle for less”.

At Catelas, because of the “buzz-word effect” which tends to make all vendors appear equal, we have shied away from calling ourselves an Early Case Assessment solution, for this very reason. We prefer to be thought of as Early Case Intelligence, where we endeavor to answer these key questions – who is involved, what was said and what action should the company take? We are trying to provide real, upfront intelligence to the client that helps them make smart decisions about the case, going forward. At then end of the day, Counsel does not want to be surprised with a “gotcha” six months into the case. Our mission is to ensure that Counsel gets “One Step Ahead” by providing key intelligence about the case within the first couple of days.

So this year at the ACC Annual Meeting, Early Case Intelligence may not [yet] be an industry buzz-word, but watch this space…

If you want to find out more check out this preso

A new age of Whistle-Blowers


I read an interesting article last week by Joelle Scott about the “secret” whistle-blower at BNY Mellon. It turns out that Grant Wilson was the undercover whistle-blower who detailed how the bank had allegedly overcharged investors in their currency trades and defrauded investors for years.

This from the article… “So what is shocking about the BNY whistleblower is not that he exists but rather that he worked in conjunction with attorneys, regulators and fraud heroes to provide evidence for a massive lawsuit against his employer (the Justice Department and the NY Attorney General are seeking over $2billion from the bank).  This is almost as shocking as when the government used wiretaps to confirm and reveal the enormous insider-trading ring orchestrated by Raj Rajaratnam and his cohorts.”

In a shady world of fraud and corruption, law enforcement is to be applauded for making inroads by planting undercover agents into corporations or getting increased help from insiders.

But coming from the Information Security business, it does make me think about the people we work with that we take for granted on a day-to-day basis. Not if they are potential whistle-blowers, but the opposite. Are any of these colleagues working on the dark-side: do they have relationships with corrupt organizations, are they providing sensitive information to competitors? Do they have relationships that might be harmful to the company? Bar a cursory background check when an employee enters a company, the truth is, we really don’t know.

Worse, we only potentially find out once a crime has been committed, long after the horse has bolted from the stable.

And that is why Catelas is all about Relationships – it all comes down to ‘who you know’.

What does an MRI and Enterprise Risk have in common?


Do you remember the days of X-rays when a GP would hide behind a screen and a huge puff of smoke would erupt from some weird-looking industrial type camera. Bygone days when surgeons operated with precious little knowledge about the patient’s condition. Risky business!

Today surgeons make use of sophisticated MRI’s, endoscopes and the like to perform key-hole surgery. Not only do they pinpoint the exact cause of the ailment before they operate, but the corrective procedures are conducted in a fraction of the time.

I use this MRI analogy for the work we are doing at Catelas. As I mentioned in my Gaping Hole in the EDRM post a week ago, what we do is provide Early Case Intelligence about a matter before the ‘operation’ of collection, processing and review takes place. Like a surgeon today, who would NOT conduct an MRI before operating on the patient?

Likewise, in the area of Compliance, specifically for Financial Services, we provide comprehensive surveillance of Information Barriers and Watch Lists. Because we can monitor an entire company’s communications patterns pro-actively, the company is leaving nothing to chance.

And just like a surgeon who knows how to read an MRI, we can immediately uncover enterprise risk that prompts the Compliance Officer to take further action.

My key point here about Enterprise Risk is that companies in many ways are operating like the surgeons of old – they do not have MRI’s to help them pinpoint precisely where the risks are. In eDiscovery or Compliance this is the role Catelas plays – helping you assess the risk before you start a widespread and costly collection and review operation.