Tag Archives: e-discovery

E-Discovery & Fraud Mitigation

Keyboard2One of our fellow Chapter members currently finds himself consumed by a complex examination involving e-discovery issues.  It seems the case involves the production to the court by our member’s client of all the e-mails of 20 named employees directly or indirectly involved in a suspected fraud over a three year period.  Needless to say, the client organization, a medium sized company with outsourced administration of its IT to the cloud, is struggling to comply within the court’s strict timeframe for compliance.

The U.S. court system’s Federal Rules of Civil Procedure (FRCP) have required for the last decade or so that any enterprise that might find itself involved in litigation in federal court must maintain electronic records.  The general term “electronically stored information” (ESI) as applied to today’s vast array of electronically generated documents, encompasses more than just the simple fact of storage and retention, but extends on to the requirement that the ESI generated by an enterprise is also secure and protected from unauthorized access, use or destruction.  Further, the FRCP rules require that company attorneys and IT managers be able to clearly demonstrate to the court how ESI is stored, the company procedures established to manage, control, protect and retrieve it under court order and the policies governing their retention.  If all that weren’t enough for any organization, the rules require evidence of an established history (and an implementation routine) for any deletion of our client companies ESI.  Feigned ignorance and plausible denial of the requirements are not tolerated and can lead to heavy fines and penalties.

Two important concepts involving ESI have complicated the case of our member’s client; hold management and spoliation.  Hold management refers to the company’s ability to effectively respond to a legal action.   Once an enterprise is notified of a legal action, all records that may relate to that action are placed on legal hold; they may not be destroyed or altered and their profile information may not be modified.  They must be protected from destruction until the hold is lifted by the court.  Our member’s client, in the normal course of business, had overwritten a number of relevant employee e-mails in the understandable effort to make room for new data on its e-mail server.

As a consequence and to make matters worse, during the legal process the client firm also found itself potentially guilty of spoliation of evidence.  Spoliation of evidence refers to the willful destruction of evidence that’s germane to the case in litigation and this includes destruction of ESI.  Spoliation is an issue fraught with complication in our cloud based world; given the volume of electronic documents created in virtually every business today it’s necessary to delete, archive and overwrite documents in the routine and normal course of business.  Indeed, many client companies have existing data management systems and/or data retention policies in place which mandate deletion on a regular basis. That’s exactly the case with our member’s client.

Fortunately, for the client, it had a formally documented, board approved, data retention policy in place.  Section 26(f) of the FRCP provides for a safe harbor against sanctions being imposed in the event that electronic information might be lost under the “routine good faith operation” of such a data management system or data retention policy as the client’s.  It’s important to emphasize, however, that this amendment doesn’t provide a shield for any party that “intentionally” destroys specific information due to its relationship to litigation or for a party that allows such information to be destroyed in order to make it unavailable to discovery by exploiting the routine operation of an information system.

As a component of our routine fraud risk assessments, we need to point out to our clients, in light of the variety and volume of the communications that pass through their organizations each day, the absolute necessity for a viable, well-thought-out, and fully tested document management program covering communications data currently at rest in all media.  But it isn’t enough to simply have a plan.  The fraud risk assessment tests the likelihood of the occurrence of differing fraud scenarios and tries to propose countermeasures.  Part of the on-going testing of scenarios should be testing of the data management’s plan’s capacity to specifically handle the data demands of the litigation process.  This should even include the evaluation of systems as sources of ESI containing older information; if such information can’t be assessed reasonably and at reasonable cost, a determination should be made (and documented) as to whether the data should be retained.

In the case of fraud, we know it’s not a question of “if” but “when”.  We should recommend, as a component of the fraud prevention program, that the client periodically conduct benchmarking exercises using the enterprise’s data retrieval tools of choice against all the client’s varieties of ESI to establish ease of retrieval metrics.  These types of metrics establish the time frames and costs of searching various electronic communications source systems under various fraud scenarios and their related parameters, i.e., how long will it take to gather all the internal communications having to do with the introduction of a customer service that’s the subject of litigation involving deceptive advertising practices; what are the costs involved in producing all communications involved with a significant management financial fraud, etc. The point is that repeatable data recovery processes that have been periodically tested under a schedule and found to reliably return actionable, sought-after records can be a significant key to the successful negotiation of e-discovery requests as well as significantly reduce the costs associated with fraud mitigation, litigation and loss recovery.

E-discovery Challenges for Fraud Examiners

black-signI returned from the beach last Friday to find a question in my in-box from one of our Chapter members relating to several E-discovery issues (electronically stored information) she’s currently encountering on one of her cases.  The rules involving E-discovery are laid out in the US Federal Rules of Civil Procedure and affect not only parties to federal lawsuits but also any related business (like the client of our member).  Many fraud professionals who don’t routinely work with matters involving the discovery of electronically stored information are surprised to learn just how complex the process can be; unfortunately, like our member’s client company, they sometimes have to learn the hard way, during the heat of litigation.

All parties to a Federal lawsuit have a legal responsibility, under the Rules of Civil Procedure and numerous State mirror statutes, to preserve relevant electronic information.  What is often not understood by folks like our member’s client is that, when a party finds itself under the duty to preserve information because of pending or reasonably anticipated litigation, adjustment in the normal pattern of its information systems processing is very often required and can be hard to implement.  For example, under the impact of litigation, our member’s client needs to stop deleting certain e-mails and refrain from recycling system backup media as it’s routinely done for years.  The series of steps her client needs to take to stop the alteration or destruction of information relevant to the case is known as a ‘litigation hold’.

What our clients need to clearly understand regarding E-discovery is that the process is a serious matter and that, accordingly, courts can impose significant sanctions if a party to litigation does not take proper steps to preserve electronic information.  The good news is, however, that if a party is found to have performed due diligence and implemented reasonable procedures to preserve relevant electronic data, the Rules provide that sanctions will not be imposed due to the loss of information during the ‘normal routine’ and ‘good faith’ operations of automated systems; this protection provided by due diligence is called the ‘safe harbor’.

To ensure that our clients enjoy the protections afforded them through confirmation of due diligence, my recommendation is that both parties to the litigation meet to attempt to identify issues, avoid misunderstandings, expedite proper resolution of problems and reduce the overall litigation costs (which can quickly get out of hand) associated with E-discovery.  The plaintiff’s and defendant’s lawyers need some sort of venue where they can become thoroughly familiar with the information systems and electronic information of their own client and those of the opposing party.  Fraud examiners can be of invaluable assistance to both parties in achieving this objective since they typically know most about the details of the investigation which is often the occasion of the litigation.  Both sides need to obtain information about the electronic records in play prior to the initial discovery planning conference, perhaps at a special session, to determine:

–the information systems infrastructure of both parties to the litigation;
–location and sources of relevant digitized information;
–scope of the electronic information requirements of both litigants;
–time period during which the required information must be available;
–the accessibility of the information;
–information retrieval formats;
–costs and effort to retrieve the required information;
–preservation and chain of custody of discover-able information;
–assertions of privilege and protection of materials related to the litigation.

Technical difficulties and verbal misunderstandings can arise at any point in the E-discovery process.  It often happens that one of the litigants may need to provide technical support so it that digital information can even be used by the opposing party … this can mean that metadata (details about the electronic data) must be provided for the data to be understandable.  This makes it a standard good practice for all parties to test a sample of the information requested to determine how usable it is as well as to determine how burdensome it is to the requested party to retrieve and provide.

It just makes good sense to get the client’s information management professionals involved as soon as possible in the E-discovery process.  A business will have to disclose all digitally stored information that it plans to use to support its claims or defenses.  When faced with specific requests from the opposing side, your client will need to determine whether it can retrieve information in its original format that is usable by the opposition; a question that often only skilled information professionals can definitively answer.

Since fraud examination clients face E-discovery obligations not only for active Federal litigation but also for foreseeable litigation, businesses can be affected that merely receive a Federal subpoena seeking digital information.   Our questioner’s client received such a subpoena regarding an on-going fraud investigation and was not ready to effectively respond to it, leaving the company potentially vulnerable to fines and adverse judgments.