As the number of regulators grows, so does the amount of requests for information. There can be questions asked related to fiscal, environmental, privacy, finances, or health matters; you’re expected to answer all inquiries in a timely fashion.
There is more data containing evidence of events and a full audit trail of everything that happened in your mailboxes, SharePoint, file shares, other repositories or even social media. The regulatory agencies know that too and they go after this information if they suspect anything or of they are informed by a whistle blower.
Requests for information can be tricky, but they are relatively innocent. However, a regulator can also decide to pay an unannounced visit. Such visits are a lot more disruptive for your organization. Regulators are, in principle, allowed to view and make copies of any (digital) document they need for their investigation. In both cases, panic ensues whenever a regulator shows up and the second they do, the race against the clock starts.
What do regulators look for? All parties involved want to have a clear picture of the true nature of events as soon as possible. For you, it’s important to cooperate and get it over with in order to avoid damage to your reputation. The key questions in these types of situations is what do regulators seek, and how do they go about finding it?
On September 11th 2018, the ACEDS Benelux Chapter brought together a panel of specialists in Amsterdam to discuss those questions. Five expert investigators joined us to explain how regulators go about answering questions such as: what persons are relevant to their investigation? Is management involved? What happened exactly? When did these events occur and how did they unfold?
Participating in the panel were Ronald van Vliet forensic expert from the Dutch Healthcare Authorities (NZA), Marlie Kraesgenberg investigator from Integis, Marc Wiggers, anti-trust attorney from Loyens & Loeff, his colleague Robin Fiolet, forensic investigator and Johannes Scholtes, president of the Benelux ACEDS chapter, full professor in AI and Text-Mining and Chief Strategy Officer at ZyLAB.
Not only the amount of data we have to deal with grows, the number of different regulatory agencies we have to take into account does too: local, national and supra-national focusing their attention on oversight for Financial-, Bribery-, Fraud-, Environmental-, Healthcare-, Data Privacy-, Consumer Protection-, and Food & Drug Safety-regulations.
Once an information request (or worse, a seizure as a result of a dawn raid) occurs, all parties involved want to have a clear picture of the true nature of events as soon as possible. For you, it’s important to cooperate and get it over with in order to avoid damage to your reputation. The key questions in these types of situations are what do regulators seek, and how do they go about finding it?
- Answers have to be complete
- Answers have to be acute
- Answers have to be timely
Accidentally withholding and not providing information can lead to all kinds of other problems, including significant fines, on-site oversight, board changes, and even involvement in the management of your company.
Ronald van Vliet explained how his agency uses ZyLAB to upload collected information or how they can even collect directly from Office 365 mailboxes into ZyLAB ONE. Before any investigation can be done, suspects can remove legally protected privilege (LPP) information, which used to be a challenge, but can be done very fast using the software. There may be some discussions between all parties involved, but this can also be handles easily using ZyLAB’s review workflow.
After having identified legally privileged information, the regulatory agencies can start their investigation: who did it, was management involved, was management driving the irregularities, did management know about it, where there early warning signals, were these picked up or ignored? These are often the most important questions. But also what happened, when, how, until when, and why? Were there any similar events? Who benefited? All questions that have to be answered.
Analytical tools and information facets that provide the information into predefined groups makes their lives much easier. But both Ronald van Vliet and Marlie Kraesgenberg, who does a lot of investigations on the orders of regulatory agencies, also look for non-incriminating evidence. For this reason they also need to record the search queries they use and the results obtained by such queries, which is an easy task by using automated reporting tools.
Subsequently, Marc Wiggers, anti-trust attorney from Loyens & Loeff, and his colleague Robin Fiolet expressed their concern over the use of keyword search, as applied by regulatory agencies: often the used keywords are so broad and then they are also combined by using a Boolean OR operator, which sometimes brings back entire document collections, resulting in potential fishing expeditions.
Marlie Kraesgenberg explained how Integis uses Machine Learning (Assisted Review) to overcome this problem, which was confirmed by Robin Fiolet, who used the same on behalf of his clients. A very interesting result of this panel discussion was that accordingly, all parties agreed that it would be beneficial if regulatory agencies and law firms organized a discussion led by ACEDS to discuss these problems and come to a mutual understanding of using more advanced technology. Because, regulatory agencies use high-recall search to avoid the risk that they miss relevant information. These high-recall operators generate too much noise, resulting in the fact that regulatory agencies have to review so many documents that it takes them all their capacity. They prefer search with both high precision and high recall, and if one can also reliably estimate the established recall and precision levels as is the case with ZyLAB’s Assisted Review, then this would also help them.
All parties agreed that technology was the only way forward to deal with the information explosion and that a platform such as ZyLAB also helped all parties (in-house IT, in-house legal, law firms and regulatory agencies) to communicate better and implement regulatory fact finding missions and internal investigations much more efficient and better.
After more than 90 minutes discussions, Robin Fiolet, board member of ACEDS Benelux Chapter, offered all attendees to finish discussions in the Loyens and Loeff café, accompanied by drinks and snacks in the Amsterdam tradition. Thank you all for another great ACEDS event!