By Greg Moreman
Maybe you receive a whistleblower complaint. Perhaps you’re conducting a routine data audit when you discover evidence of a potential issue within your organization. Suddenly, you’re kicking off an internal investigation.
Fifty-one percent of compliance and risk groups expect investigations at their companies to increase over the next two years, according to a survey by Compliance Week.
If your organization isn’t currently taking steps to prepare for future investigations, you may be headed for trouble. This piece will help you understand the reasons for the increase and what you need to get ready for the coming investigation wave.
An Overloaded System, Overtaxed
An increase in investigations means unwelcome news for organizations that already struggle to keep up with the existing demand for data management and ever-evolving technological needs. Specifically, three overarching pain points currently cripple most team’s investigation efficacy:
1) A quick timeline. As the SEC noted, the first 30 days of an internal investigation are critical and have lasting consequences. And 46% of Compliance Week’s respondents agree, stating that their biggest pain point was not having enough time to complete work with their available resources. In addition to a quick start, news of an internal investigation can spread like wildfire throughout the media, thrusting compliance department leaders into the much-avoided hot seat.
2) Lack of internal resources. This issue plagues organizations in several ways:
- Not enough people. Many companies do not have well-rounded legal compliance teams, often due to budgetary restrictions. After all, other departments make money for a company, while compliance and risk teams are viewed as “overhead.” Adding insult to injury, the ever-changing nature of Electronically Stored Information (ESI) requires collaboration between various departments, stretching already tight resources.
- Too much data. Several types of investigations notoriously involve large amounts of ESI, such as those related to employee conduct, cybersecurity and data breaches, and regulatory investigations. Compliance Week’s respondents noted that these types of investigations take up about 35% of their overall investigations. Making matters worse, Covid led to an increase in such data, with much of the workforce operating offsite for well over a year.
- Too many sources. Now more than ever, an organization’s data is spread throughout multiple platforms, and a one-size-fits-all approach to data collection simply won’t work. Take Slack, for example. Only the administrator can access the entire environment in Slack, meaning that if they do not have the technical knowledge to do so, your team may be left in the dark (see 7). Further, Slack allows users to delete their messages without any automatically generated audit logs. Now, consider all the platforms your organization uses (i.e., Teams, Zoom, WhatsApp) and each software’s unique structure. If your organization isn’t using a tool to cull and aggregate information from all these sources, you’re potentially at risk of missing critical data.
- Increase in remote collections. Covid increased the need for expertise with remote data collections. More than ever, workers had to utilize various technologies to complete their work, including cell phones, laptops, and diverse software platforms. Additionally, file storage expanded from a central location to numerous offsite computers and servers, further complicating data retrieval efforts.
- Limited budgets. Even though almost half of Compliance Week’s respondents noted that time constraints and lack of resources are some of their most significant pain points, 46% stated that they anticipate their budget for investigations to remain the same. Even sophisticated customers who are working hard to streamline their processes are still working pursuant to restricted budgets, pulling in whoever is available in the department and using broad search terms to manually review each and every document.
3) Failure to leverage tech. Despite the amount of data companies must review in an investigation, 76% of respondents said they still perform a manual review, with only 7% reporting use of advanced analytics, such as continuous active learning. eDiscovery tools are more powerful than ever and can significantly reduce the amount of time (and money) spent on an investigation.
Even companies that use some technologies aren’t using them to their fullest extent. Perhaps leaders don’t feel they have a good grasp on how to use the technology or feel they don’t have time to learn (or teach). In any event, understanding tech is critical for a successful investigation and can lead to various other benefits to boot.
With an increase in investigations on the horizon, these problems will only get worse if organizations don’t take measures now to bolster their processes.
Problem Areas Ahead
It’s true that investigations as a whole are likely to increase due to the rise of incentives for whistleblowers and the prevalence of “speak-up culture.” Further, the public’s demand for greater transparency during internal investigations spotlights the need to investigate wrongdoings. The following areas are hot topics for future investigations:
- Data privacy. Due to ever-changing regulations and laws concerning data, coupled with consumers’ heightened expectations of privacy, data privacy, and related potential investigations should be top of mind for every organization.
- Although similar to data privacy, cybersecurity investigations focus on responding to security breaches. With increased online access to customers’ personally identifiable information and protected health information, companies will likely face increased investigations regarding their cybersecurity policies.
- Third-party C-suite vetting. Scrutiny for C-suite executives has increased exponentially due to the public-facing nature of their jobs. “A senior executive’s words or actions,” according to OpenText’s Tom Gricks, “don’t even have to be criminal or fraudulent in nature to come under scrutiny.” You don’t have to look far to find executives who learned the hard way that even a decade-old ill-conceived tweet can prove treacherous.
- Regulatory investigations. Many believe that regulatory enforcement will increase. The DOJ has stated it intends to hold business executives to the same standards when it comes to discouraging unlawful practices, aiming to bring criminal charges at the highest level of an organization. In fact, the DOJ recently obtained its firm criminal enforcement of labor market antitrust violations sending a clear message to businesses regarding its no-poach approach to the market.
Companies hoping to get ahead of an increase in investigations should take a proactive approach to shore up their investigation policies and procedures.
Preparing Without a Third Party
The following steps can drastically improve your preparedness for an internal investigation:
- Develop a strike team. An investigatory strike team, similar to an eDiscovery Dream Team, made up of individuals or vendors with the technological experience required to quickly and efficiently cull information is critical.
- Shore up data management. Enhancing your eDiscovery processes can cut costs, avoid mistakes, and help focus your organization’s overall goals during an investigation. And, since rules of civil procedure don’t govern investigations, this is the perfect opportunity to leverage technology to its fullest capabilities. The sky is truly the limit – how you search, narrow, or utilize tools can ebb and flow as you learn how to best optimize your tech.
- Invest in technology. eDiscovery tools are essential to help quickly and accurately sift decades of data into meaningful categories and patterns. If you’re not currently using automation, context, and intelligence tools, you are working harder, not smarter.
How to Prepare
Companies send their investigations to a trusted partner for various reasons, including the need for subject matter expertise, assistance with complex matters, and knowledge of artificial intelligence platforms.
For starters, vendors should employ a tailored approach unique to their customer’s business needs. Watch out for those that operate on a one-size-fits-all model.
Level Legal takes the opposite approach. Our greatest value is that we view your situation as unique; in fact, our mission is to make legal human. That means we cultivate long-term relationships with our customers. We understand your people, your data, and your organization, allowing us to provide:
- A quick and nimble response. Our team is small but mighty. Our familiarity with your organization and business allows us to hit the ground running without the need to get up to speed on your business.
- Data expertise. Our close-knit relationships with our customers allow us to truly know and understand your business—we know what documents to look for, your company’s unique business language and acronyms, and potential custodians. We have also developed a unique database of team members with highly specific tech proficiencies and experience, meaning you have an expert in your business and your tech stack direct from the start.
- A proactive team ready and excited to help. Our core values and team culture allow us to attract and retain the best eDiscovery attorneys. We search high and low for team members eager to serve our customers with empathy and excellence.
- Organization-specific tools to streamline your investigation. Our team members utilize various tech tools to ensure we gather, review, and present your data to you in the most usable form possible. Our tools include data visualization, cluster wheels (charts, graphs, and timelines), and communications and sentiment analysis (who is talking, how frequently, and what their communications mean). We layer these tools to determine patterns, key ideas, and concepts, ensuring we discover the most relevant material, as well as any irregularities within the data.
Internal investigations are stressful enough; don’t go at it alone.
Need to assemble your strike team? Contact Level Legal for help.
Greg Moreman leaves nothing to chance. This includes weather forecasts, culinary adventures, and the best time of year to buy a holiday turkey. In fact, if our director of legal compliance services were a proverb, he would be, “Measure twice, cut once.” If he were a rapper, he’d be “Lil Inbox Zero.” Greg’s a generalist, a role Level Legal leans on when growth pains bring new problems or when a new strategy means new processes. Greg handles it. Never complaining. Always willing. His work and his example benefit everyone.