MCC: In keeping up with data volumes and the constant evolution of available technologies, companies and professionals involved in the world of e-discovery are recognizing the need to take a more proactive approach to corporate data. How does information governance fit into this picture?
Kelly: Information governance (IG) is key these days. I spend a lot of time working on corporate investigations and increasingly find that the underlying information within documents that are targeted for review will become critical evidence itself. That information can take the form of electronic documentation of financial transactions, emails or any other ESI you can think of. Managing that information and establishing appropriate governance policies, such as for data retention and disposal, are essential steps toward ensuring that compliance and other corporate objectives are met.
Today's business world is global; companies are operating in multiple jurisdictions and, therefore, are subject to many different regulators across geographic locations. Being able to respond to regulators is simply fundamental to running a business. At AlixPartners, we are often called upon to help clients deal with cross-border regulatory regimes and the associated governance. And a big part of that latter process is helping to ensure that their IG house is in order, meaning they are maintaining the necessary documentation in case of an investigation or litigation.
MCC: Beyond compliance, what other top-of-mind concerns are you hearing from clients?
Kelly: Right now, one hot topic relates to dealing with allegations of corporate malfeasance, which may come from anonymous tips, current or former employees acting as whistleblowers, the Internet or perhaps a blog. Such allegations require timely, in fact urgent, analysis of a company's information to get to the heart of the matter.
Increasingly, companies are facing formal allegations, meaning those levied through an external party. Ultimately, some prove to be insignificant, uninformed or maybe completely baseless, but others have merit. The evolving issue in this area is in how these allegations are communicated, and here I am referring to a shift away from informal internal reporting as a first step. Not long ago, it was typical for an employee to voice a concern to his or her manager in an understated way. The manager would escalate the issue, maybe to internal audit, which then triggered a normal internal review process to evaluate the merits and take action as appropriate.
These days, it’s common for a company to first hear of an allegation or employee concern upon receipt of a formal letter from a law firm representing that employee, or perhaps a letter – written by the employee or seemingly anonymous – with language that certainly appears to be legal in nature. Those letters often contain explicit or implied threats to report directly to a regulator or a court on a timely basis. So the nature of these communications creates an unprecedented urgency to get to the bottom of the expressed concern.
Naturally, data is at the heart of that process and underlies any opportunity to make a well-informed judgment as to the existence and severity of the problem. And when speed is a key factor, being able to collect and analyze information quickly and effectively is mission-critical.
MCC: When a company first hears about an allegation, what are the next steps, and how does the timeline play out?
Kelly: The day-one objective is to scope out the allegation and evaluate what information may exist that assists with a determination of the merits and magnitude of the problem. It’s a brainstorming process to define the population of potentially relevant information, leading to the immediate need to preserve that information. This often involves making duplicate images of financial reporting systems, servers and the employees’ hard drives, and it’s critical to do this in an informed way so there is no loss of information before the review can begin in earnest. That’s day one.
On days one, two and three, we chart out a course of action as to how the concern will be investigated. What data will be analyzed? Who will be spoken to? AlixPartners works closely with clients during this phase to set the best strategy, meaning a timely, organized and focused approach for the review and analysis of relevant information.
At this point, it may or may not be reasonable to put together a preliminary timetable as to how long the process will take and what milestones should be set for the review. But in all events, everything we do will have a sense of urgency within thoughtful boundaries. From here, the process will evolve as we begin to analyze the information and speak to people with relevant knowledge, and we know it’s important to stay nimble so we can make midcourse corrections as needed.
MCC: Can data analytics help companies proactively manage these issues?
Kelly: It certainly can. With the help of firms like AlixPartners, companies are becoming more sophisticated at proactively monitoring transactional activity as it flows through their systems – to identify anomalies, inconsistencies and transactions for which deeper analysis may be warranted, even before a concern is raised. Using well-designed data analytics can accomplish all those tasks.
We can discover, for example, that a transaction was fraudulently recorded and reflected in financial reporting before the transaction even happened. We can uncover suspicious trends, such as extraordinary sales volumes being reported on the last day of the quarter or records of large, round-dollar disbursement in certain accounts, which may point to inappropriate activity such as bribery.
Employing data analytics on a proactive basis requires an approach that is tailored to the individual company or industry. Different cultural or geographic operating environments and how a company does business with government agencies all play into the development of a proactive initiative, and the particular customization will draw on a company’s actual experiences with past irregularities as well as any known susceptibility to a unique phenomenon experienced by other companies in the same industry.
MCC: It sounds like an experienced firm like AlixPartners brings to the game a host of proven insights and industry knowledge in making these proactive efforts sing.
Kelly: That's right. We engage with various companies facing real problems, and by investigating those problems across a wide expanse of issues and across many industries, we offer a broad swath of experience in helping them – and our next client – explore how to remediate their control environments with an eye toward prevention.
MCC: We know data security is a major concern for corporations. What’s your take on the state of affairs?
Kelly: Until recently, discussions about data security focused on organizations like financial institutions that held personal information. Today, we face a whole new world. On a daily basis, newspapers report breaches of private corporate data and the damage caused by hackers. I was recently talking with a member of top management of a global company operating outside of the financial services industry who recounted not one but three penetrations of his company’s systems in a single month. So my take on the current reality is that data security is a critical issue facing corporate America regardless of what business line you are in.
Within data security, there’s a lot of buzz surrounding the concept of privacy rules that are specific to an individual country. We regularly manage this complexity during investigations or other work on an international scale. AlixPartners has dedicated servers throughout the world, which enables us to analyze data within its home country, stay compliant with regulatory and legal requirements, and serve a client’s individual desire to keep information within a particular jurisdiction. As a global service provider, AlixPartners understands the need to be responsive on all fronts.
MCC: Talk about the role of technology in facilitating the work you do in AlixPartners’ Financial Advisory Services practice.
Kelly: Technology has become an incredibly important tool, and in my practice, particularly so when handling corporate investigations. State-of-the-art technology enables greater efficiency and accuracy in handling the large data sets that accompany these matters. It facilitates the analysis of transactions and the search for outliers or potential anomalies within the data, and it serves the important goal of honing in on the issues requiring focused attention. And we are constantly evolving in this area because as technology develops and as people use technology in more and different ways, we need to stay on top of that in the delivery of our services.
MCC: How has AlixPartners’ recent merger with Evidence Exchange enhanced your overall game?
Kelly: Evidence Exchange has a very strong reputation in the marketplace, so the merger prompted quite a bit of positive feedback. In fact, after the announcement was made, I received a number of emails from partners at very prominent law firms saying what a wonderful match it was – both culturally and in terms of quality of service.
As one of the leaders of the Financial Advisory Services Practice, I was thrilled about the Evidence Exchange team joining us. In addition to the synergies we now enjoy, the merger enables us to provide a greater breadth of services. In the litigation context, for example, not only can AlixPartners handle electronic discovery and document management, but now more expanded expert witnesses and litigation consulting services.
MCC: Give us some final thoughts on excellent client service and what really distinguishes AlixPartners.
Kelly: We have a saying, “When it Really Matters," which encapsulates the firm’s approach to the time-sensitive nature of our work. Whether we are facing a corporate investigation, a concern about the integrity of financial reporting or transactions, or a large-scale litigation, we operate with the same sense of urgency as our clients. When it comes to meeting this most primary of client needs, we get it.