Following the initial sense of “shock” when learning that compliance needs to be a formal programme, enterprises continue to struggle with challenges around implementation. Detecting risk, mitigating that risk and avoiding criminal liability are all vital to ongoing compliance with ever-changing antitrust regulations. Many early compliance programmes were implemented under aesthetic parameters. Significant doubt remains as to whether they will be sufficient to completely avoid sanctions. After the initial rush to cover all bases and avoid being behind the market, the battle will be won by those companies that invest in an effective and well-adapted programme.
They say that prevention is better than cure. One of the best formulas for avoiding the problem altogether is to simulate, by way of internal audit, an investigation which allows the company to understand the possible risks should a regulator come knocking on the organisation’s door. This type of regular audit has material value in risk prevention. Designing and implementing these simulations is not limited to large companies with unlimited resources. In fact, by leveraging relevant technology and expertise, the upfront, fixed costs are typically a very small fraction of the risk the audits are desperately trying to mitigate.
Here we illustrate some of the primary hesitations we have seen with compliance teams in Iberia/Europe and the reasons they are nothing more than unwarranted fears:
• Where do we start? Given the spectrum of risks companies face, knowing where to look can be the most daunting task. Antitrust, corruption, blackmail and harassment can be found anywhere in the organisation. The nature of the industry and even the individuals involved can have a bearing. Our forensic experts, in a short conversation with an IT manager, give guidance on where to look – which servers, backups, computers, phones. And more importantly where not to look. This initial scoping narrows the focus and ensures time and costs are controlled.
• How do we identify risks when we don’t know exactly what we are looking for? Technology enables you to balance the time/cost of looking at every email an organisation has ever sent or received alongside the risk of missing something:
- We generate high-level reports of data showing file types, frequency of emails, languages and negative sentiment.
- Search terms focus the data. Your compliance teams tell us what they’re looking for, and our analysts “translate” this information into terms with the correct syntax and exclusions.
- Analytics, like threading, can significantly reduce the count but ensure no documents are missed. Instead of looking at 11 emails on one chain, you would see the 11th email containing the previous 10.
- Communications analysis improves results. We can immediately see who has been exchanging emails in an intuitive spider diagram. The thicker the line, the more communication. With one click within the right technology, you can see those emails.
- Artificial Intelligence reduces risk. Typically, the number of “risky” emails is limited. Once you identify what could be risky or dangerous to your enterprise, the technology will show you similar documents first. When you run out of similar or like interactions, you are also informed by the platform via it’s AI capabilities. You can sample what’s left, but it means that your first look is on the most concerning documents , often time saving you from having to look at the others.
• How will this fit into our budget? Compliance teams are usually on a tight budget. These workflows allow for attorneys to direct the technology, instead of spending dozens or even hundreds of hours reviewing irrelevant material. Lawyers themselves are often subject to fixed fees, so they are more and more open to using technology to help them. The short nature of these audits means that we can also model the technology as a fixed fee, giving compliance teams the certainty they need.
• Is this difficult to implement? Contrary to common perception, you can access, copy and harvest digital content discreetly, without affecting the employee’s working day at all. Discretion and agility is of course key in this type of exercise.
At TransPerfect Legal Solutions our vision is that all companies in Iberia/Europe can carry out this type of research as part of their standard compliance protocols. Our commitment is to both legal departments and their external firms, to guide them to the extent they need on our different technology services.