When discussing the evolving obligations and challenges in the ediscovery ecosystem, the lens of actual or anticipated litigation usually takes center stage. And yet some of the most challenging, costly, and complicated ediscovery matters have involved investigations. Whether internal and proactive or in reaction to regulator scrutiny, the stakes of investigations are often as critical as even the largest litigation.
Types of investigations
Investigations fall into three main categories based on the initiating entity and objectives. Internal investigations are generally self-initiated in advance of litigation or regulatory scrutiny; government investigations are generally in reaction to regulatory enforcement efforts; and due diligence investigations generally occur in advance of merger, acquisition, or international partnership efforts.
Corporations undertake internal investigations for a variety of issues including but not limited to: whistleblower actions, alleged employee misconduct from fraud to #MeToo, cyber breach, IP theft, and lapses in regulatory compliance. Additionally, increased regulations around cybersecurity, global data privacy, and corporate responsibility are all contributing to an uptick in this type of investigation being initiated prior to regulatory intervention.
Government/regulatory enforcement investigations
Regulatory bodies including the DOJ, SEC, FTC, CFTC, FERC, NRC, OSHA, ICE, IRS, and a variety of state, federal, and global regulatory bodies all are empowered to initiate investigations in response to potential violations of a myriad of global regulations. These investigations may be triggered by a whistleblower, overt noncompliance with a key regulation, and/or non compliance uncovered by periodic or random audits.
Unlike a litigation, government investigations are one-sided and generally non-public although subject to many of the same evidentiary and discovery obligations. The investigation may result in no action, settlement, regulatory action, or in court. Anti-corruption investigations, like anti-bribery in the UK and Foreign Corrupt Practices Act (FCPA) matters often pose substantial global data considerations.
Due diligence investigations
This genre of investigation is undertaken in contemplation of a merger or acquisition, due diligence investigations often operate under intense time pressure. The main focus of pre-merger due diligence is validation of customers, financials, and understanding of potential risks posed by integrating the target entity (risky contracts, contingent liabilities, potential litigation, cyber, and IP risks). Historically, the data volumes in due diligence have not required substantial ediscovery support, with the exception of preparing for a Hart-Scott-Rodino filing (if thresholds are met) and effectively responding to any “second request” from the Department of Justice or Federal Trade Commission.
Investigation vs. Litigation
Despite the fact that a litigation and investigation may use similar methodologies and technology from an ediscovery standpoint, there are some key defining characteristics of an investigation that differ substantially from litigation and should be factored in when creating your approach. Understanding the differing time constraints, confidentiality requirements, need for precise and contextualized analysis and potential ongoing risk posed by both bad actors and the court is crucial as you determine the scope and methodology to employ in managing electronically stored information (ESI) in your investigation.
The need for speed
Time is always of the essence in complex and contentious ediscovery matters, but, in the context of investigations, that time pressure is amplified significantly. In an internal investigation, the need to assess and mitigate the offending behavior or actor is massive. For regulator-driven investigations, tight and often non-negotiable deadlines are set by the agency and noncompliance with the body you are seeking to prove your innocence to is not recommended. And in the case of due diligence, an organization may be seeking to beat competitors to a potential merger and the barrier to proceeding is this step. Moving too slowly opens the organization up to a myriad of risks from spoliation to loss of market trust or tipping off the competition and/or investors prematurely.
My lips are sealed
In internal investigations and many regulator-initiated ones, the affected corporation has to contend with both potentially bad actors within their organizations and the reputational damage that the subject of the investigation could bring to the company. As a result, it is of critical importance to keep the facts and assertions of an investigation highly confidential. Controlling the flow of information is always a priority in ediscovery matters, but in a large or highly contested investigation the stakes may be even higher.
Having a failure of information control opens up an opportunity to the potentially bad guys to destroy key evidence, for the market or shareholders to react to unproven claims or signals intention to purchase or be purchased before appropriate due diligence has been completed.
Surgery is laparoscopic not triage
Since the largest objective of an investigation is to uncover facts (who did what with whom and when did they do it), aggressive use of analytics is much more accepted in the context of an investigation. Eyeballs on every document simply are not necessary when the objective is understanding what, if anything, occurred. Investigations are poised to benefit in a meaningful way from the force multiplier effect of AI-powered insight accelerators.
Managing the bad actors
Investigations in particular may involve an individual who is still actively employed by the corporation, with the objective of determining whether asserted malfeasance actually occurred. Since there is an equal likelihood that the target(s) have nefarious intent, it is especially important to limit the flow of information so as not to tip them off. Actively employed bad actors have access to all the potentially incriminating evidence and could seriously impact the time and cost of an investigation through the spoliation of data or other aspects of obfuscation.
One last consideration is the likelihood of follow-on litigation or in the case of internal and due diligence follow-on investigation. From due diligence leading to an HSR filing and second request to an internal investigation into sexual harassment leading to an EEOC investigation and wrongful termination suit to a regulatory investigation into market manipulation leading to shareholder suits, there are many ways that one investigation can lead to many more discovery actions. Because not just the material uncovered in an investigation but the investigation itself may become relevant to follow on litigation or investigation, it is of critical importance to document every step taken and create a clearly defined audit trail.
Investigations: Not so elementary
At the end of the day, investigations are a nuanced and complex beast, with differing drivers and risk than traditional litigation. Powerful AI and the right process can help greatly in meeting the challenges investigations pose. In part two of this series, we discuss the ways to supercharge ediscovery for investigations.