For forward-thinking advisory firms, internal investigations via big data monitoring are part of their regulatory compliance program, rather than tasks resulting from alleged misconduct. Making such proactive investigations possible, however, increasingly requires proper planning.
The battle is only half won when firms detect data that indicates possible risk of violations, such as misleading enrollment tactics, and deceptive advertising, loan servicing and debt collection. To avoid (or at least mitigate) criminal charges, financial penalties and reputational damage, firms must dig deeper to find and rectify the root of the problem. This can lead to costly, overly broad work if they don’t have an understanding of the unique issues that arise in cross-border investigations.
Due to globalization, proactive investigations are more likely than ever to venture into non-U.S. jurisdictions that bring a host of additional IT and e-discovery restrictions. While methods for internal investigations within U.S. jurisdictions are generally well understood, investigations in international jurisdictions can be more complex and time-intensive, especially when data reveals risk of serious charges and millions of dollars in fines.
Below are five best practices that can help firms achieve their objectives in an effective manner.
Identify Data Located in Foreign Jurisdictions
Companies frequently store their data in a single location that could be in a different country from where the data is produced. Thus, a crucial step is identifying key documents and where they are located, and analyzing the impact of the relevant data privacy laws.
Data privacy laws broadly vary from jurisdiction to jurisdiction. Some broadly apply to any circumstance in which personal data could be obtained, while others are targeted to a specific industry such as financial services.
With so many limits placed on data in these jurisdictions, organizations have a number of tactical options to comply with the bevy of data privacy requirements.
Define Data Processing Strategies
Collecting personal data in foreign jurisdictions is often unavoidable. There are, however, practical ways to process data locally and limit the need for transferring it across borders.
An increasingly popular option is the mobile “backpack” model in which e-discovery technology is temporarily deployed and managed by experts at the site where the information is stored. It can be a cost-effective processing and review solution for discreet matters such as internal investigations, as it requires no hardware or software investments and permits all data collection, processing and review to occur on site. Other firms opt to use review technology that is hosted in an e-discovery service provider’s local data center.