F100 Multinational Corporation Investigates Potential FCPA Violations
The United States launched a major investigation into a large, multinational corporation for potential violations of the Foreign Corrupt Practices Act. This event would unfold to create an unprecedented and groundbreaking role for the eDiscovery industry.
A multinational corporation with nearly half a million employees and operations in over 150 countries found itself under investigation by the U.S. Department of Justice and the U.S. Securities and Exchange Commission for possible bribery of foreign officials and falsification of corporate books and records. Shortly after raids on its foreign offices, the corporation disclosed potential violations of the Foreign Corrupt Practices Act to U.S. investigators and initiated its own massive, global internal investigation. The corporation hired one AMLaw 100 firm as lead counsel, and a second to conduct an independent internal investigation. The law firm conducting the internal investigation hired a global accounting firm to support it with forensic accounting, and Consilio to capture, preserve and protect evidence. As the internal investigation unfolded, Consilio’s role expanded to support a third law firm which was representing a related joint venture partnership that was potentially injured in the case. That law firm hired a second accounting firm for forensic accounting services, which also engaged Consilio.
The work performed by Consilio in supporting this case is likely to remain unmatched in its scope, size, complexity and relevance to understanding international corporate compliance. Significant up-front effort was required by all parties to accurately scope the project’s requirements, to ensure that goals and timeframes were aligned and to understand how value would be measured.
Four key parameters defined the magnitude of the engagement:
- The consultancy involved the capture and preservation of hundreds of millions of documents from locations around the world. Expertise in the translation of multiple languages including non-Latin alphabet languages, decryption of encrypted and encoded data, and the precise navigation of data and privacy laws, was also required.
- To protect its proprietary assets during the investigations, the corporation tasked its outside counsel and Consilio with an evolving list of strict requirements to manage and control access to its data.
- The engagement presented significant geographic and time zone challenges. Consilio gathered data in nine countries and supported two concurrent investigations separated by 12 time zones.
- Unlike most engagements where litigation support is provided to a single entity, in this instance Consilio supported three separate law firms, two accounting firms, and ultimately, the multinational corporation.
Data Protection and Control Securing Proprietary Information and Controlling Data Access
The need for corporations to protect their proprietary data while making necessary information available for internal audits, investigations and more, is among the industry’s greatest challenges.
During the course of this investigation, Consilio created three independent data centers for use by four investigative entities that would later be consolidated into a single data center in Germany. When building these centers, Consilio developed a new and sophisticated security system to control access to the data by entity.
The first data center was constructed in Belgium, a location selected for its privacy and data protection laws. From this location, Consilio began gathering and processing data from across Europe, as well as from the United Kingdom and the United States. A secondary data site was then installed in Munich, Germany. Lastly, a third data collection center was built in China, outside of Shanghai, for use by all four investigative entities.
With all data centers fully functioning, the next enormous challenge was the consolidation of all data to the Munich location without a significant disruption to the ongoing work of the investigative teams or any loss of continuity in the data. Consilio’s technical team completed the consolidation in less than a week.
In gathering and managing data from Germany, China, Belgium, Russia, Greece, Italy, Singapore, the United States and the United Kingdom, our understanding of each country’s data protection laws was essential in facilitating the overall investigation.
An integral function of the data centers was to control access to millions of documents originating from multiple countries and sources to very specific audiences. This objective was critical to protecting the corporation’s proprietary information and complying with privacy and data protection laws from multiple jurisdictions.
Consilio developed a custom security group layer for our document review platform where permission for data access was restricted not only by entity and individual, but also by the location of the request. For example, our sophisticated program ensured that documents that were classified as ‘European Union – only,’ could not be accessed by anyone outside that jurisdiction. The ability to develop robust and custom security protocols to accommodate hundreds of users across the globe at any given time is a hallmark of Consilio’s scalable capabilities.
Managing Encrypted Data: An Evolving eDiscovery Challenge
The proliferation of encrypted data as corporations seek effective ways to protect their assets represents a formidable and evolving eDiscovery challenge. It was the discovery of thousands of encrypted corporate emails that initially prompted outside counsel to seek out the expertise of Consilio. Our engineers developed a first-of-its-kind solution to rapidly decrypt and process emails in bulk.
Multilingual and Multijurisdictional Solutions Managing Languages, Document Encoding and Data Protection Laws
As corporations expand across world markets, navigating a myriad of cultures, languages and data protection laws requires a sophisticated compliance and eDiscovery response.
The reach of the investigation quickly expanded to include data from nine countries, written in more than 24 languages. It was common to receive data in Mandarin, Russian and Ukrainian. To add to the complexity of processing non-Latin languages, the data included multiple types of encoding, including older encoding versions. Common Unicode software would not have been able to accurately capture all available data for index and search. Consilio tapped into our expertise in handling CJK (Chinese, Japanese Korean) data and employed a technique for determining coding, so highly-accurate data capture, indexing and searching could be performed.
In gathering and managing data from Germany, China, Belgium, Russia, Greece, Italy, Singapore, the United States and the United Kingdom, our understanding of each country’s data protection laws was essential in facilitating the overall investigation. By constructing three data centers, Consilio classified data and limited access to ensure compliance.
Although the corporation ultimately made a guilty plea, the impact of the plea and its associated fines was mitigated by what the U.S. Department of Justice cited as their extensive efforts in preserving and making available documents from foreign countries. It found the corporation’s effort to be exemplary and one that could serve as a model to other multinational corporations. Consilio, in supporting the law firm conducting the internal investigation, was responsible for significantly improving the outcome for the corporation. The corporation benefited from an estimated 40% reduction in the total fines it could have received, a savings of hundreds of millions of dollars.
While rapidly deploying people to locations around the world to serve a client’s needs is of great value, the ability to adapt and innovate to provide critical support is the true hallmark of a superior eDiscovery partner. In this case, Consilio provided an innovative solution to an encrypted data challenge that threatened to slow the investigation. We excelled in meeting the corporation’s strict demands for the collection and access of its data by constructing three independent data centers, then seamlessly folding them into a single location. Consilio also gathered millions of documents, accurately translated, decoded and then controlled access to them, and ensured compliance with data privacy, security and “need to know” requirements.
By investing time up front to design the optimal solution for our clients, Consilio met what are likely to remain among the most complex eDiscovery technical challenges ever faced. Our partner-oriented approach resulted in rapid, timely and accurate processing of complex data sets, which in turn significantly lowered the project’s risks and resulted in the delivery of significant value to our clients.