The Convergence of GRC and eDiscovery
Transformational market trends are driving the convergence of Governance, Risk and Compliance (GRC) and eDiscovery. Before documents and data become evidence in litigation, they are already accessible within a company’s vast data repository as a risk. Having an early warning risk smoke detector to discover issues before they engulf an organization’s bottom line and reputation is the future of just-in-time predictive risk management.
Governance, risk and compliance (GRC) programs, like the FCPA, insider trading and sexual harassment policies, specify rules of engagement to promote workplace integrity and reduce risk by influencing future behavior. eDiscovery, the identification, collection, analysis and production of relevant documents are triggered in response to a lawsuit, investigation or government action for past workplace behavior. These traditionally bifurcated approaches could be considered too early or too late in advancing a company’s ability to identify and mitigate real financial, operational and reputational risks before they impact its bottom line. However, transformational market trends are driving the convergence of GRC and eDiscovery and opening opportunities for innovative predictive risk management solutions to bridge the gap.
Transformational Trends
- The exponential growth in scale and scope of electronically stored information (ESI), including vast amounts of unstructured data, is one core driver of complexity forcing companies to think and act differently. With 350,000 tweets and 204,000,000 emails being created every minute, 24/7, much of it from the workforce during business hours, the proliferation of formats, file sizes and volumes will continue to confound efficient management of a company’s electronic data.
IDC forecasts that by 2025, the global data-sphere will grow to 163ZB. That’s ten times the 16.1ZB of data generated in 2016. (1 zettabyte = 1 trillion gigabytes)
- Increasing litigation, tightening global regulatory environments and a track record of substantial fines are also impacting corporate risk strategies. The 2016 Litigation Trends Annual Survey noted that 85 percent of in-house counsel expects litigation to remain constant or increase, with 97 percent expressing that regulators have been more active. The proof is in the headlines. This past year, European antitrust officials fined Google a record $2.7 billion. And closer to home, Wells Fargo has announced multiple multimillion-dollar fines, including $185 million for its account scandal.
Given the growing complexity and significant financial, operational and reputational impacts from these market trends, companies are:
- Moving to integrate systems, standardize technology and centralize management of their ESI.
According to Gartner, “by 2020, 50% of leading organizations will have a CDO (Chief Data Officer) with similar levels of strategic influence and authority as their CIO.” Having one senior executive and organization responsible for the policies, technologies, and partnerships that govern a company’s information assets is becoming increasingly critical to ensure consistent, high-quality and efficient outcomes. That’s important because the inability to access data quickly and accurately in response to litigation or regulatory actions because of weak people, processes and products don’t lighten responsibility. In fact, it can lead to further complications and penalties.
- Escalating C-suite oversight of risk and data management.
According to CIO Dive, already more than 30 percent of chief data officers report directly to their company’s CEO and not the CIO. As a CEO, one cannot assume others are taking care of such critical issues – regardless of one’s personal level of technical knowledge or interest. Organizations must strike the right balance of internal and external expertise for tools and workflows to ensure proper information governance.
- Expanding investment in and use of AI-powered solutions to tame the vast amounts of ESI.
The ability to find what matters when it matters is becoming increasingly complex. No longer can a company expect to throw bodies at the challenge; it’s literally impossible to find and review terabytes of information in a typical investigation or eDiscovery matter, for example. Innovative technology, therefore, has a central role in our high-volume, high-stakes, and high-speed market. And, increasingly, what matters is to identify potential violations and “get out in front of” compliance, ethics and procedural issues – before they negatively impact the business.
Early Warning Risk Detection
Before data becomes evidence in litigation, it is already accessible within a company’s vast data repository as the risk. The misconduct has happened; it’s just unknown until it’s too late to be mitigated. Having an early warning risk smoke detector to uncover issues before they engulf an organization’s bottom line and reputation is the future of risk management – and only accessible using innovative technology, like AI.
Traditional tools like keyword searches are practical when you know exactly what you’re looking for. But what do you do if someone is trying to hide information or obfuscate evidence – and within vast amounts of unstructured data?
Case Study: Birthday or Payday
For example, a financial services corporate client completed a review of over 2 million documents as part of an internal investigation of potential insider trading among multiple custodians within its global network of traders. While senior management was convinced of an issue, the 4-week investigation using traditional eDiscovery tools, including a review team of 30 attorneys, did not uncover any evidence of wrongdoing. A patented, AI-powered, contextual analytics platform changed the outcome by accurately identifying seemingly disconnected patterns of communication and behavior.
Using an insider trading taxonomy defined with the client as key search input, the platform ingested the same documents, including emails and text messages from the prior internal investigation. The result: finding the proverbial needles in the ESI haystack. Fewer than 75 documents that had previously gone unnoticed were highlighted as potentially responsive. Their subject matter: children’s birthday parties.
The AI-powered solution detected irregular patterns of communication between two traders ostensibly discussing the timing of multiple birthday parties and the size of appropriate birthday gifts. Out of context, human reviewers disregarded the documents as unrelated to the insider trading investigation. By using contextual analysis, however, the pattern of speech was identified as similar to that used to describe insider trading.
Once flagged, investigators traced the birthday party dates and gift amounts to specific stock trades made by the employees – who also, it should be mentioned, didn’t have children. The insider trading was proactively self-reported to the proper authorities before it resulted in litigation or regulatory penalties. That’s one clear example of bridging the gap between too early and too late – for just in time identification of risk.
The Future Is Clear – If Not Smoke-Free
Discovery transformed from manual and paper-based to electronic and automated workflows with the initial proliferation of email. Then, ESI and analytical tools created data-driven insights with which to make better decisions – after problems had already been identified. Now, innovative solutions based on eDiscovery best practice workflows and tools are helping companies find what matters when it matters: before litigation and regulatory actions hit a company’s bottom line.
While currently being used for internal investigations (e.g., sexual harassment), departed employee protocols and other matters, AI-enabled solutions can also be used to continually assess ESI for compliance, ethics and procedural risk, without any prior knowledge of challenges to help find the smoke and prevent the fire.
Early warning smoke detection is a game changer for risk management.
Jim Burke is the CEO of 
