By Elizabeth Kidd, Esq.
Legal Consultant, iCite Legal,
a division of Aspen Systems Corporation
Corporations are facing a great deal of uncertainty when it comes to managing records in the context of litigation and regulatory investigations. Take the case of Rambus, Inc., a memory chip designer that was penalized for destruction of emails. In Rambus, Inc. v. Infineon Tech. AG, 220 F.R.D. 264 (E.D. Va. 2004), the court sanctioned the Company for spoliation of evidence even though there was no litigation planned, no clear duty to preserve the records in question, and no showing of prejudice or bad faith.
To add to the uncertainty, standards and guidelines for corporate compliance are decidedly lacking under the myriad of new rules and regulations. This is especially true for companies in heavily regulated industries, such as the financial and energy markets. The legal landscape gets even cloudier when it comes to audio records such as voice mails, phone call logging databases for brokerage houses and customer call centers, Voice over Internet Protocol (VoIP), Unified Messaging Systems (UMS), and other audio records.
What do audio records have to do with electronic discovery? Apparently, a lot. The Commodities Futures Trading Commission (CFTC) fined Duke Energy $28,000,000 when it discovered that Duke traders submitted false market information using telephones, faxes, and emails. See In the Matter of Duke Energy Trading and Marketing, L.L.C. before the CFTC, Docket No. 03-26, September 17, 2003; CFTC Press Release 4840-03. The CFTC recently launched multiple federal actions against energy traders charging them with false reporting and attempted market manipulation. Audio evidence is featured in at least two of those actions. See CFTC v. Bradley, and Martin; and CFTC v. Atha, McDonald and Whalen at CFTC Press Release 5045-05.
Corporate counsel recently had the opportunity to outline some of the daunting challenges facing corporations today. Public hearings were held in February, 2005, before the Advisory Committee on the proposed amendments to the Federal Rules of Civil Procedure regarding electronic discovery. In his testimony on behalf of the Association of Corporate Counsel (ACC), Lawrence La Sala explained to the Committee that “electronic discovery and records retention challenges often top the list of concerns faced by [members of the ACC] and their clients…the issue affects and frustrates organizations of every size, shape and color.” (http://www.uscourts.gov/rules/e-discovery/CVHearingFeb2005.pdf at p. 362.)
Corporate America has expended considerable resources in the last couple of years just to ensure that their records management and reporting policies comply with the Sarbanes Oxley Act of 2002. But companies are finding that becoming “SOX compliant” is not enough. New record retention laws have impacted virtually every industry. What’s more, regulatory audits and investigations are on the rise. At a recent energy conference in Washington, D.C., the Deputy Director of an enforcement arm of the Federal Energy Regulatory Commission (FERC) said that there has been a ten-fold increase in the number of investigations and audits since Enron. The CFTC alone has levied close to $300 million in civil penalties since the fall of Enron. Add to the mix the spate of civil law suits frequently filed on the heals of many regulatory actions, and what you find are corporations struggling to keep up with the management, review, and production of enormous volumes of records. In light of a few high profile cases of corporate fraud, no company wants to be the first to suggest that regulatory document demands are unreasonable, overly broad or burdensome. As a result, companies are frequently bending over backwards to comply with sometimes sweeping demands for everything from paper files, to emails, voice mails, instant massages, compressed digital information captured on back up tapes, and calls logged into databases by traders or customer call centers. The costs associated with restoring back up tapes, searching for relevant records, reviewing them for privilege and proprietary information, and then producing them are often enormous. Though most companies are making good faith efforts to comply, in a word, corporations are tired. They are also spending a great deal of time and money on activities that have little or nothing to do with running the business.
Unlike in litigation, corporations usually have only thirty days to produce records demanded in a regulatory investigation. Often there is no time to review the massive collections of audio records stored in company servers. Some corporate counsel have suggested that voice mails do not fall squarely within the definition of a “document” under the Federal Rules of Civil Procedure or under the plethora of new rules and regulations pertaining to document retention requirements. There is some merit to that argument. While many of the new rules specifically mention emails, they are frequently silent on the disposition of voice mails and other audio records. The regulators themselves admit that they do not have clearly defined standards and guidelines outlining what penalties apply to which document retention violations. However, one thing is clear, Judges and enforcement officers of regulatory agencies such as the FERC and CFTC do indeed view voice mails as “documents” subject to their audit and investigative demands. The same is true of Instant Messages, VoIP, UMS, call logging databases and other audio records. When a damning phone call is discovered, it is virtually impossible to defend against. According to Mr. Pease, one investigation settled – to the tune of $14 million – immediately after the FERC found audio evidence of a trader making an illegal trade.
The news is not all bad. For the most part, regulatory agencies are working with companies trying to bring them into compliance rather than pursuing an agenda to punish. Corporations that come to regulatory bodies when they have discovered a problem stand in a much better position than those who are found with violations in an investigation or audit. In addition, there are a number of actions companies can take to mitigate the risks of sanctions and set up safe guards to help them navigate through the current uncertainty, including:
- Develop a comprehensive records management plan that addresses not only the company’s day-to-day operational needs and obligations in terms of regulatory compliance, but also with an eye to risk management in responding quickly and efficiently to investigations, audits, and lawsuits;
- Include the IT department, in-house counsel, and at least one high level officer on the company’s records management team, especially if it’s still in the planning stages;
- Conduct regular due diligence on corporate records management policies and procedures and set a schedule to update them regularly;
- Develop policies and procedures designed specifically to respond to litigation holds, document requests, and investigative audits, and make sure they are communicated to employees;
- Ensure that compliance officers have true independence in the corporate reporting structure and give them unfettered access to employees and officers throughout the company;
- Set up and maintain on-going employee training in records management;
- Compliance officers should review and update employee training procedures;
- Regularly update corporate organization charts, job titles, and job descriptions;
- Establish a hot line for employees to anonymously report issues as they arise and document the responsive actions taken;
- Conduct periodic reviews and audits, either internally or with an outside firm;
- Document the findings as well as the steps taken to correct problems;
- Maintain audit reports with the supporting documentation and be able to produce them quickly and efficiently.
There is no denying the uncertainty in the legal framework surrounding record management today, particularly when it comes to audio records. Given the trend towards greater sanctions, increased investigations, and the introduction of random audits, corporations have legitimate concerns. The key is documentation, a well thought-out and executed records management plan, regular audits, and remediation as needed. The greater a company’s ability to show courts and investigators that they are doing all they can to come into compliance with all the new rules and regulations (even when the rules are vague), the better off they will fare when it comes to avoiding or mitigating sanctions and civil penalties. Likewise, the more efficiently corporations can respond to document requests, the better their position to defend against allegations of willfully destroying evidence, or even inadvertently deleting records. Developing an enterprise records management plan, which includes audio records, may cost a little more on the front end, but at the end of the day, it can go a long way to reducing a company’s overall costs and risks associated with a piecemeal records management approach.
© 2005 Elizabeth Kidd – All rights reserved; permission to use granted to MSBA Section of Business Law.