_Global | Critical Thinking | FTI Journal | 2010 | Transparent-On-Demand | Transparent-On-Demand

Transparent On Demand

There’s little privacy for private equity when courts, regulators and plaintiffs’ lawyers zero in on firm's electronic communications.

Anyone who doubts how drastically the climate for private equity has changed during the past several years need look no further than an antitrust case in Massachusetts against 11 of the world’s top firms. Already two years old, the case, instigated by former shareholders of companies targeted by the PE firms, alleges collusion in bids for the acquisitions. While the merits of the case are questionable, it has become a major — and expensive — distraction for the firms. The defendants have had to hand over mountains of documents and e-mails, and the discovery phase of the case has already cost them tens of millions of dollars.

While most large private equity firms, like other major financial institutions, already have some compliance systems in place, many small and medium-size firms would be overwhelmed by demands for electronically stored information (ESI) that may include not only archived e-mails but also voice mails, computerized trading models, trading platforms, database systems, document management systems, backup computer tapes, USB flash drives and other data. For decades, private equity firms operated beyond the scope of financial regulations that compelled banks and other publicly traded institutions to disclose details about their operations and investments. Now, however, private equity is becoming a target for enforcement actions and litigation, and pressure is coming from several directions. Under financial reform legislation recently passed by the U.S. Congress, private equity firms with more than $150 million in assets under management must maintain and produce information on fund size, governance, investment strategy, risk and other relevant issues.

Firms of that size are also required to register with the Securities and Exchange Commission, implement more extensive record-keeping processes and provide greater transparency to investors, creditors and regulatory bodies. And the European Parliament is considering stringent reform measures that could also hike the need for costly disclosure of electronic information. Even before new legislative mandates were put in place, government agencies had stepped up their monitoring of financial institutions. The SEC is pursuing a broad range of initiatives to restore investor confidence, forming an asset management unit to monitor and investigate private equity firms, among other institutions.

Managing voluminous data can be challenging, even for experienced legal advisors.

State regulators are increasingly applying pressure as well. New York Attorney General Andrew Cuomo is investigating whether several private equity firms illegally won business with the state’s pension fund by bribing middlemen and is limiting campaign contributions to elected officials with influence over pension decisions. A major PE firm agreed to a $20 million settlement that includes an agreement not to use placement agents for any state pension funds across the nation.

Meanwhile, in the wake of the recession, class action lawsuits from shareholders have risen sharply as portfolio values have fallen. In 2008, for example, a large firm faced allegations that it had failed to disclose the declining value of its portfolio companies prior to its IPO. The Institutional Limited Partners Association (ILPA), a trade association of more than 215 institutional investors in private equity, recently published a set of principles calling for firms to increase disclosure, among other things. Although the ILPA has not pushed publicly for adoption of the guidelines, it has quietly engaged industry leaders in discussions urging more transparency.

Many of the major private equity firms have started to address the serious compliance risks and costs that electronic documents entail. Yet managing voluminous and dispersed data that may include financial and accounting information, internal and external e-mails, and transaction-related communications can be extraordinarily challenging. Even experienced legal advisors may not know how to proceed, because compliance in this area requires knowledge not only of legal and regulatory requirements but also of how and where documents needed for discovery may reside.

Business executives and legal personnel are often surprised to find that IT departments do not already maintain centralized, up-to-date information about every potential source of electronic information at every possible location. System backup tapes, which IT may consider solely a tool for disaster recovery, may have to be restored and searched for information to comply with regulators’ demands instead of being overwritten for the next backup cycle. And retrieval may be further complicated when firms outsource live systems or archival storage and must rely on vendors to assist them in meeting compliance obligations.

Beyond identifying potential sources of electronically stored information, firms need to understand how de facto IT, vendor or personal practices affect the retention of potentially relevant data. Rather than let departments set their own rules about what must be retained and for how long, firms need to establish uniform policies to conform to emerging legal and regulatory requirements.

Sometimes the ESI that a court or government agency requires may be outside a firm’s systems — for example, on employees’ personal computers or mobile phones. Policies for how data is used and stored need to include rules about communications that take place in remote locations.

Another issue is that while private equity transactions often involve multiple countries, courts and regulators in various jurisdictions frequently don’t agree about what information must be retained and revealed upon request. For example, while U.S. courts do not recognize international boundaries as a reason to limit disclosure obligations, laws elsewhere make the recovery of certain types of information difficult or impossible. European laws commonly restrict the transfer of “personal” data and give individual privacy priority over U.S. litigation requests. Such complications may require specifically tailored approaches to achieve compliance, such as obtaining foreign employees’ consent to search their private records.

With regulators and litigants requiring more and more information, firms may have to revisit and revise corporate document retention policies, computer use policies and “fire drill” procedures that may, for example, implement a freeze on the destruction of information in response to a litigation-triggered preservation duty or a regulatory request. But as difficult as it can be to set up an ecosystem of policies, procedures and systems that can cover the volume and diversity of ESI, failing to get it right can be extremely damaging. In a recent case a financial giant’s poor ability to recover documents resulted in what the court deemed a failure to comply with a court order to produce all e-mails from a specified period. The situation was exacerbated when the firm was determined by the court to have committed fraud by certifying that it had produced all relevant documentation, and a jury issued a verdict of $1.4 billion against the bank for fraud. (While the verdict was overturned on appeal, the reversal was connected to expert testimony and not to the discovery of electronic information.) The revelations in this important case also led the SEC to conduct its own investigation and levy a separate fine on the firm.

Private equity firms that aren’t agile with electronic information could lose judgments, face steep fines and damage their reputations.

Cases of this nature demonstrate how crucial it is to have policies governing even the most casual communication and to make sure the rules are followed by everyone in the organization. Beyond setting a schedule of required retention periods for categories of documents, policies need to define, in clear language, the firm’s expectations about how decisions are made to keep or destroy documents, how confidential information should be handled, where documents are stored and what methods should be used to destroy them.

IT usage policies typically define the acceptable use of the firm’s computer assets as well as how information should be stored. These policies also define the extent of reasonable employee expectations of privacy (usually none) with respect to information the workers generate or store on company devices. The firm should expressly define its right to monitor, review, produce or otherwise make use of such information.

Good usage policies can reduce a firm’s compliance burden by limiting the scope of discovery, showing that the firm prohibits the use of certain sources of ESI and demonstrating its efforts to monitor and enforce compliance.

A firm’s procedures must provide guidance for wide-ranging scenarios that require retention for legal purposes, such as employee discrimination cases, regulatory investigations and commercial litigation.

Moreover, the legal criteria defining the timing and scope of the preservation duty are based on whatever standards of reasonableness a judge, jury or regulatory agency may define. Procedures need to include a process to document a firm’s decisions, from evaluating facts leading to “reasonable anticipation” of litigation to determining what systems, custodians (personnel in custody of potentially relevant evidence), date ranges or subject matter should be preserved.

While developing the capability to search millions of documents and produce court-ordered material within a few days can be time- consuming and expensive, costs will only multiply if a firm has to develop those capabilities on the fly. Private equity firms that aren’t agile with electronic information could lose judgments, face steep fines and suffer damaging blows to their reputations. Only firms that actively address the myriad issues of retaining and managing electronic information will be well equipped to deal with today’s new legal and regulatory environment.

Business executives and legal personnel are often surprised to find that IT departments do not already maintain centralized, up-to-date information about every potential source of electronic information at every possible location. System backup tapes, which IT may consider solely a tool for disaster recovery, may have to be restored and searched for information to comply with regulators’ demands instead of being overwritten for the next backup cycle. And retrieval may be further complicated when firms outsource live systems or archival storage and must rely on vendors to assist them in meeting compliance obligations.

Beyond identifying potential sources of electronically stored information, firms need to understand how de facto IT, vendor or personal practices affect the retention of potentially relevant data. Rather than let departments set their own rules about what must be retained and for how long, firms need to establish uniform policies to conform to emerging legal and regulatory requirements.

Sometimes the ESI that a court or government agency requires may be outside a firm’s systems — for example, on employees’ personal computers or mobile phones. Policies for how data is used and stored need to include rules about communications that take place in remote locations.

Another issue is that while private equity transactions often involve multiple countries, courts and regulators in various jurisdictions frequently don’t agree about what information must be retained and revealed upon request. For example, while U.S. courts do not recognize international boundaries as a reason to limit disclosure obligations, laws elsewhere make the recovery of certain types of information difficult or impossible. European laws commonly restrict the transfer of “personal” data and give individual privacy priority over U.S. litigation requests. Such complications may require specifically tailored approaches to achieve compliance, such as obtaining foreign employees’ consent to search their private records.

With regulators and litigants requiring more and more information, firms may have to revisit and revise corporate document retention policies, computer use policies and “fire drill” procedures that may, for example, implement a freeze on the destruction of information in response to a litigation-triggered preservation duty or a regulatory request. But as difficult as it can be to set up an ecosystem of policies, procedures and systems that can cover the volume and diversity of ESI, failing to get it right can be extremely damaging. In a recent case a financial giant’s poor ability to recover documents resulted in what the court deemed a failure to comply with a court order to produce all e-mails from a specified period. The situation was exacerbated when the firm was determined by the court to have committed fraud by certifying that it had produced all relevant documentation, and a jury issued a verdict of $1.4 billion against the bank for fraud. (While the verdict was overturned on appeal, the reversal was connected to expert testimony and not to the discovery of electronic information.) The revelations in this important case also led the SEC to conduct its own investigation and levy a separate fine on the firm.

Private equity firms that aren’t agile with electronic information could lose judgments, face steep fines and damage their reputations.

Cases of this nature demonstrate how crucial it is to have policies governing even the most casual communication and to make sure the rules are followed by everyone in the organization. Beyond setting a schedule of required retention periods for categories of documents, policies need to define, in clear language, the firm’s expectations about how decisions are made to keep or destroy documents, how confidential information should be handled, where documents are stored and what methods should be used to destroy them.

IT usage policies typically define the acceptable use of the firm’s computer assets as well as how information should be stored. These policies also define the extent of reasonable employee expectations of privacy (usually none) with respect to information the workers generate or store on company devices. The firm should expressly define its right to monitor, review, produce or otherwise make use of such information.

Good usage policies can reduce a firm’s compliance burden by limiting the scope of discovery, showing that the firm prohibits the use of certain sources of ESI and demonstrating its efforts to monitor and enforce compliance.

A firm’s procedures must provide guidance for wide-ranging scenarios that require retention for legal purposes, such as employee discrimination cases, regulatory investigations and commercial litigation.

37Moreover, the legal criteria defining the timing and scope of the preservation duty are based on whatever standards of reasonableness a judge, jury or regulatory agency may define. Procedures need to include a process to document a firm’s decisions, from evaluating facts leading to “reasonable anticipation” of litigation to determining what systems, custodians (personnel in custody of potentially relevant evidence), date ranges or subject matter should be preserved.

While developing the capability to search millions of documents and produce court-ordered material within a few days can be time- consuming and expensive, costs will only multiply if a firm has to develop those capabilities on the fly. Private equity firms that aren’t agile with electronic information could lose judgments, face steep fines and suffer damaging blows to their reputations. Only firms that actively address the myriad issues of retaining and managing electronic information will be well equipped to deal with today’s new legal and regulatory environment.


More Info

Share this page