Business Technology: Compliance, Kafka, And Criminal Charges
I want to suggest a nightmare scenario that ties in with this week's special issue on compliance. And it's not some Halloween fantasy--it's right out of a blockbuster federal court case going on right now in New York. To help set the stage, here's a quotation from near the end of this column--please bear it in mind as you read: "While employees' conversations with such in-house lawyers have long been considered privileged or off the record, companies wishing to avoid onerous charges and fines are now quick to waive attorney-client privilege and force lawyers to cooperate with prosecutors."
Let's assume you're a solid employee--you do your job above and beyond what's expected, and you're not only aware that your employer has certain policies but you even read them and follow them, even the ones that deal with the stuff that until recently seemed almost otherworldly, like document retention. You have a good idea of what needs to be kept, what should be kept, what might be kept, what ought not to be kept, what must not be kept, and how long those various imperatives are in effect. You're doing what you think is right because you're following the company's policies.
And then, in a classic moment that Kafka might have dreamed up had he been an IM user, you learn that your company recently changed or suspended parts of its document-retention policy but, well, forgot or neglected to inform you of those changes. (Or did it?) And that what you did in the interim could very likely be against the law. Verboten. Criminal. The stuff that leads to jail time.
Five years ago, [Gov.] Gray Davis ran out of water. Two years ago, he ran out of electricity. This year, he ran out of money. Now he's running out of time. It's been a poorly run administration.
-- California resident Larry Ellison, who's also CEO of Oracle
Not possible? Pulp-fiction stuff? Well, check out this paragraph from a terrific article on The Wall Street Journal's Web site about the federal government's case against Frank Quattrone, the former superstar tech-industry investment banker at Credit Suisse First Boston: "Mr. Keker [Quattrone's lawyer] also displayed a Dec. 5, 2000, e-mail from Mr. Char to Mr. Quattrone with a copy to the technology group's lawyer, Mr. Dollard, complaining that the firm's legal and compliance unit 'told everyone except the tech group' that the firm's document-retention policy had been suspended and that files should be preserved." The URL for the article, by Kara Scannell and Randall Smith, is http://online.wsj.com/article/0,,SB106512115913920000,00.html (link requires registration).
Meanwhile, the prosecution also showed jurors an E-mail message from that very same day--Dec. 5, 2000--as a major factor in its attempt to prove its criminal charges of obstruction of justice and witness tampering against Quattrone. As the WSJ.com article says about that message, "In it, Mr. Quattrone endorsed an accompanying e-mail from his subordinate, Richard Char, which urged members of Mr. Quattrone's technology-banking group to follow the firm's document-retention policy and discard deal-related items not required to be maintained under the policy."
But wait--was that policy still in effect when Mr. Quattrone sent this message, or had it been "suspended"? And if it had indeed been suspended, had Quattrone's technology banking group not been informed, as his lawyer was attempting to show? Can someone be held accountable for following a corporate policy that had been not just suspended but in fact reversed? Or is there no truth to the assertion that everyone but Quattrone's group was informed of the suspension/reversal until it was too late?
The answers to those questions could very well determine whether Frank Quattrone--a recent Wall Street celebrity who'd generated colossal earnings for his employer and a huge fortune for himself--spends a chunk of the rest of his life behind bars. And ultimately, the answers to those questions will come in large part from digital archives that just might show who knew what and when they knew it. Yes, we have a new glam line of tech products and apps: retention, archiving, storage, access, and, topping the bill: compliance.
In the meantime, though, Quattrone's nightmare gets hairier still: two of the lead witnesses for the government against Quattrone are Credit Suisse First Boston attorneys. The first of those, director of U.S. litigation Kevin McCarthy, testified late last week that he and colleagues "scrambled to send out two separate e-mails to halt possible document destruction" after learning that Quattrone had forwarded an E-mail message to his team telling them to "clean up those files," according to the WSJ.com story.
And, in a closely related development that should make us all wish for truly boring lives, McCarthy's boss and the government's top witness, David Brodsky, was also expected to testify late last week against Quattrone. His testimony, like that of McCarthy, represents a startling break in the long-held tradition under which an attorney could not reveal what he'd been told by a client. But all that may be about to change. "While employees' conversations with such in-house lawyers have long been considered privileged or off the record, companies wishing to avoid onerous charges and fines are now quick to waive attorney-client privilege and force lawyers to cooperate with prosecutors," according to the WSJ.com article.
Here is stark proof of the flesh-and-blood reality--and extreme relevance--of the compliance issues surging throughout the business-technology world today. For the vast majority of us, our toils in understanding, planning for, communicating, carrying out, and enforcing such compliance policies will never be the stuff of front-page news (please!). But I would bet that Frank Quattrone and his Credit Suisse First Boston colleagues, in early December of 2000, thought the exact same thing.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.