Emissions scandal driving more regulatory scrutiny for automotive sector Lauren Grest is a legal researcher at Kroll Ontrack In the early part of the 2010s, banking was the industry hitting the headlines for protracted and expensive battles with regulatory authorities. Banking behemoths such as Deutsche Bank and Bank of America reported not only paying authorities billions of dollars in fines but also having earmarked similarly large numbers for legal fees. Regulatory authorities have now also turned attention towards the automotive sector. In late 2015, news broke that Volkswagen had equipped vehicles with software designed to cheat on emissions tests. Volkswagen later admitted that 11 million of its vehicles were equipped with this software. The company is now contending with the fallout from this scandal. Volkswagen has agreed to pay almost $15 billion to settle claims in the United States, and it must buy back or fix affected vehicles by December 2018. So far, Volkswagen has set aside €16.2 billion, or about $17.9 billion, for costs related to the scandal but the American settlement with the government and car owners will consume a big chunk of that money. The company has recently reported record losses, and internally it has shaken up its leadership. Its chief executive, Martin Winterkorn, as well as the head of its American operations, have stepped down, and the company suspended several high-ranking executives. Volkswagen has also been facing mounting legal battles. The Justice Department filed a lawsuit against the company, as have the Federal Trade Commission, dealers and vehicles owners. Regulators across the globe have been conducting their own investigations. The automotive sector is now under fierce pressure from consumers and regulators. Regulatory authorities worldwide have launched over 100 investigations, into the activities of car manufacturers and/or companies producing components used in car manufacture. Given the importance of consumer confidence in the automotive industry many spokespersons are calling for more investigations and the implications are likely to be wide-ranging. Not only will automobile manufacturers themselves be at risk but investigations can also look into the activities of third parties and suppliers. Given the size of the industry, this represents a significant number of businesses placed under regulatory scrutiny. How can companies at risk from increased regulatory scrutiny prepare for investigations? At this stage, companies involved in the automotive industry should consider their exposure to issues raised in the Volkswagen scandal (eg. methods of measuring fuel emissions). Companies should also think in a wider context with regards to risk. Although a regulator may initially be investigating a specific issue, in this case the falsification of fuel emission reports, they will not turn a blind eye to other forms of misconduct. Investigations into one product or issue can unearth evidence of other issues which need to be investigated and potentially reported on. For example, in addition to investigating emissions falsifications, the German competition authority has recently raided the office of BMW, Volkswagen, Daimler, ZF Friedrichshafen and Bosch regarding their steel purchasing practices. What happens in an investigation? Practically speaking, although different regulators’ methods will differ slightly from case to case and country to country, the aim of an investigation remains the same: to obtain evidence of misconduct. In most cases, this evidence will be found within electronic and paper documents. To avoid the risk of a company deleting evidence, many regulators prefer to obtain data via a dawn raid on a company’s premises. During a dawn raid, agents will seize electronic devices such as laptops, computers and phones as well as taking copies of data from servers and the Cloud. They may also take paper documents. The regulator will then examine this evidence as part of the investigation. One of the best ways to prepare for an investigation is to mimic the regulators themselves and organise a so-called 'mock dawn raid'. Companies at risk from regulatory scrutiny often carry out mock raids in order to assess their level of readiness and, as a potential next step, to analyse what the regulator might find in the course of such an exercise. Usually conducted by a third party such as an ediscovery provider, these mock dawn raids help to train a variety of personnel (including receptionists, in-house legal and IT) on how they should behave in these circumstances, including how best to respond to interview questions. As part of this preparation, a contact list is often produced so appropriate personnel know who to contact and why, not just internally, but also relevant external resources. These mock raids are often facilitated by third parties including law firms and technology providers. External advisors like law firms and ediscovery provider’s work together to stage a raid, playing out the role of regulatory officials and how the company should respond with. Other features of mock dawn raids include conducting personnel interviews to establish where key documents are held; taking copies of these documents by using forensic imaging techniques; and, where appropriate, maintaining a full audit trail. After a mock dawn raid, it is possible to then analyse the data collected and get a full picture of what is happening in the company. This evidence can then be used by the company’s law firms to form a case strategy. How technology can reduce the legal costs associated with regulatory investigations Regulatory investigations require the submission and analysis of large volumes of unstructured data (emails, Microsoft Office documents etc.) and structured data (financial, operational and transactional data). In some regulatory investigation eg. a merger control investigation, the onus for submitting data is placed on the company and late submissions are subject to harsh fines. It would be virtually impossible to manually search and read all of the data generated by a company, therefore companies under investigation rely on ediscovery technology to hone in on the evidence that needs to be produced and analysed. Over the years, ediscovery technology has evolved from being a simple search tool to something far more sophisticated including predictive coding technology. Predictive coding is an advanced machine-learning technology which allows computers to predict how documents should be coded (ie. should a document be tagged ‘responsive’ or ‘privileged’) based on decisions made by human subject matter experts. Put simply, an experienced lawyer trains the computer by coding a sample set of documents, and the computer then learns what to look for based on this training. This technology can find key documents faster and with fewer human reviewers, thereby saving on cost and review time. Any ‘hot documents’ or data custodians who are exhibiting suspicious behaviour can be quickly identified, allowing companies to take appropriate action and/ or submit the necessary data to the authorities in a timely manner thus avoiding fines. As well as unstructured data, some investigations will also require that financial, operational and transactional data be examined for irregularities. Technology can assist by uncovering misconduct hiding within structured data such as spreadsheets or databases. As with unstructured data, there are specialist tools that can provide deep analyses and uncover patterns, anomalies and other evidence for a case. Once a company uncovers this evidence, it can take action. The authorities often impose lower fines when a company comes forward of its own volition (known as a ‘race for leniency’). For example, in 2015, The Royal Bank of Scotland was able to avoid a €115m fine by alerting the European Commission’s competition watchdog of two attempts to fix the prices of key interest rates. In the cases of both unstructured and structured data, technology can find the relevant evidence quicker which can in turn increase the chance of leniency from regulators. What steps can be taken so companies can prevent scandals from happening in the first place? The phrase ‘knowledge is power’ might be clichéd but it remains highly relevant in today’s business world. Evidence of misconduct is found both in communications from employees such as email and from irregularities found in financial data. Without monitoring both types of electronic data, it is easy for misconduct in a business to thrive and grow in scale. It is best practice for companies at risk of regulatory scrutiny to take a proactive approach in preventing scandals and misconduct from happening. For compliance officers and in-house counsel who want to stay ahead, two effective proactive methods of preventing scandals happening are conducting mock dawn raids and performing regular compliance audits. Although mentioned previously in terms of reactive preparedness, mock dawn raids also serve a useful function in a proactive way by enabling a company to understand where data is and how long it can take to collect data. It also may act as a deterrent for those thinking about engaging in illegal or suspect activity as it sends a strong message to employees that compliance is taken seriously. However, the biggest weapon in a compliance officer’s arsenal is the compliance audit. In line with guidance from the authorities such as the European Commission and Competitions and Markets Authority, many companies are now also reviewing their electronic communications and information as part of their internal compliance monitoring and audit processes to ensure compliance with regulations and to uncover wrongdoing. These reviews, typically focusing on emails, can be used in conjunction with interviews in order to provide an organisation with a more comprehensive view of the levels of risk it is exposed to. Some companies also opt to perform periodic ‘spot checks’ where, using ediscovery technology, compliance officers analyse random sample of emails for signs of misconduct or wrongdoing. Regardless of the method chosen, organisations that carry out internal reviews to detect wrongdoing such as corrupt practices and anti-competitive behaviour are better-placed to defend themselves should a regulatory inquiry be held. The shape of things to come Regulatory scrutiny has long been a burden for businesses but by implementing proactive compliance strategies and taking advantage of technology, the costs and fines associated with regulatory investigations can be significantly reduced.
Regulatory scrutiny has long been a burden for businesses but by implementing proactive compliance strategies and taking advantage of technology, the costs and fines associated with regulatory investigations can be significantly reduced