Modernizing Compliance and eDiscovery
The project included replacing expensive third-party archives with native tools in M365, utilizing an automation solution that Lighthouse had recently prototyped for a large global manufacturer, and other breakthroughs the institution was unable to make before engaging with Lighthouse. Our work with the institution helped unblock their Microsoft 365 deployment and ultimately led to disclosure to regulators for institution’s intent to use M365 as system of record.SIFIs have long wished for a better way to meet their mutability requirement. Historically, they have relied on archiving solutions, which were designed years ago and are poorly suited for the data types and volume we have today. For years, people in the industry have been saying, “Someday we’ll be able to move away from our archives.” It wasn’t until the introduction of M365 native tools for legal and compliance that “someday” became possible.Data Management for SIFIs is Exceptionally ComplexThe financial services industry is one of the most highly regulated and litigious sectors in the world. As a result, companies tend to approach transformation gradually, adopting innovations only after technology has settled and the regulatory and legal landscape has evolved.However, the rate of change in the contemporary world has pushed many financial heavyweights into a corner: They can continue struggling with outdated, clunky, inadequate technologies, or they can embrace change and the disruption and opportunities that come with it.From an eDiscovery perspective, there are three unique challenges: (1) as a broker-dealers, they have a need to retain certain documents in accordance with specific regulatory requirements that govern the duration and manner of storage for certain regulated records, including communications (note that the manner of storage must be “immutable”). This has traditionally required the use of third-party archive solutions that has included basic e-discovery functionality. (2) As a highly regulated company with sizable investigation and litigation matters, they have a need to preserve data in connection with large volumes of matters. Traditionally, preservation was satisfied by long-term retention (coupled by immutable storage) and without deletion. Today, however, companies seek to dispose of legacy data—assuming it is expired and not under legal hold—and are eager to adopt processes and tools to help in this endeavor. (3) They have a need to collect and produce large volumes of data—sometimes in a short timeframe and without the ability to cull-in-place. This means they are challenged by native tooling that might not complete the scale and size of their operations. This particular company’s mission was clear: to use M365 as a native archive and source of data for eDiscovery purposes. To meet this mission, Lighthouse needed to establish that the platform could meet immutability and retrievability requirements—at scale and in the timeframe needed for regulatory and litigation matters. Lighthouse Helps a Large Financial Institution Leverage M365 to Replace Its Legacy Archive SolutionLighthouse is perfectly positioned to partner with financial services and insurance organizations ready to embrace change. Many on our team previously held in-house legal and technology roles at these or related organizations, including former in-house counsel, former regulators, and former heads of eDiscovery and Information Governance. Our team’s unique expertise was a major factor in earning the trust and business of a major global bank (“the Bank”). The Bank first engaged with Lighthouse in 2018, when we conducted an M365 workshop demonstrating what was possible within the platform—most notably, at the time, the potential for native tools to replace their third-party archives. Following the workshop, the Bank attempted, together with Microsoft, to find a viable solution. These efforts stalled, however, due to the complexity of the Bank’s myriad requirements. In 2020, the Bank re-engaged Lighthouse to supports its efforts to fully deploy Exchange and Teams and, in doing so, to utilize the native information governance and e-discovery toolset, paving way for the Bank to abandon its use of third-party archiving tools for M365 data. Our account team had the nuanced understanding of industry regulations, litigation and regulatory landscape, and true technical requirements needed to support a defensible deployment.As a result, we were able to drive three critical outcomes that the bank and Microsoft had not been able to on their own: (1) A solution adequate to meeting regulatory requirements (including immutability and retrievability). (2) A solution adequate to meeting the massive scale required at an institution like this. (3) A realistic implementation timeline and set of requirementsLighthouse Ushers the Bank Through Technical and Industry MilestonesWe spent six months designing and testing an M365-based solution to support recording keeping and e-discovery requirements for Teams and Exchange (including those that could support the massive scalability requirements). The results of these initial tests identified several gaps that Microsoft committed to close. The six month marked a huge milestone for the financial services industry, as the Bank disclosed to regulators their intent to use M365 as system of record. This showed extreme confidence in Lighthouse’s roadmap for the Bank, since a disclosure of this nature is an official notice and cannot be walked back easily. Over the next few months, we continued to design and test, partnering with Microsoft to create a sandbox environment where new M365 features were deployed to the Bank prior to general availability, to ensure we were able to validate adequate performance. During this time, Microsoft made a series of significant updates to extend functionality and close performance gaps to meet the Bank’s requirements. Finally, in February 2021, all the Bank’s requirements had been met and they went live with Teams—the first of their M365 workload deployments. That configuration of M365 met only some of the Bank’s need, however, so Lighthouse had to enable additional orchestration and automation on top. As it happens, we had recently done this for another company, creating a proof of concept for a reusable automation framework designed to scale eDiscovery and compliance operations within M365. Building on this work, we were able to quickly launch development of a custom automation solution for the Bank. This project is currently underway and is slated to complete in June, coinciding with their deployment of Exchange Online.Lighthouse Enables Adoption of Teams and Exchange and Scales M365 Compliance FunctionalityCompliant storage of M365 communications using native tools, rather than a third-party archive. Scaled and efficient use of M365 eDiscovery, including automation to handle preservation and collection tasks rather than manual processes or simple PowerShell scripts.Improved update monitoring, replacing an IT- and message-center-driven process with a cross-functional governance framework based on our CloudCompass M365 update monitoring and impact assessment for legal and compliance teams.Framework for compliant onboarding of new M365 communication sources like Yammer. Framework for compliant implementation of M365 in new jurisdictions, including restricted country solutions for Switzerland and Monaco. Framework to begin expanding to related use cases within M365, such as compliance and insider risk management. Lighthouse Paves the Way for Broader M365 Adoption Across the Financial Services IndustryFollowing the success of this project, we have been engaged by a dozen other large financial institutions interested in pursuing a similar roadmap. The roadblocks we removed for the Bank are shared across the sector, so the project was carefully watched. With the Bank’s goals confidently achieved and even surpassed, its peers are ready to begin their own journey to sunset their archives and embrace the opportunities of native legal and compliance tools in M365.
