Email Retention Considerations

EmailAn article by CNN (Ex-MIT dean, son plead guilty to hedge fund scam), highlights the value email can play in a fraud investigation.  You can read the article to get more information on the case, but with regard to the emails between the MIT dean and his son, here isn an excerpt:

In an email that Gabriel Bitran sent his son in 2009, he admitted that they had misled investors “with a range of statements that were incorrect simply to increase our income.” tweet

He added: “A person with the experience and knowledge of the financial sector and a veteran professor of MIT should not have engaged in this type of behavior.” tweet

Boom!  For a fraud investigator, this is the silver bullet.  I can almost see a smile break out on the investigator’s face as he reads this email from 2009.

I started thinking of all the times I’ve seen emails that had similar effects on cases I’ve been involved in.  Email has been around for over 20 years and in that time, the way we use it has changed very little.  It is a documented conversation; a document that is managed very differently from company to company.  Before I get into my internal debate, I’d like to describe two specific cases in my past where email has been a key piece of evidence, each a different layer of skin on the onion.

Innocent Question or Admission of Guilt?

I was working for a subsidiary of a large company.  The parent company decided to change the way they charge out G&A to the subs.  Since we were a cost-plus biller, this would affect our bill to our client.  The subsidiary’s CFO sent a short question to a group of managers that read, “Is this legal?”

Knowing this CFO, I know the context of the question.  By legal, he was referring to our contract with our client.  He wanted to know if our contract allowed us to change our G&A passthrough billing.  But to an outsider, when a whistleblower forwarded the email, this was quite damning and lead to a very costly investigation.

Passion, Lust, and Lost Independence

A man called the Managing Director of one of our subsidiaries.  He indicated that the Controller of that subsidiary was having an affair with his wife.  His wife just happened to be the Senior Manager from local office of our external auditor.

I had the Controller’s email (along with company credit card and expense reports) pulled for review.  HR interviewed the Controller and the external audit firm interviewed their senior manager.  Both denied there was a personal relationship.  I began my investigation.

It did not take long for me to see a pattern of communication outside the normal interactions you’d expect from a Controller and the auditor.  There was an invite to a sporting event, a late night “how are you?”, on and on, through to tips check the bed for her hair prior to his wife coming home.  Plenty of context was present to lead to a conclusion on this case.  The Controller was terminated and the Senior Manager was reassigned.

I should note that there was one other case where we determined there was an inappropriate relationship (boss/employee) using AOL instant messenger logs, so for the sake of this article, I consider email and instant messenger logs to be similar documents.

Valuable Tool or Killed by Your Own Gun?

No one can argue that email is an extremely valuable tool for business.  We are able to instantaneously communicate with co-workers, vendors, clients, etc. anywhere in the world at an effective cost of zero.  It has improved productivity (when it is used properly) and has become a mission critical tool for most businesses.

But email can be dangerous when it doesn’t have context.  And what I’ve found in my career is that he higher up in an organization someone gets, the shorter their email responses get.  That makes it much harder for an outsider to see context.  Consequently, being higher up in the organization typically means they are dealing with more significant issues.

Should I Stay or Should I Go?

I worked with a General Counsel who wanted to set a document retention policy on email to 90 days.  At the time, I was quite concerned at how this policy would hamper my ability to investigate fraud.  As noted in the Hedge Fund Scam case and the two cases I went through, email can be the critical piece of evidence in an investigation.  I am amazed at how often people forget the discoverable nature of email, especially when we remind them every day when they log into the email client.

In recent months, I’ve been re-thinking my prior position.  How many emails on a company’s servers might have information that, if taken out of context, could harm an innocent individual or the company as a whole?

Our mission as internal auditors is to protect the interests of the Company’s shareholders.  Leaving loose threads that can unravel the sweater isn’t in the best interest of anybody.  However, the investigator in me, knows I need that information to be effective.

I don’t know the right retention period for email (and Instant Messenger logs).  It is likely different for different companies, and may make sense to be even more granular than that (function by function, individual by individual, etc.).  But one solution that I think could make a difference is employee and manager training.  Help the employees understand the value and dangers of email usage.  Show them how to ensure they avoid the context traps.  As an added benefit, we might even get more productivity from this great tool called email.

 

 

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *