CONSULTING
|
DIGITAL FORENSICS
|
E-DISCLOSURE
LEGAL NEWS Issue 6
www.cclgroupltd.com
MIS-SELLING OF INTEREST RATE HEDGING PRODUCTS How digital forensics and e-disclosure techniques can support a claim
Last year the FCA reviewed the processes associated with the sale of Interest Rate Hedging Products (IRHPs). In this review the FCA categorised the different types of IRHPs into the following four categories: 1. Interest Rate Swaps fix the interest rate by swapping the customer’s variable rate on the loan for a fixed one. 2. Interest Rate Caps have the effect of capping the variable interest rate on the loan. The customer will pay a premium for a cap, generally a lower cap will incur a higher premium. 3. Interest Rate Simple Collars prevent the interest rate from fluctuating outside of an agreed range. If the base interest rate rises above the agreed ceiling it will be capped, however if it falls below the agreed floor the rate will remain at the floor level. 4. Interest Rate Structured Collars operate in a similar way to simple collars, the only difference being in the way in which the product reacts if the floor level is reached. Customers may be required to pay increased interest rates if the base rate falls below a certain level. The FCA’s review was not into the products themselves, which can serve a perfectly legitimate and useful purpose, but into the way in which they were sold. The then FSA, now FCA, identified that these products had been mis-sold in some cases.
Their concerns centred around: • Inappropriate sales of complex products, such as structured collars; and • Poor sales practices used in the selling of IRHPs, potentially exacerbated by sales incentive and reward schemes So what does this mean for the customers who bought IRHPs? The answer depends largely on whether the banks and FCA consider the customer to be a ‘sophisticated buyer’. In short, the current stance is that a ‘sophisticated buyer’ is big enough to have understood the product and the risks involved, and as such they are not entitled to any redress through the FCA’s review (although this is not necessarily the end of the story for sophisticated buyers).
IN THIS E
DITION..
. > Mis-s elli rate h ng of interest e > Thou dging products gh > Is the ts for the month d into a uopoly turning m > The c onopoly? ha landsc nging a regula pe of financial tion > Data ac > Easte quisitions rn poten promise or ti > First re al pitfall sponse c > Abou ourse t CCL
claim is through the bank’s own complaint handling procedures and potentially subsequent litigation. In these cases the key will be in proving that the product was mis-sold on the basis of one of the following: • Poor disclosure of exit costs • Failure to ascertain the customer’s understanding of risk • Non advised sales straying into advice • ‘Over-hedging’ (i.e. where the amounts and/or duration did not match the underlying loans); and • Rewards and incentives being a driver of these practices
Non-sophisticated buyers potentially have a fast-track for their claims, depending on what type of product they bought. The banks have committed to providing redress on the sale of structured collars for all nonsophisticated buyers and a case by case review of swaps and simple collars. Caps will be reviewed for non-sophisticated buyers, however unlike the structured collars, simple collars and swaps claims, caps claims will need to be initiated by the buyer instead of automatically by the bank.
In most of these cases it will be necessary to determine and evidence communications between the bank and the buyer. Communications such as emails and hard copy documents potentially dating back over a decade. Locating these documents is no straightforward task; imagine trying to find email communications dating back to 2001! We at CCL have already engaged in discussions with a number of firms pursuing such claims, on how we could use e-disclosure technology and techniques to help demonstrate that the product was mis-sold - processes such as recovering historical email accounts by restoring backup tapes, mailbox archives, voice and chat data such as Bloomberg.
For buyers who are deemed to be sophisticated the only route for making a
CCL is the digital forensics supplier of choice to the FCA.
1
SERGEY ERMOLOVICH, Senior Research & Development Analyst Sergey joined CCL in 2004 and has played a key role in implementing many of CCL’s procedures and practices, mentoring junior analysts, as well as providing technical support for CCL’s laboratories. As a senior member of CCL’s R&D Team, Sergey has devised and developed a number of proprietary software tools and scripts, which enable CCL’s analysts to extract and present more data from more devices and automate what would otherwise be labour-intensive tasks. Sergey has worked on a number of high profile cases, ranging from alleged price fixing, insider attacks on betting terminals and large-scale counterfeit ID scams. In total, Sergey has completed over a hundred cases and has given expert evidence in court on several occasions. Prior to joining CCL, Sergey studied as a mechanical engineer in technology of aircraft construction and subsequently completed a PhD in aerodynamics and hydrodynamics in turbo machines, as well as an MBA degree.
Sergey’s Thoughts for the Month Being bilingual, I have been involved in a number of CCL’s international investigations. The increase in cross-border investigations and litigation cases, for example from international companies and high-net-worth individuals in post-Soviet states, presents some new challenges – the language barrier and conducting efficient and targeted data collection from custodians in different countries being just two of them. Data collection in such cases needs to be properly planned, accurately scoped and make use of new technology to enable all potentially responsive data to be collected. I have recently been involved in a case where data needed to be collected from multiple custodians in different countries remotely, and without alerting those under investigation. The client was a large multi-national company who suspected a number of employees of multi-jurisdictional fraud. The case was made more challenging by the fact that the employees under investigation were remote workers whose laptops were not always connected to the corporate network, so the data on their laptops was not immediately accessible. To deal with this, we implemented a scalable investigative infrastructure within the client’s corporate network, which allowed us to remotely acquire data from custodian’s laptops when they connected to the corporate network. Subsequent examination of this data through keyword searching proved the original suspicion and also opened up a number of other avenues for investigation that were previously unknown. With the recent flood of litigants coming into London from Asia and further afield, this more strategic approach to data collection and investigations will become crucial, and having experience in this type of activity will be invaluable.
LAURA KIPPIN, Mobile Device Laboratory Manager Laura leads CCL’s large team of mobile device analysts who are responsible for the examination of mobile phones, satellite navigation units and tablet computers. The increasing prevalence of smartphones, tablets and other mobile devices will see Laura’s team expanding over the coming months. Laura has been with CCL since 2011, and has progressed to the top of her department very quickly. Prior to joining CCL, Laura studied at the University of Central Lancashire where she graduated with a degree in Forensic Computing. Whilst studying at university Laura gained her forensic skills and experience by volunteering for a digital forensic company in the North West.
Laura’s Thoughts for the Month As new mobile devices are brought to market frequently and as different operating systems such as Android and iOS are constantly evolving, the mobile device lab needs to stay ahead of the game. The ever-increasing storage capacity of mobile phones means that large amounts of data are contained within them – for instance a 64GB iPhone has over 10,000 times as much storage capacity as older generation mobiles such as the Motorola W375, which was at the cutting edge of technology only seven years ago. Gone are the days where your inbox is full and you need to delete your messages to receive new ones. At CCL we use a range of tools and capabilities to recover live and deleted data from mobile devices. We can also recover passwords from a variety of different handsets. We investigate standard communication data on the handsets such as call logs, SMS, MMS and emails, but smartphones can have many third party applications installed which also need to be investigated. And new applications are always being released. CCL is constantly pushing the capabilities of data recovery from mobile devices. Many businesses use, for example, BlackBerry handsets as their business phones. BlackBerrys come pre-installed with the messaging application ‘BlackBerry Messenger’. This is often used more than the traditional SMS message as this service is provided free of charge between smartphone users, and so being able to extract data from that application is very important. Mobile devices such as smartphones and tablets can be crucial sources of potentially responsive data in e-disclosure exercises, especially in organisations without robust and effective IT policies and central backup facilities, or in cases where an employee has gone ‘rogue’. In these cases, the mobile device may be the only location where that data is stored – and so being able to extract this data in a forensically-sound manner, even from the latest technology, is crucial.
2
IS THE DUOPOLY TURNING INTO A MONOPOLY? By Umar Yasin The much-lauded ‘bonfire of the quangos’ continues unabated, with the announcement that the competition regime is about to go through a major overhaul, with the merger of the Office of Fair Trading (OFT) and the Competition Commission (CC). The combined entity, the Competition and Markets Authority (CMA), is due to come into formal existence on 1st October this year, before assuming its full functions and powers on 1st April 2014. The overhaul is intended to usher in a new era for businesses, with the competition regime simplified and streamlined, avoiding any of the duplication or delays that are inherent in the current system. During a speech at Middle Temple Hall, the Chief Executive designate of the CMA, Alex Chisholm, spoke about the ambition to ‘strengthen what is already a strong and admired regime to one that is seen as truly world-class in quality, by maximising the benefits from combining the OFT and the CC into one organisation...’ This will actually bring the UK in line with most of the western world, where a single-body regime is commonplace. We will be exploring the changes to the competition regime and what they mean over the coming editions. In brief, the key changes that are being brought about are a change to the way mergers are dealt with, with a mooted move to mandatory notification of mergers not being pursued, and the merger thresholds having been kept the same. Instead, the aim is to provide a quicker overall process, during both Phase 1 and Phase 2 reviews. However, whilst possibly increasing efficiencies, a potential disadvantage with one combined super-authority may be the lack of a fresh perspective at the Phase 2 stage, once the Phase 1 referral has been made. On cartels, the previous requirement for prosecutors to prove the mens rea element of ‘dishonest participation’ in criminal cartels before an offence is deemed to have been committed is removed. Also, the merger of the OFT and the CC should speed up the current investigation process, which should please large corporates who have long lobbied for quicker anticompetition investigations. We will keep a close eye on the discussions and designs for the CMA over the coming months, including the proposals to publicise anti-competition investigations right at the outset, similar to the way the European Commission does. We will also look closely at the proposals to allow the CMA to compel witnesses with a connection to a party under investigation to answer questions under that investigation. We will also explore the likely and more immediate impact these changes will have for financial services firms, given the increased powers of the Financial Conduct Authority, and the relentless pressure from European regulators on the financial services sector.
CASE STUDY Extraction of deleted internet history THE CASE: A UK police force was investigating a m urder and needed to forensically exam ine both the susp ec t’s and the victim’s co mputers, to search for evidence. WHAT CCL DID: CCL took forensic images of the hard drives in order to analys e the data contained on them. CCL worked closely with the po lice force to iden tify and agree a range of keywords associa ted with the type of murde r, in order to increa se the chances of finding any relevant evid ence. CCL searched th e exhibits using th e agreed keywords and found signific ant evidence containi ng the keyword ‘k ill’ in the internet histor y of one of the m achines. This result focuse d the investigatio n on the internet histor y, and so CCL ob tained details of all the se arch terms entere d into Google and the web pages th at were subsequently visite d. Some of the inte rnet history files we re compressed. At th e time, forensic to ols could not nativel y search these, so this evidence could ea sily have been m issed. However, CCL’s ex perienced analys t noticed this and opened the files up so that they could be included in the forensic analysis. CCL found that, in the weeks runnin g up to the murder, the user of the su spect’s computer had be en searching for ways to kill someone. Fo r example, makin g Google searches such as: ‘Can a bl ow to the head kill?’ In order to try an d identify who m ay have been making thes e searches, CCL matched up the searches wi th specific dates and times, which indi cated that the su spect was the only one at ho me who could ha ve been conducting the se arches. THE OUTCOME: The data that CC L extracted from th e suspect’s compu ter provided crucial evidence to show th e premeditation of the murder. The su spect received a life se ntence and must serve at least 25 years.
3
The PRA is a subsidiary of the Bank of England and is directly focused on maintaining the stability of systemically crucial financial institutions. These institutions include deposit-takers and insurers, and, amongst other issues, the PRA is responsible for all prudential regulation issues, such as solvency requirements. In total, the PRA is responsible for the regulation and supervision of approximately 1,700 banks, insurers, building societies and investment firms.
rm fo
In
The FPC sits within the Bank of England and has more of a macro-prudential remit, and as such it will not interact directly with financial services companies.
ce
Firstly, as shown by the diagram, what is now being referred to as ‘twin peaks’ regulation is in fact ‘three peaks’; the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are the ‘twin peaks’, but are in fact overshadowed, or overseen, by the Financial Policy Committee (FPC). The diagram illustrates the relationship, interplay and potential overlap between the tripartite regulatory regime in more detail.
ICO
er’s Offi
We have focused recently on the Jackson Reforms, and over the coming editions we intend to explore the new financial regulatory regime in further detail. In particular, we will focus on the issues and opportunities it creates for our clients, the possible changing dynamic between the ‘Big 4’ accountancy firms, law firms and financial services clients, and other practical implications.
mmissi Co
on
1st April 2013 was quite a revolutionary day; the Jackson Reforms on litigation costs took effect, and the new financial regulatory system also came into existence, with the Financial Services Authority being replaced by the so-called ‘twin peaks’ of regulation.
ation
THE CHANGING LANDSCAPE OF FINANCIAL REGULATION
The relationship between the Information Commissioner’s Office and the PRA/FCA will depend on how the latter two will treat Freedom of Information requests
The FCA is responsible for the conduct of retail and consumer businesses, regulating around 26,000 businesses. THE THREE STATED OBJECTIVES OF THE FCA ARE: 1. Securing an appropriate degree of protection for consumers 2. Promoting choice and efficiency in the financial services market; and 3. Protecting and enhancing the integrity of the financial system In addition, some financial services businesses will fall under the scope of both of the ‘peaks’; dual-regulated firms such as banks and some insurers. In future editions, we will explore in more detail the FCA’s powers of intervention. The FCA’s objective to promote competition means that it will inevitably work closely with the OFT, and the diagram illustrates the interplay between the FCA and the OFT on competition issues, and other regulatory agencies.
4
PRUDENTIAL REGULATION AUTHORITY
(PRA) The PRA is responsible for the regulation and supervision of approximately 1,700 banks, insurers, building societies and investment firms
The FCA and OFT have a shared role in making financial markets work for consumers. From 2014, the new CMA will mean that all responsibilities for consumer credit issues will be handed over to the FCA
FINANCIAL POLICY COMMITTEE
(FPC)
The FPC sits within the Bank of England. Its objective is to identify, monitor and take action to remove or reduce systemic risks with a view to protecting and enhancing the resilience of the UK financial system. The FPC has a secondary objective to support the economic policy of the Government
o
Seri
g
OFT
us
F ra u d O
SFO
e ffic
a of F ir Tr e
in ad
Offic
By Umar Yasin
There is plenty of potential for overlap here, as the FCA deals with all enforcement issues, whether under FSMA 2000 or FSA 2010, such as a variety of market abuse offences, price-fixing issues and insider dealing. We will discuss this in further detail over coming editions
FINANCIAL CONDUCT AUTHORITY
(FCA) The FCA is responsible for the conduct of retail and consumer businesses, regulating around 26,000 businesses 5
CASE STUDY Recovery of deleted Skype messages enforcement THE CASE: A law ating an tig agency was inves of smuggling d te ec individual susp garlic disguised as large quantities of o empt from tax) int ginger (which is ex x ta g avoid payin the UK, in order to d to analyse the ke as s on it. CCL wa ters. suspects’ compu CCL created WHAT CCL DID: the d exact copies of forensically-soun rs te pu m co of r be m hard drives of a nu d an t to the suspec which belonged of being involved d te ec others susp activity. CCL then in the smuggling r s using one of ou processed the file em – making th review platforms r the officer in fo e bl easily viewa estigation. charge of the inv d the data and CCL securely hoste t to the officers provided suppor th ta by assisting wi reviewing the da g yin and identif keyword searches may contain at th s ea deleted ar evidence. potentially useful d searches or One of the keyw e Skype history th in s resulted in hit L e hard drives. CC on a number of th d an ta da is th ct was able to extra ges in the Skype recover all messa times, dates and history, including ils. It showed user account deta g the entire the suspect plannin the smallest to s, es oc smuggling pr tings, invoices ee m ing lud detail, inc rlic s at which the ga and temperature le ab o CCL was als should be stored. t ec sp su e s that th to retrieve the file his to ts men had sent as attach s. ge sa mes hibits, the Skype On one of the ex deleted. In order history had been leted data, CCL’s to recover this de to recover the file analyst was able inted towards records, which po , . CCL then rebuilt the deleted data ed let de esented this extracted and pr er gg ild a bi data in order to bu suspects were e th w ho of e pictur sing the details us sc planning and di of the case. The Skype THE OUTCOME: equently bs su evidence was and as soon as t ur co in presented tails of the Skype the jury saw the de was clear that this conversations, it key to the entire evidence was the t was jailed for case. The suspec six years.
6
DATA COLLECTIONS: ACQUISITION METHODS By Rob Savage In last month’s issue I wrote an article about the importance of preserving metadata and the impact that a poorly conceived collection methodology can have on the success of a case. In this article I am going to outline some of the acquisition methods we use on a regular basis to preserve metadata and ensure defensibility. Acquisition methods can broadly be broken down into two categories – overt and covert. Quite simply an overt approach is one in which the subject is aware of the data collection, conversely a covert approach is one in which the subject is unaware. Ultimately the method used will be dependent on the requirements of the investigation; in the vast majority of cases an overt approach is adopted, particularly for disclosure as part of civil litigation where a duty to preserve exists often long before collection. In general an overt approach is easier, takes less effort and is therefore the cheaper option. Although sometimes, the situation is such that a covert approach is the only option. When it comes to covert acquisition we have two options: ‘dead-box’ or ‘remote’ acquisition. Dead-box involves physically taking possession of the device and acquiring data directly, then returning it before the absence is noted. Historically this has been the favoured approach, especially at a time when most users had desktop computers left in offices overnight. Nowadays the majority of users have laptops which are, more often than not, taken home at night. In addition, mobile phones are becoming ever more relevant and are rarely, if ever, parted from their owners for any great length of time. The mobility of devices presents us with a challenge: how can we covertly acquire data when the user is never parted from their devices? The solution is to work alongside in-house IT teams to use the local IT infrastructure to our advantage. It is possible to remotely acquire data from devices with no tangible access to them. By deploying what is essentially a ‘Trojan’ to the devices (a Trojan which is secure and fully under our control), we are able to access and acquire data from user devices without their knowledge. This has proved particularly useful in investigations where the suspects were ‘home workers’ and a covert approach was required. Whatever approach is adopted it is important that it is done in a forensic manner, ensuring all possible data and metadata is preserved and that the process is fully defensible should the integrity of the evidence ever be questioned.
EASTERN PROMISE OR POTENTIAL PITFALL? By Umar Yasin Lawyers have been looking towards the East for a number of years now, and it seems that not a week goes by without either the current exploits of feuding Russian oligarchs or the latest exposé on the murky world of a Kazakhstani commodities company hitting the headlines. Boris Johnson also memorably called upon defamed billionaires and divorcing wives to ‘roll up, roll up’ and battle it out in London, encouraging the phenomenon of foreign litigants forum-shopping. The Berezovsky and Abramovich court saga highlighted the phenomenon of Russian parties choosing to litigate in London. Recent figures from Portland show that out of all the claims issued in the Commercial court from 2009 to 2012, only 159 cases involved UK-based litigants, while those claims involving foreign litigants totalled 364. Interestingly, out of these, 75 were Russian-based and 86 were Kazakhstan-based. Apart from the flood of litigation coming into London from places such as Russia and Kazakhstan, the last few years have also seen an influx of companies, particularly commodities companies, listing on the London Stock Exchange. A premium listing on the LSE allows such companies to benefit from the exposure to tracker funds, but it also brings with it the regulatory burdens of a London listing. Ironically, the last couple of months have seen a spate of Kazakhstani and Russian-focused mining companies either relegated from the FTSE 100, or at serious risk of relegation, due to tumbling commodities prices. The recent scandal that has engulfed Eurasian Natural Resources, with Mehmet Dalman resigning as chairman, and the Serious Fraud Office launching an investigation into fraud, corruption and bribery, highlights a number of potential pitfalls, which we will discuss in detail over the coming editions. There seems to be a gulf between the standard of corporate governance that comes with a premium London listing and the way in which some companies are being run, which seems to be as much of a cultural issue as it is a corporate issue. ENRC was famously described as being ‘more Soviet than City’ by former director Ken Olisa, and at the time of writing, with the SFO now having issued a Section 2a notice to Dechert, the law firm previously assisting with ENRC’s internal investigation, it seems that the SFO is making clear that it can no longer rely on ENRC to self-investigate.
CASE STUDY Harassment – mobile phone analysis THE CASE: A law enforcement agency was investigating an allegation of harassment whereby the victim was apparently receiving harassing telephone calls and SMS messages. The suspect was arrested, his mobile phone seized and sent to CCL for analysis. WHAT CCL DID: CCL was asked to examine the mobile phone to ascertain whether there had been any SMS messages and calls made from the suspect’s handset to the victim within a specified timeframe. CCL analysed the mobile phone, and several SMS messages and call records were found which would incriminate the suspect. THE OUTCOME: A full report was provided to the prosecution and the CCL analyst who worked on the case was called as an Expert Witness. The suspect was subsequently found guilty.
Add to the mix the recent data loss due to a ‘burglary’ and an alleged cyber attack on ENRC’s computer systems, and it should come as no surprise that a parliamentary committee now wants to launch a probe into transparency and corporate governance at London-listed commodities companies. The UK Listing Authority is also reportedly about to launch new entry requirements, focusing on increased standards of corporate governance – a sign that scandals like those that are engulfing these companies reflect badly on the authority that listed them. Despite the lure of Eastern promise, the potential pitfalls have never been so prominently publicised.
7
SS’ E N I D A E R ‘ S CCL’ COURSES
re they are know to ensu to ed ne e key: s ient l evidence ar what your cl ta and digita da re These outline he w e situations ready for thos (HR issues, ployee issues em • Litigation d an ns fraud and vestigatio t, employee • Internal in ment, IP thef ss ra ha s, ie polic e) te collar crim other whi ts es qu re ry • Regulato nce • Complia ce te governan ra po or • C digital urses. As the liver these co de ta (live to da u s, yo ce ner with ise on devi rt pe ex , e th CCL can part e be identified rts, we provid d how it can an , ce on forensics expe en ng id ni ev e the trai and digital ; you provid d and deleted) and analysed ed ny policies an ct pa lle m co preserved, protection, co ta da , ns io plicat the legal im . es ur ed proc ts, and those ur requiremen yo to her ed is om to educate ot s can be cust ed internally us CCL’s course be so e. al ailabl s. They can points are av of your client m where CPD fir ur yo in ith ises partners w or client prem the law firm at ite -s on usually held Courses are ion ng investigat ude: cident requiri in al rn Courses incl te in onse to an • First resp (BYOD) t, corruption, Own Device ur Yo fraud, IP thef g ee oy pl • Brin m (e vestigations • Internal in bullying)
THE NUMBERS CCL employs over 100 full-time members of staff, including 65 consultants and analysts who have completed: • 200+ • 4,000+ • 50,000+ • 2,000+ • 700+ • 450+
e-disclosure cases digital forensic (PC) cases mobile phone cases consultancy engagements civil and criminal cases expert witness assignments Scan the QR code with your smartphone for more content.
COMING UP NEXT MONTH: What can we learn from across the Pond? Tips for effective keyword searching
8
ABOUT CCL CCL is the UK’s largest digital forensics laboratory, and a leading provider of e-disclosure and IT consultancy services. From our beginnings as an independent IT consultancy in 1986, we have developed our services to respond to advances in new technology, the increasing importance of data, and the need to manage, recover and protect it. In 2001, we setup our digital forensics laboratory. CCL is now the largest digital forensics provider in the UK, and the only one to hold the ISO17025 standard for our computer, mobile phone and SatNav laboratories. We provide digital forensics services to a broad range of organisations, ranging from law enforcement agencies, civil and criminal law firms to corporate clients. CCL has been in the e-disclosure market since 2009 and to date, has completed over 200 e-disclosure cases.
OUR SERVICES • Part 31 e-disclosure services • Digital forensics - All operating systems - Smartphones/mobile phones - Tablets - SatNav analysis - Cell site analysis - CCTV analysis • Collections • Part 25 search and seizure orders • Part 35 expert witness services
Missed an issue of Legal News? Don’t worry, all issues are available on our website at
www.cclgroupltd.com For more information call Rob or Umar on
01789 261200
email edisclosure@cclgroupltd.com or visit: www.cclgroupltd.com