Scandals Send Clear Message
Incriminating E-Mails Put Financial Sector On A HiDec 8, 2002 | The Boston Globe
Most people regard e-mail as a relatively simple, text-based messaging medium.
Not the people in the financial services industry.
For them, e-mail has proved to be extremely complicated, confusing, embarrassing, and even dangerous.
Last week, for example, five broker-dealers announced that they would be paying $1.65 million each for failing to retain e-mail communications in accordance with federal and securities industry regulations. But just a few months earlier, Merrill Lynch paid considerably more, $100 million, to settle with regulators after it granted access to incriminating e-mails it had dutifully archived.
The financial services industry can hardly be blamed for suddenly feeling confused and overwhelmed by e-mail, especially since there's no reason to believe the pressure from regulators and investigators is going to abate.
''E-mail is always a focus now,'' said John Falvey, an attorney with the Boston law firm Testa, Hurwitz & Thibeault who specializes in white-collar criminal defense and governmental investigations work. ''Whenever you ask for documents, you always make sure that you explicitly ask for e-mail.''
Which means that many companies are scrambling to create stricter e-mail retention policies, to comply with tighter regulations, and to institute employee-training programs to rein in casual e-mail habits. And they have to do it fast, because the large fines and damaged reputations that have been traced to e-mail-related issues have attracted the attention of officers at the very top of the company.
''This is the year that e-mail went from the backroom to the boardroom,'' said Kenneth Rubin, the executive vice president of marketing at Iron Mountain, a Boston-based firm that manages records and information.
And from the executive suites, the e-mail landscape must look like a minefield.
A few weeks ago Massachusetts securities regulators released a series of e-mails that appeared to provide further evidence that research analysts at Credit Suisse First Boston were controlled by investment bankers. An e-mail from Frank Quattrone, the top technology banker at Credit Suisse, plainly asked whether investment banking business was ''extracted'' from Agile Software Corp. before an analyst began research coverage of the company.
Before that it was Jack Grubman, the former telecom analyst for Citigroup's Salomon Smith Barney unit, who was embarrassed by the release of e-mails in which he bragged that he had given high ratings to AT&T to curry favor with Citigroup chief executive Sanford Weill. In exchange, Weill is alleged to have smoothed the path for Grubman's twins to be given places at the prestigious 92d Street Y preschool.
Candid e-mails from Henry Blodget and other equity analysts at Merrill Lynch also turned up in newspapers this year, used by New York Attorney General Eliot Spitzer to push Merrill Lynch into a $100 million settlement for allegedly misleading investors. Spitzer released e-mails in which Blodget described Internet companies as a ''piece of crap'' and a ''piece of junk'' while analysts maintained positive ratings on the companies.
Part of the blame for some of the recent e-mail foul-ups can be attributed to a casual, almost careless attitude that many e-mailers take to the new medium.
''When people use e-mail, they tend to be blunt, candid, and careless in a way that they wouldn't be writing a memo, or even face to face,'' said Testa, Hurwitz & Thibeault's Falvey, who frequently advises clients on e-mail procedures. ''E-mail is really a unique case, in terms of the unguarded comments you find.''
Another contributing factor could be an ignorance of how e-mail works.
''Many people think that an e-mail message goes directly from your computer monitor to the recipient's computer monitor,'' said David P. Stenhouse, director of operations at Seattle-based Computer Forensics Inc., which provides electronic discovery services for attorneys and the business community.
In fact, Stenhouse notes, a typical business e-mail message is almost instantly stored in four places: the sender's computer hard drive and company e-mail server, then the recipient's hard drive and company e-mail server. By the next day, the message would probably be archived from the two e-mail servers, saved to magnetic tapes and stored in a secure location, where it cannot be deleted but it can be easily searched.
Stenhouse, who previously worked for the Secret Service investigating e-mail threats to President Clinton, has seen many individuals, and companies, blindsided by e-mail naivete.
''It's not surprising that many people think they can just delete an e-mail on their personal computer and it will be gone,'' said Stenhouse. ''They discover very quickly that it's much more complicated than that.''
The rules, however, are fairly straightforward.
According to SEC regulations, brokerage firms are required to preserve for three years electronic communications relating to the business of the firm, including interoffice memoranda and communications. Under the new Sarbanes-Oxley Act destroying or attempting to destroy documents related to a federal investigation is a crime punishable by up to 20 years in jail.
Falvey also recommends a simple approach when he's helping a company upgrade its e-mail policies.
''I always advise clients to regard e-mail as a document just like any other document,'' he said. ''That means you need to have a policy in place that describes how you are going to deal with these documents.''
Which doesn't mean keeping them indefinitely. In fact, Falvey advises his clients to destroy their e-mails as quickly as appropriately possible.
''If you're in a regulated area, you might have to keep e-mails for an extended period of time,'' he said. ''Otherwise you should keep e-mails for only as long as you need them. We usually recommend from three to six months.''
And once a deletion policy is decided upon, Falvey warns, you cannot stray from it.
''If you generally destroy e-mail every six months, you cannot suddenly decide to delete all your e-mails after four months just because you've just announced a shortfall in earnings. That could get you tens of millions of dollars in fines,'' Falvey said.
Likewise, Falvey cautions firms not to delete e-mails in anticipation of an investigation.
''That would not be a smart game for any company to play,'' Falvey said. ''Willfully getting rid of any document that you know could be relevant to an investigation, even if it's technically within your standard procedures, would not be well received by a court.''
Of course, all this e-mail uncertainty has just meant more business for some firms, like Iron Mountain. Last week, as Peter Delle Donne, the president of the company's year-old Digital Archives Division, strolled through the company's data center in downtown Boston, he didn't have to reach for a way to describe how his group has grown over the last year.
''A year ago, we thought we'd need only half this room,'' he said as he passed column after column of electronic storage units stacked on black metal shelves. ''Now we've almost outgrown it.''
Asked how many e-mail messages are currently archived on Iron Mountain's system, Delle Donne took a few seconds to make a mental calculation.
''Somewhere in the range of twelve hundred million,'' he said as he raised an eyebrow, an indication that the number surprised even him.
And because the SEC regulations are written broadly to include all ''electronic communications,'' more specialized businesses could also benefit as compliance issues grow to include, conceivably, text messaging on cellphones, voice-to-text message systems, Internet-based telephone systems that save telephone calls as digital files, and future technologies we haven't thought of yet.
Already, financial services firms are starting to deal with instant messaging, which many people in the financial community use to maintain access to investors and operational staff. One Boston firm, IMLogic, is already building a compliance-oriented business devoted to instant messaging.
Founded in March 2001, the company originally aimed its instant messaging management product at a general business audience. But after the recent spate of high-profile financial services scandals, IMLogic tightened its focus on the financial services field, releasing a compliance-oriented product, IM Manager, in September. Since then the company has signed up more than a dozen customers, encompassing more than 100,000 users.
''Six months ago, many companies were telling us that they were interested in our product, but they wouldn't have the budget for our product until 2003,'' said Jeff Whitney, IMlogic's vice president of marketing.
Once e-mail-related scandals started appearing in the media, however, the sales cycle suddenly shortened.
''Compliance officers found the money,'' Whitney said.