International Regulatory bodies including the European Central Bank and the Central Bank of Ireland have changed the rules on the format in which submissions under regulatory reporting regimes such as FINREP or PRISM+ are made.

Whereas once these were possible via the submission of a completed Excel template, they are now required to be in either XML or XBRL format, and to that end they have produced specific taxonomies against which the submissions must be made.

• Fully Managed Service
• User-Friendly Templates
• Secure File Transfer
• Comprehensive Validation

Regulatory Investigations can often come without warning and with a stringent list of technical requirements alongside a tight deadline.

Whether they arise as a result of a Dawn Raid, come via a formal request for information, or whether you wish to test your own compliance internally, the highest standard of investigation and response will always be required.

When you are working with a regulator to facilitate a review of your data it is important to know that your advisors can ensure swift, efficient, secure and fully compliant management of information, that mitigates potential legal risks. Our combination of legal expertise, experienced project management and legal technology has been designed so that this is exactly what you get when you instruct Matheson in a matter of this type.

The Client Solutions team within the Digital Services Group at Matheson has the technology and the experience of working with our leading legal teams to provide fast, compliant responses to regulatory requests in a wide variety of situations. We utilise a range of technologies including Artificial Intelligence, process automation and our secure client portal offering to ensure that regulatory projects are delivered to specification, on time and with maximum client visibility.

Case Study: our Client Solutions team worked directly with our regulatory experts to ensure that a multi-part Request for Information was delivered to the regulator’s required specification on time and within the planned budget. 

Following a series of detailed requests for information from the Regulator, our client turned to Matheson to assist with the review of sensitive documentation for relevance and privilege.

Members of the Digital Services Group’s Client Solutions team, including a Senior Legal Project Manager, eDiscovery Technical Manager, Legal Technology Specialist and Legal Technology Consultant met with the various legal experts charged with the delivery to understand the scope and deadline for the matter and to form a project team for delivery of the requests.

The Legal Project Manager and eDiscovery Technical Manager put together a plan for the timely delivery of the project, including Key Performance Indicators designed to ensure:

• Things were moving at the pace that they needed to be
• Sufficient consideration was given to quality control review by senior lawyers
• Legal technology was used optimally in order to ensure a successful outcome

Additionally, the Legal Technology Consultant worked to create a Matheson Collaborate site that could be used to provide the client with an up-to-the-minute view of progress using both a custom designed project dashboard and task manager.

The multi-disciplinary Matheson team worked directly with the client’s in-house IT team to collect the relevant data in full accordance with the technical specifications set out by the Regulator, and to transfer it to Matheson. Once in possession of the data, it was processed in order to obtain metadata in respect of each file and to enable powerful filters that our team were able to use to de-duplicate documents, filter out small irrelevant files such as logos from the bottom of emails, and arrange the remaining potentially relevant files into batches for review.

A review was then conducted on a three-tier basis, with automatic redaction and redaction QC applied to ensure that necessary redactions for issues such as privilege were made quickly and consistently across all of the documents. This also allowed our legal team to create a fully compliant privilege schedule as the review progressed. When the review was completed it was checked against the technical specifications required by the regulator before being produced and securely transferred to them.

We work directly with our legal teams to provide the optimal technology solutions for Data Subject Access Requests.

There are a number of possible ways for organisations to deal with a data subject access request once it has been received. All of these place an administrative burden on organisations that can be draining, cumbersome and distracting.

The Digital Services Group at Matheson has worked with our Litigation department to devise a methodology for the quick and transparent review of DSARs that could provide you with significant value in terms of resources deployed, and peace of mind in terms of compliance with regulations.  We can facilitate everything from the most straightforward requests, to complex requests requiring the review of large volumes of data.

Case Study: a recent complex DSAR where the Digital Services team were able to utilise technology in order to ensure that a very tight deadline was met.

Given the potential fines that may accrue if Data Subject Access Requests are not responded to correctly and within the timeframe required, Matheson are often instructed to ensure that responses are defensible, in line with regulations, and delivered before the deadline.

In a recent matter we were instructed by a client in respect of a DSAR where, due to various factors, time had passed since the initial request had been received but no action had been taken. This effectively meant that the client had several days remaining to identify the potential personal information to which the data subject was entitled, to review and remove any third party personal data, or anything that was to be shielded from disclosure on the basis of any exemption.

The first step was to locate the data associated with the data subject in order to try to find that which held their personal data. Our experienced team of technical experts worked directly with the client’s IT team to identify custodians of data and efficiently catalogue and extract data sources. We advised on legal tech solutions that used machine learning and AI to search through structured and unstructured data repositories and systems, including databases, email systems, and cloud storage platforms, to find all relevant personal data.

Next, we minimised the timeline of the DSAR by applying search terms across the collated data. Working with our legal team, we reduced the timeline to ensure that responsive data that was relevant to the current DSAR.

Given the potential fines that may accrue if Data Subject Access Requests are not responded to correctly and within the timeframe required, Matheson are often instructed to ensure that responses are defensible, in line with regulations, and delivered before the deadline.

In a recent matter we were instructed by a client in respect of a DSAR where, due to various factors, time had passed since the initial request had been received but no action had been taken. This effectively meant that the client had several days remaining to identify the potential personal information to which the data subject was entitled, to review and remove any third party personal data, or anything that was to be shielded from disclosure on the basis of any exemption.

• The first step was to locate the data associated with the data subject in order to try to find that which held their personal data. Our experienced team of technical experts worked directly with the client’s IT team to identify custodians of data and efficiently catalogue and extract data sources. We advised on legal tech solutions that used machine learning and AI to search through structured and unstructured data repositories and systems, including databases, email systems, and cloud storage platforms, to find all relevant personal data.
• Next, we minimised the timeline of the DSAR by applying search terms across the collated data. Working with our legal team, we reduced the timeline to ensure that responsive data that was relevant to the current DSAR.
• To further reduce the expensive and time-consuming legal review,  technology was used to process and run analytics over the responsive data set. We then used analytical tools to identify duplicative documents by classifying and removing documents that were textually identical (or near identical).
• Additionally, we undertook an email threading exercise which gathered all forwards, replies and reply-all messages together. Email threading identified email relationships and condensed them into a single document. This greatly reduced the time and complexity of reviewing emails, and ensured consistency across the review.
• The Digital Services and legal teams worked together to drive the review of those potentially relevant documents. Through the course of this project a specialised Senior Legal Project Manager ensured that the review proceeded on time and under budget.
• Once the data had been reviewed and categorised, the Digital Services team applied automated redaction technology to efficiently redact third party personal data and other sensitive information. The response was then created, including a schedule of relevant documents, and made available to the Data Subject via a Secure File Transfer protocol.

Throughout the review, all actions and decisions were logged for compliance and auditing purposes. Every decision made on a the status of a responsive document is carefully recorded, from the type of privilege that attaches to a document to the level of commercial sensitivity that it attracted. This provided our client with a DSAR that was robust, secure and delivered on time.

Matheson offer bespoke solutions to DSARs whereby multiple tiers of review can be done to ensure that data provided is accurate while taking into account the sensitive nature of your organisation’s data. Our team can offer greater or lesser tiers of review, balancing costs and time against your organisation’s appetite for risk or the sensitivity of the data set.