Law firms that provide securities, merger & acquisition, or other services to public corporate clients must take special care to comply with a diverse set of regulatory requirements. Depending on the nature of the matter and the jurisdiction, firms may be subject to SEC rules, Sarbanes Oxley or the EU Market Abuse Directive.
These policies stipulate that material information must be closely guarded to prevent insider trading or other ethical violations. Importantly, several rules require that firms be able to provide an audit report that details all personnel who have accessed or even have had the ability to access a particular matter or document.
Given the importance of market protections, these regulations also carry substantial penalties for non-compliance. Firms that find themselves under suspicion or investigation face potential financial penalties as well as loss of staff, clients and reputation.
In a law firm environment, potentially sensitive and descriptive information resides in a variety of systems including document management, records management, time entry and even CRM applications. Attorneys and staff generally have access to these repositories. However, to comply with market regulations firms must impose limits and tightly control who has visibility. Firms that rely on manual intervention to lock down access face challenges and inefficiencies in ensuring that all information is protected and in keeping security definitions accurate and up to date. Traditional ethical walls tools offer some assistance, but only secure document management systems. Furthermore, they do not self-maintain security restrictions and they fail to provide necessary logging mechanisms.
Most importantly, the audit requirements imposed by these regulations represent an area of considerable risk. Organizations must be able to document access rights and activity when called upon to do so by clients, the court or regulatory agencies. When faced with such requests, firms undertake onerous manual analysis and investigation across multiple applications, trying to assemble necessary information and construct the required records. They must also be prepared to certify the results of their efforts are true and complete.
Wall Builder enables firms to closely control who can access sensitive information stored across multiple internal repositories. More importantly, it also logs all significant action including the creation of security walls, wall modification and user access permissions for specific assets. This information, which can be easily managed using a customizable reporting engine, provides a comprehensive historical record for demonstrating regulatory compliance.
"A primary method for preventing the dissemination of confidential information within an entity is to limit its dissemination to those individuals who have a 'need to know.' Technology can be used to limit an employee's access to electronic information that is of a sensitive nature. Simple solutions such as controlling the dissemination and destruction of draft documents as they are created and discarded can help prevent inadvertent disclosure."
