What to Look For In a SaaS Solution For Subpoena Response Delivery

Banks can reduce costs, increase productivity and benefit from the proof of compliance needed to effectively manage this burdensome task.


9 July 2019

What to Look for in A SaaS Solution for Subpoena Response Delivery

Banks today are responding to large numbers of subpoenas every month from a variety of requestors in jurisdictions around the U.S. Most of these subpoenas take the form of a third-party subpoena duces tecum, or document subpoena, such as a request for bank records for a particular bank client or group of clients who might be under civil or criminal investigation. Subpoenas can be issued by legal teams involved in cases, by the courts themselves or by regulatory agencies. Regardless of the origination authority, the volume of these requests is sufficient to require major banks to have teams dedicated to fulfilling these requests. Many banks have teams of 20+ people focused on the hundreds of subpoenas needing responses on a daily basis. These same banks report monthly loads of 2,000 to 5,000 subpoenas, each typically requiring the assembly of many documents from disparate sources.

The most common process in effect today for subpoena response requires the copying of electronic files onto CDs and the shipment of these via an expensive shipping service. This involves finding the files, copying them onto a CD, manually filling the package, addressing and shipping. Clearly, such a process is costly, poorly tracked and error prone, given the possibility for loss or theft of data. Furthermore, there is little visibility into what becomes of the subpoenaed documentation once it leaves the bank. Other than the possibility of a signed receipt, there is precious little evidence of the bank’s having complied with the request. And, of course, if additional information is subsequently required in conjunction with the same case, the same costly and inefficient process must be repeated.

Secure SaaS Data Rooms

Banks already employ ultra-secure Software as a Service (SaaS) document collaboration and distribution solutions, like Intralinks, for highly regulated use cases. Customer onboarding, M&A due diligence, wealth management, anti-money laundering, collaboration with external law firms, fund reporting and regulatory reporting are all served today by such solutions. These use cases require document aggregation and dissemination, intuitive web interfaces, granular permission management, document encryption and access reporting. These same characteristics make such solutions ideal for subpoena response. Having, in most cases, already taken efforts to examine the security model and practices behind such services and added them (in the case of Intralinks) to the whitelist of supported software for sensitive content sharing, it is a simple matter to add workspaces to subpoena response alongside regulated use cases.

What to look for in an SaaS Solution for subpoena response delivery:

1. Subpoena response documents need to be protected. Bank records are full of personally identifiable information (PII) of the most sensitive sort. Compromise of client data through unsecured transmission – whether paper based, CDs sent through expedited shipping or files shared with SaaS solutions not measuring up to the bank’s security standards – can result in litigation and cause reputation damage.

2. Banks using Intralinks VDR technologies routinely engage in audits and penetration tests to validate the platform’s security capabilities and ensure compliance with its own standards. These examinations and accompanying conversations help banks proactively drive future enhancements to ensure continued compliance in this ever-changing realm.

3. Solutions need to be easy-to-use. The tight timelines required in subpoena responses are routinely measured in days or a few weeks. Mechanisms for intake of request and rapid transition to fulfillment need to be easy enough for all users to avail themselves of, so they drive productivity, instead of creating obstacles. Secure SaaS solutions – such as Intralinks – may well be in wide use in the bank today, and thus bank users will in many cases already be familiar with, and have accounts on, the chosen solution.

From the perspective of the subpoena-issuing authority, many of which will have a low tolerance for learning curves associated with delivery applications, a SaaS platform such as Intralinks offers an HTML5-based interface supporting dynamic web behaviors natively, with no plugins or administrative rights required of participants. Requestors can easily download or view content online from desktop or mobile interfaces, with a single credential sufficing to monitor the status of subpoena requests and with all banks employing this same SaaS solution.

Given the likelihood that many issuing jurisdictions will be repeat requestors, a standard mechanism across the bank is a must. A secure SaaS solution with desktop and mobile interfaces simplifies the procedures for responding to subpoenas and provides a dashboard of requests/responses with ready access to the most current response documents. Over 125,000 lawyers and 70,000 government regulators already use Intralinks for a variety of scenarios involving highly sensitive content.

4. Proof of compliance is essential. A secure SaaS solution that allows subpoena response documents to be shared with the appropriate audiences, internal and external, should include exhaustive auditing functions to prove in a legally defensible way that documents were shared with the subpoena issuing authorities, and that they were viewed/consumed. A virtual data room (VDR) will capture the lifecycle of events involving the response documents and the users, proving what was published and who accessed it.

5. A simple, robust permissions model is needed. Invitations to appropriate users and user groups should be easy to extend, tracked upon extension and acceptance and include a simple model for granting permissions.

Subpoenaed documents should be easy to remove, as should the data room on which they were shared, once the subpoena has been complied with and proof of receipt/consumption is available. This allows banks dealing with large volumes of subpoenas to manage responses effectively. Archival records of compliance should be available where desired, to allow the bank a legally defensible evidence point vis-à-vis compliance.

Evaluating Return on Investment

The ROI on SaaS-based subpoena solutions can be substantial. Besides the critical considerations of security, auditability, speed to delivery and ease of use, a SaaS solution may well save real dollars in the early stages of its deployment.

Consider the following scenario, which reflects the scale shared by several major retail banking customers. The bank handles about 2,000 subpoenas per month and has a team of several dozen employees involved in the preparation of responses. That preparation includes locating documents, burning CDs and filling and labeling shipping envelopes. As a reference, let’s look at what some third-party services charge for assisting with subpoena responses.

From American Express’s Subpoena Response Unit we see labor costs assessed at $22 per hour and shipping costs for two-day and overnight express services at $15 and $25, respectively. Let’s take a conservative estimate that the effort to produce a CD containing subpoena response documents for a single subpoena involves 10 minutes of labor ($3.67), presumes the two-day shipping rate of $15 per package and demands a nominal material cost of $.15 per disk.

For a SaaS solution, we’ll use the following numbers: for 2,000 subpoenas per month, we assume a team of 30 internal users involved in the delivery and 2,000 in receipt of the response documents. Assuming a per-user license cost and fixed costs for support, a solution on Intralinks could run closer to $9 per response, or $177,000 per year.

Table 1 summarizes the costs using the AMEX shipping costs, and then a highly discounted per-response shipping rate of $8. The one-year cumulative three-year savings of the Intralinks solution are shown in the lower right-hand cell of each table.

Table 1 – AMEX Shipping Costs, 2-Day

Volume (monthly)* Labor Rate
 
Labor Time
(minutes)
Labor Per Subpoena Average Shipping Costs Materials Costs
2,000 $22/hour 10 $3.67 $15 $.15
        Cost/Response $18.86
        Year 1 Cost: $452,600
*annual volume increase 2%       Intralinks Annual Cost: $176,467
        3-Year Savings, Intralinks Soln: $883,994  

 

Table 2 – Highly Discounted Shipping Rates, FedEx

Volume (monthly)* Labor Rate
 
Labor Time
(minutes)
Labor Per Subpoena Average Shipping Costs Materials Costs
2,000 $22/hour 10 $3.67 $8 $.15
        Cost/Response $11.82
        Annual Cost: $284,600
*annual volume increase 2%       Intralinks Annual Cost: $176,467
        3-Year Savings,
Intralinks Soln:
$359,358

 

Figures 1 and 2 below show the annual savings from the Table 2 assumptions:

Figure 1

Figure 1: Subpoena Delivery ROI Analysis

 

Figure 2

Figure 2: Annual Savings

 

Conclusion

Secure SaaS platforms such as Intralinks are widely used at banks today and are trusted with sharing sensitive files across some of the most mission-critical use cases financial institutions have. Subpoena response demands security, intuitiveness and an in-depth audit trail. Banks can reduce costs while increasing productivity and gain the benefit of the proof of compliance needed to effectively manage this burdensome task.