Introduction
Responding to an investigation by the French stock market regulator Autorité des Marchés Financiers (AMF) is a challenging task, particularly when it comes to email disclosures.
The AMF's disclosure requirements may not appear complicated at first glance, but given the broad scope of the requests and the short turn-around times, failure to pay close attention to detail will likely result in inadvertent disclosures, missed deadlines, and possibly substantial penalties.
Per Article L. 621-10 of the Monetary and Financial Code, AMF investigators are entitled to obtain “all documents, whatever the medium” needed for the investigation, while “it is expected that requests for information will be satisfied as soon as possible.” [1]
A disclosure demand will be accompanied by two files: a twelve-page “Procedure” document and a “Formulaire” spreadsheet with 12 worksheets for documenting each of the 12 stages. The two files provide strict requirements which must be followed to submit the disclosure satisfactorily. These requirements include:
- Importing the email archives;
- Searching for privileged communications;
- Exporting email archives with the original folder structure intact;
- Preparing a privilege log of excluded emails;
- Creating an “explanatory document” detailing the exact procedure used at each step; and
- Preparing declarations signed by the company’s legal representative as well as the manager of the technical team responsible for preparing the disclosure.
Each step in the process must be meticulously documented with precision and attention to detail. While the steps outlined in the Procedure and Formulaire files are the same, the wording will vary and may even appear contradictory, leading to confusion and last-minute scrambling. Failure to comply with the disclosure demand can result in a fine up 100 million euros, and providing inaccurate information can result in a two-year prison term plus a fine of 300,000 euros.
For efficient and compliant disclosures to the AMF, FRA has developed a process that employs custom technical tools and review methodologies to optimize and simplify each step, greatly reducing the risk of error while at the same time maximising time and cost efficiencies. This bespoke process allows FRA to provide draft disclosures for counsel to review within five days of receiving the data.
Process Overview
The disclosure process outlined in the Procedure and Formulaire documents begins with the requirements that must be met for an email to be considered privileged and eligible for exclusion from the disclosure. Privileged emails must meet each of the following conditions:
- Have as the sender or as the main recipient (and not simply in copy) a lawyer engaged by the company;
- Have as sender or main recipient (and not simply in copy) an employee of the company; and
- Not have a third-party as sender, recipient or in copy.
The searches must therefore be run in two stages: the first to identify the “potentially privileged” emails (A and B above), and the second to identify the “third party” emails (C above). The final set of privileged emails will be all emails in the potentially privileged set but not the third-party set.
While these requirements appear simple, the process requires extensive analysis and rigorous quality control checks.
Searches for Potentially Privileged Emails and Third-Party Emails
The first step in the process is to identify “Potentially privileged” emails, which requires performing searches for emails where (i) a lawyer is the sender or direct recipient (i.e. not in copy) and (ii) an employee of the company is the sender or direct recipient (i.e. not in copy).
The next step, to identify the third-party emails among the potentially privileged set, is one of the most cumbersome in the disclosure process. This involves building multiple search parameters to identify any email address or domain other than those of the entity’s lawyers and employees. The search must be run separately across each of the email address fields (To, From, CC, and BCC).
The potential for errors when building these searches cannot be overstated. As a typical mailbox may contain 20,000+ email domains (50 of which may belong to the privileged senders-recipients), the third-party search must therefore be built to find any of the ~19,950 non-privileged domains in any email address field.
Once the above searches are completed, all email addresses in the third-party set should be parsed [2] so that each individual email address can be reviewed for errors. This step is necessary since a privileged email address may have been overlooked when the addresses were provided for searches. For example, a former employee in an office with a different email domain, or a law firm that provided limited services on smaller matters, can easily be overlooked.
If the company confirms any email addresses had been overlooked, those addresses must be reclassified (as “lawyer” or “employee”), and corresponding edits must be made to each address field (To, From, CC, and BCC) in each of the affected searches before they can be re-run. It is not unusual for three or more rounds of searches to be run before all privileged emails have been identified, since each addition to the count of privileged email addresses will result in a larger number of search results to be analysed for potential errors.
FRA's custom process has been designed to programmatically classify and reclassify addresses in a fraction of the time otherwise required, essentially removing the risk of error during the search process.
Privileged Emails and “Immediate Forwards”
Once the set of privileged emails has been identified, there still remain the process to identify the “immediate forwards” of privileged emails. These immediate forwards (i.e., a privileged email forwarded to a lawyer or another employee of the company) do not meet the AMF’s original conditions for an email to be withheld for privilege as they do not include both lawyers and employees as senders and recipients. However, The AMF process does state in a very cursory manner that withheld forwarded emails must be clearly identified on the privilege log. (This is one of the most striking examples of wording that may appear contradictory, leading to confusion and last-minute scrambling if the procedure is not fully understood at the outset.)
Identifying these forwards can be time-consuming and often requires manual review of each email due to limitations in review platforms like Relativity, which only extract metadata for the top-level emails and not previous senders and recipients.
FRA's custom process again brings efficiencies to this complex procedure by creating metadata from the first "sub-message" in email chains and matching it with the privileged emails' top-level metadata, thereby identifying these emails. This reduces the time required to complete the task significantly.
Documentation and Delivery
Having finally identified all the privileged emails, next is the arduous task of exporting all the non-privileged emails to be disclosed to a new email archive that maintains the exact folder structure of the original archive, with the exception of the excluded privileged emails. This step would normally be completed by manually moving emails to a folder since Relativity has no option for recreating a folder structure automatically when exports are run.
To avoid such a manual and error-prone exercise, FRA has developed a custom application and workflow that automates the creation of the archive and placement of each email into an appropriate folder. The generation of the export files is therefore accomplished in a fraction of the time otherwise required.
Conclusion
Preparing an email disclosure for the AMF is a lengthy and stressful affair for the uninitiated, subject to error and incomplete disclosure. From onerous documentation requirements, to manually intensive searches and email thread analysis, to the formidable task of finally exporting the deliverable, there are seemingly unlimited possibilities for error.
Parties required to undertake the task must familiarise themselves with the process as soon as possible and not underestimate the complexity and time required to complete each of the stages or remediate any errors. An even more prudent approach, however, would be to consult a trusted advisor that understands each step in the process and has developed a methodology to simplify it.
[1] La Charte De L’Enquete, 27Septembre 2021 https://www.amf-france.org/sites/default/files/private/2021-09/2021_09_charteenquete.pdf
[2] Parsing is the process of breaking down an element (e.g., an “Email To” address field) into separate components (e.g., the individual email addresses within that field). Parsing email addresses requires exporting all email addresses (To, From, CC, and BCC) contained in a set of emails to a structured format so that each address becomes a separate component, and the full set of email addresses can be de-duplicated.
.png)
