Many corporations are now grappling with the challenge of timely compliance to these information requests because of ever-increasing data volumes and the need to consider a variety of data sources, including new collaboration platforms such as Microsoft Teams, Slack, Google Workspace, etc. These challenges are only compounded by logistical issues surrounding data collections where organisations need to identify and collect data from various jurisdictions, often now remotely as a result of COVID-19, and then perform large-scale document review exercises in incredibly tight timelines.

In light of the above, in-house legal should engage outside counsel and technology experts as early on in the process as possible to improve their merger-ready response position. This includes adoption of several best practices which were raised during the panel’s discussion:

• Build-in compliance at the foundation. To timely identify and collect data responsive to an information request, organisations need to maintain good data hygiene and understand how their employees’ access and store potentially relevant documents. Establishing sound data retention and acceptable use policies are a good way to mitigate downstream issues from the outset. By developing robust compliance programs and providing awareness training, employees understand why it is essential to adhere to these policies and are aware that it could ultimately be subject to regulatory scrutiny every time they create or share a new document.
• Assess the scope and develop a robust methodology. Regulators may be willing to negotiate the scope and timing of a request or whether specific keywords, sources, regions, etc., are relevant to the matter. This is a significant opportunity to determine right away whether the team will be able to respond by the deadline or if the request is asking for a disproportionate number of documents. It’s also the stage where the response team should start preparing a robust draft methodology and potentially share this with the regulator to obtain their buy-in on the overall discovery and review approach.
• Understand that every minute counts. Merger control investigations are almost always highly time-sensitive, to the point that every day and every hour count toward meeting the regulator’s deadline. Seemingly minor delays (such as waiting for IT to provide access to specific systems, obtaining information and files from employees who are on holiday, or dealing with limited internet bandwidth during a remote collection) can impact an organisation’s ability to comply with an agency's request. Therefore, it's critical for all key internal and outside stakeholders to establish their respective roles and expectations early and create a timeline to ensure the submission remains on track irrespective of any potential delays.
• Anticipate Future Requests. Depending on the complexity of the case, regulators will likely submit additional follow-on requests. Teams should proactively prepare for this by anticipating what may be within scope and taking measured responses to get ahead of it. For example, organisations can conduct interviews with key employees to understand better the data systems and working practices of business units likely to be of interest to regulators. Counsel can work with HR and IT to compile a list of employees who acted as predecessors/successors within specific positions since internal documents requests are often focused on role-based inquiries. Finally, by involving stakeholders from the relevant business units in discussions with the regulator, counsel can help refine the scope since the case team will be better informed on what technical and industry-related information is important to complete their review of the deal.
• Understand the value of transparency and completeness. Transparency and collaboration with regulators can go a long way in easing the burden of internal document requests. Regulators have signalled potential openness to organisations responding to multiple requests and multiple agencies, all with the same document production. Every agency will need to be convinced that the scope and methodology fulfil their requirements—if that alignment can be achieved, the time and resources required for the matter will be significantly reduced. Similarly, document disclosures must be complete. Given the technical and logistical issues of ensuring completeness across new data types, it's crucial to involve data experts to ensure everything is collected and presented in the appropriate format accommodating legal review and production.
• Leverage AI and Other Analytic Technology. Organisations will inevitably face scenarios where there isn’t sufficient time to conduct a first-level or manual review. This is where technology-focused solutions such as advanced analytics and AI can do the heavy-lifting to sift through large data sets to identify and prioritise for review the documents most likely relevant to an information request.

Looking ahead, the complexities associated with responding to internal document requests is only going to increase in light of continually growing data volumes, a greater variety of data sources, and a wide array of legal and logistical issues arising from cross-border investigations, which often can be driven by multiple antitrust agencies. To deal with this, both regulators and transacting parties will need to rely more on data experts and new AI-based technologies to streamline the response process and ensure it is performed in a defensible and robust manner.