Compliance Management

Legal matters: Aon Corp. and Mitratech

Brokerage services provider Aon Corp. found help in streamlining its network operations throughout its global reach into 120 countries, reports Greg Masters.

Around five years ago, David Cambria observed one office within Aon Corp. supplying information in an Excel spreadsheet while another used Word. This made compiling companywide reports a significant challenge and limited visibility across the enterprise. The disparity in tools used also presented security challenges when legal matters reached a sensitive stage. Settlement information, for example, must be kept confidential and accessible to a limited number of professionals. Because the various systems employed didn't provide the necessary levels of access control, settlement documents had to be managed separately by the select lawyers and business unit managers with required access.

This was occuring just as Aon Corp. was expanding its global legal staff to more than 100 attorneys and an equal number of support staff to meet an ever-changing and complex regulatory environment. With its headquarters in Chicago, the provider of consulting, outsourcing and insurance brokerage services, needed to streamline the corporate systems connecting its 37,000 professionals worldwide located in 500 offices in 120 countries.

The problem was that each of Aon's legal offices was using different systems to manage processes. The company had developed a Lotus Notes-based application to manage legal matters, but many within the enterprise thought it was limited, and different offices began adopting their own formats.

As the company grew, this system became increasingly inefficient. Aon needed a single platform that could manage all aspects of legal matters and would be accessible by any of the company's global legal staff, as well as outside counsel law firms and business unit managers – but still with the necessary controls in place to limit information exposure and protect confidentiality.

Secured information-sharing is core to Aon's risk management and reinsurance business, says Cambria, director of operations in the law department at Aon. “A centralized database of secured information is vital to ensuring consistency and confidentiality among so many locations, individual departments and outside counsel law firms,” he says.

At that point, Cambria (right) led an initiative to adopt a holistic platform for managing legal matters and sensitive documentation.

Aon began looking at solutions. It considered offerings from TriPoint (presently TyMetrix), Law Manager, Bridgeway's eCounsel and Corprasoft, but ultimately decided on Mitratech's TeamConnect.

“Its architecture was the most robust and flexible among the options,” says Cambria. “Both configurable and customizable, TeamConnect conformed to corporate processes, as opposed to dictating them. This was a significant consideration given the platform was implemented globally, across 17 countries, and needed to conform to a broad spectrum of operational differences.”

In adopting Mitratech's TeamConnect matter management platform, Aon gained the tools it needed to operate more efficiently and cost-effectively, while ensuring all legal information was gathered, stored, controlled and shared uniformly across the enterprise, he says.

In particular, Cambria says that TeamConnect has enhanced Aon's highly confidential litigation settlement process. Prior to deploying the product, lawyers managing contentious matters would gather and record case information – allegations, arguments for and against, findings and determinations, relevant statutory references – for the case and, if necessary, develop a settlement memo using various office productivity tools. For settlements, key individuals would have to generate a paper version of the settlement memo, which documented settlement terms and methodology. This would then be distributed manually to the legal department and the impacted business units for review and approval.

Today, the entire process takes place within TeamConnect – all information, from the case history to final approvals – is stored within the system. First, the managing attorney, or “main assignee,” stores his or her case notes electronically within a standardized format. Pull-down menus, such as “offer/demand date” and “offer/demand type” are used to simplify the record-keeping process and to record and preserve the matter's start and end points. When lawyers generate settlement materials, those documents still can be stored in the system, but TeamConnect provides controls that lawyers can use to provide access to individuals with the required level of privilege.

Because a major part of Aon's business involves serving as an insurance/reinsurance broker, the legal department receives a significant number of third-party subpoenas each year. As such, it needed a way to not only track and manage witness and/or document requests, but a way to track them by the entity that was subpoenaed. With TeamConnect, managing the subpoena process is relatively straightforward, says Cambria. “This can help simplify the process and limit the amount of time the attorneys or support staff spends inputting third-party subpoena information. And the access controls within TeamConnect ensure the process is managed confidentially.”

Mitratech differentiates TeamConnect from competitors in many ways, says Scott Giordano (left), corporate technology counsel of Mitratech. “TeamConnect's out-of-the-box applications, such as matter management and e-billing, are robust, mature, enterprise-class solutions that encompasses all aspects of enterprise legal and GRC administration.” The system is used by more than 130 of the Fortune 500, he adds.

Its integration with authentication regimes, such as SSO and granular access control, enables collaboration by team members inside and outside the enterprise, while allowing them access to only what they need to accomplish their duties, he says.

Further, the tool's accountability or “event forensics” function allows responsible parties to unwind events and determine who did what and when in a manner that will withstand judicial scrutiny, says Giordano.

It is an extensible, scalable and customizable platform that will grow with the customer and adapt to constantly changing business requirements, says Giordano. “Competitors typically offer a combination of acquired point solutions that do not scale and become brittle when attempting to integrate with other applications,” he adds.

Via a SAS 70-compliant third-party internet service provider (ISP), Mitratech hosts a server to which all released patches, updates and service packs are uploaded. “When administrators visit the available updates page in TeamConnect, it connects to the server and displays a list of updates available for the specific version of TeamConnect and other products installed,” says Giordano. “Administrators can then review the contents of each update and choose to install it on their schedule.”

Implementation

Aon did not encounter any deployment issues that were different from what a company would encounter in deploying such a significant piece of technology, says Cambria. “The greatest challenge was in deploying globally, which meant a number of issues had to be addressed. Because Aon is a diverse and globally dispersed company, I had to take into account varied IT security requirements throughout the globe, e.g., what was an acceptable IT security standard in the U.S. may not be acceptable in the U.K.”

Deploying a system globally also posed logistical challenges for Cambia's team – from dealing with limited internet bandwidth to addressing cultural differences while customizing the user interface and mapping the fields accordingly. In the United States, for example, the word ‘litigation' is used quite freely and refers to a wide range of activities, while in other countries, the word refers to specific steps and the matter overall is called ‘contentious,' not ‘ligitation.' Rather than force professionals working in global offices to conform to a single standard, the platform was customized to match local nomenclature.

Another significant challenge was maintaining tight controls on how the technology would be implemented. Because TeamConnect is both configurable and customizable, there was a great deal of dialogue about the range of possibilities that Cambria sought to control. “Just because a technology can do something, doesn't mean you should do it,” he says.

Adoption throughout the enterprise went smoothly. Though the department had to gain the approval of major internal stakeholders – which ranged from finance, compliance and risk management to upper management, IT and accounting – getting buy-in from users once the system was established was a relatively smooth process.

“We are finding it easy to manage and operate our instance of TeamConnect,” says Cambria. “Because TeamConnect's strength is its ability to be configured in any number of ways, we have yet to find a process that could not be made more efficient, effective and manageable with TeamConnect. We have been able to modify our design on several occasions to meet our ever-changing business needs and requirements.”

For the most part, TeamConnect has been meeting Aon's expectations, he adds. “Of course, we always try to be bleeding-edge with our implementation and that creates new areas of discovery for all of us, but by and large, with good requirements for gathering, planning and design, there is not much that we have not been able to accomplish.”

And these efforts have been helped along with some personnel implementations as well. Recently, D. Cameron Findlay, executive vice president and general counsel of Aon, has come on board. Cambria says Findlay has taken many steps to help the enterprise operate more efficiently and better control legal spend.

Keeping compliant

Since Aon is regulated by a number of government agencies, the legal department plays a key role in monitoring and enforcing the company's compliance initiatives, Cambria says. “Should a government audit or investigation occur, the attorney handling the case can quickly create an electronic record with TeamConnect's capabilities. A systematic and repeatable approach to addressing compliance is paramount should the company face a government audit or litigation. The company must show it has made all attempts to comply with regulations and document how it has addressed any gaps in their systems.”

In addition, Aon's legal team must maneuver both a wide range of international laws and regulations and as lawyers, also must adhere to professional and ethical requirements related to client confidentiality and attorney-client privilege. The access controls within TeamConnect provided the company's lawyers with the required level of protections for data access and transfer, safe harbor and other relevant issues.

Mitratech's TeamConnect provides a global view of Aon's governance, risk and compliance information. The tool can be used in a compliance management capacity, Giordano says, assisting clients with adhering to sectoral information security and privacy regulations, such as HIPAA, GLBA, FISMA; general or “horizontal” regulations, such as the Federal Trade Commission and state information security and privacy regulations (California SB-1386); and industry-sponsored regulations, such as PCI-DSS.  

“It is important to us to know who is knocking at our door, who has shown an interest in our practice and how we responded,” says Cambria. “Having a system that enables us to capture and collect that valuable information and which lets us examine where we started out with the agency in question and how the inquiry ended is incredibly valuable in providing a broad understanding of how we manage our overall portfolio of risk.”

Expanding TeamConnect's use corporate-wide continues to be an ongoing process, says Cambria. Future plans include using the system to track timekeepers in multiple rates and currencies, to implement automated litigation holds and e-discovery management processes, and to establish early-case assessment management tools. Aon consistently tweaks and modifies the system to meet new and emerging needs and demands.

The initial implementation included significant protections because of the sensitive nature of the information managed within TeamConnect. “Nothing has emerged to prompt a change,” Cambria says. “The initial implementation included a number of testing and monitoring processes that regularly measure the platform security. Legal materials are extremely sensitive and the professionals working with this information must adhere to high standards, so the bar was very high at the outset.”


[sidebar]

Resolving matters: Increasing efficiencies

Mitratech TeamConnect Enterprise is an applications platform for legal and governance, risk and compliance (GRC) automation, designed to manage organizational fulfillment of mandated obligations, says Scott Giordano, corporate technology counsel of Mitratech. 

“The system provides a unified, secure, web-based interface where a variety of response teams can collaborate securely to resolve all types of matters and incidents, with full traceability for their participation,” he says. “With litigation-oriented workflows, rules, tasks, and document management functions built in, TeamConnect allows select individuals to work on sensitive, privileged information in an efficient way.”

The underlying extensible platform provides key advantages over a task-specific or “point” solution, says Giordano. “The platform can be further developed as the user sees fit beyond our predefined application suite. The J2EE platform's open infrastructure and development toolkit make it easy to translate domain expertise into an enterprise application, with resources that include:

  • A centralized database to store critical information, facilitate enterprise-wide communication and knowledge-sharing;
  • Comprehensive security and rights management with fine-grained user access control for complete protection of confidential information;
  • Workflow automation to help multistep business processes, and to automate a variety of actions including approval flow, task assignments, alerts, and notifications;
  • GUI-driven rules engine to trigger system actions and events;
  • A programmable user interface that leverages the latest technologies, such as Spring MVC and AJAX for a rich user experience;
  • A data warehouse for business intelligence, analytics, and quick and easy reporting; and
  • Productivity tools than include contact management, calendaring, and document management.

Using the TeamConnect toolkit, Mitratech clients have been able to extend their technology investment to new areas and departments beyond the original applications for which it has been designed, says Giordano. “The platform's flexibility also secures its longevity through its ability to easily adapt to the changing regulatory landscape and new business requirements.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.