Meeting Compliance Burden for Financial-Sector Giant

Lighthouse helps global British bank resolve critical risks during a major technology overhaul.

Download the case study

Key Actions  

  • Microsoft referred Company to Lighthouse to address eDiscovery needs within Microsoft 365 (M365)
  • Lighthouse assembled a team whose members had former expertise gained from stakeholder departments that were affected by the unresolved needs

Key Results

  • Compliance risks were successfully remediated using native M365 tools 
  • The Company used its new platform to avoid the need for add-on services or vendors

What They Needed

M365 Implementation Yields Data Risk Management

As one of the nation’s largest financial institutions, the Company’s move to M365 required exceptional time and care—further complicating compliance requirements for record-keeping, data protection, and regulated conduct, and ultimately placing demands on M365 that created uncertainty of whether the platform could be resolved.

The complex compliance requirements fueled an internal audit, revealing several risks related to the Company’s management of unstructured data, including its practices for retention, deletion, preservation, and protection of sensitive information. 

The Company asked Microsoft for help—and Microsoft referred the Company to Lighthouse. 

Tight Deadlines, Exceptional Solutions

Lighthouse was tasked to explore whether M365’s native information governance (IG) and eDiscovery tools could address the risks identified in the audit. The team launched a series of workshops, interviews, and research tasks to:

  • Educate stakeholders about M365’s native capabilities for records and information management (RIM) and IG
  • Define stakeholders’ needs and current workflows regarding RIM and IG
  • Analyze gaps in the current state
  • Test and propose new workflows using native M365 tools

Executives intensely monitored this project, as every identified risk was critical, so the pressure on the teams’ proposed workflows was tremendous—not to mention a tight 12-week timeline.

Lighthouse prevailed, fielding a team of experienced peers with the Company stakeholders. Every business group—from records management to IT that were responsible for remediating risks—was paired with a Lighthouse consultant who had previously filled a similar role at a comparable institution. Our experts gained rapid credibility with each stakeholder group, and they ultimately accomplished a unified solution that was acceptable to all parties. 

Our solution succeeded in remediating all flagged risks using RIM and IG workflows within M365. It required the Company to upgrade its M365 licensing agreement from E3 to E5, but the company agreed that the added cost was more than worth it. 

In the end, Lighthouse achieved two key wins: 1) demonstrating to the Company that M365 could meet even the most stringent security and compliance needs, and 2) securing a new trusted partnership with the customer that has continued to develop.