Discover more about our courses.
ICA is the trusted partner for you and your organisation.
Written by International Compliance Association on Tuesday December 15, 2020
Insight written by Tristan Jenkinson, Head of Investigations EMEA, OpenText
As the compliance world continues to evolve and the number of internal investigations increases, the skillsets needed by compliance staff are changing. This article discusses some of the reasons behind the growth in investigations, how compliance skills are evolving as a response, and the rising importance of technology-based investigation knowledge.
Recent years have seen an increasing number of internal investigations, both in the UK and around the world. This is the result of a number of factors, including heightened regulatory scrutiny, the growing use of deferred prosecution agreements (DPAs), as well as a cultural shift within regulated companies supporting a ‘speak up’ and ‘listen up’ culture.
Leaks such as the FinCEN Files, Luanda Leaks and Panama Papers have left organisations (especially those within the financial sector) exposed. Many have received very public criticism for doing ‘just enough’ to meet regulatory obligations but failing to take steps to investigate or prevent abuses from taking place. Many see reports by the likes of the International Consortium of Investigative Journalists (ICIJ) and the corresponding fallout as helping fuel a change in culture to one in which whistle-blowing is taken more seriously; a culture in which regulated firms are expected to take more responsibility to investigate and prevent the types of abuses that have been uncovered, and to make sure that they are being seen to do so.
The impact from the public’s response to leaks and investigations is far from the only factor that has been attributed to this cultural shift. The #MeToo and Black Lives Matter movements have had a huge effect, both in empowering employees to speak out and in demonstrating to companies that they need to listen to those employees.
There is no indication that the number of internal investigations will start to slow, and the global COVID-19 pandemic is indeed expected to accelerate their occurrence.
To understand why, we must recognise how working from home is seen to carry a higher risk of potential misconduct. One way of demonstrating this is to consider the ‘fraud triangle’, a framework developed by criminologist Donald R. Cressey which seeks to explain the three factors which typically lead to fraud. Where all three factors of the triangle are present, the risk of fraud is significantly increased. Below are the factors of the fraud triangle, and how they might be met during the pandemic.
Opportunity. Employees working from home are potentially subject to less oversight and a lack of relevant controls because systems were not set up for staff to work remotely. Whilst at home, individuals are in a comfortable environment with no colleagues around and they might feel that they are less likely to be ‘found out’. In addition, due to the economic pressures of the pandemic, companies may look to make savings in non-revenue generating departments, such as compliance. This can lead to a lack (either perceived or real) of defences and safeguards against misconduct, thereby increasing opportunity.
Pressure. Financial pressure is currently the most obvious burden under which staff might labour. During the pandemic, employees may have become concerned about finances due to fears about the economic impact and recession, wage cuts, being furloughed or the perceived risk of being laid off. Alternatively, staff could be troubled by the consequences of failure as they struggle to meet targets in a downturned market. All of these factors can increase pressure on individuals. These issues could also manifest as an indirect pressure where a partner or dependent, for example, is facing these risks and pressures directly.
Rationalisation. Wage cuts, placing staff on furlough or potential layoffs can also lead to employees becoming disaffected and a sense of entitlement from the organisation may creep in. The pandemic is also a time when individuals may rationalise actions as protecting their family and their future.
The increased risk of employee misconduct is one aspect that can lead to more investigations, but is not the only one. There have also been reports that the pandemic is itself leading to more instances of suspected or confirmed fraud committed by employees.
Workers without physical access to the office may no longer able to cover up prior malfeasance through access to physical ledgers and records or secretly logging into a colleague’s machine out of hours. As cash flows slow, it may be more difficult to cover up lost funds as there is less money to move around. For example, the Bernie Madoff Ponzi scheme might have gone undiscovered for much longer, had it not been for the recession in 2008.
There are likely to be an increasing number of internal investigations taking place in regulated environments as a result of these changes. This in turn means that skills in compliance investigations, as well as investigations in general, will become highly sought-after.
So what skills are needed?
As the focus was once on moving from a tick-box to a risk-based approach, the compliance world is now looking to build more effective approaches to combat misconduct. In the area of investigations, one of the key methods to increase effectiveness is through the appropriate use of technology.
This point was raised in the ICA’s free eBook Better Practices for Compliance Management (released in partnership with Galvanise), where one of the compliance processes identified as in desperate need of technology was in managing investigations.
Most of the information we produce today is electronic, typically in the form of email, chat, documents and spreadsheets. The pandemic has accelerated the move to electronic data even further, with information that still remained paper-based quickly becoming electronic to enable employees to successfully work from home.
In many internal investigations, electronic data is often key. There is therefore a need to make sure that the information is correctly collected and preserved. This is important, not only so that it can be efficiently investigated for signs of potential wrongdoing, but so that it can subsequently be relied upon in court, or by the appropriate regulators or enforcement agency.
Digital forensic technologies can assist in ensuring that the data is correctly preserved, but can also help to investigate hidden electronic information behind the files – for instance it could help to determine if intellectual property has been stolen from an organisation, perhaps to take to a competitor or even set up a new company in direct competition. On top of this, it could be used to determine if a file or email is authentic or has been faked in some way.
eDiscovery technologies can help in the efficient review of documents. Using a wide number of different technologies, eDiscovery tools can assist with searching data, identifying and tagging relevant information and using advanced analytics and AI to suggest other information which may also be relevant. The technology was originally designed for use in disclosure matters, where is it used to filter vast data sets down to just the relevant information in a dispute; it is therefore perfect for use in investigations where electronic data such as emails or documents need to be analysed for signs of wrongdoing.
Understanding the technologies involved can therefore be of huge benefit to compliance professionals, driving efficiency into procedures in order to build more effective investigations.
While it may not be necessary to have the skills to run an eDiscovery or digital forensic investigation from start to finish, possessing an understanding of the technology and how it can be employed is absolutely key to building effective investigations.
ICA now offers an introductory course which explains and discusses these technologies, with a specific focus on their use in investigations.
This course will help you to build an understanding of digital data and how digital forensics and eDiscovery technologies can be used to assist compliance investigations. The course covers the importance of digital data, digital forensics and its use in practice. eDiscovery technology is then discussed, first providing the basics and an introduction to the area, before talking about some advanced techniques and how these can be utilised to focus a large volume of data down to information relevant to an investigation.
We have already seen an increasing number of internal investigations and the pandemic is likely to intensify this further. The ability to run investigations effectively and efficiently is now highly prized and key skills, such as understanding the use of technology like eDiscovery and digital forensics, will be among the most fundamental skills for compliance staff working on investigations in the years ahead.
 International Consortium of Investigative Journalists, ‘FinCEN Files’: https://www.icij.org/investigations/fincen-files/ – accessed December 2020
 International Consortium of Investigative Journalists, ‘Luanda Leaks’: https://www.icij.org/investigations/luanda-leaks/ – accessed December 2020
 International Consortium of Investigative Journalists, ‘Panama Papers: Exposing the Rogue Offshore Finance Industry’: https://www.icij.org/investigations/panama-papers/ – accessed December 2020
Thank you. Your comment is awaiting moderation and should appear on the site shortly.
Required fields are not completed, please ensure all required fields (*) have been filled in properly.
You can leave the name empty should you wish to remain Anonymous.