This article was first published by Fraud Intelligence.
As Covid-19 spread across the globe in February and March 2020, investigation teams and in-house compliance professionals had to swiftly adapt to the rapidly changing environment. When the threat of border closures became a reality, investigation teams were pulled out of countries around the world, in some cases having only just arrived, and a hard brake was applied to most ongoing investigations. Once the dust settled, the constraints of a pandemic, and especially the contingent ban on global travel, meant that over the intervening eight months, a number of new approaches have been developed within the investigations space. This article will examine four areas:
- Identification of misconduct;
- Evidence collection and review;
- Interviews; and
- Post-investigation challenges.
Identification of misconduct
One area in particular that has become extremely challenging during the pandemic is the identification of misconduct. It has become apparent that the unique pressures of a global public health crisis may be leading to an increase in fraud and other corporate misconduct. Moreover, with employees out of the office working remotely, it is harder for compliance teams to monitor and identify potential bad behaviour. Clearly, regulated Financial Services entities have specific issues around managing inside information, and have rolled out recorded phone lines and monitored networks to employees’ homes, but this kind of monitoring is harder outside the regulated sector. In addition, acting on the usual compliance triggers – such as hotline and audit reports – may be slower due to a delay in the information reaching compliance teams. In terms of solutions, it is clear that the best prepared companies are those that have put in place increased systems and controls, especially around financial triggers such as bespoke “dashboard” alerts for unusual cost allocations, expense claims or other red flags. Unfortunately, it is likely that there will be issues identified that require further investigation.
Evidence collection and review
Once an issue has been identified, the usual investigation protocols should be adopted in terms of securing and collecting evidence. Given the travel restrictions, it is often not possible to attend an overseas (or even local) office to collect electronic data. In fact, what has become clear is that the majority of businesses’ IT systems no longer require a local collection, but rather, that remote collections are now possible and indeed preferable. Depending on the type of investigation, it remains the case that external forensic IT teams should be used in order to ensure a forensically sound collection process, even if conducted remotely, so that the company is able to robustly defend the securing of evidence in the event that government agencies become involved. It is also still important that the original data is preserved and that deletion holds are put in place, as normal, for relevant custodians, and routine deletions of backups stopped. In addition, most large forensic IT teams can provide local support in terms of imaging mobile telephones, laptops, and tablets.
One issue that should be considered carefully at this early stage of remote collections is where the data will be transferred to. Unrelated to Covid, there is an increasingly complex web of data protection laws and national blocking statutes that need to be carefully analysed before a collection takes place and data is uploaded to a review platform. Finally, hard copy collections can usually be undertaken by a local agent who can collect, scan and upload documents for review.
A further challenge is the fact that employees have been working from home and therefore potentially relevant evidence may be held outside of the office. Safe collection protocols should be put in place where evidence, be it electronic or hard copy, needs to be collected from an employee’s home. Again, local vendors can often assist with collection of documents and data from employees’ residential addresses.
Once the evidence has been collected, it can be reviewed in the normal way via a document review platform. One serious issue to consider is confidentiality and data security. Like many people, external document reviewers are working from home. This means there is greater potential for information to be disclosed, whether maliciously or by accident. Depending on the sensitivity of the investigation, different approaches can be applied. If the investigation is extremely sensitive, then external document reviewers should not be used, and documents should be reviewed within the investigation team by external counsel or, if there is sufficient independence, by internal legal and compliance team members. If, due to the scale of the review or language issues, it is necessary to use external document reviewers, then technology-based controls should be used, such as print and download rights being restricted along with other forms of monitoring.
Once the evidence has been reviewed it is usually necessary to conduct interviews with witnesses. Companies and employees have become accustomed over recent months to using video conference software, but it is not ideal for conducting potentially sensitive interviews. There are a number of issues to consider, not least how documents can be shown to the interviewee. It will often not be appropriate to send potentially sensitive documents to an interviewee prior to an interview. Recent experience has shown that software used for depositions can be extremely useful for conducting interviews. The video and audio quality are generally high, and some platforms can be used to show documents and manipulate them, for example to highlight text or zoom into a specific area. The platforms can also often produce live transcripts. In addition, it is important to consider language issues in interviews where the interviewee does not speak English as a first language. Potential solutions to consider include, having a local interpreter with the interviewee (subject to relevant social distancing requirements) or including an interpreter on the video call. Unfortunately, neither of the solutions is ideal, but it is important that the interviewee is given the best opportunity to provide as clear an account as possible.
The Covid pandemic has given rise to two particular challenges in relation to completed investigations. Firstly, engagement with the government in some jurisdictions has undoubtedly become more challenging. Making often complex, fact-based presentations is particularly difficult when conducted remotely. Video presentations also naturally make it hard to assess whether points are being clearly understood and are not conducive to questions. In addition, Covid restrictions on workplace attendance have placed a significant strain on the ability of global enforcement agencies’ digital forensic teams to take receipt of, and process, physical production storage media, such as CDs or encrypted hard drives. Recent experience has shown the need to implement online alternatives, for example by way of secure FTP transfer, which are safe, quick and avoid the historic need for the delivery of physical storage media.
Finally, at the conclusion of an investigation, steps often need to be taken to remediate issues that have arisen. The pandemic has undoubtedly made it harder for compliance teams to visit overseas operations to implement new systems and controls, or to provide training. Whilst training can be conducted remotely, often it is necessary to use local partners to assist with the implementation of any required amended policies and procedures and the contingent systems and controls. Although this is not ideal, it is essential that companies do not hesitate to take robust action in circumstances where misconduct has been identified.
Whilst some of these Covid-related solutions will only be used in the short term, some – such as remote data collection and secure transfer of data to government agencies – are welcome developments, and are likely to become the norm in post-Covid investigations.