Protocols needed to investigate global corporate fraud epidemic
Acting quickly is vital in fraud investigations in order to ensure evidence is preserved and data is not modified or deleted
Given that corporate fraud is a global epidemic, there is a need to establish protocols for fraud investigations, attendees at a recent Iberian Lawyer event in Madrid heard.
Participants at the event – which was held in partnership with KPMG Forensic – highlighted the fact that corporate fraud is causing significant damage to companies’ reputations, harming competition and causing companies to incur significant losses.
Attendees heard that forensic investigation allows for the gathering of information that enables the circumstances in which the fraud took place to be reconstructed via the use of techniques such as the review of digital evidence, which was described as a particularly useful tool in such investigations.
However, participants were told that there is a need to establish protocols for such investigations, given employees’ use of electronic devices to carry out their work duties. Such protocols will vary for different countries due to differences in applicable laws and regulations. Attendees also heard that one of the most important considerations in such investigations is the need to act rapidly to ensure that evidence is preserved, to avoid modification or deletion of data.
It is also important that, once such information has been processed, an environment is created in which legal advisers and compliance personnel can access that digital information and provide feedback to the investigation. However, it was argued that the Spanish regulatory requirements regulating the acquisition of evidence need to be clearer. There is a view that there are a lot of doubts regarding what measures need to be adopted to facilitate the use of evidence in investigations. In addition, there are also questions about what measures need to be in place when court authorisation is necessary, for example to access emails, as this can have a significant impact on companies’ internal investigations. Panellists agreed that there is a lack of legal certainty in relation to these issues.
Companies are interested in defending themselves in such situations and therefore want to ensure disciplinary measures and a compliance programme are in place. The risks of corruption can be mitigated but cannot be eliminated completely – risk assessment will be improved significantly if there is a general vision and an effective plan, but it must be widely accepted within the company.
Attendees were told that risk analysis must be proportional and continuous, although this is not always easy, particularly when it involves foreign jurisdictions. Due diligence should also be conducted to detect “ticking bombs” and therefore mitigate risk. Companies are highly motivated to carry out due diligence and adopt compliance programmes because, failing to do so, can jeopardise investment as well as transactions. Event participants also highlighted the fact that the adoption of channels for filing complaints is still not part of the business culture in Spain – creating such channels for anonymous complaints, which guarantee complainants will not have to endure repercussions – is key.