Standard operating procedure

Methodical training in two areas – record keeping, and the correct compilation of online and digital evidence – sounds distinctly unglamorous but can help to instil a culture of safety first.

Although record keeping (including note-taking and interviewing) is associated in people’s minds with investigation, it should be part of the working ethos (a corporate version of flossing teeth). The existence of accurate records means that if you are investigating a client or challenged by a suspect, court-compliant evidence can be swiftly produced.


Such a culture can also help to protect you if you are in the unthinkable position of being under external attack, as, for example, in this cautionary tale from Anthony Woolich, partner with law firm Holman Fenwick Willan: “With the enforcement of competition law in mind, and with our client company’s approval, we carried out a mock dawn raid as a training exercise because it was felt that some people in the company were doing their own thing. We had authentic ID cards. Only the managing director and the general counsel knew who we really were. This was very useful. We were given free rein – we opened drawers, no one followed us around or recorded what we were looking at and they were a bit slow in calling the in-house legal department.”

Of course it could never happen to you, but here is another case of an organisation with poor record-taking discipline, also from Mr Woolich: “You have to keep internal investigations under control – you cannot ignore them. For example, a development bank was investigating the award and performance of a contract. The bank’s audit department contacted the contracting company, who failed to involve the head office legal department at first. The bank’s investigators spent a week in the regional office; employees responded but when we finally became involved they had no record of what information they had given to the bank’s investigators. The company had no focus for receiving questions and giving answers.”

And no matter how meticulous record keeping may be in one part of the organisation, it needs to be reinforced with adequate internal communications. “Be careful of sanctions, for example against trading with Iran or Syria,” Mr Woolich said.

“Things can go wrong when employees inadvertently transfer money without getting authorisation, for example, to or from listed asset-freeze targets. In that case you may have to make a report to the Serious Organised Crime Agency and you may also need to tell HM Treasury and the FCA. It is important to establish procedures so that this cannot happen. One part of an organisation may understand the issue but may not disseminate the rules to the people processing payment,” he added.

This underlines the importance of working closely with in-house or external lawyers.

In the event of suspected fraud – external or internal – your own investigations, carried out by professionally trained internal investigators, should give comfort to clients and shareholders that you are taking steps to recoup potential losses; carried out properly, they also reduce or even avoid potential litigation costs. A bungled investigation, however, can waste time and money if investigations do not meet the correct legal standards, as well as attracting bad publicity.