Internal investigations – opportunities for companies and decision-makers

Fraud risks can arise internally through employees or externally through third parties and include the risk of losses through deliberate actions such as theft, embezzlement, deception or cyber-attacks. Internal fraud is committed by individuals within the company, often by circumventing controls, while external fraud is committed by individuals outside the company. 

In practice, it has been shown that regulatory or criminal misconduct can occur in any organisation, regardless of size or industry. Cyber-attacks, for example, have long since affected not only large corporations but also smaller companies. Similarly, fraud and money laundering are not issues that are limited to certain industries; any company can be affected at any time.

Acting quickly limits financial losses, protects reputation and reduces personal liability risks for the management and the board of directors. An internal investigation creates transparency and forms the basis for the right next steps.

What are typical triggers for internal investigations?

Example 1: Breach of regulatory obligations by a financial intermediary

Suspicious transactions are identified at a financial intermediary, including high-value pass-through transactions and payments with unclear economic justification. Internal email reviews and log data show that the compliance department systematically failed to review warning notices in a timely manner and that a report to MROS was delayed. Based on the situation described, the board of directors orders an internal investigation to clarify the events in full, determine responsibilities and create transparency vis-à-vis the auditing company and the supervisory authority.

Example 2: Fraud by employees

An employee is suspected of having stolen company funds using fictitious supplier invoices. To do this, he forged invoices from real suppliers for services not received and diverted the payments to his own account. To conceal his actions, he manipulated accounting records and submitted forged receipts. The fraud only comes to light when discrepancies in recurring payments are discovered during an audit. This situation also triggers an internal investigation. 

Example 3: Cyber-attack via phishing email

An employee clicks on a manipulated link in an email. The perpetrators then gain access to the IT system, tap into ongoing email communications with business partners and change payment instructions. The deceptively genuine-looking messages result in unauthorised transfers being triggered, causing the company considerable financial damage. 

Triggers for internal investigations

Whistleblowing is the most common trigger for ordering an internal investigation and thus uncovering cases of fraud. More than half of such reports come from employees, but customers and external business partners also make an important contribution to whistleblowing. 

Other triggers include findings from internal or external audits, anomalies in accounting or IT systems, and enquiries or proceedings by authorities.

Focus of internal investigations

An internal investigation focuses on the objective and structured examination of the incident or circumstances. Other objectives may include the following:

• Securing relevant data (including for any criminal or civil proceedings)
• Supporting immediate measures;
• Analysing documents, emails and other communication systems;
• Conducting interviews;
• Advising on measures under labour law;
• Cooperation with authorities (such as law enforcement agencies or others);
• Identifying weaknesses in directives and processes and making recommendations.

A structured review of the incident creates a sound basis for the next steps. Among other things, it facilitates decisions on internal and external communication, the filing of any criminal charges, the assessment of risks for the company and responses to official enquiries. 

Consulting specialists

Planning and conducting internal investigations is a challenge for many organisations, and particularly in crisis situations, there is often a lack of time and capacity to conduct a comprehensive and professional internal investigation.

Bringing in external specialists therefore offers decisive advantages:

• Objectivity and independence: no internal dependencies, neutral analysis and interview conduct;
• Specialised expertise: in-depth experience in forensics, criminal law, labour law and data protection;
• Greater credibility: external investigations are often considered more neutral and professional by authorities, courts and business partners;
• Relief for internal resources: your employees can concentrate on their core tasks;
• Practical recommendations: concrete approaches for optimising guidelines and processes are introduced based on professional experience as an auditor, compliance officer or consultant.

This ensures that incidents are dealt with objectively, efficiently and in a legally compliant manner, while at the same time providing you with valuable insights for the further development of your organisation.

Conclusion

Internal investigations are an effective tool for clarifying suspicious cases and averting damage. Acting quickly and professionally in an emergency protects the company, employees and decision-makers alike. 

Internal investigations also help to protect your reputation, reduce liability risks for management and the board of directors, enable quick decisions and secure the trust of authorities, business partners and employees.

Do you require support with an internal investigation in your company? We would be happy to arrange a confidential meeting or provide an initial assessment. Further information can be found under Our Services on our website.