Skip to content

4 Steps To An Effective Compliance Investigation Process

Creating a straightforward and easily accessible misconduct reporting system is essential for maintaining compliance, but you also need to ensure you investigate the reports in a robust and thorough manner. From the planning stage and reviewing the report to leading he inquiry and following up, an effective compliance investigation process helps you stop misconduct from taking a grip on your organisation, promote a compliance culture and dissuade others from wrongdoing.

When asked about the compliance landscape for 2023, Penelope Lepeudry of consulting firm Alvarez & Marsal’s Swiss branch commented that high inflation and interest rates had laid the foundations for financial misconduct. She said, “companies will find it harder to meet profitability targets, with some tempted to cross the ethical line. High pressure combined with low ethics and weak internal controls are key ingredients for fraud, with questionable transactions made ‘for the good of the company.’”

1. The key steps in conducting a compliance investigation 

1.1 Establish the investigation team

You need to establish who will investigate compliance issues within your organisation. It can be a delicate balance to get right, but you want to appoint a team with a good range of expertise and experience. It could include leadership, employees, union officials, external bodies or other stakeholders

As well as understanding the topics at the heart of the investigation, your members should be analytical, trustworthy, objective and persistent. As they are members of a team, they should be adept at collaboration.

Many companies will utilise the same team for every investigation. However, there may be times when a stakeholder’s position on the panel could cause a onflict of interest, necessitating finding another member to take their place.

1.2 Appoint a leading investigator

One member of your team should lead the investigation. They will oversee the inquiry, keeping it focused and to schedule. The leading investigator designates the roles within the team and then collects the findings together to create a report.

Their next task is to summarise the findings and communicate them to management as well as informing them of any next steps. It is a role that requires responsibility and an analytical mind.

1.3 Train investigation personnel

The investigation team needs to understand not only the compliance landscape and specifics of the regulations that apply in your country and industry, but they also should be fully informed on the internal code of ethics and conduct for the organisation.

This means undertaking training sessions so that the team can factor these elements into their investigation and gain an accurate picture of whether the offence contravened the law or internal policies.

1.4 Document the investigative process

Be sure to record how you resolved the case. Include any sanctions administered and any appeals that either party made. This will serve as a ecord to inform any other similar cases that arise, as well as to help future employees understand the reasoning behind policy changes made in the wake of a compliance breach.

2. Review the compliance report

2.1 Who is potentially implicated? 

If there has been a report about the behaviour of a person or persons, it is essential to understand who is implicated when reviewing the report. Their identity and position have to be clearly defined. This allows you to organise the schedule and better target the investigation when it begins.  

For reports under the scope of the EU Whistleblowing Directive, you have an obligation to keep the name of anyone accused of wrongdoing confidential during the investigation process. It is also advisable to do so during inquiries that do not fall under the scope of the directive.  

2.2 What is the nature of the report? 

Understanding the nature of the report helps you prepare thoroughly for the investigation. It guides you towards the correct legislation or section of the code of conduct so you can refresh your memory on the relevant requirements for employees that relate to the nature of the wrongdoing.  

For example, if the report claims an employee of an investment firm has made personal trades that create a conflict of interest, you may need to reference the Markets in Financials Instruments Directive (MiFID II) during your research.  

Knowing the nature of the report also gives you the opportunity to strengthen your team with experts in that area who will help you achieve better results.

2.3 What is the timeline of the offence?

The timeline of the offence has a bearing on the investigation in a number of ways.  

Firstly, the regulations might have been different at the time, so you would have to take that into account.  

Secondly, it can affect whom you approach to help you with your enquiries. You might need to contact former employees who worked in the same department at the time and who might have witnessed something that could help the investigation.  

In addition, an accurate timeline of events helps you gather relevant data and evidence that corresponds to the period in which the misconduct took place.  

3. Conduct the investigation

3.1 Create a list of facts and questions

By noting down all the facts of the report and plotting them against the timeline, you can start to build a picture of what happened and when. This helps you to understand which questions you need to ask of the accused in order to gain their explanation for what has happened.  

In addition, it leads you to the questions for witnesses and the reporting person that can clear up any discrepancies or missing information.  

Write down everything you know about the case, and then think about what information you need to make the picture complete. This will provide you with your interview questions and help you know whom to contact as a witness.  

3.2 Obtain relevant documents

At this point, you will have an idea about where the investigation is going. In addition to talking to parties who may hold valuable information, you can also seek out documentation that could shed light on the matter.  

Search through records to find evidence that will either back or refute the claims that the reporting person is making. These will help you to gain a better picture of what happened and whether it constitutes non-compliant behaviour.  

3.3 Conduct background research

Although not conclusive evidence, you can learn a lot about the employees implicated in the issue by reviewing their personnel files. If the accused has been found to have committed similar acts in the past, the write-ups from the time can help you approach their interviews in a way that helps you get to the truth. 

3.4 Interview knowledgeable persons

You should interview both the reporting person and the accused in the investigation, but it is a good idea to look for other people to talk to as well. This could be colleagues who might have witnessed something, even if they did not realise it was significant. 

It is also often helpful to consult experts as well, especially in specialist cases. Bringing in someone who understands the complexities of the alleged crime can provide insight into best practices for conducting your investigation.

3.5 Document the investigative process 

You must make sure every step of your investigation is documented and saved in both physical and digital forms. When it comes to issuing a verdict on the report, you may well get pushback from the disappointed party, and you have to be able to show the clear route that led to the decision.  

In the event one of the parties starts litigation, you have to be able to defend yourself in a robust manner. In addition, it could be that you have to show regulators how you have contained and stopped compliance violations, as well as putting in measures to stop them from happening again.  

4. Post-investigation 

4.1 Review and analyse 

At the end of the investigation, there is a lot of content to review and analyse. At this stage, you will be better able to join the dots between the disparate pieces of evidence and get to the heart of the matter.  

If the investigation has run as it should, your review and analysis of the material collected should lead you to a conclusion in which you can be confident.  

4.2 Summarise findings 

With this knowledge, write up your findings and the evidence in a clear, authoritative document that helps readers understand your decision, the reasons behind it and what should happen next. It is also important to include information as to how you will work to strengthen your compliance strategy and the way that you communicate it to employees

4.3 Report findings

You should inform the accused, the reporting person, the department affected by the incident and the executive responsible for overseeing the case of your findings and recommendations.  

In the case of reports within the remit of the national law implementing the EU Whistleblowing Directive, you must feed back to the reporting person within three months of them making their report.  

IntegrityLog is an online reporting platform with an easy-to-use dashboard that keeps compliance teams aware of the status of their cases and upcoming deadlines to help them meet the requirements of the law. It also allows you to store details of all communications between the compliance department and relevant parties during the investigation process, forming an essential part of your audit trail. 

4.4 Document resolution

Be sure to record how you resolved the case. Include any sanctions administered and any appeals that either party made. This will serve as a record to inform any other similar cases that arise, as well as to help future employees understand the reasoning behind policy changes made in the wake of a compliance breach.  

5. Tips for conducting successful compliance investigations 

Tip Explanation
Remain fair and impartial Everyone is entitled to a fair hearing, and that means being open-minded when dealing with compliance reports.
Preserve confidentiality Whistleblowers must be allowed to maintain confidentiality as they may fear retaliation. The accused should not have their identity revealed, as public knowledge of their investigation could ruin their reputation, and they might not be guilty
Adhere to ‘need to know’ standard Keeping the information within a tight group of investigators helps to maintain the integrity of the investigation and prevent rumours from circulating and interference from occurring.
Preserve original documents You need to be able to back up your decision-making with a solid audit trail that shows the evidence you used to reach your verdict.
Maintain chain of custody Document the route that the evidence takes through the investigation, including who has access to it and how it is used. This helps in the event of future litigation.


6. FAQ

6.1 What is a compliance investigation process?

A compliance investigation process is a systematic and structured approach to investigate alleged or suspected non-compliance with laws, regulations, policies or ethical standards within an organisation. 

6.2 What is the purpose of a compliance investigation process? 

The primary purpose of a compliance investigation process is to identify and address potential misconduct or wrongdoing. By conducting an investigation, an organisation can uncover the root cause of the issue and take steps to remedy it. This also helps prevent similar issues from occurring in the future and demonstrate to regulators, stakeholders, and customers that the organisation takes compliance seriously. 

6.3 What triggers an internal investigation? 

An internal investigation may be triggered by a variety of factors, such as a whistleblower complaint, an audit finding, a customer complaint or a legal or regulatory inquiry. Any time there is reasonable suspicion or evidence of non-compliance, an organisation should consider conducting an investigation to determine the scope and nature of the issue. 

6.4 What is most important in an investigation?

Several factors are essential to conducting an effective compliance investigation, but perhaps the most critical is impartiality. The investigators must be unbiased and objective in their approach, without any preconceptions or biases that could influence their findings. Other important factors include thoroughness, accuracy, transparency, and adherence to established policies and procedures. 

6.5 When should you conduct an internal investigation?

An internal investigation should be conducted whenever there is reasonable suspicion or evidence of non-compliance with laws, regulations, policies, or ethical standards. Additionally, an organisation may choose to conduct an investigation as a proactive measure to identify potential compliance risks or to verify compliance with internal policies and procedures. 

7. Conclusion

An effective compliance investigation process starts at the point where there is a report or suspicion of non-compliance inside the company. It involves putting together the right team, approaching the situation objectively, being thorough with evidence and documenting the process meticulously. Then you can report your findings and work on the next steps for the organisation. 

IntegrityLog makes it simple for people to report wrongdoing, letting them issue their report remotely. It maintains confidentiality, with a secure system that is only accessible by authorised personnel and keeps you on track with deadlines, too. Request a demo today to find out how IntegrityLog can streamline your investigation procedure.

4. References and further readings

Share this post

Article Summary

Subscribe to our newsletter

Stay up to date with the latest news and products


Sign up for our newsletter

Stay up to date with the latest news and products

You have successfully subscribed!

This is your official confirmation. Thank you for joining ComplyLog Newsletter. While you wait for the next issue of ComplyLog, check out the latest articles and references.

Related articles

Post Picture

How To Create A Solid Employee Personal Trading Policy

An employee trading policy, also referred to as a Code of Ethics or Code of Conduct, is designed to prevent financial workers from using confidential...
Read More
Post Picture

How to Write a Company Code of Conduct in 6 Simple Steps

Legislators continually attempt to eradicate misconduct in the workplace. For example, the European Union implemented a range of laws in recent...
Read More
Post Picture

4 Reasons You Need A Market Abuse Policy (And How To Create One)

Organisations around the European Union are increasingly aware of the need to strengthen their internal policies to ensure compliance with a range of...
Read More
Post Picture

How to Prevent Financial Misconduct at Your Organisation

The Financial Markets Standards Boards recently undertook an analysis of financial misconduct within the global markets. It found that the types of...
Read More
All articles