Investigations regularly stretch across borders and therefore involved multiple regulators from multiple jurisdictions - who often have different rules, approaches and priorities.  Therefore, to deal effectively with them, companies need to appreciate the differences and incorporate them into how they execute an investigation.

I enjoyed reading this article by the team at Skadden, Arps, Slate, Meagher & Flom LLP which looks at the recent guidance issued by the French and UK regulators and compares it to the U.S. approach.  

There are a lot of similarities between the approaches but also some key differences as set out in the article.  One thing that does not change is the need to find evidence and intelligence to support the overall investigation.  This is more often than not stored digitally, therefore, it is essential that at the start of any investigation that all relevant data is preserved so that it can be utilised in the investigation, if needed.

Generally, people think of emails and the smoking gun document, but most cases are not as easy as that...unfortunately (although we have all had the ones that are).  When dealing with these types of investigations, two other specific tasks stand out above and beyond a document/email review:

  1. The investigation needs to look at forensic evidence and artifacts on relevant systems as well as documents and emails - for example: deleted materials, use of other messaging mediums and use of Cloud-based systems; and
  2. The investigation needs to incorporate structured data into the approach.  This can be highly valuable when looking for suspicious transactions, activities or patterns irrespective of the commentary within related emails and documents.

Finally, the technical side of an investigation cannot be run in isolation from the rest of the case - it needs to be fully embedded into the wider investigation process so that leads, findings and suspicions can be mutually shared and utilised to help get to the truth as efficiently and effectively as possible.