“Investigation” can be a scary word. No one wants to think there’s something unpleasant going on behind the scenes in their own organization, but that’s the possibility you’re confronted with when an internal investigation rears its head.
For compliance investigations, the stakes can be especially high. If an employee or your organization at large may have violated a legal requirement that could expose you to penalties or civil liability, you need to investigate and respond as quickly and efficiently as possible. But sometimes, performing a compliance investigation can be harder than it sounds.
In this post, we’ll discuss the basic components of compliance investigations, review some common challenges that can arise, and explain how your compliance or legal team can more efficiently perform such investigations.
- What is a compliance investigation?
- The key steps in conducting a compliance investigation
- The common challenges of conducting compliance investigations
The basics of compliance investigations
Before we dig into the top 10 ways to efficiently perform a compliance investigation, let’s go over what a compliance investigation is and the key steps to take when conducting this type of investigation.
What is a compliance investigation?
A compliance investigation occurs when an organization suspects that someone has violated an applicable law or regulation. It might involve potential fraud, waste, or abuse, or it might relate to regulations such as environmental quality or workplace standards. A compliance investigation usually involves gathering information and conducting interviews to draw conclusions about the alleged misconduct and identify any corrective measures that the organization needs to take.
Events that trigger the need for a compliance investigation come in all shapes and sizes. Triggering events could include employee whistleblower reports, third-party complaints, or subpoenas from a government agency.
The key steps in conducting a compliance investigation
There are five main steps that one must take in performing a compliance investigation.
Your organization should have written compliance procedures regarding reports, investigations, corrective measures, and documentation. These procedures should also identify who your investigation team is, who will lead that team, and what training your investigation team will receive.
- Review compliance report
If and when you receive a report regarding noncompliance, you must review it to determine the details of the triggering event. You should ask yourself:
- where the report came from,
- who the report may implicate,
- what the nature of the potentially noncompliant conduct is,
- when the events described occurred, and
- what other information in the report may be relevant.
During the investigation itself, you should develop a plan, arrange for the preservation of evidence, be mindful of confidentiality, and document the entire process. The investigation plan should include lists of known facts with a timeline of events, questions that remain to be answered, relevant documents, and potential custodians and witnesses. After you have solidified your investigation plan, you’ll gather relevant documents and interview witnesses, starting with the initial complainant or complainants.
- Analyze evidence and make findings
After you have collected the relevant evidence, you need to make a determination, you must analyze it and make your findings. Summarize your findings in writing and be sure to address:
- whether the initial concern was verified.
- whether any other compliance issues arose during the course of your investigation; and
- what, if any, remedial measures the organization needs to take.
- Wrap things up
After you have reached your conclusion and summarized your findings, you must report those findings and your recommendations to the appropriate person or entity and close out the investigation. Finally, your organization should take any necessary corrective measures to prevent a recurrence of any noncompliant behavior you found.
The common challenges of conducting compliance investigations
Unfortunately, compliance investigations can pose a variety of challenges.
For one thing, compliance investigations vary widely because they are so fact specific. This means that you cannot always prepare a precise course of action ahead of time and you may need to reevaluate your plan as the investigation proceeds.
Then there is the problem of evidence gathering. Many organizations have a large amount of data, including electronically stored information (ESI). This ESI can be particularly difficult, costly, and time-intensive to identify and locate when it is stored across multiple data sources. To compound this issue, you may discover new custodians, data sources, or search terms as you conduct the investigation. These discoveries could necessitate starting your search process all over again if you don’t have the right tools to adjust your scope as you go.
Finally, much of the data you unearth will likely be confidential or sensitive in nature. This means you will need a way to safely share this data with the appropriate persons so they can review and analyze it.
Despite these challenges, there are many ways you can improve your compliance investigations.
10 tips for conducting successful compliance investigations
Here are our top 10 tips for efficiently performing compliance investigations.
- Invest in training
Before a complaint ever arises, you want to have an investigation team at the ready. Invest in training ahead of time and compile a list of subject-matter experts your investigators can consult with in response to a triggering event.
- Preserve confidentiality
Investigations often concern confidential information. Be mindful of the need to protect both the accuser and the accused until you’ve made a finding. Also, remain vigilant when it comes to preserving confidentiality.
- Share information only as necessary
Even beyond confidentiality, your investigation team should operate on a strictly need-to-know basis. This means that you should only share information about an investigation when absolutely necessary, and only with people who need to have that information.
- Document the process
An investigation may be followed by regulatory action or even litigation. Be prepared for any eventuality by documenting every step of the investigation process, from your initial preparations to your ultimate recommendations regarding corrective action. This includes documenting what you did, why you did it, and what outcome resulted.
- Protect your impartiality
When conducting a compliance investigation, it’s not enough for you to know that you are impartial; you also need to preserve every appearance of impartiality. This protects the integrity of the investigation, keeps employee morale up, and inspires confidence in anyone who may be involved in the investigation, including government officials.
- Preserve original documents
When gathering information, be sure to work on copies of documents instead of original documents to preserve the data and metadata of the originals without inadvertent alterations.
- Document the chain of custody
When dealing with digital or hard copy evidence, you should create a chain of custody log and document the location of every piece of evidence along with any handling or relocation it may undergo. The chain of custody log should show where evidence has traveled since it was identified and who has accessed it. These details can become important in the event of further investigations and litigation.
- Reevaluate throughout the process
There is no one-size-fits-all approach to compliance investigations. This means that you should reevaluate your investigation plan and be willing to pivot and expand your approach at every stage of the investigation as new facts and circumstances come to light.
- Prevent retaliation
If a compliance investigation began with a complaint from an employee, you must take steps to prevent any retaliation or punishment of that whistleblower. Failing to protect an employee from retaliation, or retaliating against them directly, not only prevents an effective investigation but can expose your organization to legal liability. For these reasons, it is imperative that your organization affirmatively monitors for potential backlash and takes swift action to prevent such conduct.
- Use the right technology
Technological innovations can help you perform compliance investigations more efficiently, reducing the amount of time, money, and risks involved. One of such solutions, Live Early Data Assessment (Live EDA), addresses many of the challenges that compliance investigations pose, allowing you to connect to over 20 different data sources at once and quickly identify and locate relevant information. The solution also allows you to add new custodians or data sources at any time so you can expand the scope of an investigation without having to start your search process all over again.
When you find the data that you’re looking for, you can use Live EDA to send even the most sensitive data to the right people for secure review and analysis
The right strategy and technology can improve the way you handle compliance investigations
While undertaking a compliance investigation can be intimidating, the right strategy and tools can make any investigation much easier. Investing in training and proven technology can also make your investigation process more efficient and accurate. That way, you can swiftly execute a comprehensive compliance investigation, give a triggering event the consideration it deserves, and help your organization identify appropriate corrective measures to keep it in compliance, protect its reputation, and shield it from liability.
Ready to learn more about how technology can help with compliance investigations? Reach out to us today for more information about our comprehensive eDiscovery solutions.