By Toby Duthie, Partner at Forensic Risk Alliance &
Lukas Bartusevicius, Business Development Analyst at Forensic Risk Alliance

It seems today that nearly every business sector generates headline-grabbing fraud, bribery and corruption-related stories - one only needs to look at the allegations surrounding FIFA, or any one of the recent banking industry scandals. Steadily increasing regulatory fines, double or even triple jeopardy, together with follow-on civil litigation is a common challenge for corporates under investigation. In anticipation of more of the same, we set out below some practical advice as to how to conduct an investigation.

Data Collection

First and foremost, assuming a red flag has been raised linking the company to an episode of bribery, fraud or corruption, is to identify and lock down the data. Standard requests include:

• Electronic communications – email, internal and other P2P chats, as well as SMS messages and chats that take place via social media (e.g. Facebook Messenger), etc.;
• Voice communications – any remaining voice recordings are likely to be of limited use given that these are normally only retained for 6 months;
• Electronic Files – term-sheets, presentations, other documents shared with clients, internally etc. Should expect most, but not all, to appear as email attachments;
• Electronic diaries and T&E reports – who went where, met with whom, when.

Even at this early stage, it is useful to assemble a cross-functional team from IT, legal, and operations groups to help identify and access the data sources, as well as to determine the scope of the collection exercise. Data privacy and proportionality are key considerations, especially if a multi-jurisdictional approach is required.

Data Analysis

The most effective way to drive the subsequent analysis is to assess the reliability and the nature of the allegations, along with where the most empirically sound data can be found; in short - follow the money rather than the words. We strongly assert that this is needed to recreate the risk profile and ‘Profit & Loss’ evolution through time. Furthermore, this will ground the investigation around the money flows and incentives-driving behaviors. It will also allow the investigator to map out who was involved where and in what capacity. To do this, it is necessary to collect and analyze the following:

• Trading records – including order timings, executions, audit trail, including cancellations / corrections, and documentation;
• Position records – cross-reference with trading records for consistency;
• Accounting reports – formal P&L, books & records valuations, adjustments, reserves and corrections;
• Settlement reports – cash and security movements, including fails;
• Risk reports – formal risk reports, adjustments, corrections, reset and fixing risks and expiries;
• Client valuation reports – including details of adjustments and bid/ask spreads;
• Market data – soft and hard (e.g. a volatility surface is soft, implied rather than directly observed; while stock prices are hard, directly observed. Both can be model inputs);
• Other quote data – quotes submitted to or received from brokers, clients, other market makers and other internal trading desks;
• Other model inputs – unobservable inputs, model assumptions, over-hedge details and other approximations;
• Models – access to a usable replicated pricing environment.

The above can then determine the need for email or other document review as well as target the review as needed.

The technical aspects of the trading environment, especially the usage of acronyms and jargon, means that very often expert advice needs to be brought in to understand what is going on in lay and legal terms.


The aim is to learn from the past and others. Incidents are rarely entirely anomalous and typically are a result of a wider culture and/or controls weaknesses, which are very often disguised a lack of transparency. For example - the core issue at the center of recent dark pool allegations relates to the misleading of some clients, and bias in favor of others. Where else could this occur? In our opinion, the best way to find out whether this is happening elsewhere, or to evidence the fact that it is not, is via a risk-based sampling of marketing material – that is, to look for misleading client representations and to confirm whether different clients receive consistent information, a consistent message and a consistent level of service.

Companies should, in addition, employ risk-based sampling to examine other external and internal representations. As accountants will be well aware, many of these involve valuations, both of clients’ positions and of a bank’s own balance-sheet items. On the client valuation side, areas of review should include disclosures relating to client valuation methodologies, fees and commissions. On the own balance sheet side, review should include checks on appropriateness and on consistent implementation of policies for fee recognition, provisions, reserves and adjustments. Any deviation from that policy should be considered a red flag and should warrant a detailed investigation, supporting documentation of rationale, and audit trail of changes.