Due to a variety of scenarios, legal counsel and forensic professionals have performed full or partially remote investigations for many years. Advances in technology, such as cloud computing and video conferencing, have made conducting remote investigations easier but also bring unique risks that should be considered in advance of the remote investigation. Join Erik Lioy, a partner in DHG's Forensic group as he walks through considerations for conducting a remote investigation.
[00:00:09] JL: Welcome to today’s edition of DHG’s GrowthCast. I’m your host, John Locke, and at DHG, our strength lies in our technical knowledge, our industry intelligence and our future focus. We understand business needs and are laser-focused on company goals. In this ever-changing world, DHG’s GrowthCast provides insights and thought-provoking conversations on topics and trends that address growth opportunities and challenges in the current and future marketplace.
Thanks for joining us as we discuss tomorrow’s needs today.
[00:00:42] ANNOUNCER: Views and concepts expressed by today’s panelists are their own and not those of Dixon Hughes Goodman LLP. Always consult the advice of your legal and financial professional before taking any action.
[00:00:58] JL: Our guest today is Erik Lioy, and our topic is conducting forensic investigations remotely. Erik is a partner and member of DHG’s forensics practice. He has more than 25 years of experience serving clients across industry sectors. Prior to joining DHG, Erik spent more than 15 years with an international accounting firm where he served in a number of leadership roles, most recently as the national managing partner and global co-leader for forensic advisory services.
[00:01:29] EL: Good afternoon. Great to be here.
[00:01:31] JL: Due to safety concerns, jurisdictional challenges and cost considerations, and/or other matters, legal counsel and forensic professionals have performed full or partially remote investigations for many years. Advances in technology such as cloud computing, video conferencing have made conducting remote investigations easier, and therefore a common place especially since the COVID-19 pandemic in 2020. However, remote investigations have unique risks that need to be considered. So Erik, what can we do to mitigate such risk when conducting those investigations remotely?
[00:02:09] EL: The key to successful investigation remotely is all about the planning. At DHG, we use a five-step approach to all of our investigations. And in the planning stage right at the beginning, we work real closely with our clients and legal counsel to understand the impact that working remotely will have on each step of the investigation. Conducting investigations remotely is not new. We’ve done this for a long time, especially in international investigations where due to cost considerations or safety on the ground, we didn’t want to send teams in. So, we have a playbook. We know how to do this.
[00:02:45] JL: Well, it sounds like you’ve had this playbook for a while. Can you tell us more about the five-step approach?
[00:02:51] EL: Sure. In real broad terms, the five-steps to any investigation is, first, planning. Second, collection of the evidence. Third is fact finding. Then you go to reporting, where you’re reporting out your findings. And then final step is remediation. I can touch on each of those briefly in a moment and focus on how each of those steps just impact it by doing things remotely.
So, the first step is scoping and planning. As I mentioned before, the key to success to the investigation, whether you’re doing it remotely or not, is proper planning at the beginning. I can’t overstate that. In any investigation, support and to understand the objective. Why are you doing the investigation? What are you trying to achieve? Understanding the stakeholders, and identifying the full investigative team that are going to be involved.
For remote investigations now, you have to think about how you need to adapt, improvise and overcome from the challenges of doing it remotely. Key questions to ask during this planning stage include how we’re going to conduct interviews? Where is the evidence and how will it be collected? Will we need to cooperate with regulators or law enforcement? If so, how are we going to do it?
I’ll touch on each of these more as I walk through the other steps of the investigations. And I’m going to start there. The second step is collecting and preserving evidence. So you’ve gone through, you’ve planned it. You know what you’re doing. Why you’re doing it. You’ve got your team put together. Now you’ve got to go collect the evidence.
Let’s start with electronically stored information, which is a fancy word we use in the profession, but it’s really about collecting electronic data, emails, voicemails, data off of servers, information off of cellphones. Typically, we’d send in a team of technologists to pick it up. But now, remotely, you might not want to do that. So, you’ve got to think about ahead of time. How can you get that information? What information is available remotely?
So, emails might be on a laptop, but you might also be able to get them off of the server. Similar with other types of data. That’s one area where you’ll start. Other kinds of information you’ll need to collect include paper documents. They could be in offices anywhere. Those offices might be closed. You might not be able to send somebody in. Or if you are going to send somebody in just to pick them up, you got to think about the safety concerns. What are the local laws and regulations visiting that office location? All those things need to be considered right from the beginning so that you’re going to know what you do when you get to that stage.
So now you’ve collected all your information. You’ve got your data. You’re ready to start doing the fact finding. Investigators find themselves well-prepared for this part of it. We have laptops. We’ve all worked from homes for a while. Phone and video conferencing can work well when you’re dealing within the team.
When you start to get the interviewing of potential witnesses and maybe even potential suspects or targets of the investigation is when it gets really tricky. So, now, if you’re going to do those key interviews remotely via Zoom, or Teams, or some other technology, you need to think about a number of things. Who will be present during the interview? Will they have their lawyer with them? Will you know who is with them?
You need to really consider what legal considerations you have to focus on, because they might not be sitting in the state where they normally work. So, depending on what state they’re in, what state you’re in, what state anybody involved is sitting in on that interview, that will effect what legal rules around whether you can record the interview, whether they’re required to have counsel, etc. So, just figuring that out can be very complicated, because so many people – For example, a lot of people from New York have gone out of state in the last several months and working from home.
Finally, lots of things to consider. But the last one I think really pops every single time in these is if you’re in a position where, let’s say, it’s an FCC investigation or something with some other regulatory body, and you’re going to be letting them participate in interviews. Or if they’re conducting investigation, you’re supporting it. How do you want to deal with that? Do you want to make your witnesses available online? Quite often, you don’t have a choice. Will you have your lawyer with them? So those are just some of the factors in all of that that need to be considered.
So you get through that. You’ve collected your evidence, you’ve done your analysis. You’ve gotten through your interviews. You now know what you’re doing. It gets to the reporting stage where you’re going to tell people what you found. Reporting is key. I mean, this is the final step, main step of the investigation. We’ll talk about remediation on the backend.
And there are a lot of trips and traps here for the unwary. Even in normal times, you always want to maintain really good control of your report. You don’t want it getting emailed out or being announced publicly, etc., being misquoted. In the remote world, it’s all that more susceptible. Where normally, you might give a presentation where you meet in a room and put it up on a screen and walk through it and not hand out paper copies, and you keep complete control. You might not be able to do that in a remote environment.
So you need to think about what it is you’re showing. What you can do to protect it. So you don’t want people recording – If you’re doing a reporting in Zoom, you don’t want them recording it. How do you keep them from doing it? Well, you start by telling them not to do it. You might have to think about doing a non-disclosure agreement or something else in writing that they agree not to record it.
Similar to the interviews, you also don’t know who might be overhearing it. So they might be at home and they have somebody with them, or they’re in their offices and have other people with them. All of that needs to be considered in the reporting stage. And I’ll echo what I started off with, it’s all about proper planning. You need to be thinking about all of these issues on day one so that you know what you’re doing when you get there and you don’t – You have time to think about it. Properly plan. You’ve come up with contingency and so forth.
The final stage of our methodologies around remediation – So you’ve gotten through the investigation. Now maybe you want to look deeper at root cause or you want to remediate broken controls that led to a fraud, or problems in the culture of the organization that led to the activity. And this can be very difficult in a remote environment. You might want to postpone it for a while. This typically is not as time-sensitive. Or you’re going to have to do it remotely like you do lots of things remotely. So, you need to think about what that remediation stage might include. And how you’re going to get the team together to handle it.
[00:09:57] JL: Wow! There is a lot there, and more that we can unpack on this podcast. So, can you just give me some of the top things listeners need to consider before embarking on a remote investigation?
[00:10:08] EL: Absolutely. So let’s start with the old saying, a strong defense is the best offense. So, maintaining an effective compliance program when you’re working remotely can help minimize the need for an investigation in the first place. And that’s really what you want. You need to think about how working remotely have affected your compliance plan. How controls have changed in this environment?
But assuming that you get into a situation, which is inevitable in some circumstances that you need an investigation. There’re a handful of key things to start thinking about right from the start. One is avoiding an inadvertent waiver of privilege and other legal considerations around video conferencing and sharing documents electronically. And what protocols and controls you can do to set up in advance of that?
Second is data security and privacy requirements. Cloud technologies are great for sharing. We’ve all gotten very used to video conferencing, but as well as platforms where we can share documents. But do you really understand how you’re managing your privacy? Lots of times you find people quickly putting documents on generic platforms like Google Docs, or Dropbox. That may not be the right thing for a sensitive matter. At DHG, we have our own proprietary application that we use for sharing large documents. So we will use that where we know we have complete control over the privacy and the security of it.
Next is managing communication. That’s always important in investigations in general best practices to do things in normal world face-to-face, at least over the phone and staying away from things like emails that could be misinterpreted, same with text messages. That becomes harder to manage in a remote environment. Thinking through that, coming up with protocols for communications that will balance the effectiveness and efficiency with maintaining your privilege and your confidentiality.
Finally is managing client expectations. You’re out of site as an investigative team largely now. So, making sure you have the right number, right frequency of periodic updates with your clients and legal team as you move forward, since they’re not seeing you on site every day. That’s key.
[00:12:41] JL: Well, Erik, you’ve given us a lot to think about. And I think bottom line here is this is a new game. And what you may have done in the past relative to your processes around investigations really need to be thought through and planned at a whole different level. It’s just a different environment and it makes all of us just need to plan a lot more than we have in the past.
[00:13:07] EL: It absolutely does, but it’s exciting, because we’re learning things in this process that we’re going to be able to use even after COVID-19 is gone. I think all investigations will have remote components going forward and now you make it more efficient, more cost-effective for our clients. So, it’s an exciting time. We’re learning as we go just like everybody else. But we said at the beginning, we have a playbook. We’ve done it before. We’re always getting learning and getting better at things, and I think it’s going to be here for a while.
[00:13:40] JL: That’s great. Well, it’s always nice to know that there’s going to be some side benefits and long-term benefits to these adjustments that we’re making.
[00:13:48] EL: Absolutely.
[00:13:50] JL: Listen, Erik. This has been fantastic today. Thank you so much for your time and sharing your expertise and some of the changes that we need to be thinking about.
End of Interview
[00:13:58] JL: Our guest has been Erik Lioy, a partner in DHG’s forensics practice. We hope you now have a better understanding of how to manage risk during remote investigations. I’m your host, John Locke, and I look forward to reconnecting with you again soon on another episode of DHG GrowthCast.