Forensic Accounting Skills – Global Investigations Review
04 January 2023
The purpose of this chapter is to explain key concepts and leading practices in investigations from an accounting (and books and records) perspective. The term ‘forensic’, as defined in Webster’s Dictionary, means ‘belonging to, used in or suitable to courts of judicature or to public discussion and debate’. Accordingly, forensic accounting involves the application of specialised knowledge and investigative skills and tools to matters in anticipation of possible litigation or dispute resolution, including in civil, regulatory, administrative and criminal enforcement matters. Forensic accounting skills can be applied to a wide variety of investigations into alleged corporate and individual wrongdoing, including:
In this chapter we may refer to fraud in general terms as well as non-compliance. Non-compliance often lacks the intent of fraud and may manifest itself in the violation of an agreement, policy or otherwise acceptable behaviour. Investigations may focus on allegations of fraud or non-compliance.
The range of specialisations in the field of forensic accounting is diverse, but at the core is a focus on accounting systems, processes, transactions, records, data policies, internal controls and reports. A logical order in which forensic accountants will proceed in a typical investigation is as follows:
Many of the most important steps involved in this process are explained in this chapter.
The US Department of Justice (DOJ) has set forth additional guidance[2] on how it evaluates corporate compliance programmes for assessment and sentencing purposes. Forensic accountants are well suited to help to develop effective compliance programmes or to evaluate and strengthen the efficacy of existing programmes. The DOJ guidance represents an authoritative road map for the building or enhancement of a programme, and adds detail and emphasis to the April 2019 guidance.[3] It remains centred on three primary questions: (1) Is the programme well designed? (2) Is the programme adequately resourced and empowered to function effectively? (3) Does the programme work in practice?
The context of the DOJ’s guidance is to assist prosecutors in evaluating a corporation’s compliance programme in determining the form of any resolution or prosecution, monetary penalties and further compliance obligations such as a monitorship. Corporations, however, may use the guidance as a resource for building or enhancing their compliance programme. The DOJ guidance challenges the compliance professional with several hundred questions related to their existing programme. Although forensic accounting professionals collaborate with attorneys, auditors and several departments at the company to assist in-house compliance professionals with practically all aspects of their compliance programme, the DOJ’s revised guidance addresses the following key factors most applicable to forensic accounting:
The DOJ’s additional guidance on how it evaluates corporate compliance programmes demonstrates that there are numerous opportunities for forensic accountants working with legal and compliance teams to add significant value in building and enhancing the corporate compliance function.
Turning to the specific steps where a forensic accountant can assist, an important consideration at the outset of an investigation is to identify the necessary steps to mitigate loss of funds or other assets and to preserve data and relevant records. This may entail closing of bank accounts, freezing of email and other communications, deactivating user passwords and other steps to deny targets of the investigation access. Where the nature of the investigation requires it, financial and accounting information will need to be preserved and stabilised. Physical documents in this category may include a wide variety of records, such as purchase orders, invoices, customer orders, delivery records, etc. Every step of the transaction cycles involved in the scheme under investigation should be considered at this stage to identify all potentially relevant documents and electronic records (including audio).
Owing to the proliferation of electronic data, an increasingly important early step in many investigations is to determine what relevant information exists, in what form (paper or electronic), where it is located (e.g., an on-site data centre, off-site at vendors, in the cloud), what security measures are in place over the data, and what the organisation’s standard record retention and destruction policies and practices are. The process of identifying, taking inventory of and preserving relevant data that may be of use in an investigation is often referred to as e-discovery.
In addition, as soon as it becomes apparent that an investigation in anticipation of litigation is necessary, a litigation or preservation hold notice should be issued. These notices require the suspension of any destruction or deletion of paper or electronic records that could be relevant to the investigation. Proper communication of a litigation or preservation hold to all pertinent individuals and departments, which may include third parties who, for example, are responsible for archiving the organisation’s data off-site, is important to avoid accidental destruction of critical records.
An important part of an investigation is establishing whether the wrongdoing or non-compliance was intentional. Demonstrating that an employee or third party was aware of and violated the code of conduct or a documented, well-established policy or internal control is often a relevant factor. For example, determining how an internal control was circumvented or otherwise violated is also an important part of understanding how fraud or corruption was perpetrated. Establishing that a subject intentionally violated internal controls can be important in connection with criminal prosecution or the regulatory enforcement process. Understanding precisely how internal controls were violated is critical to developing a remediation plan to enhance controls and to prevent future occurrences. In addition, understanding how internal controls were bypassed or overridden will often provide critical insight into who may have been involved in the scheme, who knew or should have known about the scheme and when the scheme took place.
The first step in determining whether policies or procedures were violated is to gain a thorough understanding of the accounting behind the controls as well as the identities of employees responsible for accounting, internal controls and the business activities and processes being investigated. Upon gaining this basic knowledge, we identify the established policies and procedures (the current state). This normally entails reviewing documented policies and procedures, and conducting walkthroughs and fact-gathering interviews with employees to help clarify any ambiguities in the documentation or process. Some considerations include:
It may also be important to review any training programmes that the subject of the investigation received or certifications they approved. Doing so can establish more firmly that the subject had an understanding of the proper method of handling the transactions and policies.
Most accounting cycles, such as procurement, disbursement of funds and payroll, include many steps. Some of these are evidenced manually, such as with written approvals by signature and supporting documents such as invoices and delivery confirmations. Other steps require analysis of electronic records. Examples of critical pieces of electronic evidence related to internal controls include the following:
Physical documents are often important pieces of evidence in an investigation. But electronic evidence associated with a transaction cycle tends to be equally or more important. Proper analysis of this evidence enables an investigator to draw conclusions and gain insight that would be impossible in an entirely paper-based system. For example, a paper copy of a vendor invoice can be analysed to establish whether a subject signed or initialled it, and perhaps whether any alterations were made to the document. But if the organisation’s vendor invoice approval and payment system is electronic, the investigator can also determine with precision the date and time of the approval of the invoice and perhaps even where the subject performed these steps (from home, from a workstation in the office, etc.).
Forensic data science refers to using a scientific method for the identification, collection, analysis and reporting of electronically stored information. This includes both structured data, such as financial records in a database, and unstructured data, such as files on a file server. The most commonly analysed data in forensic accounting investigations is financial, but several non-financial categories of data are also very useful to investigators. Each is explored below.
Data analysis generally has three applications in the investigative process:
Each of these will be explained further. But first, a few important points about data analytics are essential.
Data analytics rarely prove that fraud or non-compliance occurred. Rather, data analysis identifies transactions or activities that have the characteristics of fraud or non-compliance, so that they can be examined further. These are often referred to as anomalies in the data.
If an investigation ultimately leads to employee terminations or legal proceedings to recover losses, it is critical to have properly analysed the anomalies that data mining has identified. Could the anomaly in the data, or an anomaly in a document, while often identified as a characteristic of fraud, also simply indicate a benign deviation? Failing to investigate and rule out non-fraudulent explanations for anomalies can have consequences that many investigators have learned about the hard way.
Identifying and exploring all realistically possible non-fraudulent, non-corrupt explanations for an anomaly is also called reverse proof. Examining and eventually ruling out all of the valid possible non-fraudulent explanations for an anomaly in the data or documentation can prove that the only remaining reasonable explanation is fraud or corruption.
Careful consideration of alternative theories for data and document anomalies is critical to protecting the organisation and the investigator from liability stemming from falsely accusing someone of wrongdoing.
Depending on which application or phase of the investigative process is involved, the nature of forensic data analysis can vary. For example, as an initial detector of fraud or non-compliance through ongoing monitoring, forensic data analytics usually takes one of two broad, but opposite, approaches: identification of any activity that deviates from expectations, or identification of activity that possesses specific characteristics associated with fraudulent or corrupt behaviour or other non-compliant conduct.
The former approach is taken when acceptable behaviour is narrowly defined, such that the slightest deviation warrants investigation. The latter approach is the more common one. It is driven by a risk assessment and is based on what this type of fraud or non-compliance would look like in the data. For example, a shell company scheme might evidence itself by an address in the vendor master file matching an address in the employee master file. Any instances of such a match should be investigated.
In some cases, basing the ‘investigate’ or ‘don’t investigate’ decision on a single characteristic in the data can result in numerous false positives. For this reason, more sophisticated data analytics often rely on the consideration of multiple characteristics in assessing the risk of activity being fraudulent or corrupt. These characteristics can be combined into a singular risk score per transaction that can be aggregated by vendor, geography or other grouping. Risk scoring or risk ranking transactions can be useful for prioritising where to focus in the data.
Regardless of which of these two approaches is taken, data analytics often represents an essential tool for gathering evidence to lay the foundation for substantive examination of books, records and other evidence. Following the reverse-proof concept described above is critical once anomalies indicative of possible wrongdoing are uncovered.
As a method of corroborating an allegation that has been received, data analysis can be of great value. It is a significant advantage to the investigator because, more often than not, it can be performed on electronic data without alerting the subject of the allegation. In this application, the allegation is first assessed in terms of what impact the alleged fraudulent or corrupt act would have on financial or non-financial data. It is important to understand how data flows through the organisation from the point of origination, through multiple hops in different departments, for example how an invoice will flow from a business unit to finance and back to the business unit. The data can change quite a bit throughout different business processes and this will need to be understood for a robust analysis to take place. To illustrate, take the example of an allegation that workers in the shipping department of a warehouse are stealing inventory by short shipping orders to customers. There are numerous sources of data, both financial and non-financial, that could be analysed to assess the validity of this allegation:
This is a simple example, but one that illustrates that for every allegation, there likely exists data associated with either the perpetration or concealment of the fraud or non-compliance. And this data normally exhibits one or more anomalies in comparison with data from similar transactions that do not involve fraud or non-compliance.
The final application of forensic data analysis is performed during the investigation itself. Once an anomaly has been found to involve fraud or non-compliance, additional forensic data analysis, along with substantive forensic examination of the evidence, may be performed to:
Determining who is involved in the fraud as well as who possessed knowledge of it is critical to the mitigation and control enhancement objectives. According to a 2022 report by the Association of Certified Fraud Examiners (ACFE), nearly 58 per cent of all fraud and corruption schemes investigated involved multiple perpetrators.[4] Typically, losses tend to increase with multiple perpetrators, particularly when three or more individuals conspire to commit fraud. This figure has been steadily rising since the ACFE began studying fraud. The 58 per cent includes cases involving multiple internal perpetrators and those involving collusion between insiders and outsiders, such as vendors or customers.
Point 4, above, may also come as a surprise to some. The ACFE report indicates that 35 per cent of occurrences of fraud (especially with respect to asset misappropriations) are perpetrated through multiple methods. The allegation or investigation may have initially focused on only one specific method. Exploring what other activities the subject might have the capability of engaging in is an integral element of the investigation. Investigators and victims attempt to ‘put a fence around the fraud’ as early in the investigative process as possible. Understanding the responsibilities of the subject and the potential for unrelated schemes is essential for erecting the fence. Victims often desire a narrow investigative scope – a sort of wishful thinking. An investigator’s worst-case scenario is missing a scheme perpetrated by a subject despite investigating the subject.
The question of who knew what and when can be particularly important in satisfying auditors in the context of financial reporting fraud. In addition to quantifying the financial statement impact from fraud, auditors rely on representations from management. Knowledge of whether previous representations came from fraudsters and the auditor’s assessment of management’s integrity are often important aspects of financial reporting fraud investigations.
In the next sections, the distinction between financial and non-financial data will be explored, followed by a discussion of internal versus external data.
Most analyses of internal data relevant to an investigation begin with financial data, much of which comes from the organisation’s accounting system. Accounting data can exist in several separate systems, such as:
Performing an investigation often requires the extraction and analysis of data from all these systems to see the big picture or to properly trace the history of a transaction or series of activities. The days of manually maintained books of original entry are gone. The vast majority of organisations now use electronic accounting and financial software, and in larger organisations these systems are included as part of a broader ERP (enterprise resource planning) system.
Some systems are hybrids of financial and non-financial information. Examples of these systems include the following:
Legal and data privacy considerations associated with each of these sources of internal data vary from one jurisdiction to another, particularly with respect to payroll and personnel information. Domestic and foreign data privacy regulations must be considered before embarking on any use of such data in an investigation.
Increasingly, non-financial data is being analysed as a standard element of an investigation. Non-financial data can be classified into two broad categories: structured and unstructured.
Structured data is the type of data that generally conforms to a database format. It is often numeric (e.g., units in inventory, hours worked by an employee, calendar dates), but can involve alpha data as well (e.g., codes associated with types of customers or employees, certain elements of an address).
Structured non-financial data is found in many systems, including those that include financial data mentioned above. Other systems, however, are entirely non-financial, but provide data that can be important to an investigation. Examples of non-financial systems commonly used for investigative purposes include the following:
Unstructured data refers to data that does not readily conform to a database or spreadsheet format. Text associated with messages in emails, explanations for journal entries and other communications are the most common. Unstructured data also includes photographic images, video and audio files.
Emails and text messages of interest to an investigator may involve messages within the organisation, between employees and communications between organisation employees and vendors, customers or other third parties.
Similar to other electronic data, when a user ‘deletes’ this information, a backup or archive version is often left behind and is available to an investigator. Understanding an organisation’s backup, archiving and storage practices is crucial to this part of an investigation.
Careful review of email, instant messaging or text message chains (and, if available, recordings of telephone calls) is vital to most investigations and can provide an investigator with vital clues, such as:
Establishing a timeline can be one of the most important requirements of an investigation. A complete timeline of events can often be established by integrating the separate timelines learned from a review of:
Email review is of particular importance in establishing intent. Intent, particularly to a civil standard, may be inferred from communications that indicate an awareness that planned transactions or activities are in conflict with established policies and procedures or treatment of similar transactions. Email, although a rich source of behavioural history, can quickly become overwhelming from a volume standpoint. There are many modern techniques for prioritising and culling this type of information. Sentiment analysis, a form of artificial intelligence (AI), can assist with identifying the writer’s emotional state. Other forms of AI, typically referred to as natural language processing (NLP), can help correct for potential biases that investigators naturally bring to their review. For example, an investigator may select a list of search terms to run against email data to reduce the population for further review and bring the most important messages to the forefront. By creating these search terms, the investigator has leveraged what he or she knows about the case and this inflects a natural bias. By using AI, NLP, predictive analytics and machine learning, coupled with limited manual set-up, analysis and review, the data is allowed to speak for itself, and computer algorithms will cluster statistically relevant information. Typically, a combination of search terms and NLP is used. These types of analyses can identify pressures or rationalisations associated with fraudulent or corrupt behaviour. For example, an employee stating in communications that he or she feels unfairly treated or resentment towards management might be expressing a rationalisation for stealing from an organisation.
One example of the use of both financial and non-financial data is in the investigation of alleged financial statement fraud. When an allegation is made that a company’s financial statements have been intentionally manipulated, any of a large number of schemes come to mind. The most common fraudulent financial reporting schemes involve improper recognition of revenue, inflating sales through fictitious transactions or accelerating the recognition of legitimate transactions. So, a revenue inflation scheme will serve as our example.
To establish that the financial statements improperly reflect sales, electronic data from the sales and accounts receivable systems will need to be analysed in conjunction with physical or electronic records associated with customer orders, inventory, shipping and delivery, among other things. By analysing these records, the investigator may establish that sales recognised by the company failed to conform to applicable accounting standards (e.g., International Financial Reporting Standards).
But accounting mistakes are common. For this scheme to be fraudulent, the subjects’ dishonest intent to violate the accounting rules must be established. This is where analysis of emails and other electronic communications may be valuable. Perhaps email exchanges can be located documenting discussions of revenue shortfalls and methods of meeting budgeted figures. In this case, analysis of unstructured non-financial data may be one of the keys, along with interviews of subjects, to proving that the company intentionally violated its own policies and pertinent accounting principles.
Analysis of both financial and non-financial data is an important step in preparing to interview witnesses and subjects. Reading and analysing email and other communication chains before conducting the interview allows an investigator to plan the order and structure of questions to put the interviewer in the best position to identify conflicting statements and to obtain an admission of wrongdoing.
Other investigation scenarios in which analysis of unstructured data association with communications between individuals include:
Most data and documentation used in an investigation is internally generated – it comes from within the organisation or (in the case of invoices from a vendor) is otherwise readily available within the organisation. Occasionally, however, data or documentation that is only available from external sources becomes essential. External sources of data fall into two broad categories: public and non-public.
Public data and documents are those that are usually available to the general public either by visiting a website or facility or on request from the holder of the records. In many instances, public records are maintained by government agencies. Examples of public records vary significantly from one jurisdiction to another, but some that may be useful to investigators are:
Availability and the extent of these records can differ markedly as an investigator seeks information from different parts of the world.
Increasingly, public records may also include information that an individual voluntarily makes publicly available. For example, when an individual posts photos or makes statements on social media, this information might be readily available to any and all viewers. Once again, investigators should always use caution when accessing this information, especially if the information is only available to ‘friends’ or other contacts that the individual has granted special access to. But when social media information is made fully available to the general public, it can provide a treasure trove of information about a subject, such as:
Another public source of information involves websites that do not require special password or other access privileges. For example, a company’s website, or that of a trade association or other membership group with which a subject might be involved, could provide clues about the subject’s relationships, travels and past.
Even information that is no longer on a website might still be available to an investigator. The Wayback Machine at www.archive.org is an archive of more than 725 billion past pages on the internet (as at August 2022). Simply typing the URL of a website into the Wayback Machine will produce an index by date of prior versions of that website which have been archived and are available for viewing. Accordingly, an investigator may be able to find useful information from past editions of websites long after the information has been deleted.
Non-public records are private and confidential. Holders of these records are under no obligation to produce these records unless they have provided their consent or they are compelled to do so as a result of a legal process, such as a court order or subpoena. Records such as personal bank statements of individuals who may be the subject of an investigation fall into this category. Investigators normally do not have ready access to these records.
Another challenging and practically untraceable medium adopted by cybercriminals is the dark web, a small section of the deep web (content on the internet that is not readily accessible or visible through search engines) designed so it cannot be accessed through standard web browsers.[5] It allows anonymous private communications for legitimate reasons (e.g., protection of free speech), but also for the distribution of harmful information and purchase of illegal goods and services that law enforcement agencies have difficulty tracing. For example, once an organisation’s network has been breached, the intruder may extract sensitive information such as customer data, logins and passwords, banking details, taxpayer identification and social security numbers, and credit card details, and then sell this confidential information anonymously on dark web marketplace and forum websites to buyers across the world.
There are no anti-money laundering or know-your-customer (KYC)controls on the dark web. Most dark web sites are anonymous and difficult to attribute to an owner because these sites use a ‘.onion’ domain suffix, which can only be accessed via a Tor (The Onion Router) browser. Website traffic is bounced through randomly selected Tor entry, relay and exit nodes using separate embedded layers of data encryption for each hop in the network circuit (hence the term ‘onion’). In addition, perpetrators are increasingly using cryptocurrencies to conduct illicit financial transactions via the dark web while hiding their identities.
Dark web investigations therefore require specialist forensic investigative tools, such as a secure dark web browsing platform with network and malware protection (e.g., firewalls and virus scanning), and secured data storage that maintains a strong custody chain for digital evidence, backed by strict and auditable compliance controls. Such tools can be used to search and monitor dark web communications, capture cryptocurrency information (e.g., blockchain wallet addresses) and attempt to identify and locate cyber fraudsters while capturing and analysing digital evidence in a forensically sound manner.
When assisting counsel with preparing a request for a subpoena or other court-ordered production of private records, an investigator should be as detailed and specific as possible. Overly broad requests are normally either denied or result in potentially lengthy delays. The format of the records and the tools available to the investigator to analyse them should also be considered. For example, if records associated with a bank account are requested, rather than requesting ‘all records associated with the account’, it is normally better to itemise a list of those records, such as by requesting copies of:
A vendor’s internal records would normally be non-public and the vendor may be under no obligation to provide them to an investigator. However, a properly worded right-to-audit or access-to-records provision included in the contract between the organisation and the vendor may provide access to some of the most important records an investigator might need if fraud or corruption involving a vendor is suspected. Well-crafted access-to-records and right-to-audit clauses can enable an investigator to request and view a wide variety of records, including:
If a vendor is suspected of inflating their billings to the organisation in any manner, or there are indications of collusion between an organisation employee and a vendor, one of the first steps an investigator should perform is to carefully review the terms of the contract to assess the organisation’s rights to access or audit these records.
Studying the processes and internal controls involved in the transaction cycle in the investigation and the results from data analytics and email review will result in a population of documents and electronic records that are relevant. For example, in a corruption investigation, several paper documents or records may need to be reviewed:
These records might be reviewed for many different reasons. Among the most common are:
Testing for authenticity of the record itself or of individual signatures on documents normally involves a highly specialised skill, unless an anomaly is obvious. Accordingly, if an investigator suspects that a document on file is fraudulent or has been physically altered, or that a signature is not authentic, the document should be protected until someone with the specialised skills necessary can assess its authenticity. Examples of obvious deficiencies in documentation include:
In a corruption investigation, the authenticity or business purpose of an intermediary may be in question. The investigator should determine:
If the subject has misappropriated cash (via intercepting incoming funds intended for the organisation, stealing cash on hand, or fraudulently transferring funds from the organisation in connection with a disbursement fraud) one of the goals of most investigations is to secure the return of the funds. To do so, the investigation team must determine what the subject did with the money. Other sources of recovery may include culpable outside parties, including but not limited to collusive vendors, customers, agents and family members. Coverage for employee dishonesty losses under insurance policies and fidelity bonds may also be possible.
If the subject misappropriates other assets, a similar question must be addressed – where are the assets? Often, when they are stolen, the subject’s goal is a conversion to cash by selling them. In other cases, the stolen asset itself may be of use to the subject.
Depending on how assets were stolen, varying degrees of a trail might be left by the perpetrator, enabling the investigation team to forensically determine the flow of money after it has left the organisation. The trail may begin with the company’s books and records. However, it is usually intentionally made opaque by fraudsters through money laundering techniques such as layering, transfers to shell companies, nominee shareholders and the use of clandestine communication techniques, cryptocurrencies, and tax havens where criminal law enforcement assistance may be less effective. Many of the records necessary to fully trace assets are non-public. But investigators are sometimes surprised to learn that a subject has left a public trail of valuable clues regarding the disposition or location of illegally obtained funds or assets that can be identified through indirect techniques, such as social media and internet due diligence, interviews of people in the know, establishing connections to the fraudster’s other assets in more vulnerable venues and through multinational co-operation of law enforcement agencies.
Cryptocurrencies present unique challenges and new opportunities for investigators seeking to trace them and attempt their recovery. Bitcoin, Ethereum and many other emerging cryptocurrencies are easily accessible and widely accepted to the degree that fraudsters can, with minimal effort and risk, rely on them to move funds for the same purpose fiat currencies have long been used to transfer and conceal the source, nature and ownership of illicit funds. The added advantages of cryptocurrencies not requiring physical contact or interaction with banks has made them the payment method of choice for perpetrators of ransomware attacks and other schemes aimed directly at defrauding victims (e.g., internet-based advanced fee schemes). Therefore, forensic investigators must still follow the money trail and will be doing so more often with cryptocurrencies; however, there is another side to the coin, so to speak. While cryptocurrencies provide a degree of pseudonymity, especially those designed to provide enhanced privacy (e.g., Monero, Zcash), they do not provide complete anonymity. On the contrary, cryptocurrencies by design create an immutable public blockchain record of transactions that investigators can exploit to follow the money to a certain extent, provided they have the right tools and training.
As new cryptocurrencies are developed on different blockchains, investigators must also learn to follow transfers across them because fraudsters are already using cross-chain transfers to launder funds. This also requires the investigative blockchain data analysis tools (e.g., TRM Labs, Chainalysis) to be continually adapted and advanced to enable cross-chain analysis.
Although the on-blockchain transactions in cryptocurrencies can be traced using public blockchain data, for digital asset tracing to be successful for asset recovery or prosecution purposes investigators must be able to trace transactions beyond the blockchain to identify the counterparties and the ultimate beneficiaries. This requires identifying and pursuing additional information from virtual asset service providers (VASPs) such as cryptocurrency exchanges, hosted wallet platforms and financial institutions providing custodial services for cryptocurrencies – the on-ramps and off-ramps to blockchains. These entry and exit points for cryptocurrencies are essential to fraudsters because for cryptocurrencies to be more useful to the ultimate beneficiaries, the digital asset value must still be converted to or from fiat currency, or other tangible assets. Therefore, a key goal of blockchain data analysis is to correlate known blockchain addresses for on-ramps and off-ramps with blockchain data on suspect transactions to develop leads as to where cryptocurrency funds were converted. If this was a legitimate or regulated VASP, KYC information may have been recorded and more traditional investigative steps could be followed, such as the use of subpoenas, search warrants, regulatory inquiry or examination, witness interviews, etc.
A challenge for cryptocurrency-related investigations is the existence of illicit, unlicensed peer-to-peer exchanges that offer a way to convert fiat currencies to and from cryptocurrencies through unregulated entities that do not collect KYC information. There are also providers of cryptocurrency laundering services known as ‘mixers’ that offer a way for money launderers to obfuscate the actual parties to a blockchain transaction by mixing the cryptocurrency value with large numbers of other blockchain transactions going through the mixer. Even transactions flowing in and out of a legitimate exchange can become untraceable using blockchain data (without co-operation from the exchange to obtain internal account data) due to the sheer volume of transactions flowing through a large exchange (e.g., Coinbase).
In summary, investigating financial crimes involving cryptocurrency and digital asset tracing will require specialist blockchain analysis and intelligence tools and services, as described above, to identify leads to follow beyond the public blockchain. This may be easier to do when dealing with cryptocurrency compared to fiat currency that is physically transferred, but it also presents new challenges. Understanding these challenges and how to identify potential sources of additional attribution data for cryptocurrency transactions is essential. This will continue to be a changing landscape for investigators given the continually evolving technology and expanding array of new forms of blockchain-based cryptocurrencies and emerging decentralised finance (DeFi) platforms that promise to offer an even greater variety of financial services based on blockchain technology.
From an investigations perspective, one of the primary issues with reporting on environmental, social and governance (ESG) matters is the prevalence of greenwashing. Also, given there are multiple international standards and frameworks for ESG, without a single universal standard, the potential for errant reporting is an issue.
Increasing regulatory and stakeholder pressure to address and report on ESG factors creates risks of financial reporting fraud since ESG metrics and claims can be challenging to verify given the lack of a standardised reporting framework. In addition, demands are high for companies to demonstrate to their stakeholders – including not just investors, but also customers and vendors – that they are making progress on meeting ESG targets and initiatives. Forensic accountants will play an important role in identifying and addressing both internal and external ESG fraud risks. While it is too soon to ascertain the impact ESG will have on public and private companies, new and existing fraudulent activities are coming to the forefront in this context. ESG-related issues forensic accountants might investigate include the following:
Companies will be looking to forensic accountants to play a critical role in assessing fraud risks and investigating allegations related to ESG.
The rapid conversion of accounting and other records from paper-based systems to electronic systems, coupled with the explosion in the quantity and types of electronic data, has resulted in many changes in the field of forensic accounting and the requirements for investigations. Expertise in the evaluation and handling of electronic evidence is just one way in which forensic accounting has evolved. Focused and efficient use of data analytics as well as the ability to mine a universe of publicly available yet critical information regarding subjects, companies and their relationships are two additional ways in which forensic accounting has matured. On the other hand, operating within a web of global data privacy and other complex regulatory constraints can complicate the job of the forensic accountant. All in all, today’s forensic accountants are significantly more successful in identifying, investigating and mitigating fraud than in the past.
[1] Glenn Pomerantz and Paul Peterson are partners at BDO USA, LLP.
[2] U.S. Dep’t of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (Updated June 2020).
[3] U.S. Dep’t of Justice, Criminal Division, Evaluation of Corporate Compliance Programs (Updated April 2019).
[4] Occupational Fraud 2022: A Report to the Nations, Association of Certified Fraud Examiners, available at https://acfepublic.s3.us-west-2.amazonaws.com/2022+Report+to+the+Nations.pdf.
[5] In addition to the dark web as a means to hide tracks, we are seeing an increase in the use of ephemeral messaging apps such as Signal and Telegram. These messaging apps allow users to hide communications and permanently delete messages.
Author | Partner
Author | Partner
Judith Seddon, Eleanor Davison, Christopher J Morvillo, Luke Tolaini, Celeste Koeleveld, F Joseph Warin and Winston Y Chan
Dechert LLP, Fountain Court Chambers, Clifford Chance and Gibson Dunn & Crutcher
Judith Seddon, Eleanor Davison, Christopher J Morvillo, Luke Tolaini, Celeste Koeleveld, F Joseph Warin and Winston Y Chan
Dechert LLP, Fountain Court Chambers, Clifford Chance and Gibson Dunn & Crutcher LLP
William H Devaney, Joanna Ludlam, Mark Banks and Aleesha Fowler
Baker McKenzie
Judith Seddon and Andris Ivanovs
Dechert LLP
F Joseph Warin, Winston Y Chan, Chris Jones and Duncan Taylor
Gibson Dunn & Crutcher
Alison Wilson, Sinead Casey, Elly Proudlock and Nick Marshall
Linklaters
Daniel Silver and Benjamin Berringer
Clifford Chance
Simon Airey and James Dobias
McDermott Will & Emery UK LLP
Bruce E Yannett and David Sarratt
Debevoise & Plimpton LLP
Nichola Peters, Michelle de Kluyver and Jaya Gupta
Addleshaw Goddard LLP
Avi Weitzman, John Nowak, Jena Sold and Amanda Pober
Paul Hastings LLP
Stuart Alford KC, Serrin A Turner, Gail E Crawford, Hayley Pizzey, Mair Williams and Matthew Valenti
Latham & Watkins LLP
Caroline Day and Louise Hodges
Kingsley Napley
John Nathanson, Katherine Stoller and Cáitrín McKiernan
Shearman & Sterling LLP
Glenn Pomerantz and Paul Peterson
BDO LLP
Matthew Bruce, Ali Kirby-Harris, Ben Morgan and Ali Sallaway
Freshfields Bruckhaus Deringer LLP
John D Buretta and Megan Y Lew
Cravath Swaine & Moore
Caroline Black, Clare Putnam Pozos, Chloe Binding and Carla Graff
Dechert LLP
Tamara Oppenheimer KC, Rebecca Loveridge and Samuel Rabinowitz
Fountain Court Chambers
Richard M Strassberg and Meghan K Spillane
Goodwin
Nicholas Purnell KC, Brian Spiro, Jessica Chappatte and Eamon McCarthy-Keen
Herbert Smith Freehills
Nicolas Bourtin
Sullivan & Cromwell LLP
Nichola Peters and Michelle de Kluyver
Addleshaw Goddard LLP
Sam Amir Toossi and Farhad Alavi
Akrivis Law Group, PLLC
Robin Barclay KC, Nico Leslie, Christopher J Morvillo, Celeste Koeleveld, Meredith George and Benjamin Berringer
Fountain Court Chambers and Clifford Chance
Tom Epps, Andrew Love, Julia Maskell and Benjamin Sharrock
Cooley LLP
Matthew Kutcher, Alexandra Eber, Matt K Nguyen, Wazhma Sadat and Kimberley Bishop
Cooley LLP
Jessica Lee and Chloë Kealey
Brown Rudnick LLP
James P Loonam and Ryan J Andreoli
Jones Day
Rita Mitchell, Simon Osborn-King and Yannis Yuen
Willkie Farr & Gallagher LLP
David Mortlock, Britt Mosman, Nikki Cronin and Ahmad El-Gamal
Willkie Farr & Gallagher LLP
Francesca Titus, Andrew Thornton-Dibb, Mehboob Dossa, William Boddy and Oscar Ratcliffe
McGuireWoods
Emily Goddard, Anna Kirkpatrick and Ellen Lake
Clifford Chance
Alison Pople KC, Johanna Walsh and Mellissa Curzon-Berners
Cloth Fair Chambers and Mishcon De Reya LLP
Kevin Roberts, Duncan Grieve and Charlotte Glaser
Cadwalader, Wickersham & Taft LLP
Jodi Avergun and Cheryl Risell
Cadwalader, Wickersham & Taft LLP
James Carlton, Sona Ganatra and David Murphy
Fox Williams LLP
Milton L Williams, Avni P Patel and Jacob Gardener
Walden Macht & Haran LLP
Natalie Sherborn, Carl Newman, Perveen Hill, Anthony Hanratty and Sophie Gilford
Withersworldwide
Christopher LaVigne, Martin Auerbach and Georges Lederman
Withersworldwide
Richard Sallybanks, Anoushka Warlow and Greta Barkle
BCL Solicitors LLP
Amanda Raad, Michael McGovern, Meghan Gilligan Palermo, Abraham Lee, Chloe Gordils and Ross MacPherson
Ropes & Gray
Elizabeth Robertson, Vanessa McGoldrick and Jason Williamson
Skadden, Arps, Slate, Meagher & Flom (UK) LLP
Victoria L Weatherford and Tera N Coleman
Baker & Hostetler
Ben Brandon and Aaron Watkins
Mishcon De Reya LLP and Kingsley Napley
Judith Seddon, Eleanor Davison, Christopher J Morvillo, Luke Tolaini, Celeste Koeleveld, F Joseph Warin and Winston Y Chan
Dechert LLP, Fountain Court Chambers, Clifford Chance and Gibson Dunn & Crutcher LLP
Kyle Wombolt and Pamela Kiesselbach
Herbert Smith Freehills
Robert Dalling and Karam Jardaneh
Jenner & Block
María González Calvet
Ropes & Gray
Michael S Diamant
Gibson Dunn & Crutcher LLP
Gustavo Morales Oliver, María Lorena Schiariti and María Agustina Testa
Marval, O’Farrell & Mairal
Tim Grave and Lara Gotti
Clifford Chance
Jonathan D King, Ricardo Caiado Lima, Antonio Tovo, André Sampaio Lacerda Ferraz and Mellina Bulgarini Gerhardt
DLA Piper LLP (US) and Campos Mello Advogados in Cooperation with DLA Piper
Sabrina A Bandali, Emrys Davis, Alan P Gardner, Laura Inglis, Amanda C McLachlan, Ruth E Promislow and Nathan J Shaheen
Bennett Jones
Rafael Collado González, Lucía Álvarez Galvez, Josefa Zamorano Quiroga and Camilo León Millones
FerradaNehme
Kyle Wombolt, Helen Tang and Tracey Cui
Herbert Smith Freehills
Marcela Cristina Blanco and Marcelo Buendía Vélez
Díaz Reus Abogados
Stéphane de Navacelle, Thomas Lapierre and Julie Zorrilla
Navacelle
Eike W Grunert, Michael Reich, David Stoppelmann and Stephan Appt
Pinsent Masons
Ilias Anagnostopoulos, Jerina Zapanti and Alexandros Tsagkalidis
Anagnostopoulos
Donna Wacker, Jonathan Wong, Anita Lam and Michael Wang
Clifford Chance
Sherbir Panag, Tanya Ganguli and Lavanyaa Chopra
Law Offices of Panag & Babu
Karen Reynolds and Connor Cassidy
Matheson
Giuseppe Fornari, Enrico Di Fiorino, Emanuele Angiuli and Lorena Morrone
Fornari e Associati
Antonio Cárdenas Arriola, Jonathan D King, Daniel González Estrada and Yesica L Garduño Sandoval
DLA Piper
William Fotherby and Caitlin Anyon-Peters
Meredith Connell
Dayo Adu, Temiloluwa Dosumu and Esther Randle
Famsville Solicitors
Alberto Rebaza, Augusto Loli, Héctor Gadea, María Haydée Zegarra and Sergio Mattos
Rebaza, Alcázar & de las Casas
Kabir Singh, Janice Goh and Joey Ng
Clifford Chance LLP
Edward James, Deirdré Simaan, Adam Gunn, Thorne Godinho, Sarah Burford and Jazquelyn Govender
Pinsent Masons
Jaime Alonso Gallo
Uría Menéndez
Flavio Romerio, Claudio Bazzani, Katrin Ivell and Reto Ferrari-Visca
Homburger
Burcu Tuzcu Ersin, E Benan Arseven and Z Ertunç Şirin
Moroğlu Arseven
Simon Airey, James Dobias and William Merry
McDermott Will & Emery UK LLP
Bradley J Bolerjack and Francisca M Mok
Reed Smith LLP
Get more from GIR
Sign up to our daily email alert
Sign up
Unlock unlimited access to all Global Investigations Review content
